Scotti McLaren Personalised Nutrition holds some information about you. This policy outlines how that information is used, who I may share that information with and how I keep it secure. This notice does not provide exhaustive detail. However, I am happy to provide any additional information or explanation needed. Any requests for this should be sent to firstname.lastname@example.org.
1. How I obtain your personal data
Information provided by you
You provide me with personal data in the following ways:
By completing a Health Questionnaire
Through email, over the telephone or by post
Documents uploaded to Dropbox, such as lab tests
By making online payment
By signing-up for the newsletter on the website
This may include the following information:
Basic details such as name, address, contact details, date of birth
Information relating to health, including details of issues and history
Information I get from other sources
I do not collect information from any other sources.
2. How I use your personal data
I use your information to manage and administer our working relationship. This means that the legal basis of our holding your personal data is for contract purposes.
I also use your information to provide you with nutritional therapy. This means that the legal basis of processing your personal data is for legitimate interests.
I also use your information to provide you with regular newsletters, promotional offers and information on upcoming events and activities. I will always seek your consent to process your information in this way. This means that the legal basis for holding your personal data is consent.
I act as a data controller for use of your personal data to provide my professional services. I also act as the data controller and processor in regard to processing of your credit card payments.
I undertake at all times to protect your personal data in a manner which is consistent with the requirements of the General Data Protection Regulation (GDPR) concerning data protection. I will also take reasonable security measures to protect your personal data storage.
3. Do I share your information with other organisations?
I will keep information about you confidential. I will only disclose your information to third parties with your express consent.
4. How long do I hold confidential information for?
All records held by me will be kept in line with my records retention policy. These retentions are in line with the length of time we need to keep your personal information in order to manage and administer my professional services. They also take into account any legal, statutory and regulatory obligations. My need to use your personal information will be reassessed on a regular basis and information which is no longer required will be disposed of.
5. What safeguards are in place to ensure data that identifies you is secure?
I only use information that may identify you in accordance with GDPR. This requires me to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.
I also ensure the information I hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it). I ensure external data processors that support me are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
6. What are your rights?
Every individual has the right to see, amend, delete or have a copy, of data held that can identify you, with some exceptions. You do not need to give a reason to see your data.
My response will include the details of the personal data I hold on you, including:
Sources from which I acquired the information
The purposes of processing the information
Persons or entities with whom I am sharing the information
You have the right, subject to exemptions, to:
Delete your information
Correct or update your information where it is no longer accurate
Ask me to stop processing information about you where we are not required to do so by law or in accordance with the BANT and CNHC guidelines.
Object at any time to the processing of personal data concerning you
I do not carry out any automated processing, which may lead to automated decision based on your personal data.
If you would like to invoke any of the above rights then please email me at : email@example.com.
7. Website technical details
I do use electronic forms on my website making use of an available ‘forms module’ which has a number of built-in features to help ensure privacy. I also aim to use secure forms where appropriate.
Like most websites, I make use of analytics software in order to help us understand the trends in popularity of our website and of different sections. I make no use of personally identifiable information in any of the statistical reports I use from this package. I use an analytics package managed by Wix.
If you have a complaint regarding the use of your personal data then please contact me by email at firstname.lastname@example.org.