Last updated: June 2026
Nik Bisbey Hypnotherapy & Coaching is committed to protecting your privacy and handling your personal information with care, respect and transparency.
This Privacy Notice explains what personal information I collect, why I collect it, how I use it, how long I keep it for, who it may be shared with, and what rights you have in relation to your information.
This notice applies to clients, prospective clients, website visitors, professional contacts, suppliers and anyone who communicates with Nik Bisbey Hypnotherapy & Coaching.
Who I Am
Nik Bisbey Hypnotherapy & Coaching provides hypnotherapy, coaching and related wellbeing services online and in person.
For the purposes of data protection law, Nik Bisbey is the Data Controller. This means I am responsible for deciding how your personal information is collected, used, stored and protected.
ICO registration number: ZA486985
Contact details:
Nik Bisbey
Nik Bisbey Hypnotherapy & Coaching
Email: hello@nikbisbey.com
Phone: 07779 062360
Website: nikbisbey.com
The personal information I collect may include:
I only collect information that is relevant to providing a safe, appropriate and professional service, managing appointments, responding to enquiries, keeping records, meeting legal or professional obligations, or running my business.
Some of the information I collect may be classed as special category data under UK data protection law. This may include information about your physical or mental health, emotional wellbeing, neurodivergence, medication, disability, or other sensitive personal circumstances.
I collect this information only where it is relevant and necessary for providing hypnotherapy, coaching or related professional support safely and appropriately.
I may collect your information when:
Most of the information I hold is provided directly by you.
I use personal information to:
Under UK data protection law, I must have a lawful basis for using your personal information.
The lawful basis I rely on depends on why I am using your information.
When you contact me to ask about my services, I use your information to respond to your enquiry and provide relevant information.
The lawful basis is usually legitimate interests, as it is necessary for me to respond to enquiries and manage my practice.
When you become a client, I use your information to provide hypnotherapy, coaching or related wellbeing support.
The lawful basis is usually contract, because this information is necessary in order to provide the service you have requested.
I may also rely on legitimate interests where it is necessary to keep appropriate records, manage appointments, maintain professional standards, seek supervision, and protect my business in the event of a complaint or legal claim.
Where I process health, wellbeing or other sensitive information, this may be classed as special category data.
The lawful basis will usually be contract or legitimate interests, depending on the context.
The additional special category condition may include Article 9(2)(h), where processing is necessary for the provision of health, wellbeing or therapeutic services, subject to appropriate confidentiality safeguards.
In some circumstances, I may rely on explicit consent, vital interests, safeguarding, or the establishment, exercise or defence of legal claims.
I may use or share information where this is necessary to meet legal, professional, insurance or safeguarding responsibilities.
The lawful basis may be legal obligation, legitimate interests or vital interests, depending on the circumstances.
I use payment and transaction information to process payments, keep business records and meet accounting and tax responsibilities.
The lawful basis may be contract, legal obligation or legitimate interests.
I will only send marketing emails, newsletters, updates or promotional information where I have a lawful basis to do so.
Where I rely on consent, you can withdraw that consent at any time.
Everything you share in sessions is treated as confidential and handled with care.
There are some limits to confidentiality. I may need to share relevant information if:
Where possible and appropriate, I would aim to discuss this with you first. However, there may be situations where I am required to act without your prior consent in order to protect you or someone else.
To support safe, ethical and effective practice, I may discuss aspects of my work with a professional supervisor.
Where possible, identifying details are removed. My supervisor is also required to maintain confidentiality.
I will not usually contact your GP, healthcare provider or another professional without your consent.
There may be exceptions if there is a serious risk of harm, a safeguarding concern, a legal requirement, or another serious professional reason to share information.
If you provide emergency contact details, these will only be used if there is a serious concern for your safety or wellbeing, or in another genuine emergency.
Please make sure your emergency contact is aware that you have provided their details.
I may communicate with you using phone, text message, WhatsApp, Outlook email, Zoom, Calendly, GoDaddy website enquiry forms, Google Business Profile, or another method that you have used to contact me.
I take reasonable steps to protect your privacy when communicating with you.
My phone is protected using facial recognition and a PIN.
Please be aware that email, text message and WhatsApp may not be suitable for sharing highly sensitive information. I will handle information carefully, but I cannot guarantee the security of all third-party communication platforms.
If you prefer not to be contacted by a particular method, please let me know.
Online sessions may take place using Zoom.
I will take reasonable steps to ensure that sessions are held in a private setting and are not overheard or interrupted at my end. You are responsible for ensuring that you are also in a private, safe and appropriate setting for online sessions.
Sessions will not be recorded without your explicit prior consent.
If there are technical difficulties, we may continue by telephone where appropriate.
I use Calendly to manage some appointment bookings.
When you book through Calendly, you may be asked to provide information such as your name, email address, phone number and appointment preferences.
Calendly has its own privacy notice and data protection arrangements.
My website is hosted through GoDaddy.
If you submit an enquiry through my website, the information you provide may be processed through GoDaddy’s website systems before it reaches me.
GoDaddy has its own privacy notice and data protection arrangements.
I may receive enquiries, messages, reviews or other interactions through Google Business Profile.
If you contact me or leave a review through Google, Google may also process your personal information in line with its own privacy notice.
Please be aware that public Google reviews may be visible to others. If you are a client, I will not publicly identify you as a client.
I may use Dropbox to store or share documents, recordings, resources or other files with clients where appropriate.
Where files contain personal or sensitive information, I will take reasonable steps to protect them, such as using appropriate sharing settings, passwords or restricted access where needed.
Dropbox has its own privacy notice and data protection arrangements.
I may receive some payments through Stripe.
If you pay through Stripe, your payment information will be processed by Stripe. I do not store full card details myself.
Stripe has its own privacy notice and data protection arrangements.
If you pay by bank transfer, your payment will be visible through my banking records.
Payment and accounting records are kept as required for business, tax and legal purposes.
To run my practice and provide services, I use trusted third-party providers. These may include:
These providers have their own privacy notices and data protection arrangements.
I do not sell your personal information.
My website may use cookies or analytics tools to understand how visitors use the site, improve user experience and monitor website performance.
Cookies are small files placed on your device. Some cookies are necessary for the website to function. Others, such as analytics cookies, may be used to understand website traffic and visitor behaviour.
Where required, you will be given the option to accept or decline non-essential cookies.
You can also manage or disable cookies through your browser settings.
I will only send you marketing emails, newsletters, updates or promotional information where I have a lawful basis to do so.
Where I rely on consent, you can withdraw that consent at any time.
Where an unsubscribe option is available, you can use it to stop receiving marketing communications.
I will not sell your contact details or add you to a mailing list without an appropriate lawful basis.
If you choose to provide feedback or a testimonial, I will ask for your consent before using it publicly.
You can choose whether your name is used, whether your feedback is anonymised, or whether it is not used publicly at all.
Where feedback is anonymised and no longer identifies you, data protection law may no longer apply to that anonymised version.
I take reasonable steps to keep your information secure.
This may include:
No method of electronic communication or storage can be guaranteed to be completely secure, but I take reasonable and proportionate steps to protect your information.
As a CNHC-registered practitioner, I follow professional guidance on record keeping.
Adult client records are generally kept for 8 years after your final session.
For clients under 18, records are generally kept until your 25th birthday, or your 26th birthday if you were 17 when treatment ended.
Payment, tax and accounting records are kept for the period required by HMRC and relevant business requirements.
Enquiry information may be kept for a shorter period if you do not become a client, unless there is a legitimate reason to retain it for longer.
Marketing consent records may be kept for as long as needed to show when and how consent was given or withdrawn.
When information is no longer required, it will be securely deleted or destroyed.
Under UK data protection law, you have rights in relation to your personal information. These may include:
I do not use automated decision-making or profiling.
Some rights are not absolute and may depend on the lawful basis for processing, professional obligations, legal requirements, safeguarding responsibilities or insurance requirements.
You can ask for a copy of the personal information I hold about you.
This is known as a Subject Access Request.
You can make this request verbally or in writing, although written requests can help avoid misunderstanding.
I may need to confirm your identity before releasing information.
I will usually respond within one month. In some circumstances, where a request is complex or multiple requests have been made, the response period may be extended as allowed under data protection law.
You can ask for your personal information to be deleted.
This is sometimes called the right to erasure or the right to be forgotten.
The right to erasure is not absolute. I may need to retain certain information where there is a legal, professional, safeguarding, insurance, accounting or legitimate business reason to do so.
If you ask for your information to be deleted, I will consider the request carefully and respond in line with UK data protection law.
A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal information.
If a data breach occurs, I will take appropriate steps to assess and manage the situation.
Where required, I will report a breach to the Information Commissioner’s Office within the required timeframe.
Where a breach is likely to result in a high risk to your rights and freedoms, I will also inform you without undue delay.
If you have a concern about how I collect, use, store or share your personal information, please contact me first so that I can look into it.
You can raise a data protection complaint by contacting:
Nik Bisbey
Email: hello@nikbisbey.com
Phone: 07779 062360
I will acknowledge your complaint within 30 days of receiving it.
I will take appropriate steps to look into your complaint, keep you informed where necessary, and tell you the outcome without undue delay.
If you are not satisfied with my response, you have the right to complain to the Information Commissioner’s Office.
In the event of my death, serious illness or sudden incapacity, appropriate professional arrangements will be made to protect client confidentiality, contact current clients where necessary, and manage or archive client records securely.
This Privacy Notice may be updated from time to time to reflect changes in law, professional guidance, technology, business processes or the services I offer.
The most recent version will be available on my website.
If you have any questions about this Privacy Notice or how your personal information is handled, please contact:
Nik Bisbey
Nik Bisbey Hypnotherapy & Coaching
Email: hello@nikbisbey.com
Phone: 07779 062360
Nik Bisbey Hypnotherapy and Coaching
Stroud, Cirencester, Gloucester, Cheltenham, and Online