Our contact details
Name: Inner Power Hypnotherapy
Address: Worthing, UK.
Phone Number: given on application
Policy completed on 03/05/2021
The type of personal information we collect
We currently collect and process the following information:
· Personal identifiers, contacts and characteristics (for example, name and contact details)
· Record keeping
· Location data
· Online identifiers, such as IP addresses, email addresses and cookie identifiers which may be personal data
· Client billing information
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
· Personalisation of a treatment plan and understanding relevant factors and characteristics of the client’s issues/concerns
· Billing information for payment of sessions
· Communication data, such as email address for contact
· Computer data security (eliminating chances of downloading virus/malware to computer system)
We also receive personal information indirectly, from the following sources in the following scenarios:
· Online identifiers, usage data and cookies from company website and social media pages to observe traffic to said sites (Hostinger, Zyro, Facebook, Instagram, LinkedIn)
We use the information that you have given us in order to
· Evaluate effectiveness of social media and website presence.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting Inner Power Hypnotherapy.
(b) We have a contractual obligation for insurance, professional membership, auditing and safeguarding purposes.
(c) We have a legal obligation, for the purposes of security and the prevention of fraud and other criminal activity.
(d) We have a vital interest and legal compliance to protect you or others from information or actions that can harm
(e) We have a legitimate interest, namely the protection of our website, services, business and protection of affected parties and vulnerable persons.
Providing your personal data to others
· We may disclose your data to our insurers and/or professional advisers, insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice.
· Your personal data may be stored on the servers of our hosting services provider (Hostinger at www.hostinger.co.uk) and website builders (zyro.com)
· Financial transactions relating to our website and services or may be handled by our payment services providers (through Mettle.co.uk, underwritten by Natwest.co.uk). We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at https://www.mettle.co.uk/docs/privacy-notice/5.0.pdf
· In addition to the specific disclosures of personal data set out in the previous section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
How we store your personal information
· Your information is securely stored in a locked filing cabinet (paper-based information, such as notes and forms) and/or a password-protected folder (computer-based notes and forms).
· We are required to keep electronic and paper records for up to 7 years or until the 25th birthday for a child. We will then dispose your information by shredding and/or deleting files and external/cloud-based back-up data.
Your data protection rights
Under data protection law, you and/or your child (if over 13 years of age) has rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at email@example.com if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at firstname.lastname@example.org
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House, Water Lane. Wilmslow. Cheshire. SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk