Your personal data
We are committed to safeguarding the privacy of our website visitors and our service users. In this notice we explain how we will handle your personal data.
We operate under the jurisdiction of England and Wales law. To avoid unintentional breaching of the laws of other countries, services can only be offered to clients in the United Kingdom.
What we need
Aurora Mind and Body Ltd. will be the ‘controller’ of the personal data you provide to us. We collect basic personal data about you which may include name, address, phone number and email. It may also include special types of information such as next of kin, date of birth, exercise frequency, mental and physical health-related information, situational information (e.g. marital status, occupation, number of children, location etc.) We may also collect information about how you found us. As with most websites, your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use may be collected.
We collect your personal information for our own legitimate business interests. Put simply, ‘legitimate interests’ means that we can collect and process your personal information if we have a genuine and legitimate reason for doing so and we are not harming any of your rights and interests under GDPR. When you provide your personal details to us, we use this information to provide you with hypnotherapy and fitness services.
Why we need your information
We need to collect your basic personal data such as name, email address and telephone number in order to book you onto classes, arrange one-to-one sessions and communicate with you about any classes or sessions you have booked with us. We may collect special types of information such as age, exercise frequency, next of kin, occupation, family situation and health-related information as part of our exercise health questionnaire and therapeutic questionnaire. Next of kin details are collected to ensure we have a contact name in the event of an emergency. Health-related information such as medical conditions and medications, age and exercise frequency is collected to tailor classes and sessions to your needs and provide you with exercise modifications if required. Situational, GP and mental/physical health information is collected as it’s important that we know about your personal situation in order to provide you with high quality therapeutic services. For all services, we may ask you how you found our business in order to gauge the effectiveness of our marketing. As with most websites, we monitor our website statistics and IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation paths, timing, frequency and pattern of your service use is collected through WordPress analytical plugins for this purpose.
We will not collect any personal data that we do not need in order to provide our services to you.
What we do with your information
We do all we can to ensure our website and computer systems are secure, however, due to the nature of how the internet works, it is possible that any personal data you submit through a website, via email or through any other online services may be available via the internet around the world. We cannot prevent the use (or misuse) of such personal data by others, nor can we be held responsible for any viruses. By choosing to submit personal data electronically you acknowledge this risk.
We reserve the right to record online group exercise classes for publishing in the On Demand Studio. Livestream classes published in the On Demand Studio will only show the portion of the class where the instructor is teaching with participants on mute. They will not contain any video/audio of participants.
For all private sessions, any notes about your session are stored confidentially in paper form and separate from personal details. Any notes are also recorded in such a way to protect your identity. Your therapist may also discuss details of your case anonymously with their supervisor and this is necessary to ensure you continue to receive a high-quality therapeutic experience. An administrator of Aurora Mind and Body Ltd., fully briefed on the rules of confidentiality, may have access to client records for the purpose of notifying you in the event your therapist/instructor becomes temporarily or permanently unavailable and is unable to inform you themselves (e.g. accident, sickness or death).
Some personal identifiers may be present on transaction records in our accounting software. Our accountants will have access to this information but are bound by a confidentiality agreement.
No other third parties have access to personal data unless the law allows them to do so. For example, disclosure of information may occur if an order is made by a Coroner, Crown or High Court Judge or if the National Hypnotherapy Society, National Society of Talking Therapies, or CIMSPA codes of ethics require it (e.g. disclosure may be legally necessary if your therapist/instructor believes your safety or the safety of others is at risk, or if you tell your therapist/instructor that a crime has or is about to be committed.)
In the case of an epidemic or pandemic, it may also be necessary for us to disclose your contact information to the relevant authorities for contact tracing purposes in the event you could be at risk of infection.
In the case of telephone or online hypnotherapy sessions, please also note that people around you may hear conversations and we cannot guarantee confidentiality in this case. It is recommended that any form of telephone or online therapy is received in a quiet, confidential space.
How long we keep your information
We are required to keep your data for a period of up to 7 years after your last class or session with us, after which time it will be destroyed. We will only retain your personal data for longer than 7 years where such retention is necessary for compliance with a legal obligation to which we are subject.
What are your rights?
If at any point you believe the information we process on you is incorrect, you can request to see it and have it corrected or deleted, upon supplying appropriate evidence of your identity. However, we may withhold personal information that you request to the extent permitted by law.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer, Natalie Young, on the contact details supplied on this website and she will investigate the matter.
If you are not satisfied with our response and believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
Basic information about cookies
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies used by our service providers
Blocking all cookies will have a negative impact on the usability of many websites.
If you block cookies, you may not be able to use all the features on our website.
Amendments to this privacy notice
We may update this notice from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes. We may also notify you of changes to this policy by email, through our website or through social media.