PRIVACY POLICY

I take processing online privacy and data security very seriously.  Please read the whole of this statement carefully as it sets out my approach to processing personal data including what information I may collect from you, how I may use it, store it and protect it, and your rights as a data subject.

Who I am and how I process your personal data

I, Kim Plummer, trading as Kim Plummer Hypnotherapy, comply with my obligations under the General Data Protection Regulation (GDPR):

  • by keeping personal data up to date
  • by storing (and destroying it) securely
  • by not collecting or retaining excessive amounts of data
  • by protecting personal data from loss, misuse, unauthorised access and disclosure
  • and by ensuring that appropriate technical measures are in place to protect personal data. 

Contact details

Any questions regarding the way in which I process your personal data should be directed to me via email: [email protected]

What information I collect, use, and why

I collect or use the following information to provide services and goods, including delivery:

  • Names and contact details
  • Addresses
  • Date of birth
  • Payment details (including card or bank information for transfers and direct debits)
  • Health information (including dietary requirements, allergies and health conditions)
  • Website user information (including user journeys and cookie tracking)
  • Call recordings
  • Records of meetings and decisions
  • Information relating to compliments or complaints

I also collect or use the following information to provide services and goods, including delivery:

  • Details about lifestyle and social circumstances
  • Health information
  • Aspirations and personal development goals

I collect or use the following information for the operation of customer accounts and guarantees:

  • Names and contact details
  • Addresses
  • Payment details (including card or bank information for transfers and direct debits)
  • Account information, including registration details
  • Information used for security purposes
  • Marketing preferences

I collect or use the following information for service updates or marketing purposes:

  • Names and contact details
  • Marketing preferences
  • Website and app user journey information
  • Records of consent, where appropriate

I also collect or use the following information for service updates or marketing purposes:

  • Health information
  • Aspirations and personal development goals

I collect or use the following information for research or archiving purposes:

  • Website and app user journey information
  • Personal information used for administration of research
  • Personal information used for the purpose of research
  • Records of consent, where appropriate

I also collect or use the following information for research or archiving purposes:

  • Health information
  • Aspirations and personal development goals

Lawful bases

My lawful bases for collecting or using personal information to provide services and goods are:

  • Consent
  • Contract
  • Legitimate interest: to deliver the services that clients have requested, to contact those clients as necessary in accordance with the services they have requested, to contact clients via surveys to ascertain their opinions on the service they received from me, so that I may improve/update/maintain the standards I am providing. 

My lawful bases for collecting or using personal information for the operation of customer accounts and guarantees are:

  • Consent
  • Contract

My lawful bases for collecting or using personal information for service updates or marketing purposes are:

  • Consent
  • Contract
  • Legitimate interest: to ensure that the resources and service I am providing continues to meet the needs of my existing and future clients, and to provide help for others who may request it from me

My lawful bases for collecting or using personal information for research or archiving purposes are:

  • Consent
  • Legitimate interest: to continue to improve the information, resources and services I am providing to my clients. In the event that my recorded data is utilised for research purposes, my own supervision or for the instruction or tuition of students, all such data will be sufficiently anonymised to the extent that individual clients cannot be identified. Should a client indicate that their data should not be used for these purposes, I would refrain from using that data. 

Where I get personal information from

  • People directly

How long I keep information

In accordance with my need to maintain the possibility of access to client data as a result of returning clients or those who may wish to lodge a complaint in respect of my professional services to either my professional body or my insurers (i.e. in all cases perhaps after a long period of time has elapsed), I retain client data for a minimum period of 7 years.

Who I share information with

  • Organisations I need to share information with for safeguarding reasons (where necessary)
  • Emergency services (where necessary)

Individual client data will never be passed to a third party without the express consent of the respective client, always provided that such confidentiality is neither inconsistent with my (the therapist’s) own safety or that of the client, the client’s family members or other members of the public, nor in contravention of any legal action or legal requirement.

How I store and transfer your information

I have in place appropriate technical and organisational measures to ensure the security, confidentiality, integrity and availability of the personal data I control.  Your information is securely stored on my business cloud storage database which is not publicly accessible or stored in any public domain.  It is accessible to me only, and is password protected.

It may be necessary to store or process your data on cloud based platforms or service providers whose servers are based outside of the UK/EEA which may constitute a transfer of data under GDPR. I will only use such third party service providers if I am confident that safeguards are in place to ensure that any personal data transferred outside of the UK/EEA is subject to an equivalent level of security and protection as required under UK Data Protection Legislation.

I also have in place appropriate procedures to handle any potential Personal Data Breaches, in accordance with Data Protection Legislation laid down by the Information Commissioner’s Office (ICO).  Any such breaches will be reported to the ICO and notified to the affected data subject where I am legally required to do so.

Links from my website

My website contains links to other websites which are operated by individuals and organisations over which I have no direct control. If you follow a link to one of these websites, please note that website will have its own privacy and terms of use policy in place.  I advise you to check the policies for third party sites before you submit any personal data to the website.

Cookies

Cookies are small data files that are placed on your computer or mobile device when you visit a website, and are used widely by online service providers, including myself, to ensure the functionality and performance of my website.

As advised above, my website contains links to other websites which means that additional cookies may then be present.  I advise contacting these third parties to find out if any potential cookies may be present as a result of using part of their service.

Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal data.

Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.

Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.

You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated: 6th August 2024