top of page

A legal disclaimer:

1. Privacy Notice:


Privacy Notice for The Vale Practice UK
Last Updated: 07/03/2026
 

1. Who We Are
The Vale Practice UK (trading as [The Vale Practice UK]) is the data controller for your personal information. Contact us at info@thevalepracticeuk.com.

2. Personal Data We Collect

  • Identity: Name, title, date of birth

  • Contact: Email, phone, billing/delivery address

  • Account: Username, preferences, communication history

  • Transaction: Order history, payment references

  • Technical: IP address, device type, browser, cookies

  • Marketing: Communication preferences

  • Health information with consent 

3. How We Collect Data

4. Purposes and Lawful Basis

  • Providing services/products and managing accounts (Contract)

  • Customer support (Contract or Legitimate Interest)

  • Marketing communications (Consent/Legitimate Interests compliant with PECR)

  • Website analytics and service improvement (Legitimate Interests/Consent)

  • Legal compliance and fraud prevention (Legal Obligation)

5. Data Sharing

6. Data Retention

7. Your Rights

  • You have the right to access, correct, erase, restrict processing, data portability, and withdraw consent for specific processing.

  • To exercise these rights, contact info@thevalepracticeuk.com. You may also complain to the ICO.

 

9. Cookies and Tracking

  • We may collect information on cookie usage, only with user consent, and providing options to manage preferences. 

 

10. Changes to This Notice
Updates will be published on our website with revision dates.

A legal disclaimer:

​​2. UK Privacy Policy Template (Internal-Facing)

Privacy Policy for Staff and Internal Use

Effective Date: 07/03/2026


1. Purpose

  • This policy defines how The Vale Practice UK collects, uses, stores, and secures personal data in the course of internal operations to ensure UK GDPR compliance. 



2. Roles and Responsibilities

  • Employees must handle personal data according to UK GDPR principles, and the principles of any professional organisations or bodies of which they are a member, such as the National Council for Hypnotherapy.

  • Data Protection Lead: J. LaFleur oversees compliance and training.

  • Managers & supervisors ensure staff follow policy procedures.
     

3. Data Handling Procedures:

  • Collection: Only necessary personal data is collected and documented.

  • Storage: Secure storage of IT and physical documents (encrypted databases, locked files).

  • Use: Data strictly for business purposes relevant to the role of the member of staff who is using it.

  • Transfer: Confidentiality agreements with any staff or third-party processors.

  • Deletion: Clear retention timelines per category, with secure disposal.

4. Training and Awareness

  • Staff receive GDPR awareness and data protection training, including recognising personal data processing risks and handling subject access requests.

  • Human Focus

5. Breach and Incident Management

  • Document procedures for reporting and managing breaches.

  • Notify ICO within 72 hours if required. Internal audit logs are maintained 

6. Monitoring and Review

  • Periodic audits ensure internal policies align with legal requirements and the published Privacy Notice. 

  • Human Focus

  • Updates occur whenever processes or regulatory requirements change.

bottom of page