PRIVACY POLICY
1. Introduction
Welcome to Modern Hypnosis by Alan Currie, accessible at www.modernhypnosisbyalancurrie.com ("Site"). We are dedicated to safeguarding your privacy and protecting your personal information in compliance with Scottish privacy laws and the General Data Protection Regulation (GDPR).
This Privacy Policy provides a detailed explanation of our practices regarding the collection, use, and disclosure of your personal information when you access our Site and Services. By using our Site and Services, you acknowledge that you have read and understood this Privacy Policy and agree to the processing of your personal data in accordance with its terms.
2. Scope and Consent
This Privacy Policy applies to all personal information collected through our Site and Services, including information provided during registration, course enrolment, and coaching sessions. By accessing or using our Site and Services, you consent to the collection, use, and sharing of your personal information as described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Site and Services.
3. Data Controller
Modern Hypnosis by Alan Currie, located in Ayr, South Ayrshire, Scotland, is the data controller responsible for your personal information. If you have any questions or concerns about our privacy practices or your personal information, please contact us at [email protected].
4. Types of Data Collected
We collect various types of personal information to provide and improve our Services, including but not limited to:
- Contact Information: Your name, email address, phone number, and other contact details.
- Payment Information: Details necessary to process payments, such as your credit card number or PayPal account information.
- Course and Coaching Information: Records of the courses you enrol in, coaching sessions you attend, and feedback you provide.
- Technical Information: Information about your device, browser, IP address, and usage data collected through cookies and similar technologies.
5. Lawful Basis for Processing
We process your personal information based on the following lawful bases under GDPR:
- Consent: We may process your data based on your explicit consent for specific purposes, such as sending marketing communications.
- Contractual Necessity: We process personal information as necessary to fulfil our contractual obligations to you, such as providing the Services you have requested.
- Legitimate Interests: We may process your data when it is in our legitimate interests to do so, such as for improving our Services, provided that these interests are not overridden by your rights and interests.
6. Data Collection Methods
We collect personal information through various methods, including:
- Direct Collection: Information you provide directly when registering for an account, enrolling in courses, or booking coaching sessions.
- Automated Technologies: Information collected automatically through cookies and similar technologies when you use our Site and Services.
- Third-Party Sources: Information we may receive from third-party partners or service providers.
7. Use of Personal Data
We use your personal information for the following purposes:
- Service Provision: To provide and manage the courses and coaching services you have requested.
- Communication: To communicate with you about your account, course enrolments, and coaching sessions, and to respond to your inquiries and requests.
- Payment Processing: To process payments for our Services and to prevent fraudulent transactions. We use third-party payment processors, such as PayPal and Stripe, for payment services. By using these payment services, you may also be subject to their terms and conditions and privacy policies, which can be found at PayPal's Privacy Policy and Stripe's Privacy Policy.
- Site Improvement: To analyse and improve the functionality and user experience of our Site and Services.
- Marketing: To send you promotional messages and updates about our Services, subject to your marketing preferences.
8. Data Retention
We retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. The retention period may vary depending on the type of data and the purpose for which it is processed. Once the retention period expires, we will securely delete or anonymize your personal information.
9. Data Sharing and Disclosure
We may share or disclose your personal information under the following circumstances:
- Service Providers: We may share your information with third-party service providers who perform services on our behalf, such as payment processing, website hosting, and data analysis.
- Legal Requirements: We may disclose your information if required by law, in response to a court order, or in connection with legal proceedings.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity.
- Consent: We may share your information with other parties with your explicit consent.
10. International Data Transfers
Your personal information may be transferred to, stored, and processed in countries outside of the European Economic Area (EEA) or your country of residence. We ensure that appropriate safeguards are in place to maintain the level of protection required by GDPR and Scottish privacy laws when transferring data internationally.
11. Data Security
We take appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include encryption, firewalls, and secure server facilities. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.
12. Cookies and Tracking Technologies
Our Site uses cookies and similar tracking technologies to enhance your user experience, analyse Site usage, and deliver personalized content and advertisements. You can manage your cookie preferences through your browser settings. For more detailed information about our use of cookies, please refer to our Cookie Policy.
13. Your Rights under GDPR
As a data subject under GDPR, you have the following rights regarding your personal information:
- Right of Access: You have the right to request access to your personal information and receive a copy of the data we hold about you.
- Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal information.
- Right to Erasure: You have the right to request the deletion of your personal information in certain circumstances.
- Right to Restriction of Processing: You have the right to request the restriction of processing of your personal information under certain conditions.
- Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller.
- Right to Object: You have the right to object to the processing of your personal information for direct marketing purposes or on grounds relating to your particular situation.
14. Exercising Your Rights
To exercise any of your rights under GDPR, please contact us at [email protected]. We will respond to your request within one month of receipt. In certain cases, we may require proof of identity before processing your request.
15. Automated Decision-Making
We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, without your explicit consent.
16. Children's Privacy
Our Site and Services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete the information as soon as possible.
17. Links to Other Websites
Our Site may contain links to other websites that are not operated by us. We are not responsible for the privacy practices or the content of these third-party websites. We encourage you to review the privacy policies of these websites before providing them with your personal information.
18. Changes to the Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time. We will notify you of any significant changes by posting the new Privacy Policy on our Site and updating the "Effective Date" at the top of this document. Your continued use of our Site and Services after any changes indicates your acceptance of the new Privacy Policy.
19. Data Protection Authority
If you have a complaint regarding our handling of your personal information, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority for Scotland, or the data protection authority in your country.
20. Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant data protection authorities without undue delay, in accordance with our legal obligations under GDPR.
21. Contact Information
If you have any questions or concerns about our Privacy Policy or the handling of your personal information, please contact us at [email protected].
22. Accessibility
We are committed to ensuring that our Privacy Policy is accessible to individuals with disabilities. If you require any assistance or need the Privacy Policy in an alternative format, please contact us.
23. Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of Scotland and the GDPR. Any disputes arising under or in connection with this Privacy Policy shall be subject to the jurisdiction of the Scottish courts.
24. Consent Withdrawal
You have the right to withdraw your consent to the processing of your personal information at any time. To withdraw your consent, please contact us at [email protected]. Please note that the withdrawal consent will not affect the lawfulness of processing based on consent before its withdrawal.
25. Effective Date
This Privacy Policy is effective as of 1st April 2024.