Andrew Major Hypnotherapy
Last updated: June 2026
Your privacy and confidentiality are very important to me. This policy explains what personal information I collect, why I collect it, how I use it, how long I keep it, and what rights you have under UK data protection law.
Andrew Major Hypnotherapy
C/O Popeshead Court Offices, Peter Lane, York, YO1 8SU
Email: info@andrewmajorhypnotherapy.co.uk
I am the data controller responsible for your personal data under UK data protection law.
Depending on how you interact with my services, I may collect the following types of personal data:
I may collect your personal data when you:
I may use your personal data to:
Under UK data protection law, I must have a lawful basis for using your personal data. The lawful basis may depend on the type of information and the reason it is being used.
For therapy services and client administration, I may rely on contract, legitimate interests, and, where required, explicit consent. This allows me to provide services you request, communicate with you, manage appointments, maintain appropriate records, and operate my practice safely and professionally.
For much of my ordinary client administration and professional record-keeping, I rely on legitimate interests. My legitimate interests include providing safe, professional and effective therapeutic services, responding to enquiries, managing appointments, maintaining appropriate records, meeting professional and insurance requirements, and running my business responsibly.
I only collect and use information where there is a genuine purpose for doing so, where the information is necessary for that purpose, and where I consider that the use of the information is proportionate and has minimal impact on your privacy. For example, it is usually necessary to hold your contact details so that I can communicate with you, but I will not ask for information that is not reasonably needed for the service being provided.
Some therapy-related information may be special category data because it may relate to your health, mental health, emotional wellbeing, or other sensitive personal matters. I handle this information with additional care. Where required, I rely on explicit consent to process this type of information for the purpose of providing therapeutic support and maintaining appropriate professional records. You may withdraw consent, but I may still need to retain some information where required for legal, insurance, safeguarding or professional reasons.
I may process and retain certain information where necessary to meet legal obligations, including accounting, tax, safeguarding, regulatory, insurance or legal requirements.
If you subscribe to receive emails, I rely on your consent. You can withdraw your consent at any time by using the unsubscribe link in emails or by contacting me directly.
In limited circumstances, I may share personal information where required or permitted by law, including for safeguarding, prevention or detection of crime, responding to emergencies, protecting someone from serious harm, or supporting public safety. Where a recognised legitimate interest applies, such as disclosure to an appropriate public authority, I may rely on that lawful basis where relevant. I will only share information that is appropriate in the circumstances.
Therapy-related information is treated as confidential. Confidentiality is central to therapeutic work, but it is not absolute. Information may be shared without your consent if required by law, if there is a serious risk of harm, if safeguarding concerns arise, or where disclosure is otherwise permitted under UK data protection law.
For professional supervision, client work may occasionally be discussed anonymously or with identifying details removed, unless disclosure is necessary for professional, legal or safeguarding reasons.
I use trusted third-party providers to help run my business. These may include:
These providers only process data as needed to provide their services and are expected to protect your information. Payment providers process your card details directly. I do not store full card details.
Some service providers may store or process data outside the UK. Where this happens, appropriate safeguards are used to protect your personal information in line with UK data protection law.
I take appropriate steps to protect your personal data, including password-protected systems, secure platforms, restricted access, and locked storage for any written notes. If a personal data breach occurs that is likely to affect your rights and freedoms, I will take appropriate steps and inform you and/or the Information Commissioner’s Office where required by law.
I keep personal data only for as long as necessary for the purpose it was collected, including legal, insurance, safeguarding, accounting and professional record-keeping requirements. Typical retention periods are:
When data is no longer needed, it is securely deleted, destroyed or anonymised.
Under UK data protection law, you have rights in relation to your personal data. These may include the right to:
The right to deletion is not absolute. Some information may need to be kept for legal, insurance, safeguarding, professional or legitimate record-keeping reasons. To exercise your rights, please email: info@andrewmajorhypnotherapy.co.uk
You have the right to request access to the personal data I hold about you. This is known as a Subject Access Request, or SAR. If you make a SAR, I will carry out reasonable and proportionate searches of the places where relevant personal data is likely to be held and respond in accordance with UK data protection law.
In some situations, I may need to ask for clarification, verify your identity, consider whether third-party information is involved, or consider whether any legal exemptions apply.
If you subscribe to my emails, you may receive helpful updates, resources, articles, offers or information about services. You can unsubscribe at any time using the link in emails or by contacting me directly. I do not sell or rent your personal data.
My website may use cookies to improve functionality, understand how visitors use the site, remember preferences, and improve services. Some cookies may be necessary for the website to work. Others, such as analytics or marketing cookies, may depend on your cookie choices. You can control cookies through your browser settings and, where available, through the cookie options on my website.
If you are concerned about how I have collected, used, stored, shared, protected or otherwise handled your personal information, please contact me first so I can look into your concern.
You can make a data protection complaint by:
Please include your name, contact details, and a brief explanation of your concern. I will acknowledge your complaint within 30 days of receiving it. I will then take appropriate steps to look into the matter, make enquiries where necessary, keep you informed where appropriate, and provide an outcome without undue delay.
This process only relates to complaints about how your personal data has been used. It does not replace any separate professional, ethical or therapy-related complaints process. If your concern relates to professional conduct or therapy practice rather than personal data, you may wish to contact the relevant professional association or regulatory body.
If you are not satisfied with my response to a data protection complaint, you have the right to raise your complaint with the Information Commissioner’s Office (ICO).
Use this form if your concern is about how Andrew Major Hypnotherapy has collected, used, stored, shared or protected your personal information. This form is for data protection complaints only.
When you submit this form, the information you provide will be used to consider and respond to your data protection complaint. I may need to contact you for clarification or to verify your identity. I will acknowledge receipt within 30 days and respond without undue delay after making appropriate enquiries.
This policy may be updated occasionally. The latest version will always appear on this page. If significant changes are made, I may take additional steps to bring them to your attention where appropriate.