Who I am
Penny Mayhew is a Hypnotherapist, Coach and EFT Practitioner based in Milton Keynes, Bucks.
My website address is: http://pennymayhew.com
I can be contacted by email: email@example.com and by phone: 01908 915567
What personal data I collect and why I collect it
If you complete details using the website Contact Form, I will collect that information in order to respond to your query. The data is then deleted in line with my Retention Policies outlined below. I do not use any information submitted through the contact form for marketing purposes. The Legal Basis for collecting data through the contact form is ‘Consent’.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who I share your data with
Outside of this website, I may collect Personal Information. If you are a supplier of services to Penny Mayhew Hypnotherapy, or are a customer that I work with, I share only our financial transaction information to the relevant professional accounting services.
Should you be referred to another therapist, medical practitioner or other agency, your data will be shared in order to facilitate that referral.
How long I retain your data
If you use our contact form to send a message, I will retain that data until 6 months from responding to you. This is in line with any treatment related information. Keeping the information assists with further appointments should they be required.
If you have provided your information in order for me to fulfil a service to you (e.g. customer, supplier etc) I will retain the financial accounting information (i.e. invoice, receipts etc) for 7 years after our last transaction/service supplied. This is to ensure compliance with any matter relating to a financial relationship.
What rights you have over your data
If you have provided Penny Mayhew Hypnotherapy with your personal information, you can request to receive a copy of the personal data I hold about you, including any data you have provided to me. This is known as a Subject Access Request (SAR). You can also request that I erase any personal data I hold about you (a Right to Erasure). This does not include any data I am obliged to keep for administrative, legal, or security purposes.
Where I send your data
Penny Mayhew Hypnotherapy does not send your data outside of the EU. Should I need to do so in the future, I will first obtain your authority and will only send it outside of the EU for processing if you agree to me doing so.
Who to contact about your Personal Information at Penny Mayhew Hypnotherapy
Should you have any queries relating to the processing of your personal information, or would like to obtain a copy of any data that I hold about you, please contact: Penny Mayhew : T 01908 915567 e: firstname.lastname@example.org
How I protect your data
I take the protection of your data very seriously. I have the following security measures in place:
Penny Mayhew regularly reviews all Information Security and, where necessary, make improvements; Password access to this website and other computer records is maintained; Personal Data is not sent in the body of an email but, should it be absolutely necessary, is encrypted; I understand the confidentiality, integrity and availability of the personal data I process; I am trained to ensure compliance with Data Protection regulation (i.e. Data Protection Act 2018, incl GDPR, Computer Misuse Act); Risk assessments have been undetaken to establish areas where a potential breach, or risk, could occur and the necessary action has been taken.
What data breach procedures I have in place
All computers and computer records are monitored continuously in order to check for risks to personal data, loss of data, loss of service etc. If a breach, or potential breach, is found, necessary action is taken. This may include reporting to the ICO as per GDPR requirements.
A data breach, or potential data breach, is logged accordingly and investigated in order to a) protect data b) inform the necessary authorities c) if necessary, inform the data subject(s) involved d) to ensure measures are put in place to prevent the incident from arising again.
What third parties I receive data from
I do not receive data from any third parties, unless a client has been referred by a) another therapist b) a medical practitioner c) another agency in relation to a request for your treatment
What automated decision making and/or profiling I do with user data
I do not use any automated decision making and/or profiling at Penny Mayhew Hypnotherapy
For further information about your rights as a Data Subject, and any other questions regarding your Personal Information, please visit the ICO website.