Compliance with General Data Protection Regulation Legislation (GDPR)
Who We Are
We are Chantry Health, The Cliffe Clinic, 23 Cliffe High Street, Lewes, East Sussex, BN7 2AH. We are the data controller and data processor under the Data Protection Act 1998 and under GDPR. We are registered with the Information Commissioner’s Office.
Your Personal & Contact Information
In providing the service of a professional practice, workshops and allied training events, I need to have contact details for you. Where appropriate and agreed, notes are taken at appointments, and if we communicate in-between, so that we can work together. When you book and attend an event contact details and some personal information may be submitted by yourself.
I am required by my professional codes of practice to keep this information for a minimum of 7 years in the case of adults. For children, we are required to keep their notes for at least 7 years or until they reach 25 years of age. Please note that data retention periods may be subject to change without further notice as a result of changes to associated law or regulations.
All information is confidential within the parameters of UK law and I adhere to my professional code of ethics in terms of confidentiality. As part of my professional practice I attend supervision and may on occasion discuss some aspects of practice and case work. My supervisor is also bound by professional codes of practice in terms of maintaining confidentiality. This complies with ethical standards of best practice.
Contact Information for Practice News & Training Events
I send email newsletters for Chantry Health Practice and Chantry Health Lectures using MailChimp. These aim to give useful and topical information, details of upcoming workshops, and also important practice updates; and details of upcoming events for the Chantry Health Lecture Series respectively.
Contact via Social Media & Online Platforms
I use social media to share useful information. You are welcome to visit and interact, and if you are sharing sensitive information please ensure you do so privately in that forum, or contact me directly.
If we have made a hypnotherapy recording, we may agree for me to share this with you via DropBox. This enables you to download an mp3 recording from an email link to DropBox.
For some appointment fees or lecture day bookings I offer the facility of making payments by PayPal when this is more convenient for the client.
These online service providers are also bound by Data Protection Regulation.
Information Accuracy & Security
I aim to only process and store information that is necessary and relevant to establish and maintain support. I store notes with care and only I have access to them. Relevant contact details are backed up online and hard copy.
I use an online security programme on my smartphone and computer systems, which are also password protected. In the event of a data breach occurring, we would immediately inform everyone affected, and take whatever steps necessary to minimise impact. We would also report the breach to the ICO if necessary.
Under GDPR you have the following rights:
- to obtain copies of the personal information that we hold about you
- to require that we cease processing your personal information if the processing is causing you damage or distress
- to require us not to send you news or marketing communications
- to require us to correct the personal information we hold about you if it is incorrect
- to require us to erase your personal information – this must be a written request, with your reasons for requesting erasure clearly stated
Please note that these rights may be limited by Data Protection legislation, Contract law, Criminal law and Human Rights legislation, and we may be required to refuse requests where exemptions apply.
If at any point you need to update your information, or have any queries, please do contact me and I will do my best to help.
Please read this section carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.
What personal information do we collect from the people that visit our blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address or other details to help you with your experience.
When do we collect information?
We collect information from you when you subscribe to a newsletter, fill out a form or enter information on our site.
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
• To send periodic emails regarding your order or other products and services.
How do we protect visitor information?
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
We use regular Malware Scanning.
We do not use an SSL certificate
• We only provide articles and information, we never ask for personal or private information like email addresses, or credit card numbers.
Do we use ‘cookies’?
• Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third party services that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.
If you disable cookies off, some features will be disabled It won’t affect the users experience that make your site experience more efficient and some of our services will not function properly.
However, you can still place orders .
Third Party Disclosure
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Third party links
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We use Google AdSense Advertising on our website.
We have implemented the following:
• Demographics and Interests Reporting
We along with third-party vendors, such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions, and other ad service functions as they relate to our website.
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising initiative opt out page or permanently using the Google Analytics Opt Out Browser add on.
According to law we agree to the following:
Users can visit our site anonymously
Users are able to change their personal information:
• By emailing us
How does our site handle do not track signals?
We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third party behavioral tracking?
It’s also important to note that we do not allow third party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under 13.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify the users via email
• Within 1 business day
We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
• Market to our mailing list or continue to send emails to our clients after the original transaction has occurred
To be in accordance with CANSPAM we agree to the following:
• NOT use false, or misleading subjects or email addresses
• Identify the message as an advertisement in some reasonable way
• Include the physical address of our business or site headquarters
• Monitor third party email marketing services for compliance, if one is used.
• Honor opt-out/unsubscribe requests quickly
• Allow users to unsubscribe by using the link at the bottom of each email
If at any time you would like to unsubscribe from receiving future emails, you can email us at
• Follow the instructions at the bottom of each email.
and we will promptly remove you from ALL correspondence.
Last Edited on 25/5/2018