Emotional Health Check

Discover your Emotional Health Score

Take the Emotional Health Check quiz and Andrew will send you a personalised emotional health report.

Take the quiz now

Privacy Policy

Andrew Major Hypnotherapy
Last updated: June 2026

Privacy Summary

Your privacy and confidentiality are very important to me. This policy explains what personal information I collect, why I collect it, how I use it, how long I keep it, and what rights you have under UK data protection law.

  • I only collect information that is needed to provide my services, manage enquiries and appointments, meet legal and professional obligations, and run my business safely and effectively.
  • Therapy-related information is treated as confidential and handled with particular care.
  • I do not sell your personal data.
  • Marketing emails are only sent if you choose to receive them, and you can unsubscribe at any time.
  • You can request access, correction, restriction, deletion, or objection to the use of your personal data, subject to legal and professional record-keeping requirements.
  • If you are concerned about how I have used your personal information, you can make a data protection complaint directly to me using the process and form below.

1. Who I Am

Andrew Major Hypnotherapy
C/O Popeshead Court Offices, Peter Lane, York, YO1 8SU
Email: info@andrewmajorhypnotherapy.co.uk
I am the data controller responsible for your personal data under UK data protection law.

2. What Personal Data I Collect

Depending on how you interact with my services, I may collect the following types of personal data:

Contact information

  • name;
  • email address;
  • phone number;
  • address, only if you provide it or if it is genuinely needed for a specific purpose.

Therapy and wellbeing information

  • information about your wellbeing, health, mental health, emotional health, goals, difficulties, lifestyle, sleep, stress, anxiety, or other issues you choose to share;
  • brief session notes, progress information, consultation forms, assessments, or relevant correspondence;
  • information needed to provide therapy safely and professionally.

Booking, purchase and payment information

  • appointment history;
  • purchase records;
  • payment confirmations;
  • invoices or financial records where required.

Technical and website information

  • IP address;
  • browser and device type;
  • website usage data;
  • cookie preferences and analytics information where applicable.

Marketing and assessment information

  • email subscription preferences;
  • responses to quizzes, forms or assessments, such as an Emotional Health Check, where you choose to complete them;
  • communication preferences.

3. How I Collect Personal Data

I may collect your personal data when you:

  • complete forms on my website;
  • book an appointment;
  • purchase a product or service;
  • subscribe to emails;
  • complete assessments, quizzes or consultation forms;
  • contact me directly by email, phone, form, video call or message;
  • use my website, including through cookies or analytics tools.

4. Why I Use Your Personal Data

I may use your personal data to:

  • respond to enquiries;
  • provide therapy, hypnotherapy, psychotherapy, digital products, downloads, courses, resources, or related services;
  • manage bookings, appointments, payments and administration;
  • maintain appropriate professional records;
  • communicate with you about appointments, services or resources you have requested;
  • meet legal, accounting, insurance, safeguarding and professional obligations;
  • improve my website, services and client experience;
  • send email updates or resources you have requested or consented to receive.

5. Lawful Basis for Processing Personal Data

Under UK data protection law, I must have a lawful basis for using your personal data. The lawful basis may depend on the type of information and the reason it is being used.

Therapy services and client administration

For therapy services and client administration, I may rely on contract, legitimate interests, and, where required, explicit consent. This allows me to provide services you request, communicate with you, manage appointments, maintain appropriate records, and operate my practice safely and professionally.

Legitimate interests: purpose, necessity and balance

For much of my ordinary client administration and professional record-keeping, I rely on legitimate interests. My legitimate interests include providing safe, professional and effective therapeutic services, responding to enquiries, managing appointments, maintaining appropriate records, meeting professional and insurance requirements, and running my business responsibly.
I only collect and use information where there is a genuine purpose for doing so, where the information is necessary for that purpose, and where I consider that the use of the information is proportionate and has minimal impact on your privacy. For example, it is usually necessary to hold your contact details so that I can communicate with you, but I will not ask for information that is not reasonably needed for the service being provided.

Special category data

Some therapy-related information may be special category data because it may relate to your health, mental health, emotional wellbeing, or other sensitive personal matters. I handle this information with additional care. Where required, I rely on explicit consent to process this type of information for the purpose of providing therapeutic support and maintaining appropriate professional records. You may withdraw consent, but I may still need to retain some information where required for legal, insurance, safeguarding or professional reasons.

Legal obligations

I may process and retain certain information where necessary to meet legal obligations, including accounting, tax, safeguarding, regulatory, insurance or legal requirements.

Marketing emails

If you subscribe to receive emails, I rely on your consent. You can withdraw your consent at any time by using the unsubscribe link in emails or by contacting me directly.

Recognised legitimate interests and disclosures to public authorities

In limited circumstances, I may share personal information where required or permitted by law, including for safeguarding, prevention or detection of crime, responding to emergencies, protecting someone from serious harm, or supporting public safety. Where a recognised legitimate interest applies, such as disclosure to an appropriate public authority, I may rely on that lawful basis where relevant. I will only share information that is appropriate in the circumstances.

6. Confidentiality

Therapy-related information is treated as confidential. Confidentiality is central to therapeutic work, but it is not absolute. Information may be shared without your consent if required by law, if there is a serious risk of harm, if safeguarding concerns arise, or where disclosure is otherwise permitted under UK data protection law.
For professional supervision, client work may occasionally be discussed anonymously or with identifying details removed, unless disclosure is necessary for professional, legal or safeguarding reasons.

7. Third-Party Services

I use trusted third-party providers to help run my business. These may include:

  • website hosting provider;
  • MailerLite or other email marketing systems;
  • ScoreApp or other assessment/quiz systems;
  • Acuity or other booking systems;
  • Square or other payment providers;
  • Sellfy or other digital product platforms;
  • secure email, cloud storage, document management, accounting and administration providers.

These providers only process data as needed to provide their services and are expected to protect your information. Payment providers process your card details directly. I do not store full card details.

8. International Transfers

Some service providers may store or process data outside the UK. Where this happens, appropriate safeguards are used to protect your personal information in line with UK data protection law.

9. Data Security

I take appropriate steps to protect your personal data, including password-protected systems, secure platforms, restricted access, and locked storage for any written notes. If a personal data breach occurs that is likely to affect your rights and freedoms, I will take appropriate steps and inform you and/or the Information Commissioner’s Office where required by law.

10. Data Retention

I keep personal data only for as long as necessary for the purpose it was collected, including legal, insurance, safeguarding, accounting and professional record-keeping requirements. Typical retention periods are:

  • therapy records: typically up to 7 years after therapy ends, or longer where legally or professionally required;
  • financial records: as required by UK tax and accounting law;
  • marketing data: until you unsubscribe or request deletion, unless I need to retain a minimal record of your preference not to be contacted;
  • website enquiry data: for as long as necessary to respond and manage the enquiry, unless a longer retention period is required.

When data is no longer needed, it is securely deleted, destroyed or anonymised.

11. Your Rights

Under UK data protection law, you have rights in relation to your personal data. These may include the right to:

  • request a copy of your personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of your data;
  • request restriction of processing;
  • object to processing;
  • request transfer of your data elsewhere where applicable;
  • withdraw consent at any time where processing is based on consent.

The right to deletion is not absolute. Some information may need to be kept for legal, insurance, safeguarding, professional or legitimate record-keeping reasons. To exercise your rights, please email: info@andrewmajorhypnotherapy.co.uk

12. Subject Access Requests

You have the right to request access to the personal data I hold about you. This is known as a Subject Access Request, or SAR. If you make a SAR, I will carry out reasonable and proportionate searches of the places where relevant personal data is likely to be held and respond in accordance with UK data protection law.
In some situations, I may need to ask for clarification, verify your identity, consider whether third-party information is involved, or consider whether any legal exemptions apply.

13. Marketing Emails

If you subscribe to my emails, you may receive helpful updates, resources, articles, offers or information about services. You can unsubscribe at any time using the link in emails or by contacting me directly. I do not sell or rent your personal data.

14. Cookies

My website may use cookies to improve functionality, understand how visitors use the site, remember preferences, and improve services. Some cookies may be necessary for the website to work. Others, such as analytics or marketing cookies, may depend on your cookie choices. You can control cookies through your browser settings and, where available, through the cookie options on my website.

15. Data Protection Complaints

If you are concerned about how I have collected, used, stored, shared, protected or otherwise handled your personal information, please contact me first so I can look into your concern.
You can make a data protection complaint by:

  • using the Data Protection Complaint Form on this webpage;
  • emailing: info@andrewmajorhypnotherapy.co.uk.

Please include your name, contact details, and a brief explanation of your concern. I will acknowledge your complaint within 30 days of receiving it. I will then take appropriate steps to look into the matter, make enquiries where necessary, keep you informed where appropriate, and provide an outcome without undue delay.
This process only relates to complaints about how your personal data has been used. It does not replace any separate professional, ethical or therapy-related complaints process. If your concern relates to professional conduct or therapy practice rather than personal data, you may wish to contact the relevant professional association or regulatory body.
If you are not satisfied with my response to a data protection complaint, you have the right to raise your complaint with the Information Commissioner’s Office (ICO).

16. Data Protection Complaint Form

Use this form if your concern is about how Andrew Major Hypnotherapy has collected, used, stored, shared or protected your personal information. This form is for data protection complaints only.

Form submission note

When you submit this form, the information you provide will be used to consider and respond to your data protection complaint. I may need to contact you for clarification or to verify your identity. I will acknowledge receipt within 30 days and respond without undue delay after making appropriate enquiries.

form

17. Changes to This Policy

This policy may be updated occasionally. The latest version will always appear on this page. If significant changes are made, I may take additional steps to bring them to your attention where appropriate.