Privacy Policy for Penny Mayhew Hypnotherapy

Please find below the Privacy Policy for Penny Mayhew Hypnotherapy –  I take the protection of data very seriously and only obtain the personal information I absolutely need, and keep it for no longer than necessary.

image of lock and key for privacy policy for penny mayhew

Who I am

Penny Mayhew is a Hypnotherapist, Coach and EFT Practitioner based in Milton Keynes, Bucks.

My website address is:

I can be contacted by email: and by phone: 01908 915567

What personal data I collect and why I collect it

Contact forms

If you complete details using the website Contact Form, I will collect that information in order to respond to your query.  The data is then deleted in line with my Retention Policies outlined below. I do not use any information submitted through the contact form for marketing purposes.  The Legal Basis for collecting data through the contact form is ‘Consent’.


This website does not use cookies.  Should cookies be added , the Privacy and Cookie policies will be updated immediately.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Who I share your data with

Outside of this website, I may collect Personal Information.  If you are a supplier of services to Penny Mayhew Hypnotherapy, or are a customer that I work with, I share only our financial transaction information to the relevant professional accounting services.

Should you be referred to another therapist, medical practitioner or other agency, your data will be shared in order to facilitate that referral.

How long I retain your data

If you use our contact form to send a message, I will retain that data until 6 months from responding to you. This is in line with any treatment related information. Keeping the information assists with further appointments should they be required.

If you have provided your information in order for me to fulfil a service to you (e.g. customer, supplier etc) I will retain the financial accounting information (i.e. invoice, receipts etc) for 7 years after our last transaction/service supplied. This is to ensure compliance with any matter relating to a financial relationship.

What rights you have over your data

If you have provided Penny Mayhew Hypnotherapy with your personal information,  you can request to receive a copy of the personal data I hold about you, including any data you have provided to me. This is known as a Subject Access Request (SAR). You can also request that I erase any personal data I hold about you (a Right to Erasure). This does not include any data I am obliged to keep for administrative, legal, or security purposes.

Where I send your data

Penny Mayhew Hypnotherapy does not send your data outside of the EU. Should I need to do so in the future, I will first obtain your authority and will only send it outside of the EU for processing if you agree to me doing so.

Who to contact about your Personal Information at Penny Mayhew Hypnotherapy

Should you have any queries relating to the processing of your personal information, or would like to obtain a copy of any data that I hold about you, please contact: Penny Mayhew : T 01908 915567  e:

How I protect your data

I take the protection of your data very seriously. I have the following security measures in place:

Penny Mayhew regularly reviews all Information Security and, where  necessary, make improvements; Password access  to this website and other computer records is maintained; Personal Data is not sent in the body of an email but, should it be absolutely necessary, is encrypted; I understand the confidentiality, integrity and availability of the personal data I process; I am trained to ensure compliance with Data Protection regulation (i.e. Data Protection Act 2018, incl GDPR, Computer Misuse Act); Risk assessments have been undetaken to establish areas where a potential breach, or risk, could occur and the necessary action has been taken.

What data breach procedures I have in place

All computers and computer records are monitored continuously in order to check for risks to personal data, loss of data, loss of service etc. If a breach, or potential breach, is found, necessary action is taken. This may include reporting to the ICO as per GDPR requirements.

A data breach, or potential data breach, is logged accordingly and investigated in order to a) protect data b) inform the necessary authorities c) if necessary, inform the data subject(s) involved d) to ensure measures are put in place to prevent the incident from arising again.

What third parties I receive data from

I do not receive data from any third parties, unless a client has been referred by a) another therapist b) a medical practitioner c) another agency in relation to a request for your treatment

What automated decision making and/or profiling I do with user data

I do not use any automated decision making and/or profiling at Penny Mayhew Hypnotherapy

For further information about your rights as a Data Subject, and any other questions regarding your Personal Information, please visit the ICO website.