Privacy Policy

1. Introduction

This Privacy Policy explains how High-Concept Retreats (also trading as "Concept Retreats" and accessible via conceptretreats.com) and Liviu Tipurita Hypnotherapy collect, use, and safeguard your information when you visit our website or use our services (including hypnotherapy). For clarity, High-Concept Retreats, Concept Retreats, and Liviu Tipurita Hypnotherapy are business names of sole trader, Liviu Tipurita.

We respect your privacy and are committed to protecting your personal data. This Privacy Policy applies to all our services offered and complies with the UK Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR).

2. Data Controller Information

2.1. Data Controller: Liviu Tipurita

Contact Information:

• Mobile: +44 (0) 7707 289 228

• Email: admin@conceptretreats.com

• Address: 2 Harley Street, London, W1G 9PA, UK

• ICO Registration Number: ZA361795

2.2. If you have questions about how we handle your personal data or would like to exercise your data protection rights, please contact us via the details above.

2.3. As a sole trader operating in the United Kingdom, Liviu Tipurita complies with UK data protection laws and regulations.

3. Information We Collect

We may collect, store, and use the following types of personal information:

3.1 Website Usage Information

• IP address and geographical location

• Browser type and version

• Operating system

• Referral source

• Length of visit and page views

• Time zone settings

• Device information

3.2 Retreat Booking Information

• Name, contact details (email, phone, address)

• Payment information

• Dietary requirements and preferences

• Health information relevant to retreat activities

• Travel details

• Emergency contact information

• Questionnaire responses (preferences, expectations, etc.)

3.3 Hypnotherapy Client Information

• Name and contact details

• Health information relevant to therapy

• Session notes and treatment plans

• Medical history relevant to treatment

• GP contact details (in some cases)

• Emergency contact information

3.4 Marketing Information

• Email address and communication preferences

• Information about your interests and preferences

• Feedback and testimonials (with consent)

3.5 Audio and Visual Information

• Audio recordings of hypnotherapy sessions (with consent)

• Recordings of online sessions (with consent)

• Photographs and videos from retreats (with consent)

• Voice messages sent via communication platforms

3.6 Special Category Data

We may process certain special category data, including:

• Health information relevant to retreats or therapy

• Information about dietary requirements that may reveal religious or philosophical beliefs

• Occasionally, information about sexual life or orientation if voluntarily provided and relevant to therapy goals

4. Sources of Personal Information

We collect personal information from:

• Direct interactions (forms, bookings, registrations, correspondence)

• Our websites and social media platforms

• Questionnaires and intake forms

• Third-party service providers (booking platforms, payment processors)

• Google Forms for retreat applications and questionnaires

5. How We Use Your Information

We use your personal information for the following purposes:

5.1 Website Administration

• Administering and improving our websites

• Personalizing your browsing experience

• Analysing usage patterns and trends

• Ensuring content is presented effectively

5.2 Retreat Services

• Processing bookings and payments

• Organising accommodation, activities, and catering

• Communicating important information about your retreat

• Coordinating with venues and service providers

• Health and safety considerations

• Evaluating suitability for specific activities

5.3 Hypnotherapy Services

• Planning and providing appropriate therapy

• Maintaining clinical records

• Ensuring continuity of care

• Safety and medical considerations

5.4 Communication

• Responding to inquiries and requests

• Sending booking confirmations and updates

• Providing information about services you've requested

• Sending marketing communications

• Collecting feedback

5.5 Legal and Compliance

• Complying with legal obligations

• Preventing fraud and protecting our rights

• Maintaining appropriate business records

We will not sell your personal information or use it for any purpose other than those related to our services without your explicit consent.

6. Use of Google Forms

6.1. When you submit information through Google Forms, this data is stored on Google's servers and is subject to Google's privacy policy and security practices.

6.2. While we take reasonable precautions to protect your data, we cannot control or guarantee Google's data handling practices.

6.3. We recommend reviewing Google's Privacy Policy before submitting sensitive information.

6.4. We regularly download and securely store information from Google Forms in our own systems, and we apply our data protection standards to this information once transferred.

6.5. Purpose of Collection: We collect this information through questionnaires to assess suitability for our retreats, curate appropriate group dynamics, tailor experiences to participants' needs and preferences, and ensure we can accommodate any special requirements. This information is essential to our selection process and helps us create balanced and harmonious retreat groups.

7. Lawful Basis for Processing

We process your personal data on the following lawful bases:

• Contract: Processing necessary for the performance of our contract with you

• Legitimate Interests: Processing necessary for our legitimate business interests

• Legal Obligation: Processing necessary to comply with legal requirements

• Consent: Processing based on your specific consent (e.g., for marketing communications)

• Vital Interests: In rare emergency situations involving health and safety

7.1. For special category data (such as health information), we process this based on one or more of the following:

• Your consent

• For the provision of health or social care

• For the establishment, exercise, or defence of legal claims

• When you have manifestly made the data public

7.2. We maintain records of our lawful bases for each type of processing activity.

8. Data Sharing and Disclosures

We may share your personal information with:

8.1 Service Providers

• Venues and accommodation providers

• Activity providers and instructors

• Transportation services

• Catering services

• Payment processors

• IT service providers and software platforms

8.2 Third Parties

• Professional advisers (lawyers, accountants, insurers)

• Regulatory authorities when required by law

• Healthcare professionals (only with consent or in emergencies)

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

9. International Transfers

Your data may be transferred to and processed in countries outside the UK and European Economic Area (EEA). When we do this, we ensure appropriate safeguards are in place to protect your information, including:

• Standard contractual clauses approved by the European Commission

• Adequacy decisions where applicable

• Other lawful transfer mechanisms

When booking retreats in locations outside the UK/EEA, some data transfers to local service providers will be necessary. We take steps to ensure these transfers comply with data protection requirements.

10. Data Security

10.1. We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized way.

10.2. We limit access to your personal data to employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

10.3. We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

10.4. While we take all reasonable steps to protect your data, data transmission over the internet is inherently insecure. We cannot guarantee the security of data sent over the internet.

10.5. Specific security measures we employ include:

• Password protection and encryption of devices storing personal data

• Secure, limited-access cloud storage for digital records

• Regular security updates and patch management

• Staff training on data protection requirements

• Physical security measures for any paper records

11. Data Retention

11.1. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

11.2. For retreat participants, we typically retain your data for a period of 7 years after your last retreat with us.

11.3. For hypnotherapy clients, we retain client data for a minimum period of 7 years, calculated from the date of our last session together. For clients under the age of 18, data will be retained until their 25th birthday.

11.4. In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

12. Your Legal Rights

Under data protection laws, you have rights in relation to your personal data including:

12.1. The right to be informed about how we collect and use your personal data.

12.2. The right to access the personal data we hold about you.

12.3. The right to request correction of any incomplete or inaccurate personal data we hold about you.

12.4. The right to request erasure of your personal data in certain circumstances.

12.5. The right to restrict or object to processing of your personal data in certain circumstances.

12.6. The right to data portability, allowing you to obtain and reuse your personal data for your own purposes across different services.

12.7. The right to withdraw consent at any time, where we are relying on consent to process your personal data.

12.8. The right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not complied with the requirements of data protection law.

12.9. To exercise your rights, please email us at admin@conceptretreats.com with "Data Protection Request" in the subject line.

12.10. We aim to respond to all legitimate requests within one month in accordance with data protection regulations. Occasionally, response times may be extended if your request is particularly complex or if we are traveling internationally for retreats or business purposes with limited access to our London office facilities. In such circumstances, we will notify you of any delay promptly and keep you updated on our progress with your request.

12.11. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

13. Cookies

13.1. Our website uses cookies to distinguish you from other users. This helps us provide you with a good experience when you browse our website and allows us to improve our site.

13.2. We use Google Analytics to track user interaction with our website. This data helps us understand how visitors find and use our web pages.

13.3. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

14. Links to Other Websites

Our website may contain links to other websites of interest. Once you use these links, you will leave our website. We are not responsible for the protection and privacy of any information which you provide while visiting such sites, and these sites are not governed by this privacy policy. You should exercise caution and look at the privacy statement applicable to the website in question.

15. Audio, Video Recordings and Images

15.1. Hypnotherapy Sessions: With your consent, we may record audio of hypnotherapy sessions for therapeutic purposes. These recordings may be reviewed by you or/and the therapist to track progress, reinforce therapeutic suggestions, or for session details recall.

15.2. Online Sessions: For remote sessions conducted via Zoom, FaceTime, or other platforms, we may, with your consent, record these sessions for therapeutic review or to ensure continuity of care.

15.3. Marketing and Promotional Material: With your separate consent, we may take photographs or record video during retreats or sessions for marketing and promotional purposes. This content may be used on our websites, social media platforms, brochures, or other marketing materials.

15.4. Storage and Security: All recordings and images are stored securely using the same robust data protection measures applied to all your personal information. These recordings are typically stored on password-protected devices with appropriate encryption.

15.5. Retention Period: Audio and video recordings of therapy sessions are subject to the same retention periods as other therapy records (7 years for adults, until age 25 for minors). Marketing materials containing your image may be retained indefinitely unless you request their removal.

15.6. Right to Withdraw Consent: You have the right to withdraw your consent for the use of recordings or images at any time. However, this will not affect any use that occurred before you withdrew consent.

15.7. Third-Party Platforms: When sessions are conducted via third-party platforms like Zoom or FaceTime, these platforms may have their own recording capabilities and privacy policies. We recommend familiarizing yourself with their privacy terms as well.

16. Transcription Services

16.1. We may use automated or third-party transcription services (provided by Apple, Google, or other technology companies) to transcribe recorded workshops, sessions, or other audio content.

16.2. When using these services, your recorded audio may be processed by the transcription provider's systems, and is subject to their privacy policies and security measures.

16.3. We select transcription service providers that maintain appropriate security standards, but we cannot fully control their data processing practices.

16.4. The resulting transcripts are stored with the same level of security as our other confidential client information.

16.5. If you have concerns about the use of transcription services for your recorded sessions, please discuss this with us.

17. Social Media and User-Generated Content

17.1. Our websites and services may include social media features (such as Facebook, Instagram, or LinkedIn buttons).

17.2. These features may collect information such as your IP address and which pages you visit on our site, and may set cookies to enable the feature to function properly.

17.3. If you choose to interact with us on social media platforms, we may collect and process information you share on these platforms.

17.4. User reviews, testimonials, or content you submit may be published on our website or social media accounts with your consent. This information will be subject to the same protection standards as other personal information.

17.5. Please note that social media platforms have their own privacy policies which will govern their use of your information.

18. Automated Decision Making and Profiling

18.1. We do not generally use your personal data for automated decision-making or profiling purposes.

18.2. In the context of retreat applications, we may use application responses to make initial assessments of suitability, but final decisions always involve human review and judgment.

18.3. You have the right not to be subject to a decision based solely on automated processing if that decision produces legal or similarly significant effects concerning you.

19. Public Health Emergencies

19.1. During public health emergencies, we may collect additional health information such as vaccination status, recent test results, or symptoms.

19.2. This information is collected to comply with legal obligations, public health directives, and to protect the health and safety of all retreat participants.

19.3. Such information will be handled with appropriate sensitivity and confidentiality, and retained only for as long as necessary.

20. Business Transfers

20.1. If our business is sold, merged, or transferred, or if there is a potential sale, merger, or transfer, your personal information may be disclosed to the potential or actual purchasers and their advisers as part of that transaction.

20.2. We will take steps to ensure your data continues to be used in accordance with this Privacy Policy.

21. Children's Privacy

21.1. Our services are not directed to individuals under the age of 18 without parental consent.

21.2. For hypnotherapy services provided to minors, we require parental/guardian consent and involvement.

22. Communication Preferences

Preferred Method of Communication

Our preferred method of communication is by email at contact@conceptretreats.com.

You can also reach us by telephone and WhatsApp at: +44 (0) 7707 289 228

Please note that due to the nature of our work, we travel extensively and it may take up to 48 - 72 hours to reply to your message. We appreciate your patience and understanding.

23. Changes to This Privacy Policy

23.1. We reserve the right to update this privacy policy at any time.

23.2. We may notify you in other ways from time to time about the processing of your personal information.

23.3. We encourage you to review this privacy policy periodically to be informed of how we are protecting your information.

Last updated: 14.04.2025