top of page


I, William McCrea am the Data Controller and Processor of Private Online hypnotherapy.

 The basis on which I keep client data is that of “Legitimate Interests”. This means that the data is necessary for me to fulfil the contract that we have together (i.e. to provide therapy) and that it is data that you would reasonably expect me to hold and use.

For those who enquire about therapy, the data I hold includes any information you have sent me by email/text/message. For those who book and attend at least one session, the data I hold includes:

  • Basic information; including, name, email address, phone number.

  • Information you give me as part of the work we do together.

  • Records of the interventions that I use (or potentially do not use) in our sessions.

  • Emails, texts and/or messages that are sent between us.



  • Any emails sent between us are held on my Proton Mail. According to Proton Mail privacy policy 2.3 

'Proton Mail Account activity: Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, message subject, and message sent and received times. We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to your Account, or from Proton Mail to external unencrypted email services, are scanned for spam and viruses to pursue the legitimate interest of protecting the integrity of our Services and users.'

  • Your notes are handwritten and are kept in a locked filing cabinet. A coding system enables only me to know whose notes are whose, but a stranger seeing the notes would not be able to identify who they referred to.

  • Credit card information is shredded as soon as processed.

  • If you use Paypal or online banking then these systems will hold your data. I will download from these systems for accounting purposes, and the resulting spreadsheets are held in Proton Drive.

  • Your data will be kept for a maximum of 3 months. After this time any paper records are shredded and computer records permanently deleted.



  • All data is held securely (see details of where data is held above).

  • Any data transmitted is sent encrypted where possible.



  • The right of access. I will provide you with all data I hold on you as soon as I can following a request (within 30 days, unless this is not possible due to holidays or illness).

  • The right to rectification. If any data I hold is incorrect, please let me know as soon as possible and I will correct it as soon as I can following a request (within 30 days, unless this is not possible due to holidays or illness).

  • The right to erasure. If you would like me to erase your data please let me know as soon as possible and I will delete any computer records and shred any paper records as soon as I can following a request (within 30 days, unless this is not possible due to holidays or illness)

  • The right to restrict processing. This would usually be a stop-gap measure before correction of any errors or before erasure.

  • The right to data portability. This might apply if you want your notes sent to another therapist for example, but it is likely that the easiest solution would come under the right to access, i.e. I would send the data to you.



  • Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling).Private Online Hypnotherapy does not engage in these things

  • Direct marketing.

  • Decision making and profiling. Private Online Hypnotherapy does not engage in automated decision making or profiling.



I personally, do not use cookies. However the server provider Wix requests your permission to collect performance and analytical cookies. There are no cookies  that collect personally identifiable information about you. A cookie is a small amount of data that is sent to your computer or mobile phone browser from a website’s computer and is stored on your device’s hard drive.

Each website you visit can send its own cookie to your browser if your browser’s preferences allow it. To protect your privacy, your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other websites.



You may restrict or block the cookies that are sent by our website, or any other website, through your browser settings. You can also ask your browser to alert you when a cookie is issued. For more information about cookies and how to manage them is available at

bottom of page