12 July 2020
This website is operated by Max Trance. This document forms a part of our terms and conditions.
This policy, our terms and conditions, and the use of our websites, products and services, is governed by the laws of New Zealand.
We take the security of your data seriously, and we use industry standard policies and software to ensure your data are safe.
We may use your data for the following purposes, some of which are optional:
- Providing service to you
- Optimising the provision of our service to you
- Complying with legal requirements
- Contacting you with offers we believe may be relevant to you
- Protecting the interests of you and others including us
- Marketing (including testimonials with your permission)
- Protecting our systems and data
- Protecting your data
Additionally, your data may end up in third party systems, such as our bank or accounting provider.
Our underlying policy is that hard copies of customer data are maintained only for as long as required for the specific purpose for which they were created, and that they are securely destroyed within a reasonable time after the completion of that purpose.
Most of the time we store customer data in electronic form. We may print out previous session notes and other relevant data prior to sessions for reference. This is to ensure that we minimise the risk to you during a session due to technological failures such as internet outages, hardware failure and other issues. Where session notes are printed prior to a session, they are destroyed with a cross-cut shredder on conclusion of the session, after making any appropriate amendments to electronic documents.
We may take hand-written notes during any or all of your sessions with us. Where relevant, these are recorded electronically after the session, and the hard copy is destroyed with a cross-cut shredder once electronic recording is complete.
We may also create hard copies of contact details (including name, address and phone number) when providing our services at your site. This is so that we can find our way to you. These copies will be destroyed when no longer required (such as on completion of delivery of our service to you).
In the event that you supply some of your data to us on paper (such as filling out a form at one of our events), we will transcribe any relevant data into our electronic storage systems, and will then destroy the hard copy with a cross-cut shredder.
We may store the following data electronically:
- Contact details including any combination of your name, address, phone number, Skype address, Facebook account, and email address.
- Contact details for medical professionals that you nominate.
- Personal details that may be relevant to your sessions, including your use of contact lenses and medical conditions that you declare to us.
- Session notes from any sessions you may have with us.
- Video and audio recordings of your sessions.
- Video and audio recordings of trainings in which you participate.
- Your purchase history including dates and times of any sessions.
- Your subscription options for our marketing services.
- Records of your interactions with us, including emails and notes of conversations with us.
- Logs of your interactions with our online services, including IP address, web browser, operating system, which pages on our sites you visit and when, and any errors you may have encountered.
- Logs of your interactions with our marketing materials, including opened emails and your engagement with our online advertisements.
- Logs of any attacks on our services, including IP addresses of attacking devices.
We may store cookies on devices that you use to interact with web sites. This is to facilitate the provisioning of our services to you, and to ensure that you have the best possible experience of our services. In the event that you would prefer for us not to do this, we recommend using privacy mode in your web browser. This will ensure that you can use most of our sites’ functionality, while minimising the risk of our data persisting on your devices, since use of privacy mode should result in the cookies being destroyed when you close the browser. Disabling cookies altogether (or refusing us permission to use them) is likely to result in a significantly inferior experience for you when you use our web services.
Information about any activities you perform on any of our web sites, including browsing, clicking buttons, providing details such as email addresses, interacting with media, posting comments, and anything else at all, may be sent to third parties, including but not limited to Facebook, Google, Youtube, DigitalOcean, WordPress and WooCommerce, and cookies on our sites may be used to implement and track this.
Retention Schedule and Details of data we store electronically about you that could be associated to you
Note that the third parties listed below are not associated with Max Trance and are listed only so that you know where we are sending your data. The names Google, YouTube, AWeber, Facebook, DigitalOcean, Skype, Microsoft, ANZ, Stripe, Paypal, Makes Cents, MYOB, tawk.to, Zoom and 1st Domains are owned by their respective owners and those owners do not endorse Max Trance in any way. If you represent one of these organisations, and would like to endorse us, or would like us to add further disclaimers, please let us know by emailing firstname.lastname@example.org.
Our underlying principles are:
- Where we process data on the basis of your consent, we will stop once we receive a request from you to do so. In practice, this may take up to 30 days to implement.
- Where we process data as required by law, we will do this for as long as required to comply with various laws. This will include invoices and supporting information such as emails. Our invoices for hypnosis services are itemised as “Professional services” to protect your privacy. If you take part in a training course or purchase a product or program, this will be itemised with the name of the training course, product or program.
- Where we process data for the protection of a human being, we will do so indefinitely. This is because the nature of the services that we provide is that your memory of what happened will sometimes be different to what actually happened. So will ours.
- Where we process pseudonymised data as case studies, we may do this forever.
- Where you have signed a subject release (for example, if you participate in the creation of one of our products), we may use the associated data forever.
This retention schedule will usually be up-to-date. However, we cannot control what other companies do, nor can we control how people choose to contact us. For this reason, the schedule may be incomplete from time to time.
Additionally, our web services run on DigitalOcean with WordPress, WooCommerce and Jetpack from Automattic. You should assume that DigitalOcean, Automattic, AWeber, Facebook, tawk.to, Google and MonsterInsights can see everything that happens on any of our web sites.
|Data type||What it’s for||Where it’s stored and who may see it||How long we process it||How we justify processing it|
|Contact details||Contacting you about your inquiries and orders; and marketing.||Encrypted data store on our servers; our devices; Google; AWeber; DigitalOcean; Facebook; Skype (Microsoft); 1st Domains; tawk.to; Zoom; Automattic.||Up to ten years after your last contact with us.||Required to provide our services to you while you are our customer.|
|Contact details||Invoicing requirements.||Encrypted data store on our servers; our devices; Makes Cents; MYOB; Automattic.||Up to eleven years and six months after your last purchase from us.||Required for accounting records.|
|Contact details||Data integrity around session notes.||Encrypted data store on our servers; our devices.||Until your last session notes are destroyed.||Required to provide our services to you.|
|Your medical professionals||So we can contact them with your consent.||Encrypted data store on our servers; our devices; your medical professionals.||Up to five years after your last session.||Your consent.|
|Personal details and medical conditions||So we can minimise the risk to you during sessions.||Encrypted data store on our servers; our devices; your medical professionals.||Up to five years after your last session.||Your consent.|
|Session notes||To minimise the risk to you of abreactions; To minimise the risk of unnecessarily repeating work.||Encrypted data store on our servers; our devices.||Up to five years after your last session; May be preserved indefinitely with all unique identifiers removed as case studies.||Required to provide our services to you.|
|Audio recordings||A permanent log of what happened in each session in case of dispute so that both you and we are protected.||Encrypted data store on our servers; our devices.||Forever.||Protection of you and our staff; Analysis of sessions for optimisation of our service to you.|
|Video recordings||A permanent log of what happened in each session in case of dispute so that both you and we are protected.||Encrypted data store on our servers; our devices.||Forever.||Protection of you and our staff; Analysis of sessions for optimisation of our service to you.|
|Audio and video recordings with subject release||Product creation.||May be made publically available.||Forever.||Your irrevocable consent.|
|Purchase history||Accounting; Avoiding trying to sell you something you already own; Marketing.||Encrypted data store on our servers; our devices; MYOB; DigitalOcean; Makes Cents; Facebook; Automattic.||Up to eleven years and six months after your last purchase from us.||Required for accounting records.|
|Invoices||Accounting.||Encrypted data store on our servers; our devices; Makes Cents; MYOB; Automattic.||Up to eleven years and six months after invoice date.||Required by New Zealand IRD for record keeping.|
|Your contact details for marketing subscriptions||So we can offer you products and services that you’ve indicated you are interested in.||Encrypted data store on our servers; our devices; AWeber; DigitalOcean; Facebook; Google; Microsoft.||Up to five days after you ask us to remove you from our subscription service.||Your consent.|
|Logs of your interaction with our marketing||So we can offer you products and services that third parties tell us you might be interested in.||Encrypted data store on our servers; our devices; DigitalOcean; AWeber; Facebook; Google; Microsoft; Automattic; MonsterInsights.||Up to five years after your last interaction with our marketing.||Your consent.|
|Records of your interactions with us not covered by other entries in this table||So we can optimally provide our services to you when you want them; To ensure there is a paper trail in the event of dispute.||Encrypted data store on our servers; our devices; AWeber; DigitalOcean; YouTube; Facebook; Google; 1st Domains; tawk.to; Automattic; MonsterInsights.||Forever.||Protection of you and our staff; Analysis of sessions for optimisation of our service to you.|
|Logs of your interactions with our online services||So we can optimise the delivery of our service to you.||Encrypted data store on our servers; our devices; DigitalOcean; Facebook; YouTube; tawk.to; Google; MonsterInsights.||Up to one year.||Required to ensure services are being delivered optimally.|
|Testimonials||Marketing.||Publically available. We will only use your personal details to the extent you allow.||Up to 30 days after consent is revoked. We will neither create nor distribute further hard copies after revocation of consent.||Your consent.|
|Case Studies||Marketing, training, delivery of services.||Publically available. We will only use your personal details to the extent you allow.||Forever.||Your consent.|
|Logs of attacks||Security of your and our data.||Data store on our servers; our devices; DigitalOcean; AWeber; Facebook; Google; Automattic; MonsterInsights.||Up to 100 years.||Required to reasonably protect our systems and your data.|
|Requests for your information and for changes to that information||So we can demonstrate compliance with your requests.||Encrypted data store on our servers; our devices; DigitalOcean; AWeber; 1st Domains; Google; Facebook; MonsterInsights.||Up to eleven years six months.||Required for reasonable record keeping.|
|Requests to delete your information||So we can demonstrate compliance with your requests.||Encrypted data store on our servers; our devices; DigitalOcean; 1st Domains; Google; Facebook.||Up to eleven years six months.||Required for reasonable record keeping.|
|Electronic payments||So we know it was you that paid us and to create a paper trail for audit purposes.||Encrypted data store on our servers; our devices; DigitalOcean; ANZ; Paypal; Stripe; Makes Cents; MYOB; Automattic; Facebook.||Up to eleven years six months.||Required for accounting and audit purposes.|
We comply with New Zealand law, so your data may be shared with relevant authorities when an appropriate request is received. This may include authorities outside of New Zealand if we reasonably believe we are required to do so. If we share your data with any authorities, we will share only that data we reasonably believe we are legally or ethically required to share. Additionally, we are required to keep certain accounting data for up to ten years (usually seven) after the relevant tax return, which means that we may be required to keep some of your data for up to eleven and a half years regardless of any requests you may make around that.
We will retain any data that we need to for as long as we need to in order to comply with New Zealand legislation.
We do not share your data beyond the extent required to carry out a particular service unless we are legally or ethically required to do so. This means that, for example, if you pay us by bank deposit, our bank and our accountant will necessarily see any information you or your provider place on the payment record, but we will not share that information with other payment providers. Similarly, if you contact us via Skype, Skype will necessarily know about it and may share that data in accordance with their own policies, but we won’t share that with anyone else without your consent.
Now, this should not need to be said, but… lawyers… therefore: If you contact us by any means, any parties involved in that communication in any way, including its facilitation, will potentially be able to read all details of that communication and may store that information in accordance with their own privacy policies and terms and conditions. This includes Google, Skype, Facebook, Zoom, Tawk.to, 1st Domains, and any other communication providers. In particular, this site may send such data to DigitalOcean, AWeber, Google, Facebook, Tawk.to and 1st Domains in order to communicate with us.
Additionally, if we come to believe that you are in danger of harming yourself or others, we may take appropriate reasonable steps to prevent this, including notifying and releasing your data to medical professionals, emergency services and/or relevant authorities.
You may opt-out of any of our subscription services at any time by following the unsubscribe link at the bottom of every marketing email we send. In the unlikely event that you attempt to do this and it does not work, please contact us by email on email@example.com and we will sort it out for you. Or just try again – we use a professional autoresponder company, and all such requests are handled directly by them, so it will only fail if the technology breaks in some way. It should work immediately, but technological failures do happen, which is why we have the 5 days listed in our retention schedule. If you attempt to unsubscribe and continue to receive marketing messages from us, this means that the technology broke and you should email us so that we can sort it out for you.
Requests for information and data changes may be made to firstname.lastname@example.org. For your security, if you request your data, we will send those data only to addresses we already have on record. Similarly, if you request that your data be updated, we will need to confirm it is really you first, which will involve us making contact with you via the contact details we already have. We are a small business, so excessive requests will be billed at our usual hourly rate at the time of the request.
This is a living document and will be updated from time to time (for example, if we change one of our providers or add new services).
Third party privacy policies
This is not intended to be a complete list of third party privacy policies, and is provided only for your convenience. As such, it may be out of date.
https://policies.google.com/privacy (also for YouTube)