Legal

Privacy Policy

Last updated: 17 July 2026

This Privacy Policy explains what personal data Enda O'Shea Sports Hypnosis ("we", "us", "our") collects when you use endaoshea.com or our programs, how we use it, and the rights you have over it. It sits alongside our Terms & Conditions.

1. Who we are

Enda O'Shea Sports Hypnosis is the data controller for the personal data described in this policy. We provide sports-hypnosis and mental-performance programs for competitive athletes. If you have any questions about this policy or your data, contact us at [email protected].

2. What we collect

We collect only what we need to deliver our programs and run our business:

  • Details you give us — your name, email address, phone number (if you provide one), the answers you submit in our forms and applications, and any messages you send us.
  • Purchase information — the program you bought and when.
  • Usage information — basic technical data such as your device and browser type, and how you use the site, collected through cookies and similar tools (see section 7).

We never see or store your full card number. All card payments are handled directly by our payment provider on their own secure systems.

3. How we use your data

We use your personal data to:

  • deliver the programs and content you sign up for or buy;
  • process your purchases and give you access to your materials;
  • send you the guidance, emails and updates related to your program;
  • respond to your enquiries and provide support;
  • improve our programs, website and service;
  • meet our legal and accounting obligations.

4. Legal bases for processing

Under the GDPR we rely on the following legal bases:

  • Consent — for example, when you opt in to receive marketing emails. You can withdraw consent at any time.
  • Contract — to deliver a program you have purchased or signed up for.
  • Legitimate interests — to run, secure and improve our business and to communicate with you about programs you are already using, in a way that does not override your rights.

5. Who we share it with

We share personal data only with the trusted service providers that help us run the business, and only as far as needed to deliver our service:

  • GoHighLevel (HighLevel, Inc.) — our website, CRM and email platform.
  • FastPayDirect / Stripe — secure payment processing.
  • Mailgun and ImprovMX — email delivery and forwarding.
  • ClientClub — hosting your membership and course content.

Each provider processes your data on our behalf under its own security and privacy obligations. We do not sell your personal data, and we do not share it for anyone else's marketing.

6. International transfers

Some of our providers are based outside the European Economic Area (for example, in the United States). Where your data is transferred outside the EEA, we make sure it is protected by appropriate safeguards, such as the European Commission's Standard Contractual Clauses or an equivalent mechanism.

7. Cookies

Our website uses cookies and similar technologies — some essential for the site to work, others to help us understand how the site is used so we can improve it. You can control or disable cookies through your browser settings, though blocking some may affect how the site works.

8. How long we keep it

We keep your personal data only for as long as we need it for the purposes set out in this policy — to deliver your program, run our business, and meet our legal and accounting obligations. When we no longer need it, we delete it or make it anonymous.

9. Your rights

Under the GDPR you have the right to access your data, correct it, delete it, restrict or object to how we use it, receive a copy in a portable format, and withdraw consent at any time. To exercise any of these, email us at [email protected] and we will respond within the time the law allows. You also have the right to lodge a complaint with the Irish Data Protection Commission at dataprotection.ie.

10. Security

We use appropriate technical and organisational measures to protect your personal data against loss, misuse and unauthorised access, and we hold our providers to the same standard. No method of transmission or storage is ever completely secure, but we work hard to keep your information safe.

11. Children

Our programs and website are intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with their data, contact us and we will remove it.

12. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top shows the current version, and we will let you know about any significant changes.

13. Contact

If you have any questions about this policy or how we handle your data, contact us at [email protected].