GENERAL DATA PROTECTION REGULATION (GDPR)

PRIVACY NOTICE

Lei-Lana Nutrition holds some information about you. This document outlines how that information is used, who we may share that information with and how we keep it secure. This notice does not provide exhaustive detail – we are happy to provide any additional information or explanation needed. Any requests for this should be sent to info@leilananutrition.com.

We keep our Privacy Notice under regular review. This Privacy Notice was last reviewed in November 2023.

WHY DO WE NEED TO KEEP PERSONAL INFORMATION?

We need to collect personal information about your health in order to provide you with the best possible recommendations. Your requesting a consultation/health and lifestyle advice and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that we would not be able to provide therapeutic services.

Obtaining personal information from you in respect of your contact details, personal and family health histories, and lifestyle choices are necessary in order to provide the advice and guidance requested.

Financial information is necessary in order to process payments for the services provided. All personal information is processed lawfully, fairly and in a transparent manner.

Our lawful basis for processing personal information is legitimate interests. Information is collected: via a questionnaire completed by you; during a personal consultation; through email; via a website; over the telephone or by post; by taking card and online payments. Lei-Lana Nutrition is a data processor and controller for the personal data it processes. No decisions are made by automated means.

We also think that it is important that we can contact you in order to confirm your appointments with us or to update you on matters related to your medical care. This again constitutes “Legitimate Interest”.

Provided we have your consent, we may occasionally send you general health and clinic information in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let us know by any convenient method.

WHAT INFORMATION IS HELD?

The personal information held contains the following information: Contact details: name, address, date of birth, landline telephone number, mobile telephone number, email address, preferred method of contact, next of kin, who you live with. Health Information: personal and family health history, lifestyle and social circumstances, physical and mental health details, GP contact details. Financial details: invoices for goods and services provided, payments made and any outstanding debt. Merchant copies of credit card receipts are kept for accounting records. Other information: Employment details. Referrals and appointment records.

Diagnostic information: Diagnosis of the condition and recommended treatments will be recorded. Test results.

WHAT FORM DOES THE INFORMATION HAVE AND IS IT SECURE?

Personal data is held at the clinic in a variety of forms:

• Lei-Lana Nutrition may make notes using a laptop, the data being stored in the cloud.

• Online: personal information is held on digital software programmes for diary/calendar, invoicing and accountancy processing.

• Information may be held in email format, provided by the client and held within the online emailing system.

• Website: Contact details and financial payment information is obtained via our website for ordering services and products. The payment for those is processed via Paypal or Stripe.

All online and cloud storage of data is encrypted and protected by logins and passwords. All of our external data processors that support us (such as Paypal and our booking and financial software providers) are legally and contractually bound to operate and prove security arrangements are in place to protect personal information.

HOW LONG IS INFORMATION KEPT?

This information is held in accordance with guidelines issued by our professional bodies and in accordance with the requirements of our insurers.

WHO DO WE SHARE DATA WITH?

Personal contact information and financial information provided by the client is processed by finance / book keeping / accountants / other administrative staff, and is available to the practitioner. The practitioner and staff see health and other information necessary for the consultation and they have to follow the common law duty of confidence: Where information is given by you in confidence it is treated as confidential and protected accordingly. Individual express consent will be obtained to share information with your GP.

None of the information is shared with other organisations except:

• Contact details will be provided to suppliers of products that you wish us to order on your behalf.

• Contact details will be provided to organisations that provide health testing facilities such as blood testing.

• We may also use Mailchimp / mail out platforms to coordinate our messages, so your name and email address may be saved on their server.

In all cases you provides permission to do so. Anonymous information concerning particular health issues and case histories may be shared with peers for the purpose of professional development. This may be at clinical supervision meetings or at conferences. Personal data may be shared where there is an overriding public interest in doing so, for instance, to safeguard an individual, or to prevent a serious crime. We do not share any information for marketing purposes.

You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records.

WHAT ARE YOUR RIGHTS?

An individual has the right to withdraw from consent to us holding their information and also has the right to request that personal data is kept in a particular form. However, that may result in the business relationship being unable to continue as the information in its current form is necessary for the desired outcome. An individual has the right to have their personal information rectified if it is inaccurate or incomplete. An individual has the right to have their personal information deleted, with some exceptions. An individual has the right to access their information. Requests for access must be in writing, by letter or email. We will comply with the request for information within 1 month. Access can be given to examine the records free of charge. If you would like to invoke any of your rights please contact the office by email at info@leilananutrition.com. An individual has the right to complain to the Information Commissioner’s Office.

COMPLAINTS

Complaints regarding the use of personal information can be made by contacting the office by email to info@leilananutrition.com. If a complaint is not resolved satisfactorily a more formal complaint can be made to the Information Commissioner’s Office (ICO) on 01625 545 745 or 0303 123 1113.