privacy policy

My cookie and GDPR policies tell you how I treat your data and what it is used for.

Cookies

Cookies are small text files that help organise and store browsing information. They are not programmes, and cannot damage your computer or any files you have on it. Nor can they transmit viruses. Find out more here.

This website uses the CookieAdmin to collect and record Browser and Device-based Consent. CookieAdmin stores a visitor’s country and IP address. The IP address is anonymised to comply with privacy laws. 

Our site is designed using a content management system called WordPress. WordPress sets some cookies on your machine to make our site work properly, especially the interactive parts like search and menus.

I also sometimes embed links to content from other websites, such as Amazon. These are clearly identified, but if you follow the links, you may be presented with cookies from these sites. I cannot control these third-party activities. You should check with the websites concerned for more information. To refuse third-party site cookies, you will need to check with the originating sites.

Alternatively, you can opt out by visiting the Network Advertising Initiative opt-out page at http://www.aboutcookies.org. This site will also advise you about using your browser to automatically control which cookies you accept. Your settings can be applied to any site you visit, so you don’t have to deal with them on a site-by-site basis.

key in a lock to signify security

GDPR

This privacy policy refers to Debbie Waller’s Author business which is separate from Yorkshire Therapies & Training Ltd, which trades as Yorkshire Hypnotherapy Training and Debbie Waller Hypnotherapy.

I am committed to protecting and respecting your privacy. This privacy notice explains how I collect, use, and protect your personal data when you visit my website, or purchase a book.

I am both the Data Controller and the Data Protection Officer. My contact details are; Debbie Waller, email debbie.waller@btinternet.com, phone 01977 678593.

1. The Personal Data I Collect

I collect and process personal data when you interact with my website or services:

  • Contact Form Data: Your name, email address, and any message you type when you use my website contact form.
  • Resources: your name and email address if you email me the answers to the questions found in Their Worlds, Your Words to claim free gifts.
  • Payment: Your name, email address, postal address and payment history if you purchase books directly from me or through this website.
  • Technical Data: IP addresses and cookies when you browse the website.

2. Third-Party Services I Use (Sharing Your Data)

I rely on trusted third-party providers to manage my book sales business. These platforms act as “Data Processors.” Your data is handled according to their respective privacy policies:

  • Stripe to process online payments made by credit/debit card. Their privacy policy is HERE.
  • Online forms are powered by Jotform and your form submissions are processed through their servers. Read their privacy policy HERE
  • If you contact me on social media your messages will be stored on their servers.
  • My accounts are kept on Zoho books, which stores your name, email address and payment history. Their privacy policy is HERE.
  • Books purchased through Amazon links on this site are subject to Amazon’s own privacy policies and practices. As an Amazon Associate, I earn from qualifying purchases you make after clicking links on this site. But I do not receive personal information relating to those transactions. Amazon’s privacy notice is HERE.

3. Lawful Basis (How and Why I Use Your Data)

You are not obliged to provide me with any personal information. However, if you choose not to do so, I may not be able to respond to your enquiries, provide access to supplementary resources, or fulfil your book order.

I only use your information for specific reasons, relying on the following lawful bases under UK GDPR.

  • Contractual Necessity: I process your personal and financial information to fulfil and administer orders for books or other resources that you purchase directly from me.
  • Legitimate Interest (GDPR Article 6(1)(f)): If you contact me through my website or social media, it is in my legitimate interest to use your contact details to reply so that I can provide efficient customer service and respond to enquiries about my books and related resources.

4. Data Retention (How long I keep it)

  • Sales: Financial records relating to purchases are retained for seven years, or for any other period required by HMRC or other applicable legislation.
  • Messages: Emails and correspondence relating to purchases or enquiries are retained for seven years in case they are needed to resolve queries relating to sales or customer service.
  • Supplementary resources: Details provided to access supplementary resources are retained only for as long as necessary to provide those resources and respond to related enquiries.

5. Your Rights

Under UK GDPR, you have the following rights. You can read more about your rights on the ICO Website.

  • To know what data I collect, how I use it and how long I keep it,
  • To look at the data I hold about you,
  • To ask me to correct mistakes,
  • To ask that I delete your information, although there may be circumstances where I am legally entitled or professionally required to retain some records,
  • To ask me to limit some of the ways I use your data,
  • To ask me to share your data with another organisation,
  • To object to me using your data in some ways, e.g. for direct marketing,
  • Not to be subject to decisions based solely on automated processing.

To make a request, or if you have any questions about this privacy notice, please contact me.

6. Data Protection Complaints

If you have any concerns about the way I use your data, you may make a complaint.

The law is changing on 16th June 2026. Until then, please contact https://ico.org.uk. 

After June 16th, 2026, the following applies.

Company Name: Debbie Waller Author

This policy explains how you can submit a complaint to me if you believe I have mishandled your personal data or breached UK data protection laws (including the UK GDPR and Data Protection Act).

 

How to Make a Complaint

I want to make it as simple as possible for you to voice your concerns. You do not need to use formal legal language to file a complaint. You can reach out to me directly through either of the following channels:

 

My Mandatory Response Timeline

Once I receive your data protection complaint, I will follow a strict, legally mandated response framework:

  • Acknowledgement (Within 30 Days): I will formally acknowledge receipt of your complaint within 30 days of receiving it.
  • Investigation: I will launch an internal enquiry into the matter without undue delay to understand what occurred and how to rectify it.
  • Progress Updates: If the investigation takes time (for example, due to technical complexity), I will provide you with regular, timely updates on progress.
  • Final Outcome: I will write to you to explain the final outcome of my investigation, including any corrective actions taken, without undue delay.

 

Your Right to Escalate to the ICO

I am committed to working with you to resolve any data privacy complaints amicably. However, if you remain dissatisfied with my final decision, or if I fail to respond to you within the legal timeframes, you have the statutory right to escalate your complaint directly to the UK supervisory authority:

  • Authority: Information Commissioner's Office (ICO)
  • Website: ico.org.uk
  • Helpline: 0303 123 1113

Last updated 10.6.2026 to reflect changes in GDPR requirements