- As a nutrition professional and therefore custodian of personal information relating to your medical treatment, we must only use that information in accordance with all applicable law and guidance. This Privacy Notice provides you with an overview of how I will manage your data from the point at which it is gathered and onwards. I will use your personal information for a variety of purposes including providing you with care and treatment and sharing it with other medical professionals if appropriate.
- In addition, you have a number of rights as a data subject. You can, for instance, seek access to your medical information, object to me using your information in particular ways, request rectification of any information which is inaccurate or deletion of information which is no longer required (subject to certain exceptions).
Where “I” is used in this document, this refers to myself Nicola K Clarke of www.NKC-nutrition.com who will be handling your personal data under the capacity of a nutrition professional.
In the event that you have any queries, comments or concerns in respect of the manner in which we have used, or potentially will use, your personal information then you should contact us directly and we would be happy to discuss further. Please see the contact details at the top of this document.
Why I collect your data
I collect your personal data in order to provide my independent nutrition and dietetic services to you.
I have reviewed the purposes of our processing activities, and selected the most appropriate lawful basis (or bases) for each activity. The lawful bases are stated below:
(B) Contract (the processing is necessary to carry out the services requested)
(F) Legitimate interests
It is necessary for me to hold and process your personal data in order to identify you and the service you are receiving. I require information such as name, age and sex as well as relevant health and medical information in order to provide safe and appropriate advice. I am not able to provide services to you without the relevant information about you. Consent is not obtained as services cannot be provided without the relevant data, therefore it is difficult to offer a genuine choice.
What I collect
Only the relevant and necessary information will be collected. I may collect the following information:
- Personal details such as your name, age, address and gender
- Further clinical information e.g. medical history and medication you are taking which you may provide yourself or may come from reports from other healthcare professionals. This is known as special category data, the justification for the processing of such data is quoted below.
“Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;”
Where I provide services
I offer appointments either via home visits or over video/telephone from my home, the latter is carried out in a quiet and confidential environment. Home visits are currently not the favoured approach due to COVID 19 but can be carried out if safe to do so with the relevant precautions in place.
What I do with the information I gather
I will access this information as and when it is appropriate to inform the services I provide to you. Information will only be shared on a need to know basis with relevant healthcare professionals.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place encrypted electronic systems to safeguard and secure the information we collect. Halaxy (previously Healthkit) is a GDPR compliant electronic system which is used to send and receive clinical data to and from yourself. Standard Operating Procedures and risk assessments have been completed.
Controlling your personal information
I will not distribute, sell or lease your personal information to third parties or transfer it to another country unless I have your explicit permission or are required by law to do so. You may request details of personal information which I hold about you under the General Data Protection Regulation (GDPR). If you would like a copy of the information held on you please contact Nicola Clarke at email@example.com. If you believe that any information I am holding on you is incorrect or incomplete, please email me as soon as possible at the above address. I will promptly correct any information found to be incorrect.
I will keep your data for no longer than one year following our last correspondence or until you request us to delete them.
How you can withdraw and request to be deleted from our files
If you do not wish us to make use of your Personal Information in this way, please contact Nicola Clarke at firstname.lastname@example.org and your data will be deleted immediately. Should you have any queries in relation to the handling of your data, please contact me using the same details.
If you have any concerns or would like to make a complaint about how NKC Nutrition handles your data, please contact Information Commissioner’s Office at ico.org.uk or call 0303 123 1113. You can also visit ico.org.uk to understand more about your rights as a data subject.
The information in this document is regularly reviewed and, where necessary, updated in accordance with changes to practices or guidelines. If I plan to use personal data for a new purpose, I update our privacy information and communicate the changes to individuals before starting any new processing.
Updated January 2022