PRIVACY POLICY

Effective date: 22nd September 2022

Last updated: 1st June 2026

Empowerment Foundation

 

This Privacy Policy explains how we (trading as the Empowerment Foundation) collects, uses, stores, and protects your personal data when you engage with our Clinical Hypnotherapy and Life Coaching services, use our website, or book appointments through Acuity Scheduling.

We are committed to protecting your privacy and handling your personal information transparently, securely, and in accordance with:

  • UK GDPR

  • The UK Data Protection Act 2018

  • Applicable confidentiality and safeguarding obligations

  • Relevant professional standards relating to therapy, coaching, and healthcare-related services

This policy applies to all adult clients, parents/guardians of child clients, website visitors, and prospective clients.

1. Who We Are

Trading Name: Empowerment Foundation
Email: info@empowermentfoundation.com
Website: www.empowerment-foundation.com

For the purposes of UK GDPR, Empowerment Foundation is the Data Controller responsible for your personal data.

If you have any questions about this privacy policy or your data, you may contact us using the details above.

 

2. The Information We Collect

We may collect and process the following categories of personal information:

Identity & Contact Information

  • Full name

  • Preferred name

  • Address

  • Telephone number

  • Email address

  • Date of birth

  • Emergency contact information

 

Health & Wellbeing Information (Special Category Data)

Under Article 9 UK GDPR, the information below constitutes “special category data”, which requires additional protection.

As part of providing safe and appropriate services, when booking sessions with us we may collect sensitive health-related information, including:

  • Medical conditions

  • Mental health history

  • Medication information

  • GP or healthcare professional details

  • Safeguarding-related information

  • Session notes and treatment records

This information is only collected where necessary and proportionate for the provision of services and client safety.

Child Client Information

Where services are provided to individuals under 18, we may also collect:

  • Parent/guardian contact details

  • Confirmation of parental responsibility

  • Consent records

  • Relevant safeguarding information

Website & Technical Information

When visiting our website, limited technical information may be collected automatically, such as:

  • IP address

  • Browser type

  • Device information

  • Website usage data

This information may be collected using cookies or analytics tools.

3. How Your Information Is Used

Your information is used to:

  • Provide safe and effective hypnotherapy and coaching services

  • Assess suitability for services

  • Maintain confidential client records

  • Manage appointments and communication

  • Respond to enquiries

  • Meet safeguarding obligations

  • Comply with legal, insurance, and professional requirements

  • Improve our website and services

We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible purpose.

 

4. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

Consent

We request explicit consent for collecting and processing health-related and sensitive personal information. Consent may be withdrawn at any time.

For special category (health-related) data, we rely on Article 9(2)(a) UK GDPR - explicit consent.

 

Legitimate Interests

We process certain personal information where necessary for the safe administration and operation of our business and services, provided these interests do not override your rights and freedoms.

 

Legal & Safeguarding Obligations

In some circumstances, we may process or disclose information where required by law or safeguarding responsibilities.

Where applicable, processing may also be carried out to protect vital interests or comply with professional and safeguarding duties.

5. Confidentiality

All client information is treated confidentially and stored securely.

Information will not normally be shared without your consent except where:

  • There is risk of serious harm to yourself or others

  • Safeguarding concerns arise

  • Disclosure is required by law, court order, or professional obligation

  • Information is necessary to protect vital interests

We will only share the minimum amount of information necessary in such circumstances.

Where appropriate and possible, we will seek to discuss disclosure with you first.

6. Working with Children & Young People

For clients under 16 years of age, parental or guardian consent is normally required before services commence.

We are committed to safeguarding children and vulnerable individuals and may take appropriate action where safeguarding concerns arise.

Where appropriate, we may balance a young person’s confidentiality rights with safeguarding responsibilities and parental involvement in accordance with applicable UK law and professional guidance, including principles relating to Gillick competence.

7. Data Storage & Security

We take appropriate technical and organisational measures to protect your personal information from:

  • Unauthorised access

  • Loss or theft

  • Misuse

  • Accidental disclosure

This includes:

  • Password-protected systems

  • Secure digital platforms

  • Restricted access to records

  • Encrypted or secure storage where appropriate

We regularly review our security measures to ensure they remain appropriate to the sensitivity of the data processed.

We aim to use reputable third-party systems that maintain appropriate security standards.

8. Third-Party Service Providers

We may use trusted third-party providers to support our services, including:

  • Scheduling and booking systems

  • Email providers

  • Website hosting services

  • Secure cloud storage

These providers process data only as necessary and are expected to comply with applicable data protection obligations. Where required, we ensure that appropriate data processing agreements are in place with such providers.

9. International Transfers

Some third-party service providers may store or process data outside the United Kingdom

Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as the use of adequacy regulations or standard contractual clauses approved under UK data protection law. [gov.uk]

10. Data Retention

Client records are retained for a period of 8 years, unless a longer retention period is required for legal, insurance, safeguarding, or professional reasons.

In the case of child clients, records may be retained until the individual reaches adulthood plus the standard retention period, where appropriate.

After this period, information will be securely deleted or destroyed.

11. Your Rights

Under UK GDPR, you have the right to:

  • Request access to your personal data

  • Request correction of inaccurate information

  • Request deletion of your data in certain circumstances

  • Restrict or object to processing

  • Withdraw consent

  • Request transfer of your data where applicable

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

We aim to respond to requests within one month.

12. Marketing Communications

We will only send marketing emails, newsletters, or updates where you have explicitly opted in or where lawful to do so.

You may unsubscribe at any time.

We do not sell personal information to third parties.

13. Cookies & Website Analytics

Our website may use cookies or analytics tools to improve website functionality and user experience.

Where legally required, consent will be requested before non-essential cookies are used.

You can manage cookie preferences through your browser settings.

14. Complaints

If you have concerns regarding how your personal information has been handled, please contact us first so we can attempt to resolve the matter.

You also have the right to contact:

Information Commissioner's Office

ICO Website

 

15. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, professional obligations, technology, or business practices.

The most current version will always be available on our website.