GDPR – PRIVACY NOTICE
What is the purpose of this notice?
To describe how the Naturopathic Nutritionist collects and uses personal data about you in accordance with the General Data Protection Regulation (GDPR).
What we need
The Naturopathic Nutritionist will be what’s known as the “Controller” of the personal data you provide to us. We collect personal data taken in your consultations, this does include name, address, e-mail and telephone number.
Why we need to keep data
We need to keep notes of your health history as described by you to ensure we can advise as effectively as possible. We do not use your email address for marketing and ask that should you wish to keep aware of any forthcoming workshops, events or news you follow our Facebook page.
What we do with it
We only ever use your personal data with your consent, or where it is necessary:
- to comply with a legal duty
- to protect your vital interests
- for our own lawful interests, provided your rights don’t override these.
In any event, we will only use your information for the purpose or purposes it was collected for (or for closely related purposes).
We may process personal information for certain legitimate business purposes, which include some or all of the following:
- where the processing enables the Naturopathic Nutritionist to enhance, modify, personalise or otherwise improve services/communications for the benefit of our clients
- to identify and prevent fraud
- to enhance the security of our network and information systems
- to better understand how people interact with our website.
Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights at all times.
When we process your personal data for my legitimate interests, we will make sure that we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws
Where your data is kept.
The naturopathic nutritionist is based in the UK. Paper records are taken of consultations and these are kept locked and secure in my personal home premises. Copies of your recommendations are kept on my laptop which has a secure password to access. premises.
How long your data is retained.
Data will be kept for as long as you are a patient. Once you have stopped being a patient for more than one year your data will be retained for 6 years.
What are your rights?
We want to ensure that you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as a data subject access request)
- the right to have your data erased
- the right to have inaccurate data rectified
- the right to object to your data being used for marketing or profiling; and
- where technically feasible, you have the right to personal data you have provided to me which we process automatically based on your consent.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you are not satisfied with our response or believe we am processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office, the UK supervisory authority.