logo

Heal With Rangika

Privacy Policy

Last updated: 9/8/2025

1. Introduction

Heal With Rangika ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

This policy applies to all information collected through our website, services, and any related services, sales, marketing, or events.

2. Information We Collect

Personal Information

We may collect the following personal information:

  • Name and contact information (email, phone number, address)
  • Date of birth and age
  • Health information relevant to hypnotherapy treatment
  • Payment information (processed securely through Stripe)
  • Session preferences and goals
  • Communication records and session notes

Technical Information

  • IP address and browser information
  • Device information and operating system
  • Website usage data and analytics
  • Cookies and similar tracking technologies

Health Information

We collect health information necessary for providing safe and effective hypnotherapy services, including medical history, current medications, and mental health status.

3. How We Use Your Information

We use your information for the following purposes:

  • Providing hypnotherapy services and treatment
  • Processing bookings and payments
  • Communicating about appointments and services
  • Maintaining treatment records and session notes
  • Improving our services and website functionality
  • Sending appointment reminders and follow-up communications
  • Complying with legal and regulatory requirements
  • Protecting against fraud and ensuring security
4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

  • Consent: You have given clear consent for processing your personal data
  • Contract: Processing is necessary for performing our services
  • Legal Obligation: Processing is required by law
  • Vital Interests: Processing is necessary to protect health and safety
  • Legitimate Interests: Processing is necessary for our legitimate business interests
5. Information Sharing and Disclosure

We DO NOT sell your personal information.

We may share information with:

  • Service Providers: Stripe for payment processing, email services for communications
  • Healthcare Professionals: With your consent, for coordinated care
  • Legal Authorities: When required by law or to protect rights and safety
  • Professional Bodies: For regulatory compliance and professional standards

Third-Party Services

  • Stripe: Secure payment processing (PCI DSS compliant)
  • Email Services: For appointment confirmations and communications
  • Analytics: Website usage analytics (anonymized data)
6. Data Security

We implement appropriate security measures to protect your information:

  • SSL encryption for data transmission
  • Secure servers and databases
  • Regular security updates and monitoring
  • Access controls and authentication
  • Staff training on data protection
  • Regular security audits and assessments

Note: While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for the following periods:

  • Treatment Records: 7 years after last session (professional requirement)
  • Payment Records: 6 years (tax and accounting requirements)
  • Marketing Communications: Until you unsubscribe
  • Website Analytics: 26 months (anonymized)
  • Session Recordings: Deleted immediately after session (if applicable)

After retention periods expire, we securely delete or anonymize your information.

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data (subject to legal requirements)
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Request transfer of your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us using the information provided below.

9. Cookies and Tracking

Types of Cookies We Use:

  • Essential Cookies: Required for website functionality
  • Analytics Cookies: Help us understand website usage
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

10. International Data Transfers

Your information may be transferred to and processed in countries outside the UK/EU. We ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Certification schemes and codes of conduct
11. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

For clients aged 16-18, we require parental consent before providing services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending email notifications for significant changes

You are advised to review this Privacy Policy periodically for any changes.