Privacy Policy of NutriHealth London
NutriHealth London is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, and share your personal data when you use our online platform, engage with our services, or interact with us. We are dedicated to ensuring compliance with the General Data Protection Regulation (GDPR) and all other applicable data protection laws.
1. Information We Collect
We collect various types of information to provide and improve our personalized nutritional consultations, dietary planning, weight management programs, sports nutrition guidance, corporate wellness workshops, and allergen/intolerance support services.
- Personal Identifiable Information (PII): This includes your name, address, email address, phone number, date of birth, and gender. We collect this when you register for an account, book a consultation, or subscribe to our newsletter.
- Health and Dietary Information: Given the nature of our services, we collect sensitive personal data related to your health, dietary habits, medical history, allergies, intolerances, and nutritional goals. This information is collected with your explicit consent during consultations and assessments to provide tailored advice.
- Payment Information: When you purchase our services, we collect payment details. However, we do not store full credit card numbers on our servers; this information is processed securely by third-party payment processors.
- Usage Data: We automatically collect information on how our site is accessed and used. This may include your computer's Internet Protocol (IP) address, browser type, browser version, the pages you visit on our site, the time and date of your visit, and other diagnostic data.
- Communication Data: Records of your correspondence with us, including emails and chat messages.
2. How We Use Your Information
We use the collected data for various purposes:
- To provide and maintain our services, including personalized nutritional plans and consultation schedules.
- To manage your account and provide customer support.
- To improve, personalize, and expand our services, offerings, and user experience.
- To communicate with you about your appointments, services, and important updates.
- To send you marketing and promotional communications that may be of interest to you, based on your preferences. You can opt out at any time.
- To monitor the usage of our online platform and to detect, prevent, and address technical issues.
- To comply with legal obligations and to protect our rights and property.
3. Legal Basis for Processing Personal Data under GDPR
Our legal basis for collecting and using your personal data depends on the data we collect and the specific context in which we collect it:
- Consent: We will process your sensitive health and dietary information based on your explicit consent.
- Contractual Necessity: Where the processing is necessary for the performance of a contract with you (e.g., to provide consultations you've booked).
- Legal Obligation: To comply with legal obligations (e.g., tax and accounting requirements).
- Legitimate Interests: For our legitimate interests, provided that your rights and freedoms are not prejudiced (e.g., improving our services, preventing fraud, direct marketing with an opt-out).
4. Sharing Your Information
We do not sell your personal data. We may share your information in the following situations:
- Service Providers: We may share data with trusted third-party service providers who assist us in operating our online platform, conducting our business, or serving our users (e.g., payment processors, CRM systems, IT support). These third parties are obligated to keep your information confidential and use it only for the purposes for which we disclose it to them.
- Legal Requirements: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
- Business Transfers: In the event of a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different Privacy Policy.
5. Data Security
The security of your data is paramount to us. We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. This includes encryption, access controls, and secure physical storage for any paper records. However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
6. Data Retention
We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy, including for the purposes of satisfying any legal, accounting, or reporting requirements. When assessing the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
7. Your Data Protection Rights under GDPR
Under certain circumstances, you have the following data protection rights:
- The right to access: You have the right to request copies of your personal data.
- The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
- The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- The right to withdraw consent: You also have the right to withdraw your consent at any time where NutriHealth London relied on your consent to process your personal information.
If you make a request, we have one month to respond to you. For any such requests, please contact us using the contact details provided below.
8. Transfer of Data Outside the EEA
Your information, including personal data, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.
NutriHealth London will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
9. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our service, prior to the change becoming effective and update the "last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
10. Contact Us
If you have any questions about this Privacy Policy, or if you would like to exercise any of your data protection rights, please contact us:
NutriHealth London
14 King's Road,
Ground Floor Office,
Chelsea, Greater London,
SW3 4UD
United Kingdom