Academy For Hypnosis Privacy Policy (UK GDPR & PECR Compliant – 2026 Version)

Last updated: 06/07/26

1. Who we are (Data Controller)

This Privacy Policy explains how we collect, use, and protect your personal data in accordance with UK GDPR and the Data Protection Act 2018.

Data Controller:

Academy for Hypnosis (trading name)
Legal entity: [Insert legal name of sole trader or limited company]
Registered address: Flat 50, Charlbert Court, Charlbert Street, London NW8 7BY
Email: [email protected]

We are the “data controller” responsible for deciding how and why your personal data is processed.


2. What personal data we collect

We may collect the following categories of personal data:

Identity and contact data

Full name

Email address

Telephone number

Postal address

Course and training data

Enrolment details

Attendance records

Certification progress

Assessment results (if applicable)

Payment data

Payment status

Transaction references

Billing details (processed by third-party payment providers only)

We do not store full card details.

Technical data

IP address

Device and browser information

Website usage data (via cookies and analytics tools)

Communication data

Emails, messages, and enquiry forms

Support requests

Training and session data

Zoom or online class participation

Attendance logs

Training recordings (where applicable – see Section 9)


3. How we collect your data

We collect personal data when you:

Register for a course or certification

Complete contact or enquiry forms

Make a purchase or payment

Attend live or online training sessions (e.g. Zoom)

Subscribe to marketing communications

Interact with our website

We may also receive data from:

Payment providers (e.g. Stripe, PayPal, Klarna)

CRM and automation platforms

Email and SMS providers

Analytics tools (e.g. Google Analytics)


4. Lawful bases for processing

We process your personal data under the following lawful bases:

Contract

To provide training, certification, course access, and related services.

Legitimate interests

To:

Improve and develop our services

Manage business operations

Prevent fraud and misuse

Analyse website and course performance

Communicate relevant service information

Consent

For:

Marketing communications (where required under PECR)

Optional cookies and tracking technologies

Legal obligation

To comply with:

Tax and accounting requirements

Regulatory or legal obligations


5. How we use your personal data

We use your data to:

Deliver training courses and certifications

Manage student enrolment and progress

Provide customer support

Process payments and refunds

Issue certificates upon completion

Send service-related communications

Improve our website and training services

Send marketing communications (where lawful basis applies)


6. Marketing communications (PECR compliance)

We will only send marketing communications where:

You have explicitly opted in, or

You are an existing customer and we are marketing similar services (soft opt-in under PECR)

All marketing emails include an unsubscribe option.

You can opt out at any time by:

Clicking the unsubscribe link in emails

Contacting us directly

We do not sell or rent your personal data.


7. Cookies and tracking technologies (PECR compliance)

Our website uses cookies and similar technologies.

Types of cookies we use:

Strictly necessary cookies
Required for website operation and security. These cannot be disabled.

Analytics cookies
Used to understand website usage and improve performance (e.g. Google Analytics).

Marketing cookies
Used for advertising and remarketing (e.g. Meta Pixel, Google Ads).

Consent requirements

We do not set non-essential cookies (analytics or marketing cookies) unless you have given explicit consent via our cookie banner.

When you first visit our website, you are presented with clear options to:

Accept all cookies

Reject non-essential cookies

Customise preferences

You can change your preferences at any time via the cookie settings tool.


8. Online training, Zoom sessions and recordings

We deliver training via platforms such as Zoom and similar services.

Live sessions

During live training:

Your name and participation may be visible to other attendees

Chat messages may be visible to participants

Recordings

Some sessions may be recorded for:

Educational access for enrolled students

Quality assurance

Revision and course delivery purposes

Legal basis for recordings

Recordings are processed under:

Contract (course delivery), and

Legitimate interests (training quality and student access)

By enrolling, you acknowledge that recordings may include:

Video and audio participation

Screen sharing content

Chat interactions

Recordings are:

Stored securely

Access restricted to authorised staff and enrolled students only

Retained only for as long as necessary

If you prefer not to appear on camera, you may:

Turn off your camera/microphone

Contact us prior to the session


9. Payment processing

Payments are processed securely via third-party providers such as:
Stripe, PayPal, Klarna, and similar providers.

These providers act as independent data controllers for payment transactions.

We do not store full payment card details.


10. Data sharing

We may share your personal data with trusted third parties where necessary, including:

Payment processors

CRM and automation systems

Email and SMS providers

Website hosting and infrastructure providers

Online course platforms

Professional advisers (e.g. accountants)

Legal or regulatory authorities where required

All third parties are contractually required to:

Process data securely

Act only under our instructions

Comply with UK GDPR


11. Data processors and service providers

We use third-party service providers to operate our business and deliver services, including website hosting, CRM systems, automation tools, and course delivery platforms.

These providers process personal data on our behalf and are not permitted to use it for their own purposes.

Our service providers may include:

CRM and automation platform (GoHighLevel or equivalent white-label system)

Email and SMS communication providers

Online course and membership platforms

Payment processors

Video conferencing providers

All processors are bound by data processing agreements in accordance with UK GDPR.


12. Automated processing and profiling

We may use automated systems to support communication, marketing, and customer relationship management.

This may include organising contacts based on:

Website activity

Email engagement

Course interest or enquiry type

Interaction history

These processes are used solely to improve relevance and efficiency of communications and do not produce legal or similarly significant effects on individuals.

We do not make decisions based solely on automated processing that would significantly affect your access to services.

You can opt out of marketing communications at any time using the unsubscribe link or by contacting us directly.


13. International data transfers

Some service providers may process data outside the UK.

Where this occurs, we ensure appropriate safeguards are in place, such as:

UK adequacy regulations, or

Standard contractual clauses (SCCs) approved under UK GDPR


14. Data retention

We retain personal data only for as long as necessary for the purposes collected.

Retention periods:

Enquiry data: 12–24 months

Student training records: up to 6 years

Financial records: 6 years (legal requirement)

Marketing data: until you withdraw consent or unsubscribe

Training recordings: 1–3 years (or as required for course delivery)

Data is then securely deleted or anonymised.


15. Your rights under UK GDPR

You have the right to:

Access your personal data

Correct inaccurate data

Request deletion of your data

Restrict or object to processing

Withdraw consent at any time

Data portability (where applicable)

To exercise your rights, contact us using the details above.


16. Complaints

If you are unhappy with how we handle your personal data, please contact us first.

You also have the right to complain to:

Information Commissioner’s Office (ICO)
https://ico.org.uk


17. Data security

We use appropriate technical and organisational measures to protect your data, including:

Encrypted systems where appropriate

Access controls and permissions

Secure hosting environments

Password-protected systems

However, no method of transmission or storage is 100% secure.


18. Children’s data

Our services are intended for adults. We do not knowingly collect data from individuals under 18 without appropriate consent.


19. Changes to this policy

We may update this Privacy Policy from time to time. Any updates will be posted on this page with a revised “Last updated” date.

Copyright 2026. Academy For Hypnosis. All Rights Reserved.