PRIVACY POLICY

Last updated: 14/2/26

1. WHO I AM

Calm Hypnobirthing with Heather is committed to protecting your privacy and personal information.

My details:

• Business name: Calm Hypnobirthing with Heather

• Contact email: heathercalmhypnobirthing@protonmail.com

• Contact phone: 07814 702 650

• Address: Gullane, East Lothian

• Website: https://heathercalmhypnobirthing.com

2. WHAT INFORMATION I COLLECT

I collect information that you give me directly and information that helps me provide my services safely and effectively.

2.1 Personal Information

• Name (full name)

• Contact details (email address, phone number, postal address)

• Date of birth or age (to ensure suitability for services)

• Emergency contact information (name and phone number)

2.2 Health & Medical Information

To provide my services safely, I collect:

• Due date

• How many weeks pregnant you are

• Whether you're expecting multiples

• Any pregnancy complications or concerns

• Previous pregnancy history (if relevant)

• Medical conditions that may affect participation

• GP/midwife contact details

2.3 Booking & Payment Information

• Booking dates and times

• Classes/services purchased

• Payment history

• Block booking or course progress

2.4 Communication History

• Emails, texts, or phone conversations with you

• Feedback or reviews you provide

• Questions or concerns you raise

2.5 Marketing Preferences

• Whether you've opted in to receive marketing emails

• Your communication preferences

2.6 Technical Information

• IP address

• Browser type

• Pages visited on our website

• Cookie data (see my Cookie Policy)

3. HOW I COLLECT INFORMATION

I collect information:

• When you complete my booking form or registration

• When you fill in my medical questionnaire

• When you contact me by email, phone, or social media

• When you make a payment

• When you visit my website (through cookies)

• During our classes or sessions (if you share information with me)

4. WHY I COLLECT THIS INFORMATION (LEGAL BASIS)

I collect and use your information for the following reasons:

4.1 To Provide My Services (Contractual Necessity)

I need your information to:

• Confirm and manage your bookings

• Contact you about your classes or appointments

• Process your payments

• Provide services safely and appropriately for your needs

4.2 To Keep You Safe (Legitimate Interest & Legal Obligation)

I need health information to:

• Ensure my services are suitable and safe for you

• Modify activities if needed for your circumstances

• Respond appropriately in an emergency

• Meet my duty of care and insurance requirements

4.3 For Marketing (Consent)

With your permission, I may:

• Send you updates about my classes and services

• Share tips, articles, or resources

• Inform you about special offers or new programs

You can opt out of marketing at any time - just click "unsubscribe" in any email or contact me directly.

4.4 For Legal Compliance

I may need to keep certain information to:

• Comply with tax and accounting requirements

• Respond to legal requests

• Protect my legal rights

5. HOW I USE YOUR INFORMATION

I use your information to:

✓ Confirm your bookings and send appointment reminders
✓ Ensure you can safely participate in my classes or services
✓ Contact you about any changes to scheduled sessions
✓ Process payments and issue invoices
✓ Keep accurate records of your attendance and progress
✓ Contact you in an emergency
✓ Respond to your questions or concerns
✓ Send you marketing emails (only if you've opted in)
✓ Improve my services based on feedback
✓ Comply with legal and regulatory requirements

I will NEVER: ✗ Sell your information to third parties
✗ Use your information for purposes you haven't agreed to
✗ Share your health information without your permission (except in emergencies)
✗ Send you marketing if you've opted out

6. WHO I SHARE YOUR INFORMATION WITH

I keep your information private and secure. I only share it when necessary:

6.1 Emergency Services

In a medical emergency, I may need to share your health information with:

• Emergency services (ambulance, paramedics)

• Hospital staff

• Your emergency contact

6.2 Service Providers

I may share limited information with:

• Accountants (for tax and financial record-keeping)

• Zoom (for online classes)

All third parties are carefully chosen and required to keep your data secure.

6.3 Insurance & Professional Bodies

I may need to share information with:

• My insurance provider (in case of a claim)

• Professional bodies or regulatory organizations (if required for qualifications or complaints)

6.4 Legal Requirements

I may share information if required by law:

• Court orders or legal proceedings

• Safeguarding concerns (if I believe someone is at risk)

• Law enforcement requests

6.5 Venue Requirements

If I hire venues, I may need to provide:

• Your name for attendance registers

• Contact details (if required for venue contact tracing or emergency procedures)

7. HOW I PROTECT YOUR INFORMATION

I take data security seriously and use appropriate measures to protect your information:

✓ Password protection - All digital files are password-protected
✓ Limited access - Only business owner can access your data
✓ Secure communication – I don't send sensitive health information by unencrypted email
✓ Paper records - Any paper forms are stored securely and destroyed when no longer needed

7.1 Where I Store Your Information

Your information is stored:

• On secure, password-protected devices

• In cloud-based systems (e.g., Google Drive, Dropbox) with two-factor authentication

• In paper files in a locked cabinet

All storage complies with UK GDPR requirements.

8. HOW LONG I KEEP YOUR INFORMATION

I only keep your information for as long as necessary.

8.1 Active Clients

While you're actively using my services:

• Contact & booking information: For the duration of your use of my services

• Health & medical information: Until you stop attending or request deletion

• Payment records: Minimum 6 years (legal requirement for tax purposes)

8.2 Past Clients

After you stop using my services:

• Financial records: 6 years (HMRC requirement)

• Contact details: 1 year (in case you return or I need to contact you about past services)

• Health information: Deleted after 6 months to 1 year of inactivity, unless required for insurance claims

8.3 Marketing

If you've opted in to marketing emails:

• I'll keep your email until you unsubscribe or 2 years of inactivity

8.4 Right to Deletion

You can request deletion of your data at any time (see Section 10 - Your Rights).

Note: I may need to keep some information if:

• Required by law (e.g., financial records)

• Needed for legal claims or disputes

• Necessary for insurance purposes

9. YOUR RIGHTS

Under UK GDPR, you have the following rights:

9.1 Right to Access (Subject Access Request)

You can request a copy of all the personal information I hold about you.

• I'll respond within 30 days

• This is free of charge

9.2 Right to Correction

If any information I hold is incorrect or incomplete, you can ask me to correct it.

9.3 Right to Deletion ("Right to be Forgotten")

You can ask me to delete your information, except where:

• I’m legally required to keep it (e.g., financial records)

• I need it for legal claims

• It's necessary for insurance purposes

9.4 Right to Restrict Processing

You can ask me to limit how I use your information in certain circumstances.

9.5 Right to Data Portability

You can request your data in a common format (e.g., PDF or spreadsheet) to transfer to another provider.

9.6 Right to Object

You can object to:

• Marketing communications (opt out at any time)

• Processing based on legitimate interests

9.7 Right to Withdraw Consent

If I’m processing data based on your consent (e.g., marketing), you can withdraw consent at any time.

How to exercise your rights: Email me at heathercalmhypnobirthing@protonmail.com or call 07814 702 650

I'll respond within 30 days.

10. COOKIES

My website uses cookies to improve your experience.

What are cookies?

Small text files stored on your device that help my website function and remember your preferences.

What cookies I use:

• Essential cookies: Allow the website to function (e.g., remembering items in a booking form)

• Analytics cookies: Help me understand how visitors use my site (e.g., Google Analytics)

• Marketing cookies:

Managing cookies:

You can control cookies through your browser settings. However, disabling essential cookies may affect website functionality.

For more your information I use Google Analytics.

11. THIRD-PARTY LINKS

My website or social media may contain links to other websites (e.g., booking systems, payment processors).

Please note: I’m not responsible for the privacy practices of other websites. I encourage you to read their privacy policies.

12. INTERNATIONAL TRANSFERS

Your data is stored and processed in the UK.

13. CHANGES TO THIS POLICY

I may update this Privacy Policy from time to time to reflect changes in:

• How I operate

• Legal requirements

• Technology I use

When I make changes:

• I'll update the "Last updated" date at the top

• The updated policy will be available on my website

I encourage you to review this policy periodically.

14. HOW TO CONTACT ME

If you have questions about this Privacy Policy or how I handle your data:

Contact me:

• Email: heathercalmhypnobirthing@protonmail.com

• Phone: 07814 702 650

• Address: Broomieknowe, Hall Crescent, Gullane, East Lothian, EH31 2HA

I'll respond within: 2-5 working days

15. COMPLAINTS

If you're unhappy with how I've handled your data, you can:

1. Contact me first: Email heathercalmhypnobirthing@protonmail.com- I'll do my best to resolve your concern

2. Contact the ICO: If you're not satisfied with my response, you can complain to the UK's data protection authority:

Information Commissioner's Office (ICO)

• Website: ico.org.uk

• Phone: 0303 123 1113

• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF