Privacy Policy GDPR

Last reviewed 19 December 2019

E-mail: info@thedietista.com

Web: TheDiestista.com

In order to provide tailored Nutritional Therapy advice, we, TheDietista.com trading as Nutritiency, require an amount of personal information to be provided by you.We take our responsibility to safeguard personal information extremely seriously and regularly review our policies to ensure that your information remains protected. This document is designed to outline how that information is utilised, shared and protected in accordance with current legislation and to describe your rights. Should further information be required on how we do this, please contact us direct at info@thedietista.com.Additional information on the handling and protection of personal information can be found on the Information Commissioner’s Office website at www.ico.org.uk.

What We Do

We provide nutrition and personal development online courses and programs.

Nutrition

We provide online courses on various nutritional aspects designed to assist with disease management and boost wellness.

Personal Development

We provide online Business and Personal Development courses for professional and personal and financial growth.

How we get the information and why we have it

Information is provided direct to us, by you, in a number of formats:

  • By completing the Nutritional Therapy Questionnaire
  • By completing the Diet Diary
  • In person during a consultation
  • By email, telephone or post
  • By submitting payment details by credit card and online services

What type of information we have

This may include the following information:

  • Contact details such as name, address, email
  • Date of birth and gender if provided
  • Next of kin contact details
  • GP contact details
  • Banking information
  • Details of contact we have had with you such as referrals and appointment requests

Health information including but not limited to:

  • Medical history including family member’s history
  • Diet
  • Lifestyle
  • Supplements and medicines taken
  • Test results
  • Clinic notes
  • Health improvement plans

Information we get from other sources

It is likely that will obtain potentially sensitive medical information in the form of test results from contracted laboratories and medical services, the provision of which is subject to you giving us explicit consent. You are able to remove your consent at any time. You can do this by contacting us at info@thediestiast.com.

The information sources and types listed above are used to provide you the customer tailored Nutritional Therapy advice. As a result, the legal basis of our holding your personal data is for ‘legitimate interest’.

What we do with the information we have

We use the information that you have given us in order to to provide Nutritional Therapy advice and in this respect act as a data controller.We also act as a controller and processor in regard to the processing of your data from third parties such as testing companies and other related service providers.

We only use information that may identify you in accordance with current legislation such as DPA 18 and GDPR. This requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.

We will, at all times protect your personal data, including any health and contact details, in a manner which is consistent with our duty of professional confidence and the requirements of current, relevant legislation concerning data protection. We will inform you of how your information will be used, and allow you to decide if and how your information can be shared.

We may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime, in addition to a legal requirement such as a formal court order.

TheDietista.com is registered with the Information Commissioner’s Office (ICO) as a data controller and collects data for a variety of purposes. A copy of the registration is available through the ICO website, by searching for TheDiestista.com

Data Retention

All records and personal data will be held for the period of 5 years, this enables us to process any potential complaint you may make.In this case, the legal basis of our holding your personal data is for contract administration.

How we store your information

We subscribe to the common law duty of confidence, in that if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider’s consent. In practice this means that all patient/service user information, whether held on paper, computer, visually, by audio recording or held in the memory of the professional, must not normally be disclosed without the consent of the patient/ service user.

We also ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment with acceptable levels of encryption.We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.

Your information will be routinely stored Google’s G Suite platform. Google designed G Suite to meet stringent privacy and security standards based on industry best practices. In addition to strong contractual commitments regarding data ownership, data use, security, transparency and accountability. The G Suite platform undergoes several independent third-party audits on a regular basis, including but not limited to:

• ISO 27001/ISO 27017/ ISO 27018

• PCI DSS

• General Data Protection Regulation (GDPR)

• HIPAA

Google uses encryption to protect data in transit and at rest. Data stored in its Cloud Platforms is encrypted at the storage level using either AES256 or AES128. Data in transit to G Suite is protected using HTTPS, which is activated by default for all users.

Further information on the G Suite Security Standards can be found at G Suite Security and Trust.Google’s GDPR G Suite compliance measures can be found here.

Google Privacy Policy

Third party data processors

We currently utilise 2 third parties to process personal data on our behalf, Teachable and PayPal.

Teachable:

There will be a requirement for you to enrol on the Teachable Platform to gain access to content as well as pay for services. As a result, Teachable requires to store some Personal Information.  Teachable utilises a range of security measures designed to protect your Personal Information and keep it confidential (unless it is non-confidential by nature) and free from any unauthorised alteration. It uses encryption in the transmission of financial information between systems, and employs firewalls to help prevent unauthorized persons from gaining access to personal information. 

Teachable uses a 2048-bit SSL certificate to keep students’ information secure during login and checkout and only employs payment providers that are PCI level-1 compliant, 

Teachable Privacy Policy

PayPal:

PayPal process payments for any products purchased outside of the Teachable platform. Neither TheDietista.com nor PayPal retain any financial information you may submit as part of the purchasing process. PayPal monitor every transaction, 24/7 to prevent fraud, email phishing and identity theft. Every transaction is heavily guarded behind PayPal’s advanced encryption. If something appears suspicious, their dedicated team of security specialists will identify suspicious activity and help protect you from fraudulent transactions. PayPal,

Your data as mentioned below is encrypted before transmission to prevent misuse of the transmitted data by third parties. The following data is encrypted so that is only readable by the PayPal payment system:

  • Personal data (address data, telephone number, etc.)
  • Login data (username and password)
  • All methods of payment selected, credit card and bank account

PayPal Privacy Policy

Your data protection rights

Every individual has the right to see, amend, delete or have a copy of data held that can identify you, with some exceptions. You do not need to provide a reason to see your data.Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you, starting from the day of receipt.if your request is complex or you make more than one, the response time may be a maximum of three calendar months, starting from the day after receipt.

Please contact the Data Controller at info@thediestista.com if you wish to make a request or invoke your rights.

Further information about your rights can be found ico.org.uk

How to complain

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113