PRIVACY POLICY

Last updated: January 2026 v2

1. Who We Are

Nadia Day Hypnotherapy
[Address: {location.address}}

Netley Abbey, Southampton Hampshire SO31 5BH
Email: [email protected]
Phone: 07815699334

We are committed to protecting your privacy and personal information. This policy explains how we collect, use, and protect your data in accordance with UK GDPR and the Data Protection Act 2018.

For any questions about this privacy policy or how we handle your data, please contact us using the details above.

2. What Information We Collect

We collect and process the following personal information:

From our website:

Name

Email address

Phone number

Any information you provide in enquiry forms or messages

During in-person consultations and sessions:

Full name

Age and date of birth

Home address

Contact telephone number

Email address

Health information relevant to your hypnotherapy treatment (this is considered "special category" sensitive data under UK GDPR)

Session notes and treatment records

Payment information

From your use of our website:

IP address

Browser type and version

Pages visited and time spent on pages

Referring website

Cookies (see Cookie Policy section below)

3. Legal Basis for Processing Your Data

We process your personal data under the following legal bases:

For general contact and administrative data:

Consent: You have given clear consent for us to process your personal data for specific purposes

Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract

Legitimate interests: Processing is necessary for our legitimate interests (running our hypnotherapy practice) and your interests and fundamental rights do not override those interests

For health information (special category data):

Explicit consent: You have given explicit, informed consent for us to process your health data for the purpose of providing hypnotherapy treatment

4. How We Use Your Information

We use your information for the following purposes:

To provide hypnotherapy services: Conducting consultations, treatment sessions, and follow-up care

Communication: Responding to enquiries, booking appointments, sending appointment reminders, and treatment-related communication

Record keeping: Maintaining accurate treatment records as required by our professional body

Legal obligations: Complying with legal and regulatory requirements

Professional development: Anonymous case discussions with supervisors and peer groups (no personal details are ever shared)

Marketing communications (only with your separate consent): Sending you information about our services, workshops, or offers

You can withdraw your consent for marketing at any time by clicking the unsubscribe link in any email or contacting us directly.

5

. How We Protect Your Information

We take data security seriously and have implemented appropriate technical and organisational measures to protect your personal data, including:

Secure, password-protected storage systems

Encrypted digital records where applicable

Physical records stored in locked, secure locations

Access limited to authorised personnel only

Regular review of our security procedures

6. Who We Share Your Information With

We will never sell your personal information. We may share your data with:

Third-party service providers who process data on our behalf:

TidyCal: Appointment booking and scheduling

OmniSam: Client records management, marketing automation, email communications, sales funnels, and email list management

Website hosting providers

Email service providers

Payment processors

Cloud storage providers

These third-party providers may store and process your data on servers located outside the UK. We have ensured that appropriate data processing agreements and safeguards are in place with all providers to protect your information in accordance with UK GDPR requirements.

All third parties are required to keep your data secure and confidential.

Legal and professional obligations:

Professional indemnity insurers

Our professional supervisor (anonymised cases only)

Legal or regulatory authorities when required by law

Police or other authorities where there is a legal safeguarding requirement

Peer support and supervision:

Anonymous case histories are occasionally discussed with peer-support groups and clinical supervisors for Continuous Professional Development (CPD) and professional governance. No personal identifying details are ever shared.

7. International Data Transfers

Some of our service providers may store data outside the UK/EU. Where this occurs, we ensure appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements.

8. How Long We Keep Your Information

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy:

Treatment records and health data: 4 years from the date of your last appointment, in accordance with professional body requirements

Financial records: 6 years for tax and accounting purposes

Marketing consent records: Until you withdraw consent or we cease marketing activities

Website enquiries: 2 years from last contact if no treatment relationship is established

After these retention periods, records will be securely destroyed or permanently deleted.

9. Your Rights

Under UK GDPR, you have the following rights:

Right of access: Request a copy of the personal data we hold about you

Right to rectification: Request correction of inaccurate or incomplete data

Right to erasure: Request deletion of your personal data (subject to legal obligations)

Right to restrict processing: Request that we limit how we use your data

Right to data portability: Receive your data in a portable format

Right to object: Object to processing based on legitimate interests or for marketing purposes

Right to withdraw consent: Withdraw consent at any time (this will not affect the lawfulness of processing prior to withdrawal)

Rights related to automated decision-making: We do not use automated decision-making or profiling

To exercise any of these rights, please contact us using the details at the top of this policy. We will respond to your request within one month.

10. Right to Complain

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

11. Children's Privacy

For clients under the age of 16, we require parental or guardian consent before collecting and processing any personal data, including health information.

12. Cookie Policy

Our website uses cookies to improve your experience. Cookies are small text files stored on your device.

Essential cookies: Required for the website to function properly (e.g., security, navigation)

Analytics cookies: Help us understand how visitors use our website (e.g., Google Analytics) - these require your consent

Marketing cookies: Track your visits across websites to show you relevant advertising - these require your consent

You can manage your cookie preferences through your browser settings or our cookie consent banner when you first visit the website. Refusing cookies may affect website functionality.

For more information about cookies, visit: www.allaboutcookies.org

13. Marketing Communications

We use OmniSam to manage our marketing communications, including email newsletters, service updates, and promotional offers.

Your marketing preferences:

Marketing communications are entirely optional and separate from treatment-related communications

You will only receive marketing emails if you have specifically opted in through our subscription forms or consent forms

We use double opt-in confirmation to ensure your consent is clear and verified

Every marketing email includes an unsubscribe link

You can update your preferences or unsubscribe at any time by clicking the link in any email or contacting us directly

Unsubscribing from marketing will NOT affect appointment reminders or treatment-related communications

Treatment vs. Marketing:

Treatment communications (appointment confirmations, reminders, session follow-ups) are sent based on our contract with you and do not require separate marketing consent

Marketing communications (newsletters, special offers, general wellness tips) require your separate, explicit consent

14. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

If we make significant changes that affect how we use your personal data, we will notify you by email or through a prominent notice on our website.

Your consent

By using our website or engaging our services, you acknowledge that you have read and understood this privacy policy. For health data and marketing communications, we will obtain your explicit consent through separate consent forms.

Contact Us.

We welcome your questions, comments, and concerns about privacy. You can contact us at:

Nadia Day-Hypnotherapy

25 The Crescent

Netley Abbey, Southampton Hampshire SO31 5BH

[email protected]