Book Discovery Call

Privacy Policy for Carolyn Hitchcock

Effective Date: 29 July 2025

Hello my loveliest. Your privacy and trust are of the utmost importance to me. This Privacy Policy outlines how I, Carolyn Hitchcock, collect, use, protect, and handle your personal data when you use my website (https://www.carolynhitchcock.co.uk) and my services. I am committed to ensuring that your privacy is protected in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who I Am (The Data Controller)

For the purpose of data protection law, the data controller is Carolyn Hitchcock. If you have any questions about this policy or how I handle your data, please get in touch using the details below:

  • Email: info@carolynhitchcock.co.uk
  • Website: https://www.carolynhitchcock.co.uk

2. The Information I Collect

I collect information about you in a few different ways to provide and improve my services:

  • Information you give me directly: This includes your name, email address, and phone number when you fill out a contact form or book an appointment. It also includes any information you choose to share in the message field, which may relate to your health and wellbeing.
  • Information from our sessions: During our consultations and treatments, I will collect relevant health and medical information. This is known as “special category data” and is handled with the highest level of care.
  • Information from third-party booking tools: When you book an appointment using TidyCal, they collect your name, email address, and appointment details on my behalf.
  • Technical information from your use of my website: Like most websites, I may collect anonymous data about your visit, such as your IP address, browser type, and which pages you visited. This is collected through cookies and analytics tools to help me improve the website experience.

3. How I Use Your Information

I only use your personal data for the purposes for which it was collected. These include:

  • To provide my therapeutic services to you: To conduct consultations, create treatment plans, and provide hands-on therapy.
  • To communicate with you: To respond to your enquiries, send appointment confirmations and reminders, and share important information related to your treatment.
  • For record-keeping: To maintain accurate and detailed clinical records, as required by my professional body and for insurance purposes.
  • To improve my website: To analyse how visitors use the site so I can make it more user-friendly and effective.

4. My Lawful Basis for Processing Your Data

UK GDPR law requires me to have a valid lawful basis for processing your data. I rely on the following:

  • Contractual Obligation: When you book a consultation or treatment, I process your data to fulfil my contractual obligation to provide you with that service.
  • Legitimate Interests: For activities like responding to enquiries and improving my website, I have a legitimate interest in processing your data to operate and grow my practice.
  • Consent: For “special category” health data, I will always obtain your explicit consent to collect and use this information for the purpose of providing you with safe and effective therapy. You have the right to withdraw this consent at any time.

5. Data Sharing and Third Parties

Your trust is paramount. I will never sell your personal data. I only share it with essential third-party service providers who help me run my practice, including:

  • Booking Systems: TidyCal, to manage appointments.
  • Website Hosting Providers: To host and maintain the website.

These providers are carefully selected and have their own robust privacy policies in place. I only provide them with the information they need to perform their specific services.

6. Data Security and Retention

I take the security of your data very seriously. I have implemented appropriate technical and organisational measures (such as SSL encryption on this website) to protect your personal data from unauthorised access, loss, or misuse.

I will only retain your personal data for as long as necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For clinical records, I am required by my professional insurance to retain them for a minimum period (typically 7 years after your last consultation).

7. Your Data Protection Rights

Under UK data protection law, you have rights over your personal data. These include:

  • The right to be informed: About how I collect and use your data (which is the purpose of this policy).
  • The right of access: To request a copy of the information I hold about you.
  • The right to rectification: To have any inaccurate or incomplete data corrected.
  • The right to erasure: To request the deletion of your data where there is no compelling reason for me to continue processing it.
  • The right to restrict processing: To block or suppress the processing of your data in certain circumstances.
  • The right to data portability: To obtain and reuse your personal data for your own purposes across different services.
  • The right to object: To object to the processing of your data in certain circumstances.

If you wish to exercise any of these rights, please contact me at [Enter Your Email Address Here]. You also have the right to lodge a complaint with the UK’s data protection regulator, the Information Commissioner’s Office (ICO), if you have concerns about how I have handled your data. You can find their details at www.ico.org.uk.

8. Cookie Policy

This website uses cookies to enhance your browsing experience and to collect anonymous analytics data. A cookie is a small text file stored on your device. You can control and manage cookies through your browser settings. For more detailed information, please see my full Cookie Policy page [Create a separate Cookie Policy page and link it here].

9. Changes to This Privacy Policy

I may update this policy from time to time to reflect changes in my practices or for other operational, legal, or regulatory reasons. Any changes will be posted on this page, so please review it periodically.