Privacy Policy

Data Protection Notice

PURPOSE OF POLICY

Nutrition with Flo needs to use and gather information about individuals. These can include clients, suppliers, employees and other people that I have a business relationship with or need to contact. 

This policy describes how this data is collected and stored to comply with the General Data Protection Regulation.   

POLICY STATEMENT

I am committed to protecting the rights and privacy of clients, and others in accordance with General Data Protection Regulation. I am committed to 

  • Respect individuals rights 

  • Be open and honest 

  • Comply with the law 

  • Run a respectful practice 

PERSONAL DATA

I may need to hold on to your data due to the following purposes: 

  • Case histories 

  • Provision of direct healthcare/referrals on to other practitioners 

  • Consultations detailing medical information, family history, diet, lifestyle, test results, supplement lists 

  • Address, telephone number, email 

DATA PROTECTION PRINCIPLES

I will make every effort to comply with these principles at all times in my information-handling practices.

The principles are: 

1) Lawful, fair, and transparent (data collection must be fair, for a legal purpose and transparent as to how it will be used) 

2) Limited for its purpose  (must be for a legitimate interest)

3) Data minimisation  (data collection must be necessary and not excessive)  

4) Accurate  (the data I hold must be accurate and up to date)  

5) Retention  (not to be kept longer than necessary) 

6) Integrity and confidentiality  (the data I hold must be secure) 

RESPONSIBILITIES

For Nutrition with Flo, I am the data controller of all personal data held by me and I am responsible for: 

  • Analyzing and documenting the type of personal data I hold 

  • Storing data in safe and secure ways 

  • Ensuring consent procedures are lawful 

  • Assessing the risks that could be posed to individual rights and freedoms should data be compromised 

I will retain personal data for no longer than is necessary. This shall be in accordance with the guidelines of my professional association FNTP.  

DATA SECURITY

I will keep personal data secure against loss or misuse. Where other organizations process personal data as a service on my behalf, I will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third-party organizations. In cases when data is stored on printed paper, it will be kept in a secure place (locked filing cabinet in a secure property) where unauthorized personnel cannot access it. Printed data will be shredded when it is no longer needed. Data stored on a computer will be protected by strong passwords that are changed regularly. Furthermore, data stored on CD’s or memory sticks will be encrypted or password protected and locked away securely when they are not being used. Any services used to store personal data will be assessed for compliance with the General Data Protection Regulation (GDPR) principles. As well as this, all servers containing sensitive data will be protected by security software.

ACCOUNTABILITY AND TRANSPARENCY

I will ensure accountability and transparency in all my use of personal data. I will keep written up-to-date records of all the data processing activities that I do and ensure that they comply with each of the GDPR principles. I will regularly review my data processing activities and implement measures to ensure privacy by design including data minimization, pseudonymization, transparency and continuously improving security and enhanced privacy procedures. 

CONSENT

I will ensure that consents are specific, informed and plain English such that individuals clearly understand why their information will be collected, who it will be shared with, and the possible consequences of them agreeing or refusing the proposed use of the data. Consents will be granular to provide choice as to which data will be collected and for what purpose. I will seek explicit consent wherever possible. I will maintain an audit trail of consent by documenting details of consent received including who consented, when, how, what, if and when they withdraw consent. I will regularly review consents and seek to refresh them regularly or if anything changes. 

USING THIRD PARTY CONTROLLERS/PROCESSORS

As a data controller and/or data processor, I will have written contracts in place with any third-party data controllers (and/or) data processors that I use. The contract will contain specific clauses which set out my and their liabilities, obligations and responsibilities. As a data controller, I will only appoint processors who can provide sufficient guarantees under GDPR and that the rights of data subjects will be respected and protected. As a data processor, I will only act on the documented instructions of a controller. I acknowledge my responsibilities as a data processor under GDPR and I will protect and respect the rights of data subjects.

COMPLAINTS

If you have a complaint regarding the use of your personal data then please contact us by 
emailing nutritionwithflo@gmail.com and we will do our best to help you. 
Nutrition With Flo is registered with the Information Commissioner’s Office (ICO) as a data controller and collects data for a variety of purposes. A copy of the registration is available through the ICO website (search by business name). You also have the right to raise a complaint with the ICO if you are unhappy with the way we have collected, stored or used your personal data.