We know that privacy is very important when shopping online, so rest assured that whenever we ask you for any personal information, it’s kept safe and secure and we only use the basic information from you to be able to process your order. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us and is part of our Terms & Conditions.
2. How We Obtain Your Personal Data
Information provided by you
You provide us with personal data in the following ways:
· By completing a nutritional therapy questionnaire and food diary
· By signing our terms of engagement form
· During a nutritional therapy/ nutrition coach consultation
· Through email, over the telephone or by post
· By purchasing something from our store
This may include the following information:
· basic details such as name, address and contact details
· details of contact we have had with you such as referrals and appointment requests
· health information including your previous medical history, dietary, lifestyle, supplement and medicine details, biochemical test results, clinic notes and health improvement plans
· GP contact information
· Bank card details
We use this information to provide you with direct healthcare. This means that the legal basis of our holding your personal data is for legitimate interest.
Following completion of your healthcare we retain your personal data for the period defined by our professional association BANT and registrant body, Companies House. This enables us to process any complaint you may make. In this case, the legal basis of our holding your personal data is for contract administration.
Information we get from other sources
We may obtain sensitive medical information in the form of: test results from biochemical testing companies; test results from doctors and other specialists in the medical field, as well as from your health questionnaire and food diary. We use this information to provide you with direct healthcare. This means that the legal basis of our holding your personal data is for legitimate interest.
We may obtain sensitive information from other healthcare providers. The provision of this information is subject to you giving us your express consent. If we do not receive this consent from you, we will not be able to coordinate your healthcare with that provided by other providers which means the healthcare provided by us may be less effective.
3. How We Use Your Personal Data
We act as a data controller for use of your personal data to provide direct healthcare. We also act as a controller and processor regarding the processing of your data from third parties such as testing companies and other healthcare providers. We act as a data controller and processor regarding the processing of credit card and online payments.
We undertake always to protect your personal data, including any health and contact details, in a manner which is consistent with our duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data storage.
We may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime. Also where there is a legal requirement such as a formal court order. We may use your data for marketing purposes such as newsletters but this would be subject to you giving us your express consent.
4. Your consent
When you provide us with personal information to complete a transaction, verify your credit card, place an order or arrange for a delivery, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org. You also have an option to unsubscribe from our newsletters via a link provided at the bottom of each newsletter.
4. Data Security
We only use information that may identify you in accordance with GDPR. This requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.
Within the health sector, we also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. We will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
To protect your personal information both on-line and off-line, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place MNC is registered with the Information Commissioner’s Office (ICO) as a data controller and collects data for a variety of purposes. A copy of the registration is available through the ICO website (search by business name).
Our online shop is hosted by Squarespace. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Squarespace’s data storage, databases and the general Squarespace application on a secure server.
Payments are processed through Stripe. All transactions are secure and encrypted, and we never store your credit card information.
When you click on links on the store, they may direct you away from my website. We are not responsible for the privacy practices of other websites and encourage you to read their privacy statements.
A cookie is a piece of information that is stored on your computer's hard drive by your web browser which tracks your movements within websites. Most browsers are automatically set to accept cookies but usually you can alter the settings of your browser to prevent automatic acceptance. If you choose not to receive cookies, you may still use most of the features of our website, including the ability to purchase items.
8. Age of consent
If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information please contact us at email@example.com