What is this Privacy Policy?
At Hypnotherapist.es, we are committed to protecting your privacy and ensuring transparency about how we handle your data. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website, book hypnotherapy services, or interact with us. Our goal is to make this policy clear and accessible. If you have any questions, please contact us at info@hypnotherapist.es.
By using our website or services, you agree to this Privacy Policy and our Terms and Conditions.
When does this Privacy Policy apply?
This policy applies to all users of Hypnotherapist.es, including visitors to our website and clients receiving hypnotherapy services, whether in-person or online. If you are receiving hypnotherapy services, some of your data may be considered sensitive personal data under applicable laws, such as the General Data Protection Regulation (GDPR) in the European Union.
Will this Privacy Policy be updated?
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Significant changes will be communicated via our website or by email if you are a registered client. We encourage you to review this page periodically for the latest information.
How to navigate this document
This Privacy Policy is divided into six sections, each addressing a key aspect of how we handle your data. Click on a section below to learn more:
- Data Collection and Processing
- Data Sharing
- Data Retention and Erasure
- Security and Anonymity
- Cookies and Tracking Technologies
- Your Rights under GDPR and Other Laws
Section 1: Data Collection and Processing
What data do we collect, store, and process?
We collect and process data to provide hypnotherapy services, improve our website, and comply with legal obligations. The types of data we collect depend on how you interact with us (e.g., as a website visitor or a client). Below are the categories of data we process, what they include, and why we collect them:
| Category of Data | What is Collected | Purpose | Legal Basis |
|---|---|---|---|
| Visitor Data | IP address, browser type, device information, pages visited, time spent on the website. | To improve website functionality, personalize user experience, and analyze usage trends. | Legitimate Interest, Consent (for cookies). |
| Contact Data | Name, email address, phone number (provided when booking or contacting us). | To respond to inquiries, schedule appointments, and communicate about services. | Consent, Performance of Contract. |
| Client Data | Name, contact details, emergency contact information, health-related information shared during sessions (e.g., notes, goals, or session summaries). | To provide hypnotherapy services, ensure client safety, and comply with professional standards. | Performance of Contract, Legitimate Interest, Legal Obligation. |
| Transaction Data | Payment details, booking history, invoices. | To process payments and manage bookings. | Performance of Contract, Legal Obligation. |
| Engagement Data | Interactions with emails (e.g., opens, clicks), appointment scheduling, or use of online tools (e.g., booking forms). | To improve services, send reminders, and personalize communications. | Legitimate Interest, Consent. |
Why do we collect and process this data?
We process your data to:
- Provide hypnotherapy services and manage bookings.
- Communicate with you about appointments, updates, or promotions (with your consent).
- Improve our website and services through analytics.
- Ensure client safety, including in emergencies, as required by professional and ethical standards.
- Comply with legal obligations, such as tax or data protection laws.
Do we process health data?
As a hypnotherapy service, we may process health-related data you share during sessions (e.g., goals, session notes). This is considered sensitive personal data under GDPR and is processed only to provide therapy services and ensure your safety. We do not use this data for marketing or share it with third parties without your explicit consent, except as required by law.
Do we process location data?
We process your IP address to determine your approximate location (e.g., country or region) to personalize content and comply with regional regulations. We do not collect precise location data (e.g., GPS coordinates).
Section 2: Data Sharing
Why do we share your data?
We share your data only when necessary to provide our services, comply with legal obligations, or with your consent. We may share data with:
- Service Providers: We use trusted third-party providers to support our operations, such as:
- Payment processors (e.g., Stripe) to handle transactions securely.
- Cloud hosting services (e.g., AWS) for data storage.
- Email and communication tools to send appointment reminders or updates.
- Legal Authorities: We may share data if required by law, such as in response to a court order or to comply with professional obligations (e.g., reporting imminent risk to you or others).
- Professional Advisors: Lawyers or accountants may access data to assist with legal or financial compliance.
Service providers are bound by strict confidentiality agreements and can only use your data as instructed by us.
Do we sell your data?
No, we do not sell your data. Under GDPR, sharing data for advertising purposes (e.g., via cookies) may be considered a “sale” in some jurisdictions, but we only share non-sensitive data (e.g., Visitor Data) for advertising with your explicit consent.
Do we use your data for advertising?
If you consent to advertising cookies, we may share non-sensitive Visitor Data (e.g., IP address, browsing behavior) with third-party advertising partners to show relevant ads on other platforms. No health-related or session data is shared for advertising purposes.
Section 3: Data Retention and Erasure
How long do we retain your data?
We retain your data only as long as necessary to provide services, meet legal requirements, or fulfill our professional obligations. Below is our retention schedule:
| Category of Data | Retention Period | Reason |
|---|---|---|
| Visitor Data | 1 year after your last website visit. | To analyze trends and improve the website. |
| Contact Data | 3 years after your last interaction, unless you request erasure. | To maintain communication records and respond to inquiries. |
| Client Data | 7 years after your last session, unless you request erasure (subject to legal exemptions). | To comply with professional standards and legal requirements for health records. |
| Transaction Data | 7 years after the transaction. | To comply with tax and financial regulations. |
| Engagement Data | 3 years after your last interaction. | To improve services and personalize communications. |
How can you request data erasure or a copy of your data?
You have the right to request erasure or a copy of your data. To do so:
- Log in to your account (if applicable) and navigate to “Account Settings” to submit a request.
- Alternatively, email info@hypnotherapist.es with your request, including enough information to verify your identity.
We will respond within 30 days (or as required by law). Note that we may retain certain data if required by law or for professional obligations, such as health records or transaction logs.
Section 4: Security and Anonymity
How do we keep your data secure?
We use industry-standard security measures to protect your data, including:
- 256-bit SSL encryption for data transmission.
- Encrypted databases hosted on secure AWS servers.
- Regular security audits and monitoring by our dedicated team.
- Strict access controls to limit who can view your data.
Despite these measures, no online service is 100% secure. We recommend using strong passwords and avoiding sharing sensitive information via unsecured channels.
Can I remain anonymous?
You may browse our website anonymously, but to book hypnotherapy services, we require some personal information (e.g., name, contact details) to provide services and comply with professional standards. You may use a pseudonym for non-health-related interactions, but health-related data (e.g., session notes) must be linked to your identity for safety and legal reasons.
Who can see my session data?
Only you and your hypnotherapist can access session-related data (e.g., notes, goals). In rare cases, our internal team may review data for quality assurance or if there is a legal or safety concern (e.g., imminent risk). Session data is never shared with third parties without your consent, except as required by law.
Section 5: Cookies and Tracking Technologies
What are cookies and tracking technologies?
Cookies are small files stored on your device to enhance website functionality. We use cookies and similar technologies (e.g., web beacons) to:
- Ensure the website works properly (e.g., remembering your preferences).
- Analyze usage to improve our services.
- Deliver relevant ads (with your consent).
How can you manage cookies?
You can control cookies via our Cookie Settings page or your browser settings. You may opt out of non-essential cookies (e.g., analytics or advertising) at any time. Note that disabling essential cookies may affect website functionality.
How can I stop receiving marketing emails?
To opt out of marketing emails, click the “Unsubscribe” link in any email or contact us at privacy@hypnotherapist.es.
Section 6: Your Rights under GDPR and Other Laws
What are your rights?
As a resident of the European Union or Spain, you have rights under GDPR, including:
- Access: Request a copy of your data.
- Rectification: Correct inaccurate data.
- Erasure: Request deletion of your data (subject to legal exemptions).
- Restriction: Limit how we process your data.
- Portability: Receive your data in a transferable format.
- Objection: Object to certain uses of your data, such as marketing.
To exercise these rights, contact us at info@hypnotherapist.es. We will verify your identity and respond within 30 days.
International data transfers
Our servers are located in the European Union, but we may use service providers (e.g., AWS, Stripe) based in the U.S. or other regions. We ensure these providers comply with GDPR through Standard Contractual Clauses or other safeguards, such as the EU-U.S. Data Privacy Framework.
Contacting our Data Protection Officer
For questions or complaints about your data, contact our Data Protection Officer:
Hypnotherapist.es Data Protection Officer
Email: info@hypnotherapist.es
You may also lodge a complaint with the Spanish Data Protection Agency (AEPD) if you believe we have not handled your data appropriately.