Enhanced Privacy Notice for Hastings Hypnotherapy

Welcome

Welcome to Hastings Hypnotherapy! I'm Marisa Casadei, and I believe in creating a safe, trusting space for your personal journey. As your hypnotherapist and the data controller for your information, I take your privacy and confidentiality very seriously.

How to Reach Me

If you have any questions about how I handle your information, please don't hesitate to reach out directly:

Email: hello@hastings-hypnotherapy.com

Data Controller: Marisa Casadei

How I Protect Your Information

I comply with my obligations under the General Data Protection Regulation (GDPR) by:

·      Keeping your personal data up to date

·      Storing and destroying it securely

·      Not collecting or retaining excessive amounts of data

·      Protecting your data from loss, misuse, and unauthorised access

·      Ensuring appropriate technical measures are in place (such as MFA and secure firewall protection)

What Information I Collect and Why

For Your Hypnotherapy Services, when you work with me, I collect and use information to:

·      Provide and deliver the services you've requested

·      Conduct in-person and online hypnotherapy sessions

·      Contact you as necessary related to your sessions

·      Maintain my accounts and records

For Your Website Experience

When you visit my website, I collect:

·      Information about how you navigate my site (to improve your experience)

·      Cookie data to remember your preferences

With Your Permission

I may use your information for:

·      Occasional service updates and communications

·      Marketing (only with your explicit consent)

Special Note About Health Information

I take extra care with any health-related information you share, as this is particularly sensitive data that deserves special protection.

How Long I Keep Your Information

I retain client data for a minimum period of 7 years. This allows me to:

·      Access your information if you return for future sessions

·      Respond to any potential complaints about my professional services

·      Meet my professional and insurance requirements

·      After this period, your information is securely destroyed.

Who I Might Share Your Information With

·      Your information remains private

·      Your individual client data will never be passed to a third party without your express consent.

Exceptions to Confidentiality

Confidentiality may be breached only when:

·      There is a legal requirement (such as a court order)

·      It's necessary to protect you or someone else from serious harm

·      It relates to the prevention, detection, or prosecution of a crime

Supervision and Training

For my professional development, I may consult with supervisors or peer support groups. In such cases:

·      All data is sufficiently anonymised so individual clients cannot be identified.

·      If you indicate your data should not be used for supervision purposes, I will respect that wish

My Lawful Basis for Processing Your Data

I rely on two lawful bases:

1. Your consent - You've given clear permission for me to process your data for specific purposes

2. Legitimate interests - Processing is necessary for both your wellbeing and my professional practice

Your Rights and My Responsibilities

Under UK data protection law, you have several important rights:

-       The Right to Access - You can request a copy of any personal information I hold about you.

-       The Right to Rectification - If you find any information inaccurate or out of date, you can ask me to correct it.

-       The Right to Erasure  -  You can request deletion of your personal data when it's no longer necessary for me to retain it.

-       The Right to Withdraw Consent -  You can withdraw your consent at any time. This won't affect services I've already provided.

-       The Right to Data Portability - You can ask me to provide your information in a format that allows you to transfer it to another service provider (where applicable).

-       The Right to Restrict Processing - If there's a dispute about your information, you can request that I limit how I use it.

-       The Right to Object - You can object to certain uses of your personal data.

-       The Right to Complain -  If you're unhappy with how I've handled your information, you can complain to the Information Commissioner's Office:

ICO Helpline: 0303 123 1113

ICO Website: https://ico.org.uk/concerns/

How to Exercise Your Rights

To exercise any of these rights, please contact me using the email address provided above. I'll respond to your request within one month.

My Commitment to You

At Hastings Hypnotherapy, I'm committed to being transparent about how I handle your information while maintaining the highest standards of confidentiality and care. Your trust is important to me, and I'm here to answer any questions you may have.

Last updated: 11 February 2026 

ICO Registration reference: ZC039173