Privacy & Data Protection (UK GDPR)

Effective from: 25 May 2018
Last updated: 21 April 2026

Overview

Amber365 Limited (“we”, “our”, “us”) operates hypnotherapylounge.co.uk.

We are committed to protecting and respecting your privacy. This page explains how personal data is collected, used, and protected in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, as updated by the Data Use and Access Act 2025 (DUAA).

Ingrid Radford acts as the Data Controller for all personal data processed through this website and in the provision of hypnotherapy services.

Information We Collect

We may collect and process the following types of personal data:

Information you provide

  • Name, email address, phone number
  • Information submitted via contact forms or enquiries

Usage data

  • IP address
  • Browser type and device information
  • Pages visited and time spent on the website

Cookies

  • Data collected via cookies and similar technologies (see Cookies section below)

How Your Data Is Used

Your information may be used to:

  • Respond to enquiries or provide requested services
  • Manage appointments and communications
  • Provide personalised hypnotherapy services
  • Maintain accurate records
  • Improve website functionality and user experience
  • Send marketing communications where you have opted in
  • Comply with legal, insurance, and professional obligations

Lawful Basis for Processing

Your data is processed under the following lawful bases:

  • Provision of services (contract)
  • Legitimate interests in operating and improving the website and services
  • Legal and professional obligations
  • Explicit consent where required (e.g. marketing or health data)

Where therapy services are provided, this may include processing special category (health) data, handled in accordance with UK GDPR requirements.

How Your Data Is Shared

We do not sell your personal data.

Your data may be shared with:

  • Service providers (e.g. hosting, booking systems, secure storage providers), under strict confidentiality agreements
  • Legal authorities where required by law or to protect rights and safety

How Your Data Is Stored

Your data is stored securely using appropriate technical and organisational measures:

  • Encrypted digital systems and password-protected devices
  • Two-factor authentication where possible
  • Paper records stored in locked cabinets
  • Access restricted to the practitioner only
  • Regular review of security practices

To support safe and effective practice, aspects of client work may be discussed within professional supervision or training settings. Any information shared is fully anonymised, and no identifying details or records are disclosed.

How Long Your Data Is Retained

In line with National Council for Hypnotherapy (NCH) guidelines:

  • Adults: 8 years after last contact
  • Children: Until age 25 (or 26 if therapy ends at age 17)

Records are securely destroyed after this period.

Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data (Subject Access Request)
  • Request correction of inaccurate data
  • Request restriction of processing
  • Object to processing in certain circumstances
  • Request data portability where applicable

Requests will be responded to within one month and handled in a reasonable and proportionate manner.

Cookies

This website uses cookies to:

  • Improve your browsing experience
  • Analyse website traffic
  • Support website functionality

You can control or disable cookies through your browser settings. Please note this may affect how the website functions.

Third-Party Links

This website may contain links to external websites. We are not responsible for the content or privacy practices of those sites.

Children’s Privacy

This website is not intended for individuals under the age of 18, and we do not knowingly collect personal data from children.

Confidentiality

All hypnotherapy sessions are confidential.

Information will only be shared without consent where:

  • There is a safeguarding concern (risk of harm)
  • Disclosure is required by law

Complaints

If you have any concerns about how your personal data is handled, please contact us in the first instance using the details below. We will acknowledge your complaint within 30 days and aim to resolve it promptly.

If you are not satisfied with the outcome, you have the right to escalate your complaint to the Information Commissioner’s Office (ICO):
www.ico.org.uk

Updates to This Policy

This policy may be updated periodically. The latest version will always be available on this page.

Contact

For any data protection queries:

[email protected]

Amber365 Limited
155 Armstrongs Fields
Aylesbury
Buckinghamshire
HP22 7BX
United Kingdom

Company number: 9210824

Further Information

More detailed information on how personal data is handled during therapy is provided in the Client Privacy Notice, which is shared with all clients before treatment begins.