Privacy Policy

Who I am

My name is Paddy Landau, the business is Landau Hypnotherapy in Oxfordshire, and my website address is

More information is available on the contact page.

What personal data I collect, and why

Cat hiding


Although I treat your emails with the same confidentiality as anything else, email is inherently insecure. Please exercise care when using email, as I cannot promise that no one else can access this data. In particular, I use Google’s Gmail to process emails.

I keep your emails only as long as required, and then delete them.


If you leave a comment on the site, it collects the data shown in the comments form, and your IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service provides a privacy policy. After approval of your comment, if you have a Gravatar account, your Gravatar profile picture is visible to the public in the context of your comment.

When you submit a comment, it goes through Google reCAPTCHA to fight spam.

Contact forms

Contact via the website form uses email, and as such is not protected against interception. Please exercise the same care as if you were submitting a regular email.

When you use the contact form, it goes through Google reCAPTCHA to fight spam.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, a temporary cookie is set to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, several cookies are set up to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Telephone, SMS, chat applications, postal mail

Telephone calls, SMS, other chat applications, audio and video applications, and postal mail are only as secure as the companies that provide the services, and the governments that control them. I cannot vouch for their security.

Therapy data

Problems can be connected in unexpected and non-intuitive ways, and so I keep records of anything that might be important even if it appears to be irrelevant at the time.

I also keep your name, address and contact information.

Also see below, How I keep your data safe.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in exactly the same way as if the visitor has visited the other website.

Those websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


I keep anonymised statistical information on website visits for marketing purposes.

I keep anonymised statistical information on clients’ problems and sessions for research, quality assurance and education.

These analytics are kept indefinitely.

With whom I share your data

I do not share your data with anyone, unless any of the following apply.

  • I am required to do so for legal or regulatory reasons.
  • To protect against harm.
  • To address fraud or illegal activity.
  • To protect confidential data.
  • To protect the rights, interests or property of this business.
  • I collaborate with therapists and life coaches worldwide for the purposes of education, mutual help and skills improvement. For this reason, I sometimes share case studies, which include only fully anonymised and relevant details.
  • You have given explicit permission to do so, e.g. to allow me to contact your GP, to display a testimonial, or to discuss your case with a fellow therapist (e.g. if one of us is referring you to the other).

In all cases, sharing will be kept to only the pertinent details, and shared only with the applicable people.

Except where the above applies:

  • I do not share your data with a spouse, partner, parent, child, friend, or anyone else, except that a parent or legal guardian may request data about their charge, but subject to legal protections (see “What rights you have over your data” following).
  • If you provide a testimonial, I might use it and your personal details, but only to the extent that you give me explicit permission to do so.

Google reCAPTCHA

When you submit a comment or use the contact form, the website uses Google reCAPTCHA to fight spam and abuse. Google’s Privacy Policy and Terms of Service apply.

How long I retain your data

Session details and personal information

Both the law and insurance require minimum data retention periods.

Subject to that, I keep your information only for as long as I need it for therapy; for follow-up; and when I believe that I should keep it for longer for potential future contact or problems.

Website comments and registration

If you leave a comment, the comment and its metadata are retained indefinitely. This is so that the site can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

If you register on the website, it stores the personal information that you provide in your user profile. You can see, edit, or delete your personal information at any time, except that you cannot change your username. Website administrators can also see and edit that information.

How I keep your data safe

All data are kept electronically (not on paper) and encrypted to industry standards. Only I have the passphrase. No one else can access your data except as described in “With whom I share your data” above.

All paper copies (e.g. notes and contracts) are scanned or copied into the encrypted electronic area soon after making them, and the paper copy is shredded immediately afterwards.

Backups are also encrypted, with a separate passphrase. I use SpiderOak ONE (which is GDPR-compliant), which means that the backup is kept on servers in the USA. However, the data remains fully encrypted, both during transmission and on storage. Even the SpiderOak staff don’t have the passphrase, and so cannot access the data.

What rights you have over your data

Therapy data

You may request a written or electronic copy of your own data. I am legally required to confirm your identity before sharing the data. Such data will be provided in a timely manner after confirmation. Excessive requests will incur an administration fee.

You can request that I delete information held about you. This does not include data held for, or subject to, legal, administrative, security or insurance restrictions or purposes.

Website data

If you have an account on this site, or have left comments, you can ask for the personal data held about you, including any data you have provided to me. You can also request that I erase any personal data that I hold about you. This does not include any data that I am obliged to keep for legal, administrative, security or insurance purposes. I will need to confirm your right to the data.

Where I send your data

Visitor comments will be checked through an automated spam detection service. See also Google reCAPTCHA above.

Additional information

What third parties I receive data from

If I contact your GP, another therapist or any other relevant person with whom you have had contact (subject to permission, of course), they might give me further relevant information. I treat this information with the same care and confidentiality as your other therapy data.