This Privacy Notice describes how we collect, use, share, retain and safeguard personal data. It explains your individual rights that in summary include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
What is personal data?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, and address, date of birth, gender and contact details.
Personal data may contain information which is known as special categories of personal data. This may be information relating to and not limited to, an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation.
Personal data may also contain data relating to criminal convictions and offences.
For the purposes of safeguarding and processing criminal conviction and offence data responsibly, this data is treated in the same manner as special categories of personal data, where we are legally required to comply with specific data processing requirements.
Personal data we collect
In order for us to provide and administer hypnotherapy treatments for you, we will collect and process personal data about you. We will also collect your personal data where you request information about our services, customer events, promotions and campaigns.
You may provide us with personal data when completing the Contact Form and emails, when you contact us via the telephone (and text), through other websites linked to our services, when writing to us directly or where we provide you with paper based forms for completion or we complete a treatment form in conjunction with you during your hypnotherapy consultation.
We will share personal data with authorised third parties only where we are required to do so by law.
We will collect your personal data when you visit our website, where we will collect your unique online electronic identifier; this is commonly known as an IP address.
Where we collect data directly from you, we are considered to be the controller of that data i.e. we are the data controller.
- A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.
As a provider of your hypnotherapy treatment, we will process the following categories of data:
- Personal data such as an individual’s name, address, date of birth, gender, contact details.
- Relevant medical history.
- Background information related to your hypnotherapy treatment.
If you object to the collection, sharing and use of your personal data we may be unable to provide you with a hypnotherapy treatment.
For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
If you require more information about our data handling processes or further details on how we collect personal data and with whom we share data with, please contact Richard J D’Souza, email: firstname.lastname@example.org
Why do we need your personal data?
We use your personal data for the purposes of conducting your hypnotherapy treatment, and to respond to any requests from you about services we provide. We will also use your personal data to perform statistical analysis on the data we collect, for financial planning and business forecasting purposes and to help develop new and market existing products and services.
By contacting us, you should understand that you are forming a contract with us and we consider ourselves as having a legitimate business interest to provide you with further information about our products and services. You may request to be withdrawn from all such marketing activities at any time. Please contact Richard J D’Souza, email: email@example.com
- We will retain your data for a period of 10 years. Your data is then destroyed.
- Where you or law enforcement agencies inform us about any active investigation or potential criminal prosecution, we will comply with legal requirements when retaining this data.
The retention of data is necessary where required for contractual, legal or regulatory purposes or for our legitimate business interests, for statistical analysis (profiling) and product development and marketing purposes.
Sometimes we may need to retain your data for longer, for example if we are supporting you or defending ourselves in a legal dispute or as required by law or where evidence exists that a future complaint may occur.
Please contact Richard J D’Souza, email: firstname.lastname@example.org if you object to the use of, or you have any questions relating to the use of, your data, the retention of your personal data.
You can opt out of receiving marketing services by e-mailing Richard J D’Souza, email: email@example.com
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.
These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
- The right to be informed about the personal data being processed
- The right of access to your personal data
- The right to object to the processing of your personal data
- The right to restrict the processing of your personal data
- The right to rectification of your personal data
- The right to erasure of your personal data;
- The right to data portability (to receive an electronic copy of your personal data)
Rights relating to automated decision making including profiling
Individuals can exercise their Individual Rights at any time. As mandated by law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee.
In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for prevention of crime and for regulatory and other statutory purposes.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact Richard J D’Souza, email: firstname.lastname@example.org
Protecting your data
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data with authorised third parties.
Data Privacy Representative
To ensure data privacy and protection has appropriate focus within our organisation we have a Data Privacy Representative. Currently this Data Privacy Representative is Richard J D’Souza. The Data Privacy Representative may be contacted by email: email@example.com
If you are dissatisfied with any aspect of the way in which we process your personal data please contact our Data Privacy Representative. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.
How to contact us
If you have any questions regarding this Notice, the use of your data and your Individual Rights please contact our Data Privacy Representative: Richard J D’Souza, email: firstname.lastname@example.org, or by telephoning 07738 938197, or by writing to Richard J D’Souza at the current practice address advertised in the Contact Details page of this website.