This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the EU General Data Protection Regulation 2016/679 (GDPR), the controller of your data is Elizabeth Sergeant Ltd, a company registered in England and Wales under company number 7655722 whose registered office is at 32A Welford Road, Chapel Brampton, NN6 8AF
All your data will be held and used in accordance with the GDPR and any relevant national laws which implement the GDPR and any legislation that replaces it in whole or in part.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data. Please find out more by reading the statements below.
What We Do
Elizabeth Sergeant Ltd (operating names include Well Nourished Club and Nourished Mums) provides nutritional services to clients to improve their health through diet and lifestyle interventions. We focus on preventative healthcare, the optimisation of physical and mental health and chronic health conditions. Through nutritional consultations, dietary and lifestyle analysis and biochemical testing, we aim to understand the underlying causes of your health issues which we will seek to address through personalised dietary therapy, nutraceuticals (supplements) and lifestyle advice.
As part of our services we offer 1:1 consultations, online programmes, social media engagement, workshops, talks and corporate consultancy.
Information We may Collect from You
We may collect and process the following data about you
Information you give us. You may give us information about you by filling in forms on our sites www.nourishedmumsonline.com, www.wellnourishedclub.com or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site or subscribe to our service, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, make an enquiry, provide feedback, take credit card or online payment and when you report a problem with our site.
The information you give us may include your name, address, e-mail address and phone number, next of kin, financial and credit card information, health information including your previous medical history, dietary, lifestyle, supplement and medicine details, biochemical test results, clinic notes and health improvement plans, GP contact information, bank details.
Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Information we get from other sources. We may obtain sensitive medical information in the form of test results from biochemical testing companies. We use this information in order to provide you with direct healthcare. This means that the legal basis of our holding your personal data is for legitimate interest.
We may obtain sensitive information from other healthcare providers. The provision of this information is subject to you giving us your express consent. If we do not receive this consent from you, we will not be able to coordinate your healthcare with that provided by other providers which means the healthcare provided by us may be less effective.
Uses made of the Information
We act as a data controller for use of your personal data to provide direct healthcare. We also act as a controller and processor in regard to the processing of your data from third parties such as testing companies and other healthcare providers. We act as a data controller and processor in regard to the processing of credit card and online payments.
We undertake at all times to protect your personal data, including any health and contact details, in a manner which is consistent with our duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data storage.
Information you give to us. We will use this information:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- to provide you, with information about goods or services we feel may interest you. When you opt in for a complimentary or paid product or service you also consent to be added to or mailing list. If you have consented to receive marketing, you may opt out at a later date by unsubscribing from the email list. You have a right at any time to stop us from contacting you for marketing purposes.
- to notify you about changes to our service;
- to ensure that content from our site is presented in the most effective manner for you and for your computer.
We may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime. Also where there is a legal requirement such as a formal court order. We may use your data for marketing purposes such as newsletters but this would be subject to you giving us your express consent.
Information we collect about you. We will use this information:
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our site safe and secure;
The Legal Basis for Processing your Information
In accordance with GDPR, the main grounds that we rely upon in order to process your information are as follows:
Necessary for entering into or performing a contract. In order to perform obligations which arise under any contract we have entered into with you, it will be necessary for us to process your information.
Necessary for the purposes of legitimate interests. Either we or a third party will need to process your information for the purposes of our (or a third party’s) legitimate interests, provided that we have established that those interests are not overridden by your rights and freedoms (including your right to have your information protected). Our legitimate interests include responding to requests and enquiries from you or a third party, optimising our website and user experience, informing you about our services and ensuring that our operations are conducted in an appropriate and efficient manner.
Disclosure of your Information
We will keep information about you confidential. We will only disclose your information with other third parties with your express consent with the exception of the following categories of third parties:
- Our registrant body, professional association, Association for Nutrition, for the processing of a complaint made by you
- Any contractors and advisors that provide a service to us or act as our agents on the understanding that they keep the information confidential
- Anyone to whom we may transfer our rights and duties under any agreement we have with you
- Any legal or crime prevention agencies and/or to satisfy any regulatory request if we have a duty to do so or if the law allows us to do so
We may share your information with supplement companies and biochemical testing companies as part of providing you with direct healthcare. We will not include any sensitive information
We will seek your express consent before sharing your information with your GP or other healthcare providers. However if we believe that your life is in danger then we may pass your information onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests.
We may share your case history in an anonymised form with our peers for the purpose of professional development. This may be at clinical supervision meetings, conferences, online forums, and through publishing in medical journals, trade magazines or online professional sites. We will seek your explicit consent before processing your data in this way.
Safeguards in place to ensure your data is secure
We only use information that may identify you in accordance with GDPR. This requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.
Within the health sector, we also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. We will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
Your data will be stored in password protected software accounts such as Dropbox, Stripe, PayPal, WordPress and Campaign Manager.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
How Long we Hold your Information
All records held by Elizabeth Sergeant Ltd will be kept for the duration specified by guidance from our professional association, Association for Nutrition and insurance partners. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept, the sensitivity of the data and the potential risk of harm from unauthorised use or disclosure.
You have certain rights in relation to the personal data that we hold about you. Details of these rights and how to exercise them are set out below. Please note we will require evidence of your identity before we are able to respond to your request.
You have the right to request a copy of the information that we hold about you. If you want to access your data you must make a subject access request in writing to firstname.lastname@example.org
If email is not available you may also write to us at the following address: 32A Welford Road, Chapel Brampton, NN6 8AF
Under special circumstances, some information may be withheld. We shall respond within 20 working days from the point of receiving the request and all necessary information from you. Our response will include the details of the personal data we hold on you including:
- Sources from which we acquired the information
- The purposes of processing the information
- Persons or entities with whom we are sharing the information
- You have the right, subject to exemptions, to ask to:
- Have your information deleted
- Have your information corrected or updated where it is no longer accurate
Ask us to stop processing information about you where we are not required to do so by law or in accordance with the Association for Nutrition guidelines.
Receive a copy of your personal data, which you have provided to us, in a structured, commonly used and machine readable format and have the right to transmit that data to another controller, without hindrance from us.
Object at any time to the processing of personal data concerning you
We do not carry out any automated processing, which may lead to automated decision based on your personal data.
If you are unhappy about our use of your information, you can contact us at email@example.com. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:
Telephone: 0303 123 11113
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF