top of page

Privacy Policy

​

Welcome to the privacy policy for Nutrition for Women Ltd (the “Company”). This policy will inform you as to how the Company looks after your Personal Data when you visit its website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

​

It is important that you read this policy together with the Company’s other policies so that you are fully aware of how and why your data is being used. In particular, this policy should be read together with the Company’s Terms and Conditions and Data Protection Policy, which define many of the key terms used in this policy. This policy supplements the Company’s other policies and notices and is not intended to override them.

​

Controller

​

The Company acts as a Controller in respect of the use of your Personal Data to provide direct healthcare services.  The Company act as a Controller and Processor regarding the processing of your data from third parties, such as testing companies and other healthcare providers.  The Company also acts as a Controller and Processor in regard to the processing of credit card and online payments.

​

The Company is registered with the ICO as a Controller. A copy of the registration is available through the ICO website (search by business name).

​

Contact details

​

If you have any questions regarding this policy or the Company’s privacy practices, please contact us using one of the following methods:

​

Telephone: +(44)7500396022

​

Email: hello@nutritionforwomen.co.uk

​

Post:

Nutrition for Women Ltd

The Old Post Office

41-43 Market Place

Chippenham

SN15 3HR

​

You have the right to make a complaint at any time to the ICO, the UK regulator for data protection issues (www.ico.org.uk). However, the Company would appreciate the chance to deal with your concerns before you approach the ICO, so please make contact using one of the above methods in the first instance.

​

Changes to this policy and your duty to inform us of changes

​

This policy is kept under regular review and was last reviewed in March 2023.

​

It is important that the Personal Data that the Company holds about you is accurate and current. Please keep the Company informed if your Personal Data changes at any time during your relationship with the Company.

​

Third-party links

​

The Company’s website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. The Company does not control these third-party websites and is not responsible for their privacy statements.

​

Personal Data we collect

​

The Company may collect, use, store and transfer different kinds of Personal Data about you, which we have grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier, marital status, title, date of birth and gender.

  • Contact Data includes billing address, delivery address, email address and telephone numbers.

  • Medical and Healthcare Data includes personal medical and health information that you disclose to the Company or its employees, previous medical history, supplement and medicine details, diet, lifestyle, employment and education details, biochemical test results, information and communications from doctors, social care providers and other medical and health professionals, clinic notes, health improvement plans, questionnaires, consultation notes and other communications.

  • Financial Data include bank account and payment details.

  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

  • Technical Data includes internet protocol address, login data, browser type and version, time zone and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Company’s website.

  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

  • Usage Data includes information about how you use the Company’s website, products and services.

  • Marketing and Communications Data includes your preferences in receiving marketing from the Company and third parties, as well as your communication preferences.

 

If you fail to provide Personal Data

​

Where the Company needs to collect personal data by law, or under the terms of a contract with you, and you fail to provide that data when requested, the Company may not be able to perform the contract. In this case, the Company may have to cancel a product or service. You will be notified if this is the case at the time.

​

The Company may need to obtain sensitive information from other healthcare providers. The provision of this information may be subject to you giving express consent. Failure to provide this information may not prevent the Company from performing any contract with you, but it is likely to mean that the Company will not be able to coordinate your healthcare with other providers which means the healthcare provided may be less effective.

​

How your personal data is collected

​

The Company uses different methods to collect Personal Data from and about you, including through:

​

  • Direct Interactions: you may give the Company Personal Data by filling in forms, corresponding by post, phone, email or otherwise, and by attending consultations and events. This includes Personal Data that you provide when you:

    • Apply for products or services from the Company;

    • Create an account on the Company’s website;

    • Request or subscribe to marketing or other communications;

    • Complete surveys or provide feedback; and

    • When you contact us.

  • Automated Technologies or Interactions: as you interact with the Company’s website, the Company will automatically collect Technical Data about your equipment, browsing actions and patterns. This data is collected by cookies and similar technologies.

  • Third Parties or Publicly Available Sources: the Company may receive Personal Data about you from third parties, such as other healthcare providers. The Company may receive Technical Data from analytics providers and search information providers. The Company may also receive Contact, Financial and Transaction Data from providers of technical, payment and delivery services.

 

How we use your personal data

​

The Company will only use your Personal Data when the law allows it to do so. Most commonly, this will be in the following circumstances:

​

  • Where this is necessary to perform a contract that you are about to enter into with the Company or which you have entered into;

  • Where it is necessary for the Company’s legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;

  • Where you have provided your Consent. For example, where you voluntarily input information into the Company’s website; and

  • Where it is necessary to comply with a legal obligation or regulatory request.

 

The Company undertakes to protect your Personal Data in a manner which is consistent with the duty of professional confidence and the requirements of the UK GDPR.  The Company will also take reasonable security measures to protect your Personal Data.

​

The Company may use your personal data:

  • To register you as a new customer;

  • To process and deliver your order;

  • To provide the contract services to you;

  • To manage its relationship with you;

  • To administer and protect its business, including its website;

  • To deliver relevant website content to you;

  • To improve its website, services, products, marketing, customer relationships and experiences;

  • To provide marketing information;

  • To process any complaint you may make; and

  • To comply with a legal obligation or regulatory request

 

The Company may use your Identity, Contact, Technical, Usage and Profile Date to form a view on what you may need, or what may be of interest to you and to market relevant products or services to you. The Company will not share your Personal Data with any third party for marketing purposes without your express opt-in consent.

​

You may opt-out of receiving marketing messages from us or third parties at any time by contacting us.

​

Change of purpose

​

The Company will only use your Personal Data for the purposes for which it is collected, unless it reasonably considers that it needs to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please get in touch.

​

If the Company needs to use your Personal Data for an unrelated purpose, it will notify you and will explain the legal basis which allows it to do so.

​

Please note that the Company may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

​

Disclosure of your Personal Data

​

The Company will only disclose your information to third parties with your express consent, with the exception of the following categories of third parties:

​

  • The Company’s registrant body, the Complementary and Natural Healthcare Council (“CNHC”) and professional association, the British Association for Nutrition and Lifestyle Medicine (“BANT”), for the processing of a complaint made by you;

  • Contractors and advisors that provide a service to the Company or act as its agents on the understanding that they keep the information confidential;

  • Anyone we reasonably believe to be your parent, carer, or helper where you are unable to handle your own affairs because of mental capacity or other similar issues;

  • Anyone to whom the Company may transfer its rights and duties under any agreement with you; and

  • Any legal or crime prevention agency or regulatory body where the Company is under a duty to do so or if the law allows it to do so.

 

The Company may share your Personal Data with supplement companies and biochemical testing companies as part of providing you with direct healthcare.

​

The Company will seek your express consent before sharing your information with your GP or other health or social care providers.  However, if the Company believes that your life or the lives of others are in danger then it may pass your information to an appropriate authority using the legal basis of vital interests.

​

The Company may disclose your Personal Data to legal authorities where there are strong grounds for believing that not doing so may result in harm to yourself or others.

​

The Company may share your case history in an anonymised form with its peers for the purpose of professional development. This may be at clinical supervision meetings, conferences, online forums, and through publishing in medical journals, trade magazines or online professional sites. 

​

The Company will store and transmit data using strong encryption where possible and appropriate.

​

The Company will only transfer Personal Data to a country or territory outside the UK with your express consent and in accordance with data protection laws.

​

Some data is physically stored with third parties but encrypted in such a way that they do not have access to it. The Company does not consider this to be “sharing”, and considers that once it is properly encrypted, it is no longer Personal Data.

​

Your rights

​

Under certain circumstances, you have rights under data protection laws in relation to your Personal Data. These include rights to:

​

  • Request access to your Personal Data;

  • Request correction of your Personal Data;

  • Request erasure of your Personal Data;

  • Object to Processing of your Personal Data;

  • Request restriction of Processing your Personal Data;

  • Request transfer of your Personal Data; and

  • Withdraw Consent.

 

If you wish to exercise any of the rights set out above, please contact the Company using the contact details provided above.

​

The Company may need to request specific information from you to help confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. The Company may also contact you to ask you for further information in relation to your request to speed up its response.

​

You will not have to pay a fee to access your Personal Data (or to exercise any of your other rights). However, the Company may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, the Company may refuse to comply with your request in these circumstances.

​

The Company will try to respond to all legitimate requests within one month. Occasionally, it may take longer than a month if your request is particularly complex or you have made a number of requests. In this case, the Company will notify you and keep you updated.

​

Clients under the age of 18 may make subject access requests, and the Company will use its reasonable judgement to decide whether they have sufficient maturity to understand the request they are making. Any child may ask a parent to make the request on their behalf. Children aged 13 and over are generally assumed to have the appropriate maturity to make such a request, but this may depend on the child and the type of data.

​

Parents may also have legitimate interests to information about their children over and above subject access requests, and without the consent of the child. Where parents are separated, the Company may take individual circumstances into account.

​

Notwithstanding who is responsible for or caring for an individual, Personal Data belongs to the individual to whom it relates. However, the Company will rely on parental authority in most situations, where the child is under 18.

​

Similarly, the Company will assume that a child’s consent is not required for disclosure of their data to and from their parents, unless there are specific reasons for confidentiality, one of which would be where a child requests it.

​

The Company does not carry out any automated processing, which may lead to automated decisions based on your Personal Data.

​

Data security

​

The Company has put in place appropriate security measures to prevent Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, the Company limits access to Personal Data to employees, agents, contractors and other third parties who have a business need to know. They will only process Personal Data on the Company’s instructions and they are subject to a duty of confidentiality.

​

The Company has procedures to deal with any suspected Personal Data Breach and will notify you and any applicable regulator of a breach where legally required to do so.

​

Data retention

​

Following completion of your healthcare the Company will retain your Personal Data for the period required by BANT and CNHC. 

​

In some cases, even after removal, a limited and reasonable amount of information will be kept for archiving purposes, for example, if you request that we no longer contact you, we will need to keep a record of that fact in order to fulfil your wishes (“suppression record”).

​

Website technical details

​

Forms

​

The Company uses electronic forms on its website making use of an available ‘forms module’, which has a number of built-in features to help ensure privacy. The Company aims to use secure forms where appropriate.

​

Cookie Policy

​

By using the Company’s website, you agree to the Privacy Policy, which incorporates this, Cookie Policy. If you do not agree with the Cookie Policy, please stop using the website.

​

You have a lot of control yourself over what Cookies you allow in your browser. This varies according to the browser, and you should consult any support information relevant to that browser. However, if you use a web browser or plugin that disables cookies, your experience may vary. The Company takes no responsibility for such variation.

​

Cookies are small files that web sites leave on your computer for many reasons, including saving preferences, assisting transactions, continuity between web pages and visits, saving you from having to login in again, web site analytics and site optimisation. You can read more about them here:

​

www.allaboutcookies.org

​

The Company may use cookies for all the above purposes. Parts of the website also use third party services which may set their own cookies. Third party social media icons are a specific case in point, and this is discussed in “Third Parties” below.

​

To opt out of being tracked by Google Analytics across all websites visit:

​

http://tools.google.com/dlpage/gaoptout

​

Please read this Cookie Policy carefully and check back each time you return, as it is liable to be updated, and each time you use the website, you are implicitly agreeing to it.

​

In compliance with legislation, the following table lists the use of cookies on the website:

​

​

​

XSRF-TOKEN
Cookie Name
hs
svSession
SSR-caching
_wixCIDX
_wix_browser_sess
consent-policy
smSession
TS*
bSession
fedops.logger.X
wixLanguage
Purpose
Used for security reasons
Used for security reasons
Used in connection with user login
Used to indicate the system from which the site was rendered
Used for system monitoring/debugging
Used for system monitoring/debugging
Used for cookie banner parameters
Used to identify logged in site members
Used for security and anti-fraud reasons
Used for system effectiveness measurement
Used for stability/effectiveness measurement
Used on multilingual websites to save user language preference

Analytics

​

The Company uses Google Analytics software to help it understand the trends in popularity of the website and of different sections. The Company does not use personally identifiable information in any of the statistical reports produced by this software.  The Google Analytics privacy policy can be found on the Google website.

​

Third Parties

​

The Company’s website may contain links to third party websites or social media features. No responsibility is accepted for what you might find on third party websites or encounter with social media. Please be aware that social media networks’ tracking is often highly sophisticated, and you may be tracked by any network represented by an icon on the Company’s website if you have not logged out of the network and deleted all their cookies.

​

The Company may participate in affiliate programmes to earn money if you visit particular weblinks and buy products on those websites. There is no extra cost to you.

bottom of page