Privacy Policy for HeatherVale Nutrition
At HeatherVale Nutrition, your privacy is of paramount importance to us. This Privacy Policy outlines how we collect, use, process, and protect your personal data when you engage with our services, including personalized nutrition assessments, meal planning, weight management guidance, sports nutrition advice, nutritional workshops, and corporate wellness initiatives.
HeatherVale Nutrition is committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy ensures full transparency regarding our data processing activities.
1. Information We Collect
We collect various types of information to provide and improve our services. This includes:
- Personal Identifiable Information (PII): This may include your name, address, email address, phone number, and date of birth. We collect this directly from you when you register for services, make an enquiry, or participate in our programs.
- Health and Nutritional Information: As a nutrition consultancy, we collect sensitive personal data related to your health, dietary habits, medical history, allergies, and lifestyle information necessary for personalized assessments and tailored nutrition plans. This information is collected with your explicit consent.
- Payment Information: When you purchase our services, we collect payment details. However, we typically use third-party payment processors who handle your payment information directly and securely. We do not store full payment card details on our systems.
- Communication Data: Records of your communications with us, including emails, phone calls, and consultation notes.
- Technical Data: Information about your device and how you interact with our online platform, such as IP address, browser type, operating system, and usage patterns. This is primarily collected through cookies and similar technologies.
2. How We Use Your Information
We use the collected information for the following purposes:
- To Provide Services: To deliver personalized nutrition assessments, create meal plans, offer weight management guidance, provide sports nutrition advice, and conduct workshops. This includes communicating with you about your appointments and progress.
- For Corporate Wellness Initiatives: To deliver tailored wellness programs to corporate clients, often involving aggregated, anonymized data unless individual consent is explicitly obtained for personal data sharing.
- To Improve and Personalize Services: To understand your needs and preferences, allowing us to enhance our service offerings and develop new programs.
- For Communication: To respond to your enquiries, provide customer support, and send you important service-related updates.
- For Marketing (with Consent): To send you newsletters, promotional materials, or information about new services that may be of interest to you, but only where you have provided explicit consent for us to do so. You can opt-out at any time.
- For Legal and Security Compliance: To comply with legal obligations, resolve disputes, and enforce our agreements. This also includes protecting the security and integrity of our online platform and data.
3. Legal Basis for Processing
Our legal bases for collecting and using your personal data depend on the specific context in which we collect it:
- Consent: For processing sensitive health data and for sending marketing communications.
- Contractual Necessity: To fulfill our contractual obligations with you, such as delivering the nutrition consultancy services you have purchased.
- Legitimate Interests: For improving our services, managing our business, and ensuring the security of our online platform, provided your rights do not override these interests.
- Legal Obligation: To comply with applicable laws and regulations.
4. Data Sharing and Disclosure
We do not sell your personal data. We may share your information in the following circumstances:
- Service Providers: With trusted third-party service providers who assist us in operating our business and providing services (e.g., payment processors, IT support, analytics providers). These providers are contractually obligated to protect your data and only use it for the purposes for which we disclose it to them.
- Legal Requirements: If required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
- Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another organization.
- With Your Consent: We may share your information with third parties when we have your explicit consent to do so.
5. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period for your health and nutritional data will be determined based on industry standards and legal requirements in the healthcare sector, typically for a period relevant to ongoing care and follow-up, or as required by professional bodies.
6. Data Security
We implement robust technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. This includes encryption, access controls, secure servers, and regular security assessments. We are committed to maintaining the confidentiality and integrity of your sensitive health information.
7. Your Data Protection Rights
Under GDPR, you have the following rights regarding your personal data:
- The Right to Access: To request copies of your personal data we hold.
- The Right to Rectification: To request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
- The Right to Erasure ("Right to be Forgotten"): To request that we erase your personal data, under certain conditions.
- The Right to Restrict Processing: To request that we restrict the processing of your personal data, under certain conditions.
- The Right to Object to Processing: To object to our processing of your personal data, under certain conditions.
- The Right to Data Portability: To request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- The Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us using the contact details provided below. We will respond to your request within one month.
8. International Data Transfers
As HeatherVale Nutrition operates within the United Kingdom, your data will primarily be processed and stored within the UK and European Economic Area (EEA). If any data is transferred outside the UK/EEA, we ensure that appropriate safeguards are in place, such as standard contractual clauses or a Privacy Shield certification where applicable, to ensure your data receives an adequate level of protection.
9. Cookies and Tracking Technologies
Our online platform may use cookies and similar tracking technologies to enhance your experience, analyze site usage, and support our marketing efforts. You can control the use of cookies at the individual browser level. For more information, please refer to our Cookie Policy (if applicable, or integrate within this policy).
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new policy on this page and updating the "last updated" date. We encourage you to review this policy periodically.
11. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:
HeatherVale Nutrition
2847 Fernbank Road
Suite 3A
Bristol, South West England
BS8 1TH
United Kingdom
Phone: +44 117 924 5832
12. Right to Lodge a Complaint
If you are not satisfied with our response or believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. You can find their contact details on the ICO website: www.ico.org.uk