This Privacy Policy is for Blossom Therapies , and has been developed in line with the requirements of the 1995 European Union Data Protection Directive (Directive 95/46/EC) and the General Data Protection Regulation (GDPR, in force from 25 May 2018) and applicable national law.

For the purposes of the GDPR, the Data Controller is Jade Langridge-Tien at: jade@blossom-therapies.uk

This Policy covers: 

1. What information we collect

2. How we use this information, and the legal basis for its use

3. With whom and were we will share your personal data

4. How long we will keep your personal data for

5. Where your data will be stored

6. What your rights are in relation to your personal data

7. Where you can find out more information

1. What information we collect

We collect and process personal data about you if you are a client when you communicate with us, and when you purchase goods and services from us. This includes some or all of the following:

• your name,

• your home or work address, 

• email address and/or phone number

• and/or any other information you provide.

• ​

2. How we use this information, and the legal basis for its use

We process the personal data listed in section 1 above for the following purposes:

• as required to establish and fulfil a contract with you, for example, if you make a purchase from us or enter into an agreement to provide or receive services. This may include verifying your identity, taking payments, communicating with you, providing customer services and arranging the delivery or other provision of products or services. We require this information in order to enter into a contract with you and are unable to do so without it;

• to comply with applicable law and the requirements of the BACP;

• in accordance with our legitimate interests in protecting BT’s legitimate professional interests and legal rights, including but not limited to, use in connection with legal claims, compliance, regulatory and investigative purposes (including disclosure of such information in connection with legal process or litigation);

• with your express consent to respond to any comments or complaints we may receive from you, and/or in accordance with our legitimate interests including to investigate any complaints received from you or from others, about our web site or our products or services;

• we may use information you provide to personalise (i) our communications to you; (ii) our web site; and (iii) products or services for you, in accordance with our legitimate interests;

• to monitor use of our web sites and online services. We may use your information to help us check, improve and protect our products, content, services and web sites, both online and offline, in accordance with our legitimate interests;

• if you provide a credit or debit card, we may also use third parties (such as POS payment providers) to check the validity of the sort code, account number and card number you submit in order to prevent fraud, in accordance with our legitimate interests and those of third parties;

• we may monitor any customer account to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law and our legitimate interests;

• in circumstances where you contact us by telephone, calls may be recorded for quality, training and security purposes, in accordance with our legitimate interests; and 

• we may use your information to invite you to take part in market research or surveys. 

​

3. With whom and where we will share your personal data

We may also share your personal data with the below third parties:

• our professional advisors such as our auditors and external legal and financial advisors;

• other registrants and other Professional Standards Authority Accredited Registers;

• personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws;

• personal data may also be shared with third party service providers who will process it on our behalf for the purposes above. Such third parties include, but are not limited to, providers of our hosting, email services, maintenance, call centre operation and identity checking;

• in the unlikely event that our organisation or any part of it is sold or integrated with another organisation, your details will be disclosed to our advisers and those of any prospective purchaser and will be passed to the new owners of the organisation.

​

4. How long we will keep your personal data for

• To maintain our own accounts and records for a minimum period of 7 years as required by the BACP and (GHR) General Hypnotherapy Register.  This includes enrolment forms, questionnaires, emails and recordings.

We will not keep your personal information for any purpose for longer than is necessary and will only retain the personal information that is necessary in relation to the purpose. 

We are also required to retain certain information as required by law or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.

We will retain your data for a short time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place. In some instances, laws may require us to hold certain information for specific periods other than those listed above.

​

5. Where your data will be stored

Your data are stored on BT’s server located in the UK which is not directly connected to the Internet. The personal data that we collect from you may be transferred to, and stored outside the European Economic Area (“EEA”).  It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers, in which case the third country's data protection laws will have been approved as adequate by the European Commission or other applicable safeguards are in place.

​

6. What your rights are in relation to your personal data

If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.  You also have the right, with some exceptions and qualifications, to ask us to provide a copy of any personal data we hold about you.

Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.

If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data (a) by withdrawing your consent for us to use it; (b) if it is no longer necessary for us to use your personal data; (c) if you object to the use of your personal data and we don't have a good reason to continue to use it; or (d) if we haven't handled your personal data in accordance with our obligations.

​

7. Where you can find out more information 

Should you have any queries regarding this Privacy Notice, about our processing of your personal data or wish to exercise your rights, you can contact our Data Controller Jade Langridge at: jade@blossom-therapies.uk

​

If you are not happy with our response, you can contact the Information Commissioner's Office: https://ico.org.uk/

​

Your rights and your personal data

• Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data.

• The right to request a copy of the personal data which we hold about you and to correct any inaccuracies.

• The right to request your personal data is erased where it is no longer necessary for us to retain such data.

• The right to withdraw your consent to the processing at any time.

• The right to request that we provide you with your personal data within 30 days of request.

• The right to have data removed and not to be contacted for marketing purposes.

​

RIGHT TO CONFIDENTIALITY

Within limits provided for by law, all records and information acquired by the therapist shall be kept strictly confidential in accordance to the principles of a therapist-client relationship. All information will not be shared or revealed to any person, agency, or organisation without the prior written consent of the client.
 

​