PRIVACY POLICY
Effective date: 22nd September 2022
Last updated: 1st June 2026
Empowerment Foundation
This Privacy Policy explains how we (trading as the Empowerment Foundation) collects, uses, stores, and protects your personal data when you engage with our Clinical Hypnotherapy and Life Coaching services, use our website, or book appointments through Acuity Scheduling.
We are committed to protecting your privacy and handling your personal information transparently, securely, and in accordance with:
UK GDPR
The UK Data Protection Act 2018
Applicable confidentiality and safeguarding obligations
Relevant professional standards relating to therapy, coaching, and healthcare-related services
This policy applies to all adult clients, parents/guardians of child clients, website visitors, and prospective clients.
1. Who We Are
Trading Name: Empowerment Foundation
Email: info@empowermentfoundation.com
Website: www.empowerment-foundation.com
For the purposes of UK GDPR, Empowerment Foundation is the Data Controller responsible for your personal data.
If you have any questions about this privacy policy or your data, you may contact us using the details above.
2. The Information We Collect
We may collect and process the following categories of personal information:
Identity & Contact Information
Full name
Preferred name
Address
Telephone number
Email address
Date of birth
Emergency contact information
Health & Wellbeing Information (Special Category Data)
Under Article 9 UK GDPR, the information below constitutes “special category data”, which requires additional protection.
As part of providing safe and appropriate services, when booking sessions with us we may collect sensitive health-related information, including:
Medical conditions
Mental health history
Medication information
GP or healthcare professional details
Safeguarding-related information
Session notes and treatment records
This information is only collected where necessary and proportionate for the provision of services and client safety.
Child Client Information
Where services are provided to individuals under 18, we may also collect:
Parent/guardian contact details
Confirmation of parental responsibility
Consent records
Relevant safeguarding information
Website & Technical Information
When visiting our website, limited technical information may be collected automatically, such as:
IP address
Browser type
Device information
Website usage data
This information may be collected using cookies or analytics tools.
3. How Your Information Is Used
Your information is used to:
Provide safe and effective hypnotherapy and coaching services
Assess suitability for services
Maintain confidential client records
Manage appointments and communication
Respond to enquiries
Meet safeguarding obligations
Comply with legal, insurance, and professional requirements
Improve our website and services
We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible purpose.
4. Lawful Basis for Processing
Under UK GDPR, we rely on the following lawful bases:
Consent
We request explicit consent for collecting and processing health-related and sensitive personal information. Consent may be withdrawn at any time.
For special category (health-related) data, we rely on Article 9(2)(a) UK GDPR - explicit consent.
Legitimate Interests
We process certain personal information where necessary for the safe administration and operation of our business and services, provided these interests do not override your rights and freedoms.
Legal & Safeguarding Obligations
In some circumstances, we may process or disclose information where required by law or safeguarding responsibilities.
Where applicable, processing may also be carried out to protect vital interests or comply with professional and safeguarding duties.
5. Confidentiality
All client information is treated confidentially and stored securely.
Information will not normally be shared without your consent except where:
There is risk of serious harm to yourself or others
Safeguarding concerns arise
Disclosure is required by law, court order, or professional obligation
Information is necessary to protect vital interests
We will only share the minimum amount of information necessary in such circumstances.
Where appropriate and possible, we will seek to discuss disclosure with you first.
6. Working with Children & Young People
For clients under 16 years of age, parental or guardian consent is normally required before services commence.
We are committed to safeguarding children and vulnerable individuals and may take appropriate action where safeguarding concerns arise.
Where appropriate, we may balance a young person’s confidentiality rights with safeguarding responsibilities and parental involvement in accordance with applicable UK law and professional guidance, including principles relating to Gillick competence.
7. Data Storage & Security
We take appropriate technical and organisational measures to protect your personal information from:
Unauthorised access
Loss or theft
Misuse
Accidental disclosure
This includes:
Password-protected systems
Secure digital platforms
Restricted access to records
Encrypted or secure storage where appropriate
We regularly review our security measures to ensure they remain appropriate to the sensitivity of the data processed.
We aim to use reputable third-party systems that maintain appropriate security standards.
8. Third-Party Service Providers
We may use trusted third-party providers to support our services, including:
Scheduling and booking systems
Email providers
Website hosting services
Secure cloud storage
These providers process data only as necessary and are expected to comply with applicable data protection obligations. Where required, we ensure that appropriate data processing agreements are in place with such providers.
9. International Transfers
Some third-party service providers may store or process data outside the United Kingdom
Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as the use of adequacy regulations or standard contractual clauses approved under UK data protection law. [gov.uk]
10. Data Retention
Client records are retained for a period of 8 years, unless a longer retention period is required for legal, insurance, safeguarding, or professional reasons.
In the case of child clients, records may be retained until the individual reaches adulthood plus the standard retention period, where appropriate.
After this period, information will be securely deleted or destroyed.
11. Your Rights
Under UK GDPR, you have the right to:
Request access to your personal data
Request correction of inaccurate information
Request deletion of your data in certain circumstances
Restrict or object to processing
Withdraw consent
Request transfer of your data where applicable
Lodge a complaint with the Information Commissioner’s Office (ICO)
We aim to respond to requests within one month.
12. Marketing Communications
We will only send marketing emails, newsletters, or updates where you have explicitly opted in or where lawful to do so.
You may unsubscribe at any time.
We do not sell personal information to third parties.
13. Cookies & Website Analytics
Our website may use cookies or analytics tools to improve website functionality and user experience.
Where legally required, consent will be requested before non-essential cookies are used.
You can manage cookie preferences through your browser settings.
14. Complaints
If you have concerns regarding how your personal information has been handled, please contact us first so we can attempt to resolve the matter.
You also have the right to contact:
Information Commissioner's Office
15. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements, professional obligations, technology, or business practices.
The most current version will always be available on our website.