Instagram

Barbara Hanachova

RM, LCHE, RSHom, CST

Infant Feeding Specialist 

Transforming lives through gentle expert care

Privacy policy

BARBARA HANACHOVA’S PRIVACY POLICY

Last updated: 15/11/2025

Data Controller: Barbara Hanachova

Business Location: United Kingdom

Email: hello@barbarahanachova.com

Website: www.barbarahanachova.com

ICO Registration: Yes – registered with the UK Information Commissioner’s Office (ICO)

1. Introduction

I am committed to protecting your privacy and handling your personal information with transparency and care. This Privacy Policy explains what personal data I collect, how I use it, how it is stored, and your rights under the UK General Data Protection Regulation (UK GDPR).

This policy applies to all clients who work with me through:

  • Homeopathy consultations
  • Infant feeding and lactation support
  • Midwifery-related support and education
  • Health/nutrition coaching and holistic wellness support
  • Craniosacral therapy
  • Online workshops, memberships, courses, and digital resources

I work with clients in the UK and internationally.

2. The Data I Collect

Because I offer healthcare-related services, I may need to collect personal data and special category (health) data so I can provide appropriate support.

2.1 Personal Information

  • Full name
  • Date of birth
  • Gender (if relevant to care)
  • Home address
  • Email address
  • Phone number
  • Emergency contact (if appropriate)
  • Payment details (processed securely via Stripe — I do not store card numbers)

 

2.2 Health & Special Category Data

To provide safe and appropriate care, I may collect:

  • Medical history and symptoms
  • Medication or treatment history
  • Pregnancy, birth, and feeding history
  • Allergies and intolerances
  • Lifestyle, nutrition, sleep, and wellbeing information
  • Consultation notes
  • Assessment forms
  • Information about infants or children if you are the parent or legal guardian

This type of data is considered special category data and is protected under Article 9(2)(h) UK GDPR (processing for the provision of health care).

2.3 Information Collected Automatically

When you use my website, some data is collected automatically through cookies or analytics tools (e.g., IP address, browser type, pages viewed). Cookies are explained in Section 11.

3. How Your Data Is Collected

I collect data directly from you when you:

  • Book a consultation
  • Complete a form on my website
  • Join my membership or workshops
  • Subscribe to my newsletter
  • Contact me through email or messaging apps
  • Attend an online consultation

I do not obtain data from third parties unless you explicitly ask me to liaise with another healthcare professional.

4. Lawful Basis for Processing Your Data

Under UK GDPR, I process your personal data on the following legal bases:

4.1 Performance of Contract

To provide consultations, answer enquiries, deliver programmes, and supply purchased services.

4.2 Legal Obligation

For record-keeping required for healthcare professionals.

4.3 Legitimate Interests

For running my business, ensuring quality, responding to enquiries, and improving services.

4.4 Article 9(2)(h) – Provision of Health Care

For processing health and medical information necessary to deliver safe care, assessment, and support.

4.5 Consent

For:

  • Marketing emails
  • Optional resources, newsletters, or reminders
    Consent can be withdrawn at any time.

 

5. How Your Information Is Used

I use your data to:

  • Provide homeopathy, infant feeding, midwifery, craniosacral therapy or health coaching services
  • Make appropriate assessments and recommendations
  • Maintain professional clinical records
  • Book and manage appointments
  • Communicate with you by email, SMS, messaging apps, or phone
  • Send follow-up information, care plans, or resources
  • Send newsletters or updates
  • Manage payments and invoices
  • Improve my services and website

I do not sell or trade your personal data.

6. Sharing Your Information

I only share your data when necessary and appropriate:

6.1 With third-party service providers:

  • Stripe (payment processing)
  • MailerLite (email newsletters)
  • WordPress plugins / membership systems
  • Zoom (online consultations, workshops)
  • Cliniko (online bookings, consultations, client forms and case notes)
  • Cloud storage services

All providers are GDPR-compliant or operate under approved international data transfer mechanisms.

6.2 With legal or professional authorities

Only if required by law or professional safeguarding obligations.

6.3 With other healthcare professionals

Only with your explicit consent.

I do not share your data with unrelated third parties.

7. Children’s Data

I work with babies, children, and parents.

For anyone under 18 years old, data is collected only from or with the consent of a parent or legal guardian.

Records for children are retained for 7 years after their 18th birthday, in line with health-care record requirements.

8. Data Retention

In accordance with professional requirements:

  • Client records are kept for 7 years after your last consultation
  • Children’s records: 7 years after the 18th birthday
  • Financial and tax records: 6 years
  • Emails and messages: deleted periodically or when no longer needed

After the retention period, paper records are securely destroyed and digital records are permanently deleted.

9. How Your Data Is Stored & Security

I use modern, secure, password-protected systems to store your data.

This includes:

  • Password-protected laptop
  • Encrypted cloud storage
  • Encrypted email platforms
  • Secure booking and payment systems
  • Secure website hosting

 

Security measures include:

  • Multi-factor authentication where available
  • Regular software updates
  • Encrypted backups
  • Limited authorised access only

Any paper records are kept in a locked and secure location.

10. International Data Transfers

Some services I use (e.g., MailerLite, Stripe, Zoom) may store data outside the UK.

Transfers are protected through:

  • Adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • GDPR-compliant safeguards provided by those processors

 

11. Cookies & Website Analytics

My website uses cookies and analytics tools to understand usage and improve performance.

Cookies may collect:

  • IP address
  • Browser type
  • General location
  • Pages visited
  • Time spent on the site

You can disable cookies in your browser settings at any time.

12. Your Rights Under UK GDPR

You have the right to:

  • Access your data
  • Rectify incorrect information
  • Erase your data (unless I must retain it for legal reasons)
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent at any time
  • Complain to the ICO if you believe your data is mishandled
    • www.ico.org.uk

Requests will be responded to within 30 days.

13. Data Breaches

If a data breach occurs that may pose a risk to your rights or freedoms:

  • I will notify the ICO within 72 hours
  • I will notify you without undue delay
  • I will take all necessary steps to minimise harm

 

14. Changes to This Policy

This Privacy Policy may be updated from time to time.

The most recent version will always be available on my website.

Clients will be notified of significant changes.

15. Contact

If you have any questions regarding this policy, or wish to exercise your rights, please contact:

Barbara Hanachova

Registered Midwife, Homeopath & Infant Feeding Specialist, Craniosacral Therapist, Health Coach

Email: hello@barbarahanachova.com

Website: barbarahanachova.com