Privacy Notice

​

1. Data Controller

Sandbox Hypnotherapy is the Data Controller responsible for your personal information.

Contact Details

• Email: alexandra@sandboxhypnotherapy.co.uk

• Telephone: 07548799367

• Website: www.sandboxhypnotherapy.co.uk

2. Information I Collect

a.     There is a genuine purpose for obtaining personal information from clients and

b.     I only collect personal information that is necessary to the work that I am doing with the client.

c.      I only collect necessary personal information with minimal impact on privacy.

I may collect and process the following information:

Personal Information

• Name

• Address

• Telephone number

• Email address

• Date of birth

Health and Wellbeing Information

To provide hypnotherapy services safely and effectively, I may collect:

• Any relevant Medical history

• Mental and emotional wellbeing information

• Relevant health conditions

• Medication details

• Information discussed during sessions:

This information is classified as Special Category Data under UK GDPR.

3. How Your Information Is Collected

Information may be collected through:

• Initial enquiries by email, phone or website contact forms

• Consultation forms

• Appointment bookings through Setmore

• Hypnotherapy sessions

• Zoom sessions

• Payments processed through Square

4. Why I Use Your Information

I use your information to:

• Respond to enquiries

• Schedule appointments

• Deliver hypnotherapy services

• Maintain client records

• Process payments

• Meet professional and legal obligations

• Protect the safety and wellbeing of clients

5. Legal Basis for Processing

My lawful bases for processing your information are:

• Performance of a contract (providing the service you request)

• Legitimate interests (running my practice effectively)

• Legal obligations

• Provision of health and wellbeing services

6. Confidentiality

Everything discussed during sessions is treated as confidential.

Information may only be disclosed if:

• You provide consent

• There is a serious risk of harm to yourself or others

• Disclosure is required by law or court order

• A safeguarding concern arises

7. Online Appointments and Third-Party Providers

Sandbox Hypnotherapy uses trusted third-party providers to support services.

Setmore

Appointment bookings are managed through:

Setmore

Zoom

Online hypnotherapy sessions may be conducted through:

Zoom

Square

Payments are processed securely through:

Square UK

These providers act as separate data controllers or processors and have their own privacy policies.

8. Data Security

I take reasonable measures to protect your information, including:

• Password-protected devices

• Secure storage systems

• Restricted access to records

• Secure communication methods where appropriate

9. Record Retention

Client records are retained in accordance with professional practice requirements.

Typically:

• Adult records: retained for 8 years after the end of therapy

• Child records: retained until age 25, or longer where legally required

Records are securely deleted or destroyed when no longer required.

10. Your Rights

You have the right to:

• Access your personal information

• Request correction of inaccurate information

• Request erasure where appropriate

• Restrict processing

• Object to processing

• Request transfer of your data where applicable

Requests should be submitted in writing using the contact details above.

11. Complaints About Data Protection

If you have concerns about how your information is handled, please contact Sandbox Hypnotherapy first.

Stage 1 – Informal Resolution

Please contact Sandbox Hypnotherapy directly:

• Email: alexandra@sandboxhypnotherapy.co.uk

Your complaint will be acknowledged within 5 working days and every effort will be made to resolve the matter within 14 working days.

Stage 2 – Formal Complaint

If the matter is not resolved, please submit a written complaint including:

• Your name and contact details

• Details of the complaint

• Relevant dates

• Any supporting information

• The outcome you are seeking

If the data protection complaint is not resolved, you also have the right to complain to the :

Information Commissioner's Office

Website: ICO Website

​

​