top of page

Privacy Policy

Gwendi Klisa ltd

Last updated: Nov 06 2025
Operated by Gwendi Klisa Ltd (Registered in England & Wales)

1. Introduction

 

This Privacy Policy explains how we collect, use, store and protect your personal data when you:

  • Visit this website

  • Join our email list

  • Download a resource

  • Purchase a digital product

  • Book a consultation or session

  • Become a therapy or coaching client

  • Contact us via email, WhatsApp, Voxer, social media or other channels

 

We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

This website and business are operated by:

Gwendi Klisa Ltd
Registered in England & Wales
Company type: Private Limited Company
Registered office address: Available on request
Contact email: Email

Data Controller: Gwendi Klisa, Cognitive Behavioural Hypnotherapist

Gwendi Klisa Ltd is registered with the Information Commissioner’s Office (ICO) as a data controller under the Data Protection Act 2018.
ICO Registration number: CSN6277129

3. What Personal Data We Collect

 

(a) Website Visitors & Email Subscribers

  • Name

  • Email address

  • IP address

  • Cookie & analytics data

  • Form submissions (e.g. free downloads, quiz results)

(b) Therapy / Coaching Clients

  • Name, address, and contact details

  • Medical and psychological history where relevant

  • Session notes

  • Consent forms and intake forms

  • Emergency contact details

  • Payment and booking details

(c) Digital Product / Audio Purchases

  • Name and email address

  • Billing information (processed securely via Stripe / PayPal)

  • Product access records

(d) Messaging Platforms

If you contact us via email, WhatsApp, Voxer, Instagram, Facebook or similar, your contact details and messages are stored in those platforms.

4. How We Use Your Data

 

We use your data to:

  • Provide the services you have requested

  • Process bookings and payments

  • Deliver emails, downloads and digital products

  • Manage client records and session notes

  • Send service updates or follow-up emails

  • Host online sessions (e.g. Zoom)

  • Comply with legal, tax and regulatory obligations

  • Improve our website, content and marketing

 

We will never sell your data or share it for marketing purposes.

5. Legal Basis for Processing

 

We process personal data under the following lawful bases:

PurposeLawful Basis

Delivering services & sessionsContract

Email marketing (opt-in) Consent

Analytics, cookies, retargetingConsent

Client records & therapy notesLegitimate interest + special category conditions

Payment processing & invoicingLegal obligation

Testimonials (with permission) Consent

Special category (health-related) data is processed under Article 9(2)(h) – “health or social care purposes”.

6. Data Storage & Retention

  • Client notes are stored securely and kept for up to 7 years (professional requirement).

  • Email subscribers may unsubscribe at any time.

  • Payment records are retained for 6 years for tax purposes.

  • Digital product purchase records are kept as long as access is available.

  • Analytics and cookies are retained according to Google/Meta policies.

 

All data is stored digitally using secure, password-protected systems.

7. Sharing Your Data

 

We may share your data only with trusted third-party processors where necessary, including:

  • Dubsado (booking & forms)

  • Stripe / PayPal (payments)

  • Google Analytics / Meta Pixel (tracking)

  • Email marketing platform (e.g. MailerLite, Mailchimp, etc.)

  • Cloud storage (e.g. Google Drive / iCloud)

These providers act as Data Processors and may only process data under our instruction.

We do not sell or share data with third parties for advertising, profiling or resale.

8. Cookies & Tracking

 

This website uses cookies and tracking tools such as:

  • Google Analytics

  • Meta (Facebook/Instagram) Pixel

  • Standard website cookies

You may manage cookie preferences through your browser or our cookie banner.

9. Your Rights Under UK GDPR

 

You have the right to:

  • Request a copy of the personal data we hold about you

  • Request correction of inaccurate data

  • Request deletion of your data (where legally possible)

  • Withdraw consent at any time (e.g. unsubscribe)

  • Request we restrict or stop processing your data

  • Object to certain types of processing

  • Lodge a complaint with the ICO: ico.org.uk/concerns

 

To exercise your rights, email

 

 

10. Data Security

 

We take appropriate technical and organisational measures to safeguard your data, including:

  • Password-protected devices

  • Secure cloud storage

  • Encrypted platforms where possible

  • Limited access to client data

  • Regular review of data protection procedures

11. International Transfers

 

Some third-party tools may store data outside the UK (e.g. US-based platforms like Stripe or Google).
We only use services that follow UK GDPR-approved safeguards such as Standard Contractual Clauses.

12. Children

 

This site and services are not intended for individuals under 18 without parental consent.

13. Changes to This Policy

 

This Privacy Policy may be updated from time to time. Any changes will be published on this page with a revised “Last updated” date.

14. Contact

 

If you have questions about this Privacy Policy, you can contact us at:
📩 Email
📌 Registered office address: Available upon request

Don't hesitate to reach out

I look forward to hear from you. Get in touch today with your ideas and issues...big and small. Email me

Terms | Privacy Policy | Health & Safety | Results

| © 2025-Present Gwendi Klisa Ltd., LONDON, UK & ONLINE | All rights reserved

bottom of page