Privacy Policy

Effective Date: 1 Jan 2025
Last Updated: 1 Jan 2025

Overcoming Anxiety (“I”, “me”, “my”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how I collect, use, store, and share your personal data when you visit my website overcominganxiety.now (“Website”), interact with me, or make use of my Services.

I am based in Spain and may work with clients in the EU, UK, US, and other regions. This Policy is intended to comply with, and be interpreted in line with, in particular:

The EU General Data Protection Regulation (EU GDPR)

The UK General Data Protection Regulation (UK GDPR), where applicable

The Privacy and Electronic Communications Regulations (PECR), where applicable

If you have any questions about this Policy, please contact me using the details in Section 14.

1. Who I Am

Overcoming Anxiety, operated by Dawn Morgan as a sole trader

Address: Calle Cruces 23, Galera, 18840 Granada, Spain
Email: [email protected]

I am the data controller for the purposes of EU GDPR and, where applicable, UK GDPR.

2. Personal Data I Collect

I may collect and process the following categories of personal data:

Identity Data

Name, title

Contact Data

Email address

Phone number

Postal address (if relevant for in‑person work, invoicing, or administration)

Transaction Data

Payments received, amounts, dates, and related records

Limited billing information

Note: Payments are processed by third‑party providers (e.g. Stripe, PayPal, banks). I do not store your full card details.

Technical Data (when you use the Website or online systems)

IP address

Browser type and version

Device type and operating system

Basic location information (e.g. country or region, where available)

Usage Data

Pages visited, time spent on site, navigation paths

Interaction with emails (opens, clicks), where supported by your email provider and lawful

Communication & Preference Data

Records of email or message correspondence with you

Your preferences regarding receiving information or updates (if and when such communications are offered)

Session / Client Data

Information you choose to share related to your goals, wellbeing, challenges, and relevant background

Session notes created by me to support continuity and quality of the Services

Some of this information, particularly health‑related information you may share in the context of hypnotherapy or anxiety‑related work, may be considered special category data under GDPR. I only process such data where it is necessary to provide the Services and with appropriate safeguards and lawful bases.

3. How I Collect Data

I may collect your personal data in the following ways:

Directly from you

When you complete enquiry, contact, or booking forms

When you email, message, or call me

During consultations, sessions, or programmes

When you purchase online courses or digital products

Automatically

Through the Website’s basic technical logs and, if implemented, simple analytics that track page views and performance

Through necessary cookies that support the functioning and security of the Website

From third parties

Payment processors (e.g. Stripe, PayPal, banks) for payment confirmation and records

Booking or scheduling platforms, where used

At present, I do not actively use advanced analytics, advertising cookies, or email marketing systems. If that changes in the future, this Policy will be updated to reflect the tools used and how they handle your data.

4. Purposes and Lawful Bases for Processing

I process personal data only where I have a lawful basis under EU GDPR/UK GDPR. These may include:

Performance of a Contract

To provide hypnotherapy, coaching, programmes, and digital services

To manage bookings, communication related to Services, and support

Consent

For specific types of communication or marketing, if introduced in the future (e.g. newsletters or updates), where you have actively opted in

For certain uses of cookies or analytics if consent tools are used

Legitimate Interests

To respond to enquiries and general questions

To improve the Website and Services

To maintain appropriate records of client work

To support security, fraud prevention, and IT management

Legal Obligations

To comply with tax, accounting, and other legal requirements

To keep transaction records for required periods

Specific uses of your data may include:

Providing, managing, and improving the Services

Managing appointments, reminders, and related communication

Processing and confirming payments

Maintaining records of sessions and progress for continuity of care

Operating and monitoring the basic functioning and security of the Website

Complying with applicable laws and regulations

You may withdraw consent at any time where processing is based on consent (for example, if marketing emails are introduced and you have opted in), without affecting the lawfulness of processing before withdrawal.

5. Messaging and Communication

If you provide your email address or phone number, I may use them to:

Respond to your enquiries

Confirm and remind you about appointments

Share essential information about your Services or access to digital products

I do not currently operate regular email marketing newsletters or SMS marketing. If I introduce such communications in the future, you will be informed, and I will seek your explicit consent where required. You will always have the option to opt out.

6. Cookies & Website Tools

The Website may use essential cookies and basic technical tools to:

Help the site function correctly and securely

Store basic preferences (if applicable)

Gather limited information on how the site is used (e.g. page visits and error logs)

At present, I do not actively use advertising cookies or advanced analytics such as Google Analytics. Should I introduce such tools in the future, this Policy and any cookie notices will be updated, and where required, you will be given options to consent or manage your preferences.

You can manage or disable cookies through your browser settings. Doing so may affect some aspects of Website functionality.

7. Sharing Your Data

I do not sell or rent your personal data. I may share your data only with:

Payment processors (e.g. Stripe, PayPal, banks) to securely process payments

IT, hosting, or website service providers involved in running, securing, or maintaining the Website and email systems

Booking or scheduling platforms, if used, to manage appointments

Professional advisers (such as accountants) where needed for tax and accounting purposes

These third parties are required to process your data only as instructed by me, to keep it secure, and to comply with applicable data protection laws.

In rare or exceptional circumstances, I may share personal data:

Where required to do so by law, regulation, or a valid legal request

Where necessary to protect your vital interests or the vital interests of another person (for example, in case of serious safety or safeguarding concerns), in line with legal and professional duties

8. International Transfers

Because I may use online tools and service providers based outside the EU/EEA or UK, your data may be transferred internationally.

Where this happens, I take steps to ensure your data remains protected, for example:

Using service providers that offer appropriate safeguards and security

Relying on Standard Contractual Clauses or similar measures approved by relevant authorities

Using providers in countries recognised as having adequate data protection standards

You can contact me for more information about specific international transfers relating to your data.

9. Data Retention

I retain your personal data only for as long as necessary for the purposes described in this Policy and to meet legal obligations.

Typical retention periods include:

Client and transaction records (including invoices)

Usually up to 6–7 years after the end of the relevant financial year, to comply with tax and accounting regulations.

Client session notes and related records

Retained for a period that supports continuity of care and any professional or legal requirements. This is typically several years after our work ends, unless a different period is required or justified.

General enquiries (if you do not become a client)

Retained for a shorter period, generally only as long as necessary to handle your enquiry.

When data is no longer needed, it will be securely deleted or anonymised where appropriate.

10. Your Rights (EU & UK Residents)

If you are in the EU or UK, you have the following rights under GDPR (subject to certain conditions and exceptions):

Right of Access
To request a copy of the personal data I hold about you.

Right to Rectification
To have inaccurate or incomplete data corrected.

Right to Erasure (“Right to be Forgotten”)
To request deletion of your data where there is no compelling reason for me to continue processing it.

Right to Restrict Processing
To request that I limit how your data is used in certain circumstances.

Right to Object
To object to processing based on legitimate interests and to object to direct marketing.

Right to Data Portability
To receive certain personal data in a structured, commonly used, machine‑readable format and/or have it transferred to another provider, where technically feasible.

Right to Withdraw Consent
Where processing is based on your consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact:
Email: [email protected]

You also have the right to lodge a complaint with a data protection authority. In Spain, this is the Spanish Data Protection Agency (AEPD). If you are based in another EU/EEA country or in the UK, you can also contact your local data protection authority.

11. Rights for Individuals Outside the EU/UK

If you are outside the EU/UK, GDPR may not apply in the same way, but you can still:

Request information on what personal data I hold about you

Ask for corrections to inaccurate data

Request deletion of your personal data where appropriate and legally possible

Opt out of any marketing or non‑essential communications should they be introduced

If you have questions about how your data is handled, please contact me using the details below.

12. Security

I take appropriate technical and organisational measures to protect your personal data from unauthorised access, misuse, alteration, or loss. These may include:

Secure devices and password protection

Restricted access to client information on a need‑to‑know basis

Use of reputable third‑party providers with appropriate security measures

However, no method of data transmission or storage is completely secure, and I cannot guarantee absolute security, especially for information transmitted over the internet.

13. Children

My Services offered under Overcoming Anxiety and the Website are intended for adults aged 18 and over.

I do not knowingly collect or process personal data from individuals under 18 years of age. If I become aware that I have inadvertently collected data from a person under 18, I will take reasonable steps to delete it as soon as practicable, unless I am legally required to retain it.

14. Changes to this Privacy Policy

I may update this Privacy Policy from time to time to reflect changes in the law, my Services, the Website, or how I process personal data.

Any updated version will be posted on the Website with an updated “Last Updated” date. You are encouraged to review this Policy periodically. Your continued use of the Services or Website after changes take effect will constitute your acceptance of the updated Policy.