Privacy Notice and Cookie Policy


Click on the link below to view our cookie policy

COOKIE POLICY           


Privacy Notice (Data Processing)

Business Details

Business Trading Name:    Suzanne Gardner-Cuthbert Hypnotherapy
Data Controller:    Suzanne Gardner-Cuthbert
Data Controller Contact Details:   [email protected]

When the words ‘our’ ‘we’ or Suzanne Gardner-Cuthbert Hypnotherapy are used in this document, it refers to Suzanne Gardner-Cuthbert.
When the word ‘Data Subject’ is used in this document, it is referring to the person we hold data on.  Data Processing refers to the data we collect, the data we process and the data we store. 

At Suzanne Gardner-Cuthbert Hypnotherapy we take your privacy and data very seriously and adhere to the GDPR rules of compliance.  

What is GDPR?

The General Data Protection Regulation act came into effect on 25th May 2018.  It replaces the EU Data Protection Directive 95/46/EC and in the UK the Data Protection Act 1998.  GDPR brings the same Data Privacy Rules for all EU Member states.  By law, all businesses and organisations that process data must comply to the GDPR rules. 

This privacy notice and cookie policy informs how Suzanne Gardner-Cuthbert Hypnotherapy uses your information and how Suzanne Gardner-Cuthbert Hypnotherapy protects the information that you provide, in line with GDPR (General Data Protection Regulation) . 

At the first point of contact with Suzanne Gardner-Cuthbert Hypnotherapy, we collect and process data via our website online form, by email and text.  We usr the data so that we can reply and contact you about the service that we provide.  Our legal basis for processing this information is legitimate interest. 

Our website collects cookie data.  We may collect, website visitor unique cookie ID, IP address, devise used, cookie consent data, dates and times.  Cookie consent data is recorded in line with ICO requirements.  The legal grounds for processing is consent.  You have the tight to change this consent at anytime. (Please see our cookie policy for more information 

We comply with the regulation by keeping personal data up-to-date, by storing and destroying it securely, by not collecting or retraining excessive amounts of data, by protecting personal data from loss, misue, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

What Information We May Collect

We may collect the following data

  • Name
  • Address
  • Contact telephone numbers
  • Email address
  • Emergency 3rd party name and contact number
  • GP Name
  • GP Surgery address
  • GP Surgery Contact Number
  • Midwife Name (Where applicable)
  • Midwife Surgery Address (Where applicible)
  • Midwife Surgery Contact Number (Where appliciable)
  • Interests
  • Lifestyle details
  • Job title
  • List of current medications
  • Medical history
  • Details of issue
  • Gender
  • Information regarding past treatments tried for current issue
  • D.O.B
  • IP Address

Due to offering a therapy/coaching service we will process some identifiable personal data, which is identifiable personal data, which is caterogised as Special Caterogy Data under the GDPR

Special Caterogy Data

  • Race
  • Political Opinions
  • Religious or
  • Trade Union Membership
  • Genetic Data
  • Biometric Data
  • Health Data
  • Data Concerning a Persons Sex Life 
  • Data concerning a Persons Sexual Orientation

What We Do with The Information That You Provide

To deliver the services that the client has requested

To contact those clients, as neccessary in accordance with the services they have requested

To contact clients via surveys to acertain their opinions on the service they received from us

To main our own accounts and records

In the event that our recorded data is utilised for our own supervision, all such data will be sufficiently anonymised, to the extent that indvidual clients cant be identified

Store your information on file for at least 7 years in line with insurance requirements


What is the Legal Basis for Processing Client Data?

 Our legal grounds for processing client (service user) data is consent.  Our legal basis for storing client (service user) data after the sessions have ended is legitimate interest.  

Will My Data Be Shared With Any Third Parties?

 We use third party services providers to enable us to operate our business.  Each of these service providers have been checked to ensure that they adhere to the GPDR .  The only personal data that is processed, is the data that is required to ensure that the business activity can be performed.  For example, a merchant provider is required to allow us to invoice our services and collect monies.  

Client data will remain confidential expect in the following situations:-

If there was a concern for the safety of the therapist, or that of the client, the client's family members or other members of the public. If any legal action or legal requirement that requires me to share information.  Or if a complaint is made to my Professional Membership Organisation or a claim being investigated by my insurers. Only relevant data would be shared. We will not ask your permission to share this data.  The legal grounds that we process this information is legitimate Interests.  

At all other times, indvidual client data will never be passed to a third party without the consent of the respective client.

How Long Will My Data Be Stored?

In accordance with my need to maintain the possibility of access to client data, as a result of returning clients

The data that you provide us will be stored manually for at least 7 years in line with insurance requirements. Clients under the age of 18, data will be returned until their 25th birthday. 

Financial paperwork will be stored for 7 years in line with the HMRC regulations.

Website messages stored on the website, will be deleted within 30 days or sooner.

Text messages are deleted at the end of the communication with the client.    

Website comments made on our blog will stay on the website blog page or until the blog article is no longer relevant for the website and the page is deleted.

Data Security

Our website has SSL (Secure Socket Layer) encryption.  SSL protection ensures that information exchanges can not be intercepted.  Our website is also password protected.  Confidential emails are encrypted.

Your data will be stored electronically via the cloud.  Accounts and devices are password protected.   

The Computer system is protected with virus protection and virus checks are performed on a weekly basis. 

Messages received from you via the website form are automatically deleted after the 30 days or sooner. 

Text messages are protected by a phone screen code. 

We ensure that the service providers that we use are compliant with the GDPR.  If our service provider is outside the EEA and is US based, we ensure that the EU-US privacy shield is being adhered to.

What Rights Does A Data Subject Have?

Right to be informed

  You have the right to be informed. This notice briefly explains what the GPDR is and informs you who the data controller is at Suzanne Gardner-Cuthbert Hypnotherapy.  We have informed you, what personal information we hold about you and how we use your personal data.  How we store your data and how we secure your data. 

Rights of Access

You can request assess to the data that we hold.  Please contact Suzanne Gardner-Cuthbert by emailing [email protected]   We will respond to your request within one month. 

Right to Rectification

You have the right to have any inaccurate personal data rectified.  In cases where personal data is incomplete, you have the right for this data to be completed.  You can request your data to be rectified either verbally or in writing.

Right to Erasure

You have the right to have personal data erased in certain circumstances. This is where it is no longer necessary for Suzanne Gardner-Cuthbert to retain the data.  

You have the right to withdraw your consent to the processing of data at any time.  

Right to Restrict Pocessing

You have the right to request the restriction or suppression of your personal data in certain circumstances.  If your data is restricted, Suzanne Gardner-Cuthbert Hypnotherapy, still has the right to store your data.

Right to Data Portability

You have the right to ask for the data you have provided to be transferred back to you or transferred to another data controller.  Where appliciable.  This only applies where the processing is based on consent, or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means.

Right to Object

You have the right to object to the uses of your personal data in certain circumstances. This only applies where processing is based on legitimate interests( or the performance of a task in the public interest, direct maketing and processing purposes of scientific/historical reasearch and statistics.  

Right Related to Automated Decision Making including Profiling

You have a right to object to Automated Decision Making.  Suzanne Gardner-Cuthbert Hypnotherapy does not use any automated decision- making systems.

In the Event of a Data Breach

We are required to report any breach of data to the ICO within 72 hours.

How Can A Data Subject Raise A Complaint?

You have the right to make a complaint to the ICO (Information Commissioners Office)


This privacy notice will be updated periodically.  It is recommended that you check the website for updates. 

If you have any questions about this privacy notice, please email Suzanne at the email address at the top of the page.

Updated on the 15th March 2021

Updated 28th April 2021

Updated 5th May 2022

Cookie Policy

This cookie policy has been created and updated by

Additional Information

Information provided by Suzanne Gardner-Cuthbert - Updated 02 May 2020

Third Party Cookies

Third Party Cookies are used on our website.
Create.Net hosts our website and uses strictly necessary cookies and performance cookies. 

How to Delete Cookies

You should be able to delete cookies in the settings option on your browser.

How to Delete Google Analytics Cookies

To opt out of being tracked by Google Analytics, visit

How to Change Your Cookie Consent Preferences

You can change your cookie consent by clicking on the blue and white icon circle at the bottom left hand side of each page.

What information We May Collect

 Website Visitor Unique Cookie ID, IP Address, Devise Used, Cookie Consent Data, Dates and Times ( Cookie Consent Data is recorded in line with the ICO requirements).  

Should you have any questions about our cookie policy, please email Suzanne at [email protected]