Academy For Hypnosis Privacy Policy (UK GDPR & PECR Compliant – 2026 Version)
Last updated: 06/07/26
1. Who we are (Data Controller)
This Privacy Policy explains how we collect, use, and protect your personal data in accordance with UK GDPR and the Data Protection Act 2018.
Data Controller:
Academy for Hypnosis (trading name)
Legal entity: [Insert legal name of sole trader or limited company]
Registered address: Flat 50, Charlbert Court, Charlbert Street, London NW8 7BY
Email: [email protected]
We are the “data controller” responsible for deciding how and why your personal data is processed.
2. What personal data we collect
We may collect the following categories of personal data:
Identity and contact data
Full name
Email address
Telephone number
Postal address
Course and training data
Enrolment details
Attendance records
Certification progress
Assessment results (if applicable)
Payment data
Payment status
Transaction references
Billing details (processed by third-party payment providers only)
We do not store full card details.
Technical data
IP address
Device and browser information
Website usage data (via cookies and analytics tools)
Communication data
Emails, messages, and enquiry forms
Support requests
Training and session data
Zoom or online class participation
Attendance logs
Training recordings (where applicable – see Section 9)
3. How we collect your data
We collect personal data when you:
Register for a course or certification
Complete contact or enquiry forms
Make a purchase or payment
Attend live or online training sessions (e.g. Zoom)
Subscribe to marketing communications
Interact with our website
We may also receive data from:
Payment providers (e.g. Stripe, PayPal, Klarna)
CRM and automation platforms
Email and SMS providers
Analytics tools (e.g. Google Analytics)
4. Lawful bases for processing
We process your personal data under the following lawful bases:
Contract
To provide training, certification, course access, and related services.
Legitimate interests
To:
Improve and develop our services
Manage business operations
Prevent fraud and misuse
Analyse website and course performance
Communicate relevant service information
Consent
For:
Marketing communications (where required under PECR)
Optional cookies and tracking technologies
Legal obligation
To comply with:
Tax and accounting requirements
Regulatory or legal obligations
5. How we use your personal data
We use your data to:
Deliver training courses and certifications
Manage student enrolment and progress
Provide customer support
Process payments and refunds
Issue certificates upon completion
Send service-related communications
Improve our website and training services
Send marketing communications (where lawful basis applies)
6. Marketing communications (PECR compliance)
We will only send marketing communications where:
You have explicitly opted in, or
You are an existing customer and we are marketing similar services (soft opt-in under PECR)
All marketing emails include an unsubscribe option.
You can opt out at any time by:
Clicking the unsubscribe link in emails
Contacting us directly
We do not sell or rent your personal data.
7. Cookies and tracking technologies (PECR compliance)
Our website uses cookies and similar technologies.
Types of cookies we use:
Strictly necessary cookies
Required for website operation and security. These cannot be disabled.
Analytics cookies
Used to understand website usage and improve performance (e.g. Google Analytics).
Marketing cookies
Used for advertising and remarketing (e.g. Meta Pixel, Google Ads).
Consent requirements
We do not set non-essential cookies (analytics or marketing cookies) unless you have given explicit consent via our cookie banner.
When you first visit our website, you are presented with clear options to:
Accept all cookies
Reject non-essential cookies
Customise preferences
You can change your preferences at any time via the cookie settings tool.
8. Online training, Zoom sessions and recordings
We deliver training via platforms such as Zoom and similar services.
Live sessions
During live training:
Your name and participation may be visible to other attendees
Chat messages may be visible to participants
Recordings
Some sessions may be recorded for:
Educational access for enrolled students
Quality assurance
Revision and course delivery purposes
Legal basis for recordings
Recordings are processed under:
Contract (course delivery), and
Legitimate interests (training quality and student access)
By enrolling, you acknowledge that recordings may include:
Video and audio participation
Screen sharing content
Chat interactions
Recordings are:
Stored securely
Access restricted to authorised staff and enrolled students only
Retained only for as long as necessary
If you prefer not to appear on camera, you may:
Turn off your camera/microphone
Contact us prior to the session
9. Payment processing
Payments are processed securely via third-party providers such as:
Stripe, PayPal, Klarna, and similar providers.
These providers act as independent data controllers for payment transactions.
We do not store full payment card details.
10. Data sharing
We may share your personal data with trusted third parties where necessary, including:
Payment processors
CRM and automation systems
Email and SMS providers
Website hosting and infrastructure providers
Online course platforms
Professional advisers (e.g. accountants)
Legal or regulatory authorities where required
All third parties are contractually required to:
Process data securely
Act only under our instructions
Comply with UK GDPR
11. Data processors and service providers
We use third-party service providers to operate our business and deliver services, including website hosting, CRM systems, automation tools, and course delivery platforms.
These providers process personal data on our behalf and are not permitted to use it for their own purposes.
Our service providers may include:
CRM and automation platform (GoHighLevel or equivalent white-label system)
Email and SMS communication providers
Online course and membership platforms
Payment processors
Video conferencing providers
All processors are bound by data processing agreements in accordance with UK GDPR.
12. Automated processing and profiling
We may use automated systems to support communication, marketing, and customer relationship management.
This may include organising contacts based on:
Website activity
Email engagement
Course interest or enquiry type
Interaction history
These processes are used solely to improve relevance and efficiency of communications and do not produce legal or similarly significant effects on individuals.
We do not make decisions based solely on automated processing that would significantly affect your access to services.
You can opt out of marketing communications at any time using the unsubscribe link or by contacting us directly.
13. International data transfers
Some service providers may process data outside the UK.
Where this occurs, we ensure appropriate safeguards are in place, such as:
UK adequacy regulations, or
Standard contractual clauses (SCCs) approved under UK GDPR
14. Data retention
We retain personal data only for as long as necessary for the purposes collected.
Retention periods:
Enquiry data: 12–24 months
Student training records: up to 6 years
Financial records: 6 years (legal requirement)
Marketing data: until you withdraw consent or unsubscribe
Training recordings: 1–3 years (or as required for course delivery)
Data is then securely deleted or anonymised.
15. Your rights under UK GDPR
You have the right to:
Access your personal data
Correct inaccurate data
Request deletion of your data
Restrict or object to processing
Withdraw consent at any time
Data portability (where applicable)
To exercise your rights, contact us using the details above.
16. Complaints
If you are unhappy with how we handle your personal data, please contact us first.
You also have the right to complain to:
Information Commissioner’s Office (ICO)
https://ico.org.uk
17. Data security
We use appropriate technical and organisational measures to protect your data, including:
Encrypted systems where appropriate
Access controls and permissions
Secure hosting environments
Password-protected systems
However, no method of transmission or storage is 100% secure.
18. Children’s data
Our services are intended for adults. We do not knowingly collect data from individuals under 18 without appropriate consent.
19. Changes to this policy
We may update this Privacy Policy from time to time. Any updates will be posted on this page with a revised “Last updated” date.
Copyright 2026. Academy For Hypnosis. All Rights Reserved.