Last update : 31/01/2022
1. Introduction
1.1 This policy sets out how we at Clifton Practice Hypnotherapy Training, otherwise known as CPHT, use and protect the information that you provide when you use our services and our AHD website.
It is our intention to ensure that any data you provide is managed respectfully, kept secure and only used for the purposes for which it has been provided.
This policy will be updated from time to time in line with prevailing legislation.
1.2 We use cookies on our website. Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website. By using our websites and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy. See section 11 for more detailed information.
2. How we use your personal data
2.1 When you contact us via our AHD website we will collect your : name, address, telephone number, email address, date of birth and ethnic origine.
2.2 We use this information in order to make contact with you to discuss your interest in our AHD Course and to book an interview if you wish to become a student.
If you have a successful interview and wish to become a student we will give/send you a copy of our Confidential Student Details Form which asks for more information and explains once again how we will use information provided.
2.3 In the Confidential Student Details Form we will ask for your : name, address, telephone and email contact details so that we may contact you during the time we are working together. We also ask questions about your occupation, education, health, pastimes, training. These questions help us to get to know you better. In particular why you wish to take part in our training and how you will use it in the future.
2.4 We may process information (your name) that you post for publication on our website as a Review (“publication data”). The publication data may be processed for the purposes of enabling such publication and administering our website and services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. To have your Review deleted from our website, contact your Data Protection Officer.
2.5 We may process your email that you provide to us for the purpose of subscribing to our Blog email notifications service (“notification data”). The notification data may be processed for the purposes of sending you the relevant notifications. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. To unsubscribe and have your email deleted from this service, either contact your Data Protection Officer or click “Unsubscribe” at the bottom of any notification emails.
2.6 We may process your email that you provide to us for the purpose of subscribing to our MailChimp Latest News service, which runs on our Student/Practitioner website extranet.cpht.co.uk (“notification data”). The notification data may be processed for the purposes of sending you the relevant notifications. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. To unsubscribe and have your email deleted from this service, either contact your Data Protection Officer or click “Unsubscribe” at the bottom of any notification emails.
2.6 We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
2.7 We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
2.8 In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject.
2.9 Please do not supply any other person’s personal data to us, unless we prompt you to do so.
3. Your rights
Under the General Data Protection Regulations which are effective from 25th May 2018 you have the following rights :
- the right to be informed (which is why we have produced this policy).
- the right of access (if you wish to see your file then please make a request in writing to the Data Protection Officer. We will provide you with the information within 30 days of your request).
- the right to rectification (this is your right to request changes to any information we hold that is factually inaccurate. If you believe any of the information we hold about you is incorrect then please let us know as soon as possible and we will make the appropriate changes).
- the right to erasure (given the nature of our work we are required to hold your details for a period of 7 years, after this your information will be securely destroyed).
- the right to restrict processing (we will only use the information for the purposes that we have stated: most standards of confidentiality applied in professional contexts are based upon the Common Law concept of confidentiality where the duty to keep confidence is measured against the concept of “greater good”).
- the right to data portability (we will not share your information, other than in the situations described above, without your specific consent).
- the right to object (we will not contact you for marketing purposes unless you have given us specific agreement to do so).
- the right not to be subject to automated decision-making including profiling (we will not use your information for profiling purposes).
4. Providing your personal data to others
4.1 We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
4.2 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
4.3 In addition to the specific disclosures of personal data set out in this Section 4, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
5. International transfers of your personal data
You acknowledge that personal data (Name) that you submit for publication through our website or services (Reviews) may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
6. Retaining and deleting personal data
6.1 This Section 6 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
6.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6.3 Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
7. Security of personal data
7.1 We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.
7.2 We use a Data Protection Officer for the purposes of administration. The Data Protection Officer is trained for GDPR purposes and fully compliant with the requirements.
7.3 Clinic premises may operate CCTV surveillance for the purposes of security. We will have received written assurance from the owners of the premises that any data obtained via CCTV is protected in accordance with the GDPR.
7.4 Data relating to your Application form/Contact Form that is sent from your web browser to our web server will be protected using https SSL encryption technology.
7.5 You acknowledge that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
8. Webcam sessions
Where sessions are conducted by Webcam, eg. Zoom, Skype, Facetime etc., the sessions are recorded only for as long as it takes to write up the notes not taken contemporaneously. Once notes have been documented, the recording is deleted.
9. Personal data of children
9.1 Our website and services are targeted at persons over the age of 18.
9.2 If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data.
10. Updating information
10.1 Please let us know if the personal information that we hold about you needs to be corrected or updated.
11. About cookies
11.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
11.2 Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date. A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
11.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
12. Cookies that we use
12.1 We use the following standard cookies on our website for the following purposes :
Cookie | Domain | Type | Description | Duration |
---|---|---|---|---|
_ir | api.pinterest.com | Advertisement | This is a Pinterest cookie that collects information on visitor behaviour on multiple websites. This information is used on the website, in order to optimize the relevance of advertisement. | session |
12.2 Jetpack cookies – all CPHT websites are WordPress and use the Jetpack plugin. As a result, depending on activated options (comments etc) they may also use the following cookies : https://jetpack.com/support/cookies/
13. Google Analytics
We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
Google’s privacy policy is available at: https://www.google.com/policies/privacy/.
14. Managing cookies
14.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
14.2 If you block cookies, you might not be able to use all the features on our website.
15. Links to other sites
Our website may contain links to other sites (Facebook, Twitter, Google…). If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
16. Amendments
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy.
17. Data Protection Officer
Correspondance details | Data Protection Officer | |
Cirencester Hypnotherapy & Health Centre, 84 Dyer Street, Cirencester, Glos GL7 2PF Tel : 02895 320 880 |
Alex Brounger | alexbrounger@cpht.co.uk |