Privacy Policy
1. Introduction
Welcome to Your Hypno RESET. I am committed to protecting your privacy and ensuring that your personal information is handled safely and responsibly in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy outlines how I collect, use, disclose, and safeguard your information when you visit my website YourHypnoReset.com and use my hypnotherapy and EMDR services including online payments.
2. Who I Am (Data Controller)
Lorraine Mclaughlin
Your Hypno RESET, 69 Greenvale Road, Eltham, London, SE9 1PB
3. Information I Collect
I collect the following types of personal data from you:
Identity Data: Your name, title, username (if applicable).
Contact Data: Your email address, phone number, billing address.
Payment Data: Payment card details are securely processed by my online payment processor. I do not directly collect or store your full payment card information on my systems.
Technical Data: Including your IP address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access my Website. This information may be collected through cookies and similar technologies. See section 11 below.
Usage Data: Information about how you use my Website, Services, and products.
Marketing and Communications Data: Your preferences in receiving marketing communications from me and your communication preferences.
Client Data (Special Category Data): If you use my hypnotherapy and EMDR Services, I may collect information relevant to your sessions, including details about your personal history, emotional state, goals, and responses provided in intake forms and during sessions. This information is considered special category data and is processed with your explicit consent for the purpose of providing my Services.
4. How I Collect Your Personal Data
I collect your personal data through various means, including:
Direct Interactions: When you fill in forms on my Website (e.g., contact forms, booking forms, intake questionnaires), create an account, subscribe to my newsletter, or communicate with me via email or phone.
Automated Technologies or Interactions: As you interact with my Website, I may automatically collect Technical Data about your equipment, browsing actions, and patterns through cookies, server logs, and other similar technologies. See section 11 below.
Third Parties: I may receive personal data about you from third parties such as:
My online payment processor: For processing payments.
Analytics providers (e.g., Google Analytics) to understand website usage.
Social media platforms (if you interact with my social media).
5. How I Use Your Personal Data (Purposes of Processing)
I will only use your personal data when the law allows me to. Most commonly, I will use your personal data in the following circumstances:
Where you have given me your explicit consent (particularly for special category data like Client Data and marketing communications).
Where it is necessary for the performance of a contract I have with you (e.g., to provide my hypnotherapy and EMDR Services).
Where it is necessary for my legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., to respond to inquiries, improve my Website and Services, and for administrative purposes).
Where I need to comply with a legal obligation.
Specifically, I use your information for the following purposes:
To process online payments securely through my payment processor.
To deliver my hypnotherapy and EMDR Services and resources to you.
To manage your appointments and communicate with you about your sessions.
To respond to your inquiries and provide customer support.
To personalize and improve your experience on my Website.
To send you updates, newsletters, and promotional content (only with your explicit consent).
To analyse Website usage and trends to improve my online presence.
To ensure the security of my Website and prevent fraud.
To comply with legal and regulatory obligations.
6. How I Share Your Personal Data
I will only share your personal data with third parties where it is necessary for the purposes set out in this Privacy Policy and where I have a lawful basis for doing so. I may share your information with the following categories of recipients:
My online payment processor: For the purpose of processing your payments securely. Please refer to their privacy policy for details on how they handle your payment information.
Service providers: Who provide IT and system administration services, website hosting, email marketing services, and analytics services. I ensure these providers have appropriate data protection measures in place.
Professional advisors: Such as lawyers and accountants, where necessary.
Regulatory or governmental authorities: If required by law or to comply with a legal obligation.
I do not sell, rent, or otherwise disclose your personal data to third parties for their marketing purposes without your explicit consent.
7. International Transfers
I may transfer your personal data to countries outside the UK. If I do so, I will ensure that appropriate safeguards are in place to protect your personal data in accordance with the UK GDPR. This may include relying on adequacy decisions or implementing Standard Contractual Clauses approved by the UK government.
8. Data Security
I have implemented appropriate technical and organisational measures to protect your personal data against accidental loss, misuse, alteration, unauthorised access, or disclosure. These measures include:
Secure storage of electronic data.
Encryption of data where appropriate.
Restricting access to personal data to personnel who need to know it.
Regular security assessments and updates.
All payment transactions are processed securely by my online payment processor, who comply with relevant security standards. I do not store your full payment card details on my servers.
9. Data Retention
I will only retain your personal data for as long as necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, I consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which I process your personal data, and whether I can achieve those purposes through other means, and the applicable legalrequirements.
Specifically:
Contact form submissions will typically be retained for [Specify timeframe, e.g., 12 months].
Client records will be retained for [Specify timeframe, considering professional guidelines and legal requirements].
Payment information is retained by my online payment processor in accordance with their policies.
Marketing contact information will be retained until you unsubscribe.
10. Your Rights Under the UK GDPR
Under the UK GDPR, you have several rights regarding your personal data:
The right to be informed: You have the right to be informed about the collection and use of your personal data(which is the purpose of this Privacy Policy).
The right of access: You have the right to request access to the personal data I hold about you.
The right to rectification: You have the right to request that any inaccurate or incomplete personal data I hold about you is corrected.
The right to erasure (“the right to be forgotten”): You have the right to request the deletion of your personal data in certain circumstances.
The right to restrict processing: You have the right to request the restriction of the processing of your personal data in certain circumstances.
The right to data portability: You have the right to receive your personal data in a structured, commonly used,and machine-readable format and to transmit that data to another controller.
The right to object: You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes and processing based on my legitimate interests.
Rights in relation to automated decision-making and profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
To exercise any of these rights, please contact me at lorraine@yourhypnoreset.com. I will respond to your request in accordance with the UK GDPR.
11. Cookies and Similar Technologies
My Website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and personalise content.
My Website is built in and hosted by Squarespace. Please click here for information on cookies used on Squarespace websites.
12. Third-Party Links
My Website may contain links to third-party websites, including social media platforms and online payment processors. I am not responsible for the privacy practices or content of these third-party websites. I encourage you to review the privacy policies of any websites you visit.
13. Changes to This Privacy Policy
I may update this Privacy Policy from time to time to reflect changes in my practices, legal requirements, or the features of my Services. Any changes will be posted on this page, and the date of the latest revision will be indicated at the top. If I make significant changes, I may also notify you more prominently, such as by email or a notice on my Website. I encourage you to review this Privacy Policy periodically.
14. Contact Me
If you have any questions, concerns, or requests regarding this Privacy Policy or my data handling practices, please contact me at:
Lorraine Mclaughlin
Your Hypno RESET, 69 Greenvale Road, Eltham, London, SE9 1PB
15. Right to Lodge a Complaint
You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, if you believe that I have not complied with my data protection obligations. You can find more information on the ICO website: https://ico.org.uk/.