TERMS AND CONDITIONS
Definitions and Interpretation
means a small file placed on your computer or device by our site when you visit certain parts of our site and/or when you use certain features of our site;
means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 and, where applicable, the UK GDPR;
means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data, as defined by the UK GDPR and the Data Protection Act 2018 (the “Data Protection Legislation”); and
means Metabolic Health Nutrition Ltd, a limited company registered in England under company number 13722971, whose registered and main trading address is 39 Spurhill Avenue, BH14 9PJ.
2. Information About Us
2.1 Our Site is owned and operated by Metabolic Health Nutrition Ltd, a limited company registered in England under company number 13722971 and whose main trading address is 39 Spurhill Avenue, BH14 9PJ.
2.2 We are regulated by Association for Nutrition.
2.3 We are a member of the Association for Nutrition.
3.2 By using Our Site, you may also receive certain third party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than Us. Third party Cookies maybe used on our site in future, but are currently not. For more details, please tables of cookies in section 4.
3.3 All Cookies used by and on Our Site are used in accordance with current Cookie Law. We may use some or all of the following types of Cookie:
3.3.1 Strictly Necessary Cookies
A Cookie falls into this category if it is essential to the operation of Our Site, supporting functions such as logging in, your shopping basket, and payment transactions.
3.3.2 Analytics Cookies
It is important for Us to understand how you use Our Site, for example, how efficiently you are able to navigate around it, and what features you use. Analytics Cookies enable us to gather this information, helping Us to improve Our Site and your experience of it.
3.3.3 Functionality Cookies
Functionality Cookies enable Us to provide additional functions to you on Our Site such as personalisation and remembering your saved preferences. Some functionality Cookies may also be strictly necessary Cookies, but not all necessarily fall into that category.
3.3.4 Targeting Cookies
It is important for Us to know when and how often you visit Our Site, and which parts of it you have used (including which pages you have visited and which links you have visited). As with analytics Cookies, this information helps us to better understand you and, in turn, to make Our Site and advertising more relevant to your interests. Some information gathered by targeting Cookies may also be shared with third parties.
3.3.5 Third Party Cookies
Third party Cookies are not placed by Us; instead, they are placed by third parties that provide services to Us and/or to you. Third party Cookies may be used by advertising services to serve up tailored advertising to you on Our Site, or by third parties providing analytics services to Us (these Cookies will work in the same way as analytics Cookies described above).]
3.3.6 Persistent Cookies
Any of the above types of Cookie may be a persistent Cookie. Persistent Cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit Our Site.
3.3.7 Session Cookies
Any of the above types of Cookie may be a session Cookie. Session Cookies are temporary and only remain on your computer or device from the point at which you visit Our Site until you close your browser. Session Cookies are deleted when you close your browser.
3.4 Cookies on Our Site are not permanent and will expire after the period indicated in the tables in section 4.
3.6 For more specific details of the Cookies that We use, please refer to the table below.
4. What Cookies Does Our Site Use?
4.1 The following first party Cookies may be placed on your computer or device:
4.2 The following third party Cookies may be placed on your computer or device: Not currently used.
4.4 The analytics service(s) used by Our Site use(s) analytics Cookies to gather the required information.
4.5 The analytics service(s) used by Our Site use(s) the following analytics Cookies: Not currently used.
5. Consent and Control
5.1 Before Cookies are placed on your computer or device, you will be shown a pop up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling Us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies (unless those Cookies are strictly necessary); however certain features of Our Site may not function fully or as intended. You will be given the opportunity to allow and/or deny different categories of Cookie that We use.
5.2 In addition to the controls that We provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
7. Further Information
7.2 For more information about privacy, data protection and our terms and conditions, please visit the company information tab at www.metabolic-health-nutrition.co.uk.
What services do we offer?
Here at Metabolic Health Nutrition Ltd (company registration 13722991) we offer nutrition consultations to help clients achieve their health and nutrition goals.
What types of data do we capture?
As one of our clients, the personal information we hold about you may include the following:
Contact details, such as postal address, email address and telephone number (including mobile number)
Financial information, such as insurance policy details or your bank details
Emergency contact details, including next of kin
Background referral details
As one of our patients / clients, we will hold information relating to your medical treatment which is known as a special category of personal data under the law, meaning that it must be handled even more sensitively.
This may include the following:
Details of your current or former physical or mental health, including information about any healthcare you have received from other healthcare providers such as GPs, dentists or hospitals (private and/or NHS), which may include details of clinic and hospital visits, as well as medicines administered. We will provide further details below on the manner in which we handle such information.
Details of services you have received from us
Details of your religion
Details of any genetic data or biometric data relating to you
Data concerning your sex life and/or sexual orientation
The confidentiality of your medical information is important to us, and we make every effort to prevent unauthorized access to and use of information relating to your current or former physical and mental health (or indeed any of your personal information more generally). In doing so, we will comply with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and all applicable medical confidentiality guidelines issued by professional bodies.
In addition, you should note that in the event you amend data which we already hold about you (for instance by amending a pre-populated form) then we will update our systems to reflect the amendments. Our systems will continue to store historical data.
How do we collect your information?
We may collect personal information from a number of different sources including, but not limited to:
Medical records from your GP
Medical records from consultants and other clinicians (including their medical secretaries)
Medical records from hospitals, the NHS and private hospitals and organizations
Medical records from mental health providers
Commissioners of healthcare services
Directly from you. Information may be collected directly from you when:
You enter into a contract with us
You use our services
You submit a query to us including by email or by social media
You correspond with us by letter, email, telephone or social media.
The medical records may include information about your diagnosis, clinic and hospital visits and medicines administered.
Do we collect information from third parties?
As detailed in the previous section, it is often necessary to seek information from other healthcare organisations. We may also collect information about you from third parties when:
You are referred to us for the provision of services including healthcare services
We liaise with your current or former health professional or other treatment or benefit provider
We liaise with your family
We liaise with your insurance policy provider
How will we communicate with you?
We may communicate with you in a range of ways, including by telephone, SMS, email, and / or post. If we contact you using the telephone number(s) which you have provided (landline and/or mobile), and you are not available which results in the call being directed to a voicemail and/or answering service, we may leave a voice message on your voicemail and/or answering service as appropriate, including only sufficient basic details to enable you to identify who the call is from, very limited detail as to the reason for the call and how to call us back.
However to ensure that we provide you with timely updates and reminders in relation to your healthcare (including basic administration information, appointment information and appointment reminders), we may communicate with you by SMS and/or unencrypted email where you have provided us with your SMS or email address.
To provide you with your medical information (including test results and diet / exercise plans) and/or invoicing information, we may communicate with you by email (which will be encrypted unless you have requested that we send it unencrypted and accept the potential risks associated with this) where you have provided us with your email address. The first time we send you any important encrypted email, we will endeavour to contact you separately by SMS to ensure that you are able to access the encrypted email you are sent.
Please note that although providing your mobile number and email address and stating a preference to be communicated by a particular method will be taken as an affirmative confirmation that you are happy for us to contact you in that manner, we are not relying on your consent to process your personal data in order to correspond with you about your treatment. As set out further below, processing your personal data for those purposes is justified on the basis that it is necessary to provide you with healthcare service.
What is our role in the protection of your data?
We are Data Controllers in respect of your personal information which we hold about you. This will mainly relate to your health or medical treatment but will be likely to also include other information such as financial data in relation to billing. We must comply with the data protection legislation and relevant guidance when handling your personal information, and so must any medical secretary who assists us in an administrative capacity. Your personal data may include any images taken in relation to your treatment which must not only be managed in accordance with the law, this Privacy Notice but also all applicable professional standards.
What are the purposes for which your information is used?
We may ‘process’ your information for a number of different purposes, which is essentially the language used by the law to mean using your data. Each time we use your data, we must have a legal justification to do so. The particular justification will depend on the purpose of the proposed use of your data. When the information that we process is classed as a “special category of personal information”, we must have a specific additional legal justification in order to use it as proposed.
Generally, we will rely on the following legal justifications, or ‘grounds’:
Taking steps at your request so that you can enter into a contract to receive healthcare services from us.
For the purposes of providing you with healthcare pursuant to a contract between you and us. We will rely on this for activities such as supporting your medical treatment or care and other benefits, supporting your nurse, carer or other healthcare professional and providing other services to you.
We have an appropriate business need to process your personal information and such business need does not cause harm to you. We will rely on this for activities such as quality assurance, maintaining our business records, monitoring outcomes and responding to any complaints.
We have a legal or regulatory obligation to use such personal information.
We need to use such personal information to establish, exercise or defend our legal rights.
You have provided your consent for us to our use your personal information.
Note that failure to provide your information further to a contractual requirement with us may mean that we are unable to set you up as a patient or facilitate the provision of your healthcare.
We provide further detail on these grounds in the sections below.
Appropriate business needs
One legal ground for processing personal data is where we do so in pursuit of legitimate interests and those interests are not overridden by your privacy rights. Where we refer to use for our appropriate business needs, we are relying on this legal ground.
The right to object to other uses of your personal data
You have a range of rights in respect of your personal data, as set out in detail in sections below. This includes the right to object to us using your personal information in a particular way (such as sharing that information with third parties), and we must stop using it in that way unless specific exceptions apply. This includes, for example, if it is necessary to defend a legal claim brought against us, or it is otherwise necessary for the purposes of your ongoing treatment.
You will find details of our legal grounds for each of our processing purposes below. We have set out individually those purposes for which we will use your personal information, and under each one we set out the legal justifications, or grounds, which allow us to do so. You will note that we have set out a legal ground (article 6 of the GDPR), as well as an ‘additional’ legal ground for special categories of personal information (article 9). This is because we have to demonstrate additional legal grounds where using information which relates to a person’s healthcare, as we will be the majority of the times we use your personal information.
Purpose 1: To provide you with healthcare and related services
Clearly, the reason you come to us is to provide you with healthcare, and so we have to use your personal information for that purpose. Information obtained will typically include; name, gender, date of birth, signature, contact address (mobile, address, e-mail), profile information (e.g. hobbies, likes/dislikes, family history), medical information (e.g. waist, height, blood pressure, bowel habits, sleep patterns) and business information (e.g. job, title, hours of work, facilities).
Legal grounds - Providing you with healthcare and related services. Additional legal grounds for special categories of personal information - the client has given explicit consent to the processing of those personal data for the delivery of healthcare.
Purpose 2: To enable payment for services.
We will use your personal information in order to ensure that your account and billing is fully accurate and up-to-date
Legal grounds – the client has given explicit consent to the processing of those personal data for payment of services.
Purpose 3: For clinical audit purposes
We may process your personal data for the purposes of local clinical audit – i.e. an audit carried out by ourselves or our direct team for the purposes of assessing outcomes for patients / clients and identifying improvements which could be made for the future. We are able to do so on the basis of our legitimate interest and the public interest in statistical and scientific research, and with appropriate safeguards in place. You are, however, entitled to object to our using your personal data for this purpose, and as a result of which we would need to stop doing so.
Purpose 4: Communicating with you and resolving any queries or complaints that you might have.
Legal grounds - The use is necessary for the provision of healthcare or treatment pursuant to a contract with a health professional
Legal grounds - The use is necessary in order for us to establish, exercise or defend our legal rights
Purpose 5: Communicating with any other individual that you ask us to update about your care and updating other healthcare professionals about your care.
In addition, other healthcare professionals or organizations may need to know about your treatment in order for them to provide you with safe and effective care, and so we may need to share your personal information with them.
Legal grounds - Providing you with healthcare and related services. Additional legal grounds for special categories of personal information - the client has given explicit consent to the processing of those personal data for the delivery of healthcare. We have a legitimate interest in ensuring that other healthcare professionals who are routinely involved in your care have a full picture of your treatment Additional legal ground for special categories of personal information:
Purpose 6: Complying with our legal or regulatory obligations, and defending or exercising our legal rights.
As a provider of healthcare, we are subject to a wide range of legal and regulatory responsibilities which is not possible to list fully here. We may be required by law or by regulators to provide personal information, and in which case we will have a legal responsibility to do so. From time to time, clinicians are unfortunately also the subject of legal actions or complaints. In order to fully investigate and respond to those actions, it is necessary to access your personal information (although only to the extent that it is necessary and relevant to the subject-matter).
Legal grounds - We need to use the data in order to provide healthcare services to you
Legal ground - The use is necessary for reasons of substantial public interest under UK law and the use is necessary in order for us to establish, exercise or defend our legal rights.
Purpose 7: Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice).
In order to do this, we will not need to use your special categories of personal information and so we have not identified the additional ground to use your information for this purpose.
Our having an appropriate business need to use your information which does not overly prejudice you.
Disclosures to third parties:
We may disclose your information to the third parties listed below for the purposes described in this Privacy Notice. This might include:
a) A doctor, nurse, carer or any other healthcare professional involved in your treatment
b) Other members of support staff involved in the delivery of your care, like receptionists and porters.
We need to use the data in order for others to provide informed healthcare services to you. The use is necessary for reasons of the provision of health or social care or treatment or the management of health or social care systems:
a) Anyone that you ask me to communicate with or provide as an emergency contact, for example your next of kin or carer.
b) NHS organisations, including NHS Resolution, NHS England, Department of Health
c) Other private sector healthcare providers
d) Your GP
e) Your dentist
f) Other clinicians (including their medical secretaries)
g) Third parties who assist in the administration of your healthcare, such as insurance companies
h) Private Healthcare Information Network.
Automated Decision Making
An automated decision is a decision made by computer without any human input, and there will be no automated decision-making in relation to your treatment or other decisions which will produce legal or similarly significant effects.
How do we keep your data?
Each client is allocated a number when commencing treatment and is referred by this number on paperwork. All hard copies of clients notes are filed and locked in the clinics cabinet after each session. The hard drive of patients records are also kept in a locked fireproof box in the locked clinic cabinet at the end of the clinic day. If personal data is required to be removed from locked cabinet, then it will be kept on Sarah Delvin’s person at all times. Only Sarah Delvin has access to the locked cabinet. Data shall only be sent to a printer on a password protected network. The company laptop (with up-to-date BullDog anti-viral security software) is solely used for sending encrypted e-mails (utilising Virtu in google mail) and the laptop and mobile are password and finger print protected. Only cloud services that comply with GDPR will be used. Notifications on mobile phones will not show the sender or details of the message when the phone is in locked mode. If there are any breaches in security then Metabolic Health Nutrition Ltd will inform the information commissioner and affected individuals.
How long do we keep personal information for?
Please note that in some cases we may not be able to fully comply with your request, for example if your request involves the personal data of another person and it would not be fair to that person to provide it to you. There will not usually be a charge for handling a request to exercise your rights.
If we cannot comply with your request to exercise your rights, we will usually tell you why.
There are some special rules about how these rights apply to health information as set out in legislation including the Data Protection Act (current and future), the General Data Protection Regulation as well as any secondary legislation which regulates the use of personal information. If you make a large number of requests or it is clear that it is not reasonable for us to comply with a request, then we do not have to respond. Alternatively, we can charge for responding.
Your rights include:
The right to access your personal information. Under Article 15(1) of the GDPR we must usually confirm whether we have personal information about you. If we do hold personal information about you, we usually need to explain to you:
Who your personal information has been or will be shared with, including in particular organizations based outside the EEA.
Where possible, the length of time we expect to hold your personal information. If that is not possible, the criteria we use to determine how long we hold your information for.
If the personal data we hold about you was not provided by you, details of the source of the information.
Your right to ask us to amend or delete your personal information.
Your right to ask us to restrict how your personal information is used or to object to our use of your personal information.
Your right to complain to the Information Commissioner’s Office.
We also need to provide you with a copy of your personal data, provided specific exceptions and exemptions do not apply.
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
The right to erasure (also known as the right to be forgotten).
In some circumstances, you have the right to request that we delete the personal information we hold about you. However, there are exceptions to this right and in certain circumstances we can refuse to delete the information in question. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercising or defending legal claims.
The right to restriction of processing
In some circumstances, we must “pause” our use of your personal data if asked to do so, although we do not have to comply with all requests to restrict our use of your personal information. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
The right to data portability
In some circumstances, we must transfer personal information that you have provided to you or (if this is technically feasible) another individual/ organisation of your choice. The information must be transferred in an electronic format.
The right to withdraw consent
In some cases we may need your consent in order for our use of your personal information to comply with data protection legislation. Where we do this, you have the right to withdraw your consent to further use of your personal information. You can do this by contacting us using the details provided in the introduction section above.
The right to complain to the Information Commissioner’s Office
You can complain to the Information Commissioner’s Office if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/make-a-complaint/. Making a complaint will not affect any other legal rights or remedies that you have. Please note it would be preferable if you could raise your concerns with us prior to lodging a complaint as we truly welcome the opportunity to address them in the first instance.
NHS Digital enables all patients to log their preferences as to sharing of their personal information. All health and care organisations will be required to uphold patient choices, but please additionally make us aware directly of any uses of your data to which you object.
What technology do we use to support our business?
Google is our primary technology provider, we use their apps across the business from their forms application to capture information about yourself to their Gmail application. Google is in compliance with Data Security and Protection Toolkit (DSP Toolkit). More information can be found here.
We use Microsoft Office applications primarily for note taking.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout