I know that privacy is very important when shopping online, so rest assured that whenever I ask you for any personal information, it’s kept safe and secure and I only use the basic information from you to be able to process your request. This policy sets out the basis on which any personal data I collect from you, or that you provide to me, will be processed by me and is part of our Terms & Conditions.
HOW WE OBTAIN YOUR PERSONAL DATA
INFORMATION PROVIDED BY YOU
You provide me with personal data in the following ways:
By completing a nutritional therapy questionnaire and food diary
By signing my terms of engagement form
During a nutritional therapy/ nutrition coach consultation
Through email, over the telephone or by post
This may include the following information:
basic details such as name, address and contact details
details of contact I have had with you such as referrals and appointment requests
health information including your previous medical history, dietary, lifestyle, supplement and medicine details, biochemical test results, clinic notes and health improvement plans
GP contact information
I use this information to provide you with direct healthcare. This means that the legal basis of our holding your personal data is for legitimate interest.
Following completion of your healthcare I retain your personal data for the period defined by my professional association BANT and registrant body, Companies House. This enables me to process any complaint you may make. In this case, the legal basis of me holding your personal data is for contract administration.
INFORMATION WE GET FROM OTHER SOURCES
I may obtain sensitive medical information in the form of: test results from biochemical testing companies; test results from doctors and other specialists in the medical field, as well as from your health questionnaire and food diary. I use this information to provide you with direct healthcare. This means that the legal basis of me holding your personal data is for legitimate interest.
I may obtain sensitive information from other healthcare providers. The provision of this information is subject to you giving me your express consent. If I do not receive this consent from you, I will not be able to coordinate your healthcare with that provided by other providers which means the healthcare provided by me may be less effective.
HOW WE USE YOUR PERSONAL DATA
I act as a data controller for use of your personal data to provide direct healthcare. I also act as a controller and processor regarding the processing of your data from third parties such as testing companies and other healthcare providers.
I undertake always to protect your personal data, including any health and contact details, in a manner which is consistent with my duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. I will also take reasonable security measures to protect your personal data storage.
I may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime. Also where there is a legal requirement such as a formal court order. I may use your data for marketing purposes such as newsletters but this would be subject to you giving me your express consent.
When you provide me with personal information to complete a transaction, verify your credit card, place an order or arrange for a delivery, we imply that you consent to me collecting it and using it for that specific reason only.
If I ask for your personal information for a secondary reason, like marketing, I will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
If after you opt-in, you change your mind, you may withdraw your consent for me to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting me at email@example.com. You also have an option to unsubscribe from my newsletters via a link provided at the bottom of each newsletter.
I only use information that may identify you in accordance with GDPR. This requires me to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.
Within the health sector, I also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. I will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
To protect your personal information both on-line and off-line, I take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. I ensure external data processors that support us are legally and contractually bound to operate, and to prove security arrangements are in place Joy Skipper is registered with the Information Commissioner’s Office (ICO) as a data controller and collects data for a variety of purposes. A copy of the registration is available through the ICO website (search by business name).
When you click on links on the store, they may direct you away from my website. We are not responsible for the privacy practices of other websites and encourage you to read their privacy statements.
A cookie is a piece of information that is stored on your computer’s hard drive by your web browser which tracks your movements within websites. Most browsers are automatically set to accept cookies but usually you can alter the settings of your browser to prevent automatic acceptance. If you choose not to receive cookies, you may still use most of the features of my website.
AGE OF CONSENT
If you would like to access, correct, amend or delete any personal information I have about you, register a complaint, or simply want more information please contact me at firstname.lastname@example.org.