Privacy Policy

Privacy Policy 

Last updated: 09/02/2026
Who we are: Miss Tamsin Barker, TB Create Change, Tamsin Barker (“we”, “us”, “our”)
Contact: hello@tamsinbarker.co.uk • 07977223108 • 11 South Road, Impington, CB24 9PB
ICO registration number: ZC047874

We care about your privacy. This notice explains what personal information we collect, how and why we use it, and the choices you have. It covers our website, emails, and the services we provide (Coaching and Hypnotherapy).

1) Who is the data controller?

Miss Tamsin Barker is the data controller for the personal information described in this notice. That means we decide why and how your data is used. (UK GDPR & Data Protection Act 2018 set these roles and rules). [gov.uk], [legislation.gov.uk]

2) The information we collect

A. Basic contact and booking details
Name, email, phone, billing address, preferred session times, and messages you send us (e.g., through web forms or email).

B. Coaching information
What you want from coaching, goals, notes you choose to share about challenges, actions, and session reflections.

C. Hypnotherapy information (may include health data)
Details you choose to share that relate to wellbeing (e.g., sleep, stress, anxiety, habits), session plans, and outcomes. This can be “special category” data (health), which needs extra protection and specific legal conditions to process. [ico.org.uk]

D. Website and cookies
IP address, device type, pages viewed, and cookie preferences. For non‑essential cookies (e.g., analytics), we only use them with your consent (see section 10). [ico.org.uk]

3) Why we use your information (purposes) and our legal bases

We only use your data when we have a valid reason (“lawful basis”). Different activities may rely on different bases. [ico.org.uk]

Purpose: To provide coaching/hypnotherapy services: 

What: Booking, delivering  sessions, taking notes, follow‑ups

Our legal basis: Contract (to provide what you asked for) or steps before contract (e.g., discovery call) [ico.org.uk]

Purpose: Handle “special category”  data (health‑related in hypnotherapy notes)

What: Understanding your goals and tailoring support

Our legal basis: Explicit consent (Article 9 UK GDPR).   We’ll ask you to agree clearly, and you can withdraw consent any time. Some  Article 9 conditions require extra safeguards. [ico.org.uk]

Purpose: Payments and invoicing

What: Processing fees, receipts, accounting

Our legal basis: Contract and legal obligation  (tax/record‑keeping) [ico.org.uk]

Purpose: Client care and communications

What: Appointment reminders,   essential updates about your sessions

Our legal basis: Legitimate interests (reasonable   communications related to your service) [ico.org.uk]

Purpose: Marketing

What: News, offers, events

Our legal basis: Consent for email/text marketing;   you can opt out anytime. [ico.org.uk]

Purpose: Website analytics 

What: Understand site performance, improve content

Our legal basis: Consent via our cookie banner   (non‑essential cookies require consent under PECR). [ico.org.uk]

Note on special category data: When we process health‑related information, we identify a lawful basis under Article 6 and a separate Article 9 condition (usually explicit consent). In some cases, UK law requires additional safeguards (e.g., Schedule 1 DPA 2018). We document these decisions internally. [ico.org.uk]

4) Where your data comes from

Mostly from you: contact forms, discovery calls, emails, and sessions. We don’t buy data lists.

5) Do we share your data?

• Service providers (processors): We use trusted providers to run our business (e.g., scheduling, video platform, secure notes, email, payment). They can only use your data to      provide their service to us and must protect it. (Controller/processor duties arise under UK GDPR.) [legislation.gov.uk]
• Legal/Compliance: We may share information if required by law, tax or to respond to lawful requests. [legislation.gov.uk]
• No selling: We do not sell your personal data.

6) International transfers

Some providers may store data outside the UK. Where that happens, we ensure appropriate safeguards (e.g., UK adequacy regulations or standard data protection clauses) are in place before any transfer. [legislation.gov.uk]

7) How we keep data secure

We use reasonable technical and organisational measures (e.g., device encryption, strong passwords, access controls, secure file storage, and limited retention) to protect your data against unauthorised access, loss, or misuse, in line with UK GDPR principles. [gov.uk]

8) How long we keep your data (retention)

We keep personal data only as long as needed for the purpose collected, including meeting legal, accounting, or reporting requirements, and then we delete or anonymise it. Typical periods:

• Client records and notes: 7 years after last contact
• Enquiries (no services taken): 12 months
• Invoices/financial records: 6 years (to meet accounting/tax obligations)

We review retention regularly to ensure data isn’t kept longer than necessary, per UK GDPR’s storage limitation principle. [gov.uk]

9) Your rights

You have rights over your personal data, including to: access, correct, erase, restrict or object, and data portability (in certain cases). You also have rights related to automated decisions and profiling (we don’t make automated decisions about clients). You can withdraw consent at any time where consent is our legal basis. To exercise your rights, contact us (see “Who we are”). You also have the right to complain to the ICO. [gov.uk]

ICO contact: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF • 0303 123 1113 • ico.org.uk. [gov.uk]