top of page
Holistic Fertility with Liz holds some information about you. This document outlines how that information is used, who I may share that information with and how I keep it secure. This notice does not provide exhaustive detail. However, I am happy to provide any additional information or explanation needed. Any requests for this should be sent to email@example.com . I keep my Privacy Notice under regular review. This Privacy Notice was last reviewed in January 2022.
1.1.1 What I Do
Holistic Fertility with Liz provides nutritional therapy services to clients to improve their health through diet and lifestyle interventions. I focus on preventative healthcare, the optimisation of physical and mental health and chronic health conditions, specialising in Fertility support for couples. Through nutritional therapy consultations, dietary and lifestyle analysis and functional testing, I aim to understand the underlying causes of your health issues which I will seek to address through personalised dietary therapy, nutraceutical prescription (supplements) and lifestyle advice.
I also offer nutrition workshops and group programmes.
1.1.2 How I Obtain Your Personal Data
Information provided by you
You provide me with personal data in the following ways:
By joining my nutrition mailing list
By completing a nutritional therapy questionnaire
By signing a terms of engagement form
During a nutritional therapy consultation
Through email, over the telephone or by post
Via social media channels such as Facebook and Instagram
By taking credit card and online payment
By filling in a form on my website such as downloading my eBook or booking a free 30 review consultation
When you subscribe to my services via any other channel
When you make any bookings via the Practice Better (booking) system connected with my account
When you opt in to receive marketing messages, or news by email, SMS or other means.
This may include the following information:
basic details such as name, address, contact details and next of kin
details of contact I have had with you such as referrals and appointment requests
health information including your previous medical history, dietary, lifestyle, supplement and medicine details, functional/ clinical test results, clinic notes and health improvement plans. Sensitive information (known as ‘special categories of personal data’).
GP contact information
Data collected from my website
I use this information in order to provide you with direct healthcare. This means that the legal basis for us holding and processing your personal data is in line with GDPR Article 6 (1) (b) and Article 9 (2) (h):
Legal obligation: the processing is necessary for compliance with a legal obligation Article 6 (1)(c)*
Vital interests: the processing is necessary to protect someone’s life. Article 6 (1)(d)
Public interest: the processing is necessary to perform a task in the public interest. Article 6 (1)(e)
Legitimate interests: the processing is necessary for an organisation’s legitimate interests or the legitimate interests of a third-party Article 6 (1)(f)
Information I get from other sources
I may obtain sensitive medical information in the form of test results from functional testing companies. I use this information to provide you with direct healthcare. This means that the legal basis of our holding your personal data is for legitimate interest.
I may obtain sensitive information from other healthcare providers. The provision of this information is subject to you giving me your express consent. If I do not receive this consent from you, I will not be able to coordinate your healthcare with that provided by other providers which means the healthcare provided by us may be less effective.
1.1.3 How I use and store your personal data
I act as a data controller for use of your personal data to provide direct healthcare. I also act as a controller and processor in regard to the processing of your data from third parties such as testing companies and other healthcare providers. I act as a data controller and processor in regard to the processing of credit card and online payments.
I protect all personal data I hold about you by ensuring that I have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged.
All information you provide is stored securely. Any payment transactions via my website or Practice Better System will be processed securely by third party payment processors. Where I have given you (or where you have chosen) a password that enables you to access the Practice Better System, you are responsible for keeping that password confidential. You must not share your password with anyone.
The transmission of information via the internet cannot be guaranteed as completely secure. Once I have received your information, I use strict procedures and security features to minimise the risk of unauthorised access.
At your request, I may occasionally transfer personal information to you via email, or you may choose to transfer information to me via email. Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so understanding the risks associated with doing so.
I may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime. Also where there is a legal requirement such as a formal court order. I may use your data for marketing purposes such as newsletters but this would be subject to you giving us your express consent.
1.1.4 How I retain your personal data
Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws. Unless I explain otherwise to you, I will retain your personal data on the basis of the following guidelines:
for as long as I have a reasonable business need, such as managing our relationship with you and managing our business
for as long as I provide services and/or treatment to you and then for as long as someone could bring a complaint or claim against me (in general this is a period of 8 years); and/or
in line with the requirements of my professional association ANP (Association of Naturopathic Practitioners) and in accordance with GDPR law.
1.1.5 Sharing of information with others
I will keep information about you confidential. I will only disclose your information with other third parties with your express consent with the exception of the following categories of third parties:
My professional association, ANP, for the processing of a complaint made by you
Any contractors and advisors that provide a service to me or act as our agents on the understanding that they keep the information confidential (such as my booking and payment systems)
Anyone to whom I may transfer our rights and duties under any agreement I have with you
Any legal or crime prevention agencies and/or to satisfy any regulatory request (such as ANP) if I have a duty to do so or if the law allows us to do so
I collect your information via the Practice Better System – a copy of their data policy may be viewed here. Payments are taken via Square and their data policy may be found here.
I may share your information with supplement companies and functional testing companies as part of providing you with direct healthcare. I will not include any sensitive information
I will seek your express consent before sharing your information with your GP or other healthcare providers. However if I believe that your life is in danger then I may pass your information onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests.
I may share your case history in an anonymised form with my peers for the purpose of professional development. This may be at clinical supervision meetings, conferences, online forums, and through publishing in medical journals, trade magazines or online professional sites. I will seek your explicit consent before processing your data in this way.
1.1.6 What are your rights?
Every individual has the right to see, amend, delete or have a copy, of data held that can identify you, with some exceptions. You do not need to give a reason to see your data. our personal information is protected under data protection law and you have a number of rights:
To have your personal information corrected if it is inaccurate and to have incomplete personal information completed in certain circumstances.
The right in some cases to object to processing of your personal information (as relevant). This right allows individuals in certain circumstances to object to processing based on legitimate interests, direct marketing (including profiling) and processing for purposes of statistics.
The right to have your personal information erased in certain circumstances (also known as the “right to be forgotten”). This right is not absolute – it applies only in particular circumstances and where it does not apply any request for erasure will be rejected. Circumstances when it might apply include where the personal information is no longer necessary in relation to the purpose for which it was originally collected/processed, if the processing is based on consent which you then withdraw, when there is no overriding legitimate interest for continuing the processing, if the personal information is unlawfully processed, or if the personal information has to be erased to comply with a legal obligation. Requests for erasure will be refused where that is lawful and permitted under data protection law for instance where the personal information has to be retained to comply with legal obligations or to exercise or defend legal claims. Please note that if I have processed an erasure request from you and subsequently you submit your personal data through one of my data capture channels, I will begin to communicate with you again as a new customer in line with the consent you have provided.
To request access to the personal information held about you and to obtain certain prescribed information about how I process it. This is more commonly known as submitting a “data subject access request”. This right will enable you to obtain confirmation that your personal information is being processed, to obtain access to it, and to obtain other supplementary information about how it is processed. In this way you can be aware of and you can verify the lawfulness of our processing of your personal information.
The right to complain to the Information Commissioner’s Office who has the power to investigate whether I am complying with the data protection law. You can do this if you consider that I have infringed it. You can visit the ico website for more information.
I do not carry out any automated processing, which may lead to automated decision based on your personal data.
If you would like to invoke any of the above rights then please write to the Data Controller at firstname.lastname@example.org. I shall respond within 20 working days from the point of receiving the request and all necessary information from you.
My response will include the details of the personal data I hold on you including:
Sources from which we acquired the information
The purposes of processing the information
Persons or entities with whom we are sharing the information
1.1.7 What safeguards are in place to ensure data that identifies you is secure?
I only use information that may identify you in accordance with GDPR. This requires me to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.
Within the health sector, we also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. I will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
I also ensure the information I hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it). I ensure external data processors that support us are legally bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
Holistic Fertility with Liz is registered with the Information Commissioner’s Office (ICO) as a data controller and collects data for a variety of purposes. A copy of the registration is available through the ICO website (search by business name).
1.1.8 How long I hold confidential information
All records held by Holistic Fertility with Liz and will be kept for the duration specified by guidance from our professional association ANP.
1.1.9 Non-personal data collected when accessing my website (Analytics)
Like most websites, I make use of analytics software in order to help me understand the trends in popularity of my website and of different sections. I make no use of personally identifiable information in any of the statistical reports I use from this package.
I do use electronic forms on my website making use of an available ‘forms module’ which has a number of built-in features to help ensure privacy. I also aim to use secure forms where appropriate.
By law, website operators are required to ask for a website user’s permission when placing certain kinds of cookie on their devices for the first time. You can opt out of this.
Where consent is required, the law states that it should be “informed consent”, which means we must ensure that you understand what cookies are and why we want to use them. I am committed to providing the best digital service to you whilst at the same time fully protecting your privacy.
What exactly are Cookies?
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving your user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.
You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential Cookies) you may not be able to access all parts of my website. For information on how to delete cookies, please refer to: use https://ico.org.uk/for-the-public/online/cookies. You can also opt out of being tracked by Google Analytics across all websites by visiting http://tools.google.com/dlpage/gaoptout
Definitions used above are consistent with those supplied by the International Chamber of Commerce ‘ICC UK Cookie Guide’ April 2012. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
1.1.1 What to do if you have a complaint about my use of your personal information
If you have a complaint regarding the use of your personal data then please contact me by writing to the Data Controller at email@example.com and I will do my very best to help you.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303 1231113.
1.1.3 How to contact me
bottom of page