This is the Data Protection and Privacy Policy of Nutrition Naturally Forever, trading as S L Wappett.
The purpose of collecting data is to provide my coaching service and keep individuals up to date with general wellbeing advice. You may also provide this information voluntarily should you subscribe to my website. In order to provide quality service and comply with legislation, I will need to request information from you, some of this will be personal data.
I take my client’s privacy seriously, and in accordance with the General Data Protection Regulation (GDPR), I will process any personal data according to the seven principles below:
1. I must have a lawful reason for collecting personal data and must do it in a fair and transparent way. I will be clear about what data I am collecting, and why.
2. I must only use the data for the reason it is initially obtained. This means that I may not use a person’s data to market a product or service to them that is unconnected to the reasons for which they shared the data with me in the first place.
3. I must not collect any more data than is necessary. I will only collect the data I need to hold in order to do the job for which I have collected the data.
4. I will ensure that the data is accurate, and ask clients to check and confirm that the data held is still accurate upon further consultations.
5. I will not keep data any longer than needed. I must only keep the data for as long as is needed to complete the tasks it was collected for.
6. I must protect personal data. I am responsible for ensuring that I, and anyone else charged with using the data, processes and stores it securely.
7. I will be accountable for the data. This means that I will be able to show how I (and anyone working with me) am complying with the law.
I expect clients to keep private and confidential any sensitive information they may accidentally learn about my family and business or the other clients attending my practice.
I will be asking clients for personal data about themselves in order to deliver my service. I am required to hold and use this personal data in order to provide my service.
Storage
I will keep all paper-based records securely in my office filing cabinets.
Backup files will be stored on the cloud which is password protected. Firewall and virus protection software are in place.
If I store any records using a digital solution, I will ensure I have carried out due diligence to ensure they are compliant with GDPR.
Record keeping
I will keep the following details securely:
Name/Address/Contact Telephone number/Email address/DOB
Vital statistics related to the Health Program required.
I collect this information from each client directly with a signed contract along with client opt-in forms on my website.
I use this data to keep clients informed of relevant wellbeing advice as requested by the client and to perform the health program selected by the client.
I may share your information with third parties when you explicitly authorise us to share your information. Additionally, the Website may use third-party service providers to service various aspects of the Website. Each third-party service provider’s use of your personal information is dictated by their respective privacy policies.
The website currently used Mailpoet and Mail Chimp – this service is used for delivery of email updates and newsletters. It stores your name and email address for purposes of delivering such communications. Please refer to their privacy policies for further information.
Clients have the right to inspect their records at any time. This will be provided without delay and no later than one month after the request, which should be made in writing. I will ask clients to regularly check that the data is correct and update it where necessary.
You may opt-out of future email communications by following the unsubscribe links in our emails. You may also notify me at [email protected] to be removed from the mailing list.
Safe disposal of data
I will retain any information you choose to provide until the earlier of (a) you asking us to delete the information, (b) our decision to cease using existing data providers, or (c) I decide that the value in retaining the data is outweighed by the costs of retaining it.
Suspected breach
If I suspect that data has been accessed unlawfully, I will inform the relevant parties immediately and report to the Information Commissioner’s Office within 72 hours. I will keep a record of any data breach.