Privacy policy

Last updated: April 2026

1. Who is responsible for your data

Karmi Collective Ltd, trading as Belief by Design, is the data controller responsible for your personal data. Company number: 14001065, registered in the United Kingdom, email: hello@beliefbydesign.co.uk.

If you have any questions about this Privacy Policy or how your data is used, please contact us at the email above.

2. What data is collected

We only collect personal data that you choose to provide to us. This may include: Name, email address, information submitted via contact forms, booking details (e.g. appointment time, preferences), testimonials or feedback you choose to provide, and any information you voluntarily share during booking or sessions.

Special category data

As part of providing RTT® and hypnotherapy services, you may choose to share information relating to your health, emotional wellbeing or personal circumstances.

This information is considered special category data under GDPR. We only process this data with your explicit consent (Art. 9(2)(a) GDPR), for the purpose of providing therapeutic services.

You are not required to provide this information, but doing so may be necessary to deliver the service effectively.

3. How your data is collected

Your data may be collected in the following ways:

a) Contact forms

When you send a message via the website, we collect your name, email address, message content.

b) Booking a session

When you book via Calendly, the following may be collected: name, email address, appointment details and any additional information you choose to provide.

c) During sessions

You may voluntarily share personal or sensitive information during RTT® or hypnotherapy sessions.

d) Cookies and analytics

The website (hosted on Squarespace) may use cookies and basic analytics tools to understand how the site is used.

A cookie banner is used to obtain your consent before placing non-essential cookies.

4. Why your data is collected

Your data is processed for the following purposes:

  • To respond to enquiries

  • To schedule and deliver RTT/hypnotherapy sessions

  • To send booking confirmations and reminders

  • To process payments

  • To maintain client records

  • To comply with legal and tax obligations

  • To improve website functionality and user experience

4A. Testimonials and marketing use

From time to time, you may choose to provide a testimonial about your experience. Testimonials are entirely optional and are only used where you have given explicit consent.

If you provide a testimonial, it may be used for marketing purposes, including on the website, social media, and promotional materials. Testimonials may be edited for clarity while preserving their original meaning. You can choose how your testimonial is attributed (e.g. first name, initials, or anonymously). You may withdraw your consent at any time, and your testimonial will be removed from future use where reasonably possible.

Testimonials are kept separately from clinical or session records and are not used to inform therapeutic work.

5. Legal basis for processing

We process your data under the following legal bases:

  • Consent (Art. 6(1)(a))
    When you submit forms, agree to cookies, or provide sensitive information. This includes consent for the use of testimonials for marketing purposes.

  • Contract (Art. 6(1)(b))
    When processing is necessary to deliver booked services

  • Legal obligation (Art. 6(1)(c))
    For accounting, tax, and regulatory requirements

  • Legitimate interests (Art. 6(1)(f))
    To respond to enquiries, maintain communication, and ensure the security and functionality of the website

  • Explicit consent for special category data (Art. 9(2)(a))
    For any health or wellbeing-related information shared during sessions

6. How long your data is stored

Your data is only kept for as long as necessary:

  • Contact form messages: up to 12 months

  • Client session records: up to 5 years

  • Booking and payment data: up to 5–7 years (legal requirement)

  • Analytics data: up to 24 months

You may request deletion of your data at any time, unless retention is required by law.

7. Who your data is shared with

Your data is only shared with trusted third-party providers necessary to operate the business, including:

  • Calendly (booking system)

  • Squarespace (website hosting)

  • Email service providers (for communication and confirmations)

  • Payment processors (e.g. Stripe or PayPal, depending on how you pay)

Your data is never sold, rented, or traded.

8. International data transfers

Some of the providers used may process data outside the United Kingdom or European Economic Area (EEA), including the United States.

Where this occurs, appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs)

  • Equivalent data protection measures required under UK and EU GDPR

9. Your rights

Under GDPR, you have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion of your data

  • Withdraw consent at any time

  • Restrict or object to processing

  • Request a copy (data portability)

To exercise any of these rights, contact: hello@beliefbydesign.co.uk.

10. Right to complain

You have the right to lodge a complaint with a supervisory authority.

In the UK, this is the Information Commissioner's Office: https://ico.org.uk

If you are based in the EU (e.g. Cyprus), you may also contact your local data protection authority.

11. Data security

Appropriate technical and organisational measures are in place to protect your data, including:

  • Secure hosting

  • Encrypted website connections (HTTPS)

  • Controlled access to personal data

12. Updates to this policy

This Privacy Policy may be updated from time to time. Any changes will be posted on this page with an updated revision date.