Embedded Files
Unlock Change: Hypnotherapy Informed by 21 Years of Teaching Meditation
Last Updated: May 17, 2025
By sharing your personal information, using my services, or interacting with my online presence—including my website, social media channels, and any other online platforms I operate—you acknowledge that you have read and understood the Privacy Notices / Policies set out here, and consent to the processing of your personal data as described herein.
This privacy notice has two sections.
Section 1 - Privacy Notice for Matthew Earl Hypnotherapy (UK)
Section 2 - Privacy Policy / Notice from Grace Space, LLC (USA)
Section 1 - Privacy Notice for Matthew Earl Hypnotherapy (UK)
I am serious about protecting your privacy. This Privacy Notice (“Notice”) explains what information is collected, stored, used, and shared by Matthew Earl (“Me,” “I,” “My,”), a trainee hypnotherapist on the Grace Method Hypnotherapy Certification Course, and you (“Client”), the individual having using my services.
My contact details
Data Controller: Matthew Earl Hypnotherapy Name of Data Controller Representative and Data Protection Contact: Matthew Earl E-mail: matthew[at]matthewearlwellness[dot]com
Geographical Location: London, United Kingdom
Website: matthewearlwellness.com
The type of personal information I collect
I may collect and process the following categories of personal data about you:
Identity Data: Including your name.
Contact Data: Including your address, email address, and phone number.
Demographic Data: Including your date of birth (to verify you are over 18).
Health Data: Including information about your general health and wellbeing relevant to your hypnotherapy sessions, such as potential triggers, sensitivities, and details of what you want to work on. This also includes session notes taken for the purpose of providing effective ongoing therapy. This is special category data under UK GDPR, and I process it based on Your explicit consent.
Session Recordings: Video and audio recordings of sessions, if You provide separate, explicit consent via the intake form, for quality control, and training assessment purposes, including submission to Grace Space, LLC (USA) for student assessment. This is special category data (as it contains health-related discussions) and is processed based on Your explicit consent. The transfer of this data to the USA is also based on Your explicit consent, having here been informed of the potential risks due to the USA not having an adequacy decision from the UK that covers this specific processor without further safeguards, unless Grace Space LLC is certified under the UK-US Data Bridge (see 'Sharing Your Personal Data' below).
Online Usage Data: If you use my online presence (including my website, social media channels, and any other online platforms I operate), I may automatically collect:
Technical Data: Including your IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Cookies and similar technologies: Please see our Cookie Policy on my website for details: matthewearlwellness.com
Client Testimonials: I may collect feedback from you after your hypnotherapy sessions to help us improve my services and to share positive experiences with potential clients. With your explicit consent, I may publish your testimonial on our website or in other marketing materials. You will have the option to choose how your feedback is shared: anonymously, with your initials and city, or with your first name and city. The legal basis for processing your feedback for these purposes is your consent, which you can withdraw at any time by contacting me. I will retain your testimonial for as long as it is relevant for marketing purposes, or until you withdraw your consent.
Any other personal information you voluntarily provide that is directly relevant to your hypnotherapy.
How we get the personal information and why we have it
The personal information we process is provided to me directly by you.
I collect personal information directly from you when you (including but not limited to):
Register for my services and complete the registration form.
Provide information during our hypnotherapy sessions.
Communicate with me via email or phone.
Interact with my online presence.
I use your personal data for the following purposes:
To assess your suitability for hypnotherapy, and to decide if I can offer you my services.
To understand your needs and goals, enabling me to provide you with the most effective hypnotherapy service.
To manage our appointments, including contacting you with confirmations, reminders, and any necessary updates.
To process payments for our sessions and manage invoicing.
To communicate with you effectively regarding a waiting list, your sessions and any related matters such as contacting you regarding your progress, feedback, and regarding further sessions.
As an existing client I may also use your information to contact you about other related services I offer based on the contact information you provided me. You can contact me at any time at matthew[at]matthewearlwellness[dot]com if you no longer wish to receive marketing information (opt-out).
To administer, maintain, and improve my online presence, ensuring its functionality and security.
To analyse online channel usage to understand how visitors use my online channels and to improve user experience.
To comply with legal and regulatory obligations (e.g., financial record keeping, responding to legal requests).
To manage and defend against legal claims.
Sharing Your Personal Data
I may share your personal data with the following categories of recipients:
Grace Space, LLC (USA): Your session recordings (video and audio), which constitute special category data, may be shared if You provide separate, explicit consent via the intake form. This sharing is for the purpose of assessing my performance as part of the Grace Method Hypnotherapy Certification Course. These recordings are uploaded via a secure Google Form to Grace Space, LLC’s (USA) secure Google Drive, which is accessed only by their designated mentors for evaluation. Their privacy notice is in Section 2.
Important Information about Data Transfer Outside the UK to the USA: The USA is not currently deemed by the UK to provide an adequate level of data protection across its entire jurisdiction in the same way as the UK GDPR. Therefore, transfers of personal data to the USA require specific safeguards.If Grace Space, LLC is certified under the UK Extension to the EU-US Data Privacy Framework (the "UK-US Data Bridge"): This certification would provide a valid mechanism for transferring your data. I will take steps to verify such certification if applicable.
If Grace Space, LLC is NOT certified under the UK-US Data Bridge, or if this mechanism is not used: The transfer of your session recordings will be made on the basis of Your explicit consent, as per Article 49(1)(a) of the UK GDPR. By providing your explicit consent to the recording and its submission for assessment purposes via the intake form, you are acknowledging and agreeing to this transfer. You must be aware of the potential risks associated with this transfer due to the absence of an adequacy decision covering this specific processor and potentially the absence of other safeguards like Standard Contractual Clauses agreed directly between Me and Grace Space LLC for this student submission process. These risks may include different data protection standards and potentially more limited redress mechanisms in the USA compared to the UK.
Alternatively, I may seek to put in place other appropriate safeguards where feasible, such as Standard Contractual Clauses (e.g., the UK’s International Data Transfer Agreement or Addendum), along with a Transfer Risk Assessment. You will be informed if such alternative safeguards are the primary basis for transfer. Your explicit consent to the recording and transfer is obtained via the intake form.
Service Providers: I may use third-party service providers to support my business operations, such as for secure data storage and website hosting. These providers will have access to your personal data only to the extent necessary to perform their services and are contractually obligated to protect your data.
Legal and Regulatory Authorities: I may disclose your personal data if required by law, such as in response to a court order or to comply with other legal or regulatory obligations.
I do not knowingly collect personal data from individuals under the age of 18. If you are under 18, please do not provide me with any personal data. If you are a parent or guardian and become aware that your child has provided me with personal data, please contact me immediately.
I will only share your personal data with third parties as described in this Privacy Notice or where I have a legal obligation to do so.
Automated Decision-Making and Profiling: I do not use automated decision-making or profiling in the processing of your personal data.
Lawful Basis for Processing Your Personal Data
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases I rely on for processing your personal data are:
Contractual necessity: Processing Your personal data is necessary for the performance of our contract to provide hypnotherapy services to You, which is formed when You agree to my Terms & Conditions. This includes processing necessary to manage appointments, provide the agreed service (including preparatory work where applicable), process payments, and apply charges in accordance with the agreed terms (such as those detailed in Sections 6.6 and 7 of the Terms & Conditions).
Legitimate interests: I have a legitimate interest in processing your personal data for the following purposes:
To provide and manage the hypnotherapy services you have requested.
To communicate with you about your appointments and other service-related matters, such as contacting you regarding your submission to a waiting list, your progress, feedback, and regarding further sessions.
As an existing client, I may use your contact details (collected during the course of providing services to you) to send you information about my own similar hypnotherapy services by email, where you were given a clear opportunity to opt-out at the time your details were collected and in every subsequent communication (this is often referred to as the 'soft opt-in' under PECR). You can opt-out of receiving these communications easily at any time by contacting me at matthew[at]matthewearlwellness[dot]com. My legitimate interest is to promote my services to existing clients who may benefit from them.
To administer, maintain, and improve my online channels and ensure their security.
To analyse online channel usage and improve user experience.
Legal obligation: I may process and disclose your personal data to comply with legal obligations, such as in response to a court order or to report suspected illegal activity. This includes situations where I am legally obligated to breach confidentiality, such as under the Children’s Act or if a court order is issued, or if I have good reason to believe that significant harm to you or another person may arise if I do not disclose that information.
Consent: We process certain personal data based on your explicit consent, such as for:
Session recordings and their transfer to Grace Space, LLC (USA) for assessment purposes (obtained via the intake form).
Client testimonials (where you agree to their publication).
Processing special category health data necessary for tailoring and delivering hypnotherapy sessions, maintaining session notes, and assessing service suitability (obtained via the intake form). You have the right to withdraw your consent at any time (though withdrawal does not affect the lawfulness of processing based on consent before its withdrawal). See 'Your data protection rights' for how to withdraw consent.
Vital interests: In rare circumstances, I may process your personal data where it is necessary to protect your vital interests or the vital interests of another individual (e.g., in a medical emergency).
For the processing of special category data, specifically data concerning health provided by you for the purpose of tailoring and delivering hypnotherapy sessions, maintaining session notes, and assessing service suitability, we rely on Your explicit consent (Article 9(2)(a) of the UK GDPR), obtained via the intake form. For session recordings containing health discussions, explicit consent is also the Article 9 condition.
How I store your personal data
Your personal data is securely stored on an encrypted drive. I will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and in line with my professional indemnity insurance obligations.
Client Records (including session notes and intake forms): Typically retained for a period of seven (7) years following the date of our last session. This period is based on common practice for therapeutic records and professional indemnity insurance requirements.
Financial Records: Retained for six (6) years plus the current financial year, as required by UK tax law.
Session Recordings (if consented to): Retained by Me only for the duration necessary for the Grace Method Hypnotherapy Certification Course assessment (typically until assessment is complete and confirmed), after which they will be securely deleted from My systems. Grace Space, LLC will have their own retention policy as outlined in Section 2.
Client Testimonials (if consented to): Retained for as long as they are relevant for marketing purposes or until You withdraw Your consent, reviewed periodically.
Website Usage Data (e.g., analytics): Retained for a shorter period (e.g., 26 months) for analytical purposes and then anonymised or deleted.
Marketing Opt-out Lists: Retained indefinitely to ensure compliance with Your preferences.
Physical records created during sessions are promptly converted to digital format on an encrypted drive, and the physical copies are securely shredded (cross-cut) within 24 hours.
At the end of the relevant retention period, Your personal data will be securely deleted or anonymised. You have the right to request the deletion of your personal data at any time by emailing: matthew[at]matthewearlwellness[dot]com. However, please note that if you request deletion before any scheduled sessions, those sessions will be cancelled as the information is required to provide the service effectively, and this will be subject to my cancellation policy as detailed in my Terms & Conditions. Deletion is also subject to any overriding legal or regulatory obligations to retain the data.
Your data protection rights
Under data protection law, you have the following rights in relation to your personal data:
Your right to access: You have the right to request copies of your personal information.
Your right to rectification: You have the right to request that I correct any information you believe is inaccurate or incomplete.
Your right to erasure ("right to be forgotten"): You have the right to request that I delete your personal information in certain circumstances.
Your right to restriction of processing: You have the right to request that I restrict the processing of your personal information in certain circumstances, such as if you contest the accuracy of the data or object to the processing (where my legitimate interests are the basis for processing).
Your right to object to processing: You have the right to object to the processing of your personal information in certain circumstances, including for direct marketing purposes.
Your right to data portability: You have the right to request that I transfer the personal information you have provided to another organisation, or directly to you, in a structured, commonly used, and machine-readable format, in certain circumstances.
Your right to withdraw consent: Where I am relying on your consent (or explicit consent for special category data) to process your personal data, you have the right to withdraw that consent at any time. You can withdraw your consent for specific processing activities at any time. Withdrawing consent will not affect the lawfulness of any processing carried out before you withdrew your consent. Upon receiving your request to withdraw consent for a specific activity, I will stop the processing you have withdrawn consent for, unless there is another legal basis compelling me to continue (which I will inform you of, if applicable).
To withdraw consent for Session Recording and its transfer to the USA: Please email me at matthew[at]matthewearlwellness[dot]com with the subject line "Withdrawal of Consent - Session Recording".
To withdraw consent for the Processing of Your Health Data for ongoing therapy: Please email me at matthew[at]matthewearlwellness[dot]com with the subject line "Withdrawal of Consent - Health Data Processing". Please note that as this information is essential for providing tailored hypnotherapy, withdrawing this consent will likely require us to terminate the main service agreement as I will be unable to proceed safely and effectively.
To withdraw consent for use of Client Testimonials: Please email me at matthew[at]matthewearlwellness[dot]com with the subject line "Withdrawal of Consent - Testimonial".
To withdraw consent/opt-out of Marketing Communications: You can do this at any time by emailing me at matthew[at]matthewearlwellness[dot]com or using the unsubscribe link in any marketing email.
Your right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe that I have not complied with data protection law (see "How to Complain" section below).
You are not required to pay any charge for exercising your rights. If you make a request, I will respond within one month. Please contact me at matthew[at]matthewearlwellness[dot]com if you wish to make a request.
How to complain
If you have any concerns about my use of your personal information, please contact me in the first instance at matthew[at]matthewearlwellness[dot]com. I will endeavour to respond to your concerns within one month, as required by data protection law.
If you are not satisfied with my response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. You can contact the ICO at:
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
Website: ico.org.uk
Cookies and Tracking Technologies
Please see our Cookie Policy on my website for details: matthewearlwellness.com
Section 2 - Privacy Policy from Grace Space, LLC (USA)
This section is included specifically in relation to the sharing of recording(s) of my session(s) with you for review in order to graduate from our Grace Method Hypnotherapy Certification Course.
Grace Space, LLC. Practice Sessions Privacy Policy
Last Updated: March 9th, 2023
Grace Space, LLC is serious about protecting your privacy. This Privacy Policy (“Policy”) explains what information is collected, stored, used, and shared by Grace Space, LLC (“Grace Method,” “Us,” “Our,” or “We”, “The School”), a Florida limited liability company, when a User (“User,” “You,” or “Your”, “Practice Client”) is involved in submissions that are submitted to our school by a student of the Grace Method Hypnotherapy Certification Course.
Information Collected by Us.
We ask our students to submit sessions for review in order to graduate from our Grace Method Hypnotherapy Certification Course. These sessions are uploaded via a Google Form, to our secure Google Drive that is accessed only as necessary to the evaluation and grading of the said session as it relates to the student graduating our course.
The Student may or may not have additional copies of your session on their personal hard drives, e.g. Cloud storage or Zoom accounts and we encourage you to seek out clarity with the student regarding how they store and use your practice session.
“Personal Information” is information voluntarily provided by You when You participate in a practice session with a student of the Grace Method Hypnotherapy Certification. This may include your full name if the session was recorded on Zoom or another recording platform that shows your name on the screen while you are actively connected to your recording session.
We do not request any further information from the student about you and unless you have engaged with us on your own record in connection with our other services such as our Grace App, our Private Sessions or You are also a student of the school, no file is kept on You as an individual.
How We Use Your Personal Information.
Your participation in a practice session with a Grace Method student is used only in the context of evaluating and grading the student by our limited team of mentors. Customer Success Associates may access the files in order to properly assign and organize the files as it relates to the mentors receiving the session for evaluation.
Sharing Your Personal Information.
We will not share Personal Information with third parties without Your consent. We do not sell, rent, or otherwise disclose Personal Information to any third parties, including but not limited to advertisers, strategic partners, or vendors. However, We will share Personal Information, if required by law. In some cases, we may ask a student to use a practice session that was submitted as a demonstration of a session within the context of our school. They would first require your permission before giving us permission to use the recording in this way.
Storing and Safeguarding Your Personal Information.
We will store Personal Information on secured and encrypted web-based platform or system, hard-drive, or device. Our staff will only have password protected access to the minimally necessary amount of Personal Information required to perform their services.
Minors
You must be at least eighteen (18) years of age, or a legal adult to participate in practice sessions.
Access
We do not provide any copies of the session to you though you may request a copy from the student.
Rectification
If You believe a student submitted a session of You to us without your permission, you may have us investigate and we will permanently delete any video files we have that have your involvement that may have been submitted to us.
Erasure
You can request that We erase some or all of Your Personal Information from Our systems, under certain conditions.
Objection
You can contact Us to let Us know that You object to the collection or use of Personal Information for certain purposes.
Withdrawal of Consent
You have the right to withdraw Your consent at any time of being involved in the evaluation of a student as it relates to your participation in a practice session.
Please note, however, that if You exercise this right, You may also have to contact the student directly regarding the storage and use of your session by them.
To exercise Your rights, above, please:
Email Us (see “How to Contact Us” below);
Provide enough information to identify You, such as name or email;
Provide the students name who you were involved in a practice session with;
If You would like to unsubscribe from any email communication, You can also click on the unsubscribe button at the bottom of the email communication. It may take up to ten (10) days for this to take effect.
Security
We take the security of Personal Information seriously and use reasonable electronic, personnel and physical measures to store and protect it from loss, theft, alteration, or misuse.
However, even the best security measures cannot fully eliminate all risks. We cannot guarantee only authorized persons will view Personal Information. We are not responsible for third-party circumvention of any privacy settings or security measures and We cannot ensure or warrant the security of any information the student transmits to Us via Google Forms. Therefore, We are not responsible for any actual or consequential damages due to a lapse in compliance with this Policy because of a security breach or technical malfunction.
How to Complain
We hope to resolve any query or concern You raise about Our use of Your information. Complaints may be lodged with a supervisory authority in Your resident state or country or where any alleged infringement of data protection laws occurred. The supervisory authority in the country is the entity who may be contacted.
Changes to this Policy
This Policy was published on March 9th, 2023 and last updated on March 9th, 2023. We reserve the right to modify this Policy at any time. When We do, We will provide the updated copy to participating students in Our school. Changes to this Policy will take effect immediately upon posting.
How to Contact Us
Please contact Us if You have any questions about this Policy or Your information held by Us. If You wish to contact Us, please email Us at: info[at]gshypnosis.com.
Chief Data Security Officer (CDSO), Data Protection Officer (DPO) & Representative in the EU:
Bernardo Feitosa
505 Beachland Blvd Suite 177
Vero Beach, FL 32963
United States
Email: bernardo[at]gshypnosis[dot]com
Google Sites
Report abuse