Privacy Notice

Last Updated: 24 Oct 2025

By sharing your personal information, using my services, or interacting with my online presence—including my website, social media channels, and any other online platforms I operate—you acknowledge that you have been provided with, and have had the opportunity to read and understand, this Privacy Notice. This notice explains how and why I process your personal data. 

Privacy Notice for Matthew Earl Wellness (UK)

I am serious about protecting your privacy. This Privacy Notice (“Notice”) explains what information is collected, stored, used, and shared by Matthew Earl (“Me,” “I,” “My,”), a hypnotherapist in the final stages of my certification with the Grace Method Hypnotherapy Certification Course, and you (“Client”), the individual using my services. 

My contact details

Data Controller: Matthew Earl Wellness 

Name of Data Controller Representative and Data Protection Contact: Matthew Earl E-mail: matthew[at]matthewearlwellness[dot]com

Geographical Location: London, United Kingdom

Website: matthewearlwellness.com

The type of personal information I collect

I may collect and process the following categories of personal data about you:

• Identity Data: Including your name.

• Contact Data: Including your address, email address, and phone number.

• Demographic Data: Including your date of birth (to verify you are over 18).

• Health Data: Including information about your general health and wellbeing relevant to your hypnotherapy sessions, such as potential triggers, sensitivities, and details of what you want to work on. This also includes session notes taken for the purpose of providing effective ongoing therapy. This is special category data under UK GDPR, and I process it based on Your explicit consent.

• Session Recordings: Video, audio, and transcript recordings of sessions, if You provide separate, explicit consent via the intake form. These recordings are used for internal quality assurance and to assist in the creation of accurate session notes. This is special category data (as it contains health-related discussions) and is processed based on Your explicit consent. These recordings are for internal use only and are not shared with any third party.

• Online Usage Data: If you use my online presence (including my website, social media channels, and any other online platforms I operate), I may automatically collect:

  • Technical Data: Including your IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

  • Cookies and similar technologies: Please see my Cookie Policy on my website for details: matthewearlwellness.com

Client Testimonials and Public Reviews

I value your feedback and may wish to share your positive experiences to help others understand the potential benefits of hypnotherapy. This section explains how I handle different types of feedback.

1. Private Feedback and Testimonials 

I may ask you to provide a testimonial about your experience. I will only ever use such a testimonial for marketing purposes (e.g., on my website, social media, or in print materials) with your separate and explicit consent. When seeking your consent, I will be clear about where the testimonial will be used and will offer you the choice of how you are attributed (e.g., full name, first name and city, or anonymously).

• Lawful Basis: The lawful basis for processing your personal data for this purpose is your Consent.

• Your Rights: You can withdraw your consent at any time by contacting me. Upon withdrawal, I will remove your testimonial from my website and future marketing materials. Please note that it may not be possible to remove it from printed materials that have already been distributed.

2. Publicly Available Reviews 

If you voluntarily leave a review on a public platform (such as Google, a public social media page, or another review site), this review is in the public domain. However, I respect your data protection and intellectual property rights.

Other than a direct link to any public Google review on my website, I will not reproduce a public review on my own marketing materials without first contacting you to seek your explicit consent to do so.

My process is as follows:

• If I wish to feature a public review you have written, I will contact you (where possible) to request your permission, if you have not already given it on the registration / intake form.

• If you grant permission, my lawful basis for processing this data is your Consent.

• If I cannot reasonably contact you, I will not reproduce the review on my own platforms. I may, however, refer to the existence of public reviews in a general sense (e.g., "See my reviews on Google").

• Any other personal information you voluntarily provide that is directly relevant to your hypnotherapy.

How I get the personal information and why I have it

The personal information I process is provided to me directly by you.

I collect personal information directly from you when you (including but not limited to):

• Register for my services and complete the registration form.

• Provide information during your hypnotherapy sessions.

• Communicate with me via email or phone.

• Interact with my online presence.

I use your personal data for the following purposes:

• To assess your suitability for hypnotherapy, and to decide if I can offer you my services.

• To understand your needs and goals, enabling me to provide you with the most effective hypnotherapy service.

• To manage your appointments, including contacting you with confirmations, reminders, and any necessary updates.

• To process payments for your sessions and manage invoicing.

• To communicate with you effectively regarding a waiting list, your sessions and any related matters such as contacting you regarding your progress, feedback, and regarding further sessions.

• As an existing client I may also use your information to contact you about other related services I offer based on the contact information you provided me. You can contact me at any time at matthew[at]matthewearlwellness[dot]com if you no longer wish to receive marketing information (opt-out).

• To administer, maintain, and improve my online presence, ensuring its functionality and security.

• To analyse online channel usage to understand how visitors use my online channels and to improve user experience.

• To comply with legal and regulatory obligations (e.g., financial record keeping, responding to legal requests).

• To manage and defend against legal claims.

Sharing Your Personal Data

I may share your personal data with the following categories of recipients:

• Service Providers: I may use third-party service providers to support my business operations. These providers will have access to your personal data only to the extent necessary to perform their services and are contractually obligated to protect your data. These include providers for:

• Appointment Scheduling (Setmore)

• Secure data storage

• Website hosting

• Legal and Regulatory Authorities: I may disclose your personal data if required by law, such as in response to a court order or to comply with other legal or regulatory obligations.

I do not knowingly collect personal data from individuals under the age of 18. If you are under 18, please do not provide me with any personal data. If you are a parent or guardian and become aware that your child has provided me with personal data, please contact me immediately.

I will only share your personal data with third parties as described in this Privacy Notice or where I have a legal obligation to do so.

I do not sell or rent your personal data, nor do I share it with third parties for their own marketing purposes.

Automated Decision-Making and Profiling: I do not use automated decision-making or profiling in the processing of your personal data.

International Data Transfers 

To provide you with an efficient appointment scheduling service, I use a third-party provider called Setmore. Setmore is based in the United States, and as such, the personal data you provide for scheduling purposes (specifically your Identity and Contact Data) is transferred to and stored on servers located outside of the United Kingdom.

I have taken steps to ensure your personal data is protected and that this transfer is lawful. I have a Data Processing Addendum in place with Setmore that require Setmore to protect your personal data to a standard equivalent to that required by UK GDPR.

Lawful Basis for Processing Your Personal Data

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases I rely on for processing your personal data are:

• Contractual necessity: Processing Your personal data is necessary for the performance of my contract to provide hypnotherapy services to You, which is formed when You agree to my Terms & Conditions. This includes processing necessary to manage appointments, provide the agreed service (including preparatory work where applicable), process payments, and apply charges in accordance with the agreed terms (such as those detailed in Sections 6.6 and 7 of the Terms & Conditions).

• Legitimate interests: I have a legitimate interest in processing your personal data for the following purposes:

  • To provide and manage the hypnotherapy services you have requested.

  • To communicate with you about your appointments and other service-related matters, such as contacting you regarding your submission to a waiting list, your progress, feedback, and regarding further sessions.

  • As an existing client, I may use your contact details (collected during the course of providing services to you) to send you information about my own similar hypnotherapy services by email, where you were given a clear opportunity to opt-out at the time your details were collected and in every subsequent communication (this is often referred to as the 'soft opt-in' under PECR). You can opt-out of receiving these communications easily at any time by contacting me at matthew[at]matthewearlwellness[dot]com. My legitimate interest is to promote my services to existing clients who may benefit from them.

  • To administer, maintain, and improve my online channels and ensure their security.

  • To analyse online channel usage and improve user experience.

• Legal obligation: I may process and disclose your personal data to comply with legal obligations, such as in response to a court order or to report suspected illegal activity. This includes situations where I am legally obligated to breach confidentiality, such as under the Children’s Act or if a court order is issued, or if I have good reason to believe that significant harm to you or another person may arise if I do not disclose that information.

• Consent: I process certain personal data based on your explicit consent, such as for:

  • Session recordings for the purposes of internal quality assurance and to assist in referencing for session notes (obtained via the intake form). 

  • Client testimonials (where you agree to their publication).

  • Processing special category health data necessary for tailoring and delivering hypnotherapy sessions, maintaining session notes, and assessing service suitability (obtained via the intake form). You have the right to withdraw your consent at any time (though withdrawal does not affect the lawfulness of processing based on consent before its withdrawal). See 'Your data protection rights' for how to withdraw consent.

• Vital interests: In rare circumstances, I may process your personal data where it is necessary to protect your vital interests or the vital interests of another individual (e.g., in a medical emergency).

For the processing of special category data, specifically data concerning health provided by you for the purpose of tailoring and delivering hypnotherapy sessions, maintaining session notes, and assessing service suitability, I rely on Your explicit consent (Article 9(2)(a) of the UK GDPR), obtained via the intake form. For session recordings containing health discussions, explicit consent is also the Article 9 condition.

How I store your personal data

Your personal data is securely stored on an encrypted drive. I will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and in line with my professional indemnity insurance obligations.

• Client Records (including session notes and intake forms): Typically retained for a period of seven (7) years following the date of your last session. This period is based on common practice for therapeutic records and professional indemnity insurance requirements.

• Financial Records: Retained for six (6) years plus the current financial year, as required by UK tax law.

• Session Recordings (if consented to): To support my ongoing professional development, these recordings will be securely stored for a period of two (2) years following your session, after which they will be permanently deleted. 

• Client Testimonials (if consented to): Retained for as long as they are relevant for marketing purposes or until You withdraw Your consent, reviewed periodically.

• Website Usage Data (e.g., analytics): Retained for a shorter period (e.g., 26 months) for analytical purposes and then anonymised or deleted.

• Marketing Opt-out Lists: Retained indefinitely to ensure compliance with Your preferences.
  Physical records created during sessions are promptly converted to digital format on an encrypted drive, and the physical copies are securely shredded (cross-cut) within 24 hours.

At the end of the relevant retention period, Your personal data will be securely deleted or anonymised. You have the right to request the deletion of your personal data at any time by emailing: matthew[at]matthewearlwellness[dot]com.

However, please note that if you request deletion before any scheduled sessions, those sessions will be cancelled as the information is required to provide the service effectively, and this will be subject to my cancellation policy as detailed in my Terms & Conditions. Deletion is also subject to any overriding legal or regulatory obligations to retain the data.

Your data protection rights

Under data protection law, you have the following rights in relation to your personal data:

• Your right to access: You have the right to request copies of your personal information.

• Your right to rectification: You have the right to request that I correct any information you believe is inaccurate or incomplete.

• Your right to erasure ("right to be forgotten"): You have the right to request that I delete your personal information in certain circumstances.

• Your right to restriction of processing: You have the right to request that I restrict the processing of your personal information in certain circumstances, such as if you contest the accuracy of the data or object to the processing (where my legitimate interests are the basis for processing).

• Your right to object to processing: You have the right to object to the processing of your personal information in certain circumstances, including for direct marketing purposes. Where you object to processing based on my legitimate interests, I must stop unless I can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms. 

• Your right to data portability: You have the right to request that I transfer the personal information you have provided to another organisation, or directly to you, in a structured, commonly used, and machine-readable format, in certain circumstances.

• Your right to withdraw consent: Where I am relying on your consent (or explicit consent for special category data) to process your personal data, you have the right to withdraw that consent at any time. You can withdraw your consent for specific processing activities at any time. Withdrawing consent will not affect the lawfulness of any processing carried out before you withdrew your consent. Upon receiving your request to withdraw consent for a specific activity, I will stop the processing you have withdrawn consent for, unless there is another legal basis compelling me to continue (which I will inform you of, if applicable).

  • To withdraw consent for Session Recording: Please email me at matthew[at]matthewearlwellness[dot]com with the subject line "Withdrawal of Consent - Session Recording". 

  • To withdraw consent for the Processing of Your Health Data for ongoing therapy: Please email me at matthew[at]matthewearlwellness[dot]com with the subject line "Withdrawal of Consent - Health Data Processing". Please note that as this information is essential for providing tailored hypnotherapy, withdrawing this consent will likely require us to terminate the main service agreement as I will be unable to proceed safely and effectively.

  • To withdraw consent for use of Client Testimonials: Please email me at matthew[at]matthewearlwellness[dot]com with the subject line "Withdrawal of Consent - Testimonial".

  • To withdraw consent/opt-out of Marketing Communications: You can do this at any time by emailing me at matthew[at]matthewearlwellness[dot]com or using the unsubscribe link in any marketing email.

• Your right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe that I have not complied with data protection law (see "How to Complain" section below).

You are not required to pay any charge for exercising your rights. If you make a request, I will respond within one month. Please contact me at matthew[at]matthewearlwellness[dot]com if you wish to make a request.

How to complain

If you have any concerns about my use of your personal information, please contact me in the first instance at matthew[at]matthewearlwellness[dot]com. I will endeavour to respond to your concerns within one month, as required by data protection law.

If you are not satisfied with my response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. You can contact the ICO at:

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113

Website: ico.org.uk

Cookies and Tracking Technologies

Please see my Cookie Policy on my website for details: matthewearlwellness.com