Privacy Policy of Evie Harley Hypnotherapy

Effective as of 19 May 2024

1. Introduction

Welcome to Evie Harley Hypnotherapy. I am committed to protecting and respecting your privacy. This Privacy Policy explains how I collect, use, disclose, and safeguard your information when you visit my website and use my services, including any other media form, media channel, mobile website, or mobile application related or connected thereto.

2. Data Controller

I, Yvonne Harley, is the data controller and responsible for your personal data (collectively referred to as “Evie Harley Hypnotherapy”, “we”, “us”, or “our” in this privacy notice).

3. Information We Collect

I may collect and process the following types of personal data about you for legitimate interests. That is data, which is necessary for me to provide you with the therapy requested and is data you would reasonably expect me to hold and use:

  • Identity Data: Includes first name, maiden name, last name, family information, likes and dislikes.
  • Contact Data: Includes billing address, delivery address, email address, and telephone numbers.
  • Initial contact data: from your initial contact via WhatsApp, web-based form, or Facebook
  • Third party data – any information sent from your GP, insurance company or other related third-party
  • Transaction Data: Includes details about payments (but not card or bank information) to and from you and other details of services you have purchased from us.
  • Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

4. How I use your personal data

I will only use your personal data when the law allows me to. Most commonly, I will use your personal data in the following circumstances:

  • Where I need to perform the contract, we are about to enter or have entered into with you to provide hypnotherapy services.
  • Where it is necessary for my legitimate interests and your interests and fundamental rights do not override those interests.
  • Where I need to comply with a legal obligation.

5. Disclosure of your personal data

I may have to share your personal data with the parties set out below for the purposes set out in paragraph 4 above:

  • Professional advisers including lawyers, bankers, auditors, and insurers.
  • Public service providers including GPs, social workers, and the Police
  • Government bodies that require us to report processing activities.

6. Data security

I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. If there is any breach of data security, I will give full details to the Information Commissioners Office (ICO) and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.

Paper copies of consultation notes are kept in a locked filing cabinet.

Any electronic notes or client lists are kept on a secure laptop, which is password protected. Client lists are used for business development purposes only and never any stats from this are never attributed to an individual.

7. Where your data is held

  • Any emails sent between us are held in my service provider – 123reg– cloud-based storage
  • Any texts or WhatsApp messages are held on my iPhone, which has two factor authentication.
  • Any Facebook private messages sent between us are held on my iPhone and laptop, which are password protected.
  • Notes from our sessions may be recorded electronically or in paper format. Electronic notes are held securely on my laptop, and paper notes are kept in a locked filing cabinet.
  • A client database is held on my laptop and is password protected, with basic information separate from any notes – name, address, telephone number and condition identifier code.
  • Payments are made by bank transfer or PayPal only, and therefore any financial information is held by your provider.

8. Data retention

I am required to securely hold any records for seven years under the terms and conditions of my insurance provider. After this time paper copies are shredded either by myself or a licensed firm, and electronic records are removed permanently.

9. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.

You should make any such requests in writing to the below address.

10. Contact me

If you have any questions about this privacy policy or my privacy practices, please contact me in the following ways: