Privacy Policy
Collecting and processing your personal data
Effective Date: 11 May 2025
1. Introduction
This privacy policy provides you with details of how I collect and process your personal data through your use of my site https://carolyngillan.com.
By providing me with your data, you warrant that you are over 18 years of age.
Carolyn Gillan is the data controller and responsible for your personal data (referred to as "I", "me" or "my").
If you have any questions about this privacy policy, please contact me using the details below.
Contact Details
Full name of legal entity: Carolyn Gillan
Email address: [email protected]
Postal address: Not publicly listed for privacy reasons. Please contact me via email if a postal address is required.
It’s very important that the information I hold about you is accurate and up to date. Please let me know if your personal information changes by emailing me at [email protected].
2. What Data I Collect and Why
Personal data means any information capable of identifying an individual. It does not include anonymised data.
I may process the following categories of personal data:
Communication Data: Includes communications you send via contact forms, email, social media, etc. Processed for record keeping and communication. Lawful basis: legitimate interests.
Customer Data: Includes purchase details, contact info, billing, and card details. Processed to provide services/products. Lawful basis: performance of contract.
User Data: Includes how you use my website/services. Processed to operate and administer the site. Lawful basis: legitimate interests.
Technical Data: Includes IP address, browser info, time zone, page views, etc. Source: analytics tracking. Lawful basis: legitimate interests.
Marketing Data: Includes preferences for receiving marketing. Processed to improve marketing strategy and deliver relevant content. Lawful basis: legitimate interests or consent.
Sensitive Data
In the course of providing counselling and hypnotherapy services, I may collect sensitive personal data about you—specifically health-related information—via intake forms submitted through my site.
This data is only collected with your explicit consent, which you will be asked to provide when completing the form. I handle all sensitive data in accordance with applicable data protection laws and take appropriate steps to protect its confidentiality and security.
I will only use your personal data for the purpose it was collected or a reasonably compatible purpose.
I do not carry out automated decision making or profiling.
3. How I Collect Your Personal Data
I may collect data:
Directly from you (e.g., forms on my site or email correspondence)
Automatically through cookies and analytics (see my Cookie Policy)
From third parties such as analytics providers (Google), advertising platforms (Meta/Facebook), or publicly available sources (e.g., Companies House)
4. Marketing Communications
My lawful ground for sending you marketing communications is either your consent or my legitimate interests (to grow my business).You can opt out at any time by clicking the unsubscribe link in any marketing email or by emailing [email protected].
If you opt out of marketing, this does not affect data provided for other transactions (e.g., service bookings).
5. Disclosures of Your Personal Data
I may share your personal data with:
Service providers who support IT and system administration
Professional advisers (lawyers, auditors, insurers)
Government bodies where required
Third parties to whom I sell or merge my business assets
6. International Transfers
I may use third-party services (e.g. Google, Mailchimp) with servers based outside the UK/EEA. If I transfer your data internationally, I will ensure appropriate safeguards are in place such as:
Transfers to countries with EU adequacy decisions
Contracts using EU-approved standard clauses
7. Data Security
I take security seriously and have put measures in place to protect your data from unauthorised access or misuse.
Access is limited to those who have a legitimate business need. In the event of a breach, I will notify you and the ICO if required by law.
8. Data Retention
I will only retain your personal data for as long as necessary to fulfil the purposes I collected it for, including legal and accounting requirements.
For tax purposes, I keep basic customer data for six years after you stop being a customer.
I am also required by my supervisory bodies to keep your records safely and in good condition for 8 years from the date of your last visit with me.
In some circumstances I may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case I may use this information indefinitely without further notice to you.
9. Your Legal Rights
You have rights under data protection law, including:
Access
Correction
Erasure
Restriction
Transfer
Objection
Withdrawal of consent
To exercise any of these rights, email me at [email protected].
For more details, visit the ICO website.
If you’re unhappy with how your data is handled, you can lodge a complaint with the ICO—but please contact me first to see if I can resolve it.
10. Third-Party Links
This website may include links to third-party websites. Clicking these may allow third parties to collect data about you. I encourage you to read their privacy notices. I’m not responsible for their content or data use.
11. Cookies
You can set your browser to refuse cookies or alert you when they are being used. Disabling cookies may affect website functionality.
To learn more, see my Cookie Policy.
Sign up to my newsletter
You’ll receive my LIBERATE Yourself newsletter—filled with fresh insights into OCD and anxiety, uplifting encouragement, and practical tools from a therapist who truly understands.
Copyright 2025. Carolyn Gillan Counselling and Hypnotherapy. All Rights Reserved.