Privacy Policy
This privacy policy is subject to change without notice and was last updated on 23rd September 2022. If you have any questions feel free to contact us directly here: Themodernmindlab@gmail.com
Who are we?
1.1 The Modern Mind Lab is a clinical Hypnotherapy service based in London United Kingdom.
​
1.2Our Data Protection Officer is Sarah Dickens if you have any problems or would like to exercise your rights according to GDPR 2016, or the UK’s Data Protection Act 2018, please contact us Themodernmindlab@gmail.com
1.3 We are committed to safeguarding the privacy of our website visitors and service users; in this policy, we explain how we will handle your personal data.
1.4 We will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our website.
1.5 We are committed to collecting the absolute minimum data necessary to provide you with our product and services – this includes when you sign-up to our mailing lists.
How we use your personal data
2.1 In Section 2 we have set out:
2.1.1 the general categories of personal data that we may process;
2.1.2 in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
2.1.3 the purposes for which we may process personal data; and
2.1.4 the legal bases of the processing.
2.2 WEBSITE USAGE DATA
We may process data about your use of our website and services. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your use of our website and online services.
The source of the usage data is Google Analytics.
The purpose of processing this data is to analyse the use of the website and services and make ongoing improvements to our website and our services. All data collected through Google Analytics is anonymised to protect your privacy.
More information https://policies.google.com/privacy?hl=en-US
2.3 SERVICE DATA
We may process the personal data that you provided during the use of our services. The service data may include your name, email address, telephone number, home address, the products and/or services you purchase from us.
The source of the service data is you, although in some limited cases it may be that your employer, G.P. or other health and/or welfare service provider such as a Local Authority or NHS professional.
We process this data to enable us to provide you with the best and most relevant client-focused service and to be able to communicate with you; to follow up on your progress as part of our duty of care to you, as well ensuring we maintain high standards in our service provisions.
We use Zoom to facilitate video conferencing with our clients for the purpose of providing private and confidential Hypnotherpay services if you choose online services.
Zoom Privacy Policy: https://zoom.us/privacy/
2.3 ENQUIRY DATA
We may process information contained in any enquiry you submit to us via our website using the Contact Form though wix this includes “how can we help you section” and “ask a question”, or when contacting us by email or phone regarding our products and services.
The source of the enquiry data is you.
The enquiry data is processed so that we can respond to you efficiently, answer any questions you may have asked and enable us to address the specific contents of your communication with us.
2.4 TRANSACTIONAL DATA
We may process information relating to transactions, including purchases of products and services, that you enter into with us via a service agreement and/or when you purchase products or services through our website. The Transaction data is processed on our behalf by our payment process service provider which are: Stripe, ApplePay, GooglePay. All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
It is your choice which of the payment providers you use when purchasing products from our Online Shop or Online services from us.
The transaction data will normally include, your name, address and preferred payment card and or payment service, a description of what was purchased and the value of the purchase.
You are given the option to use a payment provider which you
already have an account with.
b. sign up for an account with one of the service providers offered.
c. pay as a guest using one-time-only payment.
The transaction data is processed so that we can supply you with the products and or services which you have purchased and keeping proper records of those transactions.
The legal basis for this processing is the performance of a service agreement between you and us and/or taking steps, at your request, to enter into such an agreement.
PayPal Privacy Policy: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
Stripe Privacy Policy: https://stripe.com/gb/privacy
ApplePay: https://www.apple.com/uk/privacy/
GooglePay: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en
2.5 NOTIFICATION DATA
We may process information that you provide to us when you subscribe to our mailing list to receive email notifications, such as our Newsletters, Marketing materials which may include offers and Surveys. (“notification data”)
The source of the notification data is you and will include your name and email address
The notification data may be processed for the purposes of sending you the relevant notifications to which you have subscribed.
The legal basis for this processing is your consent. Every email notification includes an unsubscribe link in the footer of the email and you are free to unsubscribe at any time. If you choose to unsubscribe from our email subscription services, your data (name and email address) will be permanently and irretrievably deleted from our mailing system.
We use MailChimp to process our mailing list – you can read MailChimp’s Privacy Policy Here: https://mailchimp.com/legal/privacy/
2.6 CORRESPONDANCE DATA
We may process information contained in or relating to any communication that you send to us. (“correspondence data“).
The correspondence data may include the communication content, the metadata associated with the communication, your name, email address when you correspond with us by using the contact form on our website. Our website will generate the metadata associated with communications made using the website contact forms. If your correspondence is a traditional email, the data will include the contents of your email, your name and your email address. If you correspond with us by post, the data will include any data you have shared with us in letter format, and will usually include your name, the contents of your letter and a return address.
The source of the service data is you, although in some limited cases it may be that your employer, G.P. or other health and/or welfare service provider such as a Local Authority or NHS professional.
The correspondence data may be processed for the purposes of responding to any correspondence you have sent to us, enabling us to communicate with you and record-keeping.
The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with service users.
2.7 CATEGORY OF DATA
In addition to the type of data we have already described in the sections above, we may process what we consider to be special category data – this data may relate to an issue or condition you might be seeking treatment for from us. For example, you might disclose that you suffer from depression or anxiety or other health conditions.
The source of the service data is you, although in some limited cases it may be that your employer, G.P. or other health and/or welfare service provider such as a Local Authority or NHS professional.
This data may be processed to ensure you get the best available therapeutic treatment.
The legal basis for this processing is your consent and the performance of a service agreement between you and us and/or taking steps, at your request, to enter into such an agreement.
2.9 In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
2.11 Please do not supply any other person’s personal data to us, unless you have their written consent and we prompt you to do so.
3. Sharing your personal data to others
3.1. We may disclose your personal data to our insurers and/or professional advisers as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal and/or financial disputes.
3.2. We may disclose your name and email address to our suppliers or subcontractors insofar as reasonably necessary for example managing our Mailing List.
3.3. Financial transactions relating to our website and services handled by our payment services providers, who have been listed in the above section Transaction Data. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at
Stripe Privacy Policy: https://stripe.com/gb/privacy
ApplePay: https://www.apple.com/uk/privacy/
GooglePay: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en
3.4. We use a Customer Relationship Management System (CRM) to organise our client files The only data which we store in our CRM are:
3.4.1. Your basic contact details,
3.4.2. The copy of your service agreement
3.4.3. GDPR / DPA 2018 consent
3.4.5. Any data which you share with The Modern Mind Lab is stored digitally in our file system.
3.5. In addition to the specific disclosures of personal data set out in this Section 3, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
4. International transfers of your personal data
4.1. In This Section, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
4.2. We have offices and facilities in the UK, however, our payment processors, Mailing List processor are American owned companies with their headquarters in the USA as well as European Operations Centres.
From time to time and when performing system security reviews and systems back-ups, random samples of data from the EU Operations Centres is transferred to the USA via an encrypted connection. We have no control over these security reviews and no-way of being able to identify if any of your data was contained in the random data samples.
The European Commission has made an “adequacy decision” with respect to the data protection laws of the USA, and transfers of data to the USA will be protected by appropriate safeguards, namely data encryption as well as encrypted connections.
In signing up to these services which allows them to process your data they are obligated to protect your data through the use of binding corporate rules, and maintaining mandated regulatory standards, such as ISO 27001, PCI DSS, SOC I, SOC II and be independently audited by their regulatory body annually to ensure compliance.
PayPal Security – https://www.paypal.com/us/webapps/mpp/security/security-protections
Stripe Security – https://stripe.com/docs/security/stripe
Apple Pay Security – https://support.apple.com/en-us/HT203027
Google Pay Security – https://safety.google/pay/
MailChimp Security – https://mailchimp.com/about/security/
4.3. The hosting facilities for our website are situated with Wix.com Ltd. is based in Israel, which is considered by the European Commission to be offering an adequate level of protection for the Personal Information of EU Member State residents.
https://www.wix.com/about/privacy
​4.4. You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
5. Retaining and deleting personal data
5.1. Section 5 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
5.2. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
5.3. We will retain and delete your personal data as follows:
5.3.1. Transaction Data – will be minimised to the minimum allowed by the UK and retained for 7-years in line with UK Taxation and Company Law.
to tie in with financial statement provided by our payment processing providers – Once our monthly accounts have been compiled these records are destroyed.
5.3.2 Correspondence & Enquiry data
If you are a customer your correspondence data will be deleted from our systems within 30-days of your service agreement with us coming to an end, unless there is a financial or legal dispute between us.
If there is a dispute, your correspondence data will be deleted 30-days after the dispute has been resolved.
Depending on the nature of your service agreement with us, you always have the opportunity to renew or extend your service agreement with us during the 30-day window at the end of your service agreement.
If you are not a customer of The Modern Mind Lab – your correspondence data will be deleted 30-days from the last communication we received from you.
5.3.4. Case Note & Special Category Data
we keep digital records of notes when consulting with clients.
Therapeutic notes are kept for up to 3 years in line with current regulations after services have ceased.
We will never use your notes in this way without your consent.
Finally, there may be times where we may need to share what we consider to be Special Category Data between us. This data may be about your health situation, medically diagnosed condition or other personal situation. Should we ever have to share this information between us we use We Transfer. We use this services because it offers end to end encryption, you do not need to have an account with We Transfer, all documents shared by named parties on this platform are encrypted at rest so that even We Transfer employees cannot access the content of the shared documents and the documents are irretrievable deleted after 7-days.
We Transfer Privacy Policy https://wetransfer.com/legal/privacy
5.3.5. Notification data
As previously stated in the above section 2.5 you have the right to unsubscribe from our mailing list at any time. If you unsubscribe your data will be automatically and irretrievably be removed from our system.
5.4. Notwithstanding the other provisions of this Section 5, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
6. Amendments
6.1. We may update this policy from time to time by publishing a new version on our website.
6.2. You should check this page occasionally to ensure you are happy with any changes to this policy.
6.3. We may notify you of changes to this policy [by email or through the private messaging system on our website].
7. Your rights
7.1. In this Section, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
ICO – https://ico.org.uk/
7.2. Your principal rights under data protection law are:
7.2.1. the right to access; your data.
Data is held on our internal systems and you will need to make a “Subject Data Request” for a clear understanding of what data we hold, where it is kept, how we process it and why we process it.
7.2.2 the right to erasure;
You have the right to ask us to erase your data – as our data retention policy in Section 5 explains what data will be erased and the time frames for this erasure. In the main and barring exceptional circumstances, your data will be deleted from our systems 30-days after any service agreement between us has expired except ofr case notes that need to be retained for the specified period aligned with current legal requirements. Exceptional circumstances include legal and/or financial disputes and or when a superseding law or legal authority requires us to hold your data for longer than the stated period. As previously stated, you have the ability to erase your data from our systems when you unsubscribe from our mailing list.
7.2.4. the right to restrict processing;
While it is your right to request that we restrict the processing of your data – we only process your data with your consent to provide you with the goods or services you have requested. Requesting us to limit the processing of your data might lead to a diminished capability to provide you with the requested good and or service.
7.2.5. the right to object to processing;
While it is your right to object to us processing your data – to do so during our active service agreement with us, would prevent us from being able to provide you with the services you have requested. If for any reason you are unhappy with how your data is being processed or need a deeper understanding of our process, please contact us to discuss your right.
7.2.6. the right to complain to a supervisory authority;
If while exercising any of your right’s you feel we have not met the standards or have not handled your Subject Data Request in accordance with the legislation and the terms as described in this, our Policy you have the right to complain about us to the Information Commissioners Office – ICO – https://ico.org.uk/
7.2.8 the right to withdraw consent.
You have the right to withdraw your consent at any time – this right is normally associated with the receipt of email notifications which has been described in section 2.5.
7.3. You may exercise any of your rights in relation to your personal data by written notice to us – email will suffice. themodernmindlab@gmail.com
8. About cookies
8.1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
8.2. Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
8.3. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
9. Cookies that we use
9.1. We use cookies for the following purposes:
9.1.1 authentication – we use this cookie to identify you when you visit our website and as you navigate our website. The purpose of this cookie is to ensure that it is really you who is visiting our website. Our Payment Process Service Providers also have authentication cookies which protect your account from fraudulent use, when you purchase products from our online shop or services.
9.1.2. security – we use this cookie as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials and to protect our website and services generally. This cookie is of particular importance when you use our shop and/or make other purchase from our website.
9.1.3. analysis – we use this cookie to help us to analyse the use and performance of our website and services. This cookie is provided to us by Google Analytics and helps us to improve our website, it’s content and your visitor experience.
9.1.4. cookie consent – we use this cookie to store your preferences in relation to the use of cookies more generally. Cookies used for this purpose are used to make sure it is really you who is visiting our website, and to identify you if you have subscribed to our Mailing List – also known as Email Notifications.
10. Cookies used by our service providers
10.1. Our service providers use cookies and those cookies may be stored on your computer when you visit our website.
10.2. We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available athttps://www.google.com/policies/privacy/.
10.3. From time to time we publish Google AdSense advertisements on our website. To determine your interests, Google will track your behaviour on our website and on other websites across the web using cookies. This behaviour tracking allows Google to tailor the advertisements you see on other websites to reflect your interests however we do not publish interest-based advertisements on our website.
You can view, delete or add interest categories associated with your browser by visiting: https://adssettings.google.com. You can also opt-out of the AdSense partner network cookie using those settings or using the Network Advertising Initiative’s multi-cookie opt-out mechanism at http://optout.networkadvertising.org. However, these opt-out mechanisms themselves use cookies, and if you clear the cookies from your browser your opt-out will not be maintained. To ensure that an opt-out is maintained in respect of a particular browser, you may wish to consider using the Google browser plug-ins available at https://support.google.com/ads/answer/7395996
11. Managing cookies
11.1. Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can, however, obtain up-to-date information about blocking and deleting cookies via these links:
11.1.1. https://support.google.com/chrome/answer/95647?hl=en (Chrome);
11.1.2. https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
11.1.3. http://www.opera.com/help/tutorials/security/cookies/ (Opera);
11.1.4. https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
11.1.5. https://support.apple.com/kb/PH21411 (Safari); and
11.1.6. https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
11.2. Blocking all cookies will have a negative impact upon the usability of many websites.
11.3. If you block cookies, you may not be able to use all the features on our website.