Privacy Policy
Emma O’Brien Hypnotherapy & Coaching
Last updated: 19 June 2026
Your privacy matters to me. This Privacy Policy explains what personal data I collect about you, why I collect it, how I use it, and what rights you have in relation to it.
I am committed to handling your personal data responsibly and in compliance with the Data (Use and Access) Act 2025, the UK General Data Protection Regulation (UK GDPR), and the Data Protection Act 2018.
1. Who We Are
The data controller responsible for your personal data is:
Name
Em O’Brien Trading as
Emma O’Brien Hypnotherapy & Coaching
emobrien.co.uk
Em@emobrien.co.uk
ICO Registration No.
ICO:00014851590
Please note: the Freedom Framework® is the proprietary methodology used to deliver coaching and RTT services. It is a trademark, not a separate legal entity. All data controller responsibilities rest with Em O’Brien trading as Emma O’Brien Hypnotherapy & Coaching.
If you have any questions about this Privacy Policy, please email em@emobrien.co.uk.
2. What Personal Data I Collect
a) Information you give me directly
Your name and email address (when you sign up to my newsletter, download a lead magnet such as the Confidence Blueprint, or make an enquiry)
Contact and payment details (when you book or purchase a service)
Personal background information, professional history, and goals (shared during coaching sessions or intake forms)
Health and wellbeing information relevant to RTT hypnotherapy sessions (where you choose to share this)
CliftonStrengths assessment results and related coaching notes
Bespoke RTT audio recordings created for your programme (where applicable, with your consent)
Video testimonials or case study content (where you provide these voluntarily)
Communications with me by email, WhatsApp, or other channels
b) Information collected automatically
Website usage data via cookies and analytics tools (see Section 8)
Device and browser information when you visit the website
c) Special category data
Some information I hold may be classified as ‘special category’ data under UK GDPR — specifically, information relating to your physical or mental health, which may arise naturally in an RTT hypnotherapy or coaching context. I only ever process special category data with your explicit consent, and I treat it with the highest level of care and confidentiality.
3. Why I Collect Your Data and the Legal Basisose
Examles
Legal Basis (UK GDPR)
Delivering coaching and RTT hypnotherapy services
Session notes, intake forms, RTT recordings, CliftonStrengths results
Contract (Art. 6(1)(b)) + Explicit Consent for health data (Art. 9(2)(a))
Managing your enquiry or booking
Responding to emails, booking confirmations
Contract / pre-contract steps (Art. 6(1)(b))
Sending my newsletter (Go Fearwards Friday)
Weekly email content
Consent (Art. 6(1)(a))
Delivering a lead magnet
Brilliance Blind Spot download
Consent (Art. 6(1)(a))
Processing payments
Invoices, payment records
Contract (Art. 6(1)(b)) + Legal obligation (Art. 6(1)(c))
Keeping financial and legal records
HMRC compliance, client agreements
Legal obligation (Art. 6(1)(c))
Case study programme management
Tracking client transformation, check-ins, testimonials
Consent (Art. 6(1)(a))
Improving my services
Reviewing session outcomes, feedback
Legitimate interests (Art. 6(1)(f))
4. How Long I Keep Your Data
Type of Data
Retention Period
Client session notes and coaching records 7 years from end of working relationship
Financial and payment records 7 years (HMRC requirement)
RTT hypnosis recordings Duration of programme + 1 year, or as agreed with you
Email enquiries 3 years from last contact
Newsletter subscribers Until you unsubscribe or withdraw consent
Case study / testimonial content Until you withdraw consent
Data complaints records 3 years from resolution
When your data is no longer needed, I will securely delete or anonymise it.
5. Who I Share Your Data With
I do not sell your personal data. I only share it in the following limited circumstances:
Service providers
I use a small number of trusted third-party platforms to run my business. These act as ‘data processors’ on my behalf:
Email marketing platform (e.g. FEA Create / Mail Chimp or equivalent) — for sending the Go Fearwards Friday newsletter and other email marketing.
Payment processing (e.g. Stripe, PayPal, or equivalent) — for handling payments securely
Booking and scheduling tools (e.g. Calendly or equivalent) — for session bookings
Cloud storage (e.g. Google Drive or equivalent) — for storing client documents securely
Video calling platforms (e.g. Zoom or equivalent) — for online sessions
CliftonStrengths assessments
If you complete a CliftonStrengths assessment, your results are processed by Gallup, Inc. under their own privacy terms. Gallup’s privacy policy applies to that process.
Professional supervision
As an RTT Practitioner, I engage in professional supervision. Case details discussed in supervision will always be anonymised unless you have given explicit consent for identifiable information to be shared.
Legal requirements
I may disclose personal data where required to do so by law or in response to a lawful request from a regulatory or law enforcement authority.
6. Transfers Outside the UK
Some third-party platforms I use may process or store data outside the UK. Where this is the case, I ensure appropriate safeguards are in place — such as UK adequacy decisions or standard contractual clauses — in line with UK GDPR requirements. Contact me at hello@emobrien.co.uk if you’d like more information.
7. Your Data Protection Rights
Right
What this means
Right of access
You can request a copy of the personal data I hold about you (Subject Access Request).
Right to rectification
You can ask me to correct any inaccurate or incomplete data.
Right to erasure
You can ask me to delete your data in certain circumstances.
Right to restriction
You can ask me to pause processing of your data.
Right to data portability
Where processing is based on consent or contract, you can ask for your data in a portable format.
Right to object
You can object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent
Where I rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please email em@emobrien.co.uk with ‘Data Request’ in the subject line. I will respond within 1 calendar month.
8. Cookies
My website (emobrien.co.uk) may use cookies to improve your experience and understand how the site is used. Types of cookies may include:
Essential cookies — necessary for the website to function
Analytics cookies — to understand how visitors use the site (e.g. Google Analytics)
Marketing cookies — if you have opted in
You can control cookies through your browser settings. Where required by law, I will ask for your consent before placing non-essential cookies.
9. Keeping Your Data Safe
The measures I use to protect your personal data include:
Password-protected devices and accounts
Secure, encrypted cloud storage for client documents
Use of reputable platforms with their own security certifications
Limiting access to personal data to myself only, unless a specific third party has a genuine need
No method of transmission over the internet is completely secure. While I take all reasonable steps to protect your data, I cannot guarantee absolute security.
10. Complaints About How I Handle Your Data
If you have a concern about how I’ve collected, used, or stored your personal data, I’d always encourage you to reach out to me directly first. I take data privacy seriously and will do my best to resolve any issue quickly.
How to contact me
Name
Em O’Brien | Emma O’Brien Hypnotherapy & Coaching
em@emobrien.co.uk
Subject line
Data Complaint
Please include your name, a description of your concern, and any relevant dates or reference numbers.
How I’ll respond:
Acknowledgement: I will acknowledge receipt of your complaint within 3 calendar days.
Full response: I will provide a full written response within 1 calendar month of receiving your complaint.
If your complaint is complex: In exceptional circumstances I may need up to 3 calendar months in total. I will let you know within the first calendar month and explain why.
Your right to contact the ICO
If you’re not satisfied with how I’ve handled your complaint, or if you’d prefer to raise your concern directly with the regulator, you have the right to contact the Information Commissioner’s Office (ICO) at any time.
Information Commissioner’s Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113
Make a complaint: ico.org.uk/make-a-complaint
You do not have to contact me before going to the ICO, though the ICO generally encourages people to raise concerns with the organisation first.
11. Changes to This Privacy Policy
I may update this Privacy Policy from time to time. When I make significant changes, I will update the ‘Last updated’ date at the top of this page. Continued use of my services or website following any changes constitutes acceptance of the updated policy.
12. Contact
If you have any questions about this Privacy Policy or how your personal data is handled, please get in touch:
Em O’Brien
Emma O’Brien Hypnotherapy & Coaching
hello@emobrien.co.uk
emobrien.co.uk
This Privacy Policy was prepared to comply with the Data (Use and Access) Act 2025, UK GDPR, and Data Protection Act 2018. It does not constitute legal advice. For complex data protection matters, please consult a qualified UK data protection solicitor or contact the ICO helpline on 0303 123 1113.