Privacy Policy

Introduction

This privacy policy explains how Eden Health and Nutrition ("we," "us," or "our") collects, stores, and uses your personal information in compliance with UK privacy law, including the Data Protection Act 2018 and the UK GDPR 2021. If you have any questions, comments, or concerns about how we use your personal information, please contact us by using the contact form on our website or by emailing timothy@edenhealthandnutrition.co.uk.

What services do we offer?

Eden Health and Nutrition provides nutrition consultations, talks, and webinars designed to inform, educate, and coach clients to achieve their nutrition and health goals. 

What types of data do we collect?

As a client of Eden Health and Nutrition, we may collect the following personal information:

  • Name

  • Contact details (postal address, email address, telephone number, including mobile number)

  • Financial information (insurance policy details or bank details)

  • Occupation

  • Emergency contact details (including next of kin)

  • Background referral details

  • Information relating to your physical and mental health (special category data)

  • Details of your current or former physical or mental health, including information about any healthcare you have received from other healthcare providers (GPs, dentists, hospitals – both NHS and private), which may include details of clinic and hospital visits, as well as medicines administered.

  • Details of services you have received from us

  • Details of your religion (optional)

  • Details of any genetic data or biometric data relating to you (if applicable)

We understand the sensitive nature of your health information and are committed to protecting its confidentiality. We comply with UK data protection law and all applicable medical confidentiality guidelines issued by professional bodies.

If you provide personal information about other individuals (including medical or financial information), you should inform them about this privacy policy. We will also process such information in accordance with this policy.

How do we collect your information?

We may collect personal information from various sources, including:

  • Directly from you: when you enter into a contract with us, use our services, submit a query (via email, social media, or our website), or correspond with us (by letter, email, telephone, or social media).

  • If requires or needed; with your consent, from third parties: medical records from your GP, consultants, other clinicians, hospitals (NHS and private), mental health providers, or commissioners of healthcare services. We will only collect health information from third parties with your explicit consent.

Do we collect information from third parties?

As mentioned above, we may collect information from third parties with your explicit consent, such as other healthcare organisations, when you are referred to us, or when we liaise with your current or former health professional, family, or insurance provider.

How will we communicate with you?

We may communicate with you by telephone, SMS, WhatsApp, email, and/or post. For appointment reminders and other administrative information, we may contact you by SMS and/or unencrypted email (if you have provided us with these contact details). For information relating to you consultation the default will be unencrypted utilising the transit encryption as defaulted on Google Mail however, for further sensitive information you can opt for further email encryption for data such as test results or diet/exercise plans via confidential mode on Google Mail. This will be need to be clarified at the time of your consultation. 

While providing your contact details implies your consent to be contacted by that method, we process your data for communication about your treatment based on the necessity of providing healthcare services, not solely on consent.

What is our role in the protection of your data?

We are Data Controllers for the personal information we hold about you. This includes your health information, as well as other data like financial details for billing. We comply with data protection legislation and relevant guidance when handling your personal information. Any images taken in relation to your treatment are managed according to the law, this Privacy Notice, and all applicable professional standards. 

What are the purposes for which your information is used?

We process your information for specific purposes, and each use must have a legal justification. "Special category data" (health information) requires additional justification. Our legal justifications generally include:

  • Entering into a contract with you for healthcare services.

  • Providing you with healthcare under that contract.

  • Our legitimate business needs (e.g., quality assurance, maintaining records, responding to complaints), provided these do not override your rights.

  • Compliance with legal or regulatory obligations.

  • Establishing, exercising, or defending legal rights.

  • Your explicit consent (for certain processing activities).

Failure to provide necessary information may affect our ability to provide healthcare services to you.

Specific Purposes and Legal Grounds:

  • Providing healthcare and related services: Necessary for providing healthcare services and fulfilling our contract with you. The additional legal ground for special category data is the provision of health or social care or treatment or the management of health or social care systems.

  • Billing and account management: Necessary for our legitimate business interests (efficient administration) and fulfilling our contract with you. The additional legal ground for special category data is the provision of health or social care or treatment or the management of health or social care systems.

  • Clinical audit: Necessary for our legitimate interests and the public interest in statistical and scientific research, with appropriate safeguards. You have the right to object. The additional legal ground for special category data is the provision of health or social care or treatment or the management of health or social care systems.

  • Communication and query/complaint resolution: Necessary for providing healthcare services and fulfilling our contract with you, and for establishing, exercising, or defending legal rights. The additional legal ground for special category data is the provision of health or social care or treatment or the management of health or social care systems.

  • Communication with other healthcare professionals or individuals you designate: Necessary for providing healthcare services and our legitimate interest in ensuring joined-up care. The additional legal ground for special category data is the provision of health or social care or treatment or the management of health or social care systems.

  • Compliance with legal/regulatory obligations and defending legal rights: Necessary for compliance with legal obligations and for establishing, exercising, or defending legal rights. The additional legal ground for special category data is necessary for reasons of substantial public interest under UK law or for establishing, exercising or defending legal claims.

  • Managing business operations (accounting, financial analysis, internal audit, professional advice): Necessary for our legitimate business interests. No additional legal ground is required for special category data as this data will not be used for this purpose.

Disclosures to third parties:

We may disclose your information to the following third parties for the purposes described in this Privacy Notice:

  • Healthcare professionals involved in your treatment (doctors, nurses, carers, etc.)

  • Support staff only those that would be involved in your care

  • Individuals you designate as emergency contacts or for communication about your care.

  • NHS organisations (NHS Resolution, NHS England, Department of Health).

  • Other private sector healthcare providers.

  • Your GP and dentist.

  • Other clinicians (and their medical secretaries).

  • Third parties assisting in the administration of your healthcare (insurance companies).

  • Private Healthcare Information Network (if applicable).

  • Other third parties where we have a legal obligation to disclose information.

Automated Decision Making:

We do not use automated decision-making in relation to your treatment or any decisions that produce legal or similarly significant effects.

How long do we keep personal information for?

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy and to comply with 1 our legal and regulatory obligations. For healthcare records, this is typically at least ten years from the date of treatment, and in the case of minors, ten years after they reach the age of majority. For patients with mental incapacity, records may be kept indefinitely.   

Your rights:

You have the following rights regarding your personal information:

  • Access: You can request a copy of the information we hold about you and details of how we use it.

  • Rectification: You can ask us to correct any inaccurate or incomplete information.

  • Erasure ("right to be forgotten"): You can request that we delete your information in certain circumstances.

  • Restriction of processing: You can ask us to limit how we use your information in certain circumstances.

  • Data portability: You can request that we transfer your information to you or another organisation in a portable format.

  • Withdrawal of consent: You can withdraw your consent to our use of your information where we rely on consent as the legal basis for processing.

  • Complaint to the ICO: You can complain to the Information Commissioner's Office if you are unhappy with how we have handled your information.

To exercise these rights, please contact us using the details provided above. We may not be able to comply with all requests, particularly if they involve the personal data of another person or if there are legal grounds for retaining the information.

What technology do we use to support our business?

We use Google Workspace as the primary technology provider, we use their apps across the business from their forms application to capture information about yourself to their Gmail application. Google is in compliance with Data Security and Protection Toolkit (DSP Toolkit). 

  • We store any client specific notes on Google Drive in one of Google’s EU data centre’s. Google drive is ISO 27001 certified. More information can be found here.

  • We use Microsoft Office applications primarily for note taking.

  • The website has been constructed via the software application Squarespace and like all websites today do capture cookies. However we do not make use of cookies to collect any private or personally identifiable information. The technical platform of this website uses cookies solely to aid the proper technical functioning of the website. The cookies used contain random strings of characters alongside minimal information about the state and session of the website – which in no way collects or discloses any personal information about you as a visitor.

  • Advanced areas of this site may use cookies to store your presentation preferences in a purely technical fashion with no individually identifiable information. 

  • Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout

Effective Date: 17/02/2025

Last updated: 17/02/2025