Updated 8 December 2022
GENERAL DATA PROTECTION REGULATION (GDPR)
Aless Bove Nutrition will hold some information about you. This document outlines how that information is used, who we may share that information with and how we keep it secure. This notice does not provide exhaustive details – we are happy to provide any additional information or explanation needed. Any requests for this should be sent to email@example.com.
We keep our Privacy Notice under regular review. This Privacy Notice was last reviewed in December 2022.
WHY DO WE NEED TO KEEP PERSONAL INFORMATION?
Individuals join the program to obtain help, treatment, guidance and advice on health and lifestyle.
Obtaining personal information from the patient in respect of their contact details, their personal and family health histories, and their lifestyle choices are necessary in order to provide the advice and guidance requested. Financial information is necessary in order to process payments for the services provided. All personal information is processed lawfully, fairly and in a transparent manner. Personal data is held at the clinic with the express consent of the patient. Our lawful basis for processing personal information is legitimate interests. Information is collected: via a questionnaire completed by the patient; during a personal consultation; through email; via a website; over the telephone or by post; by taking card and online payments. Aless Bove Nutrition is a data processor and controller for the personal data it processes. No decisions are made by automated means.
WHAT INFORMATION IS HELD?
The personal information held contains the following information: Contact details: name, address, date of birth, landline telephone number, mobile telephone number, email address, preferred method of contact, next of kin, who you live with. Health Information: personal and family health history, lifestyle and social circumstances, physical and mental health details, GP contact details. Financial details: invoices for goods and services provided, payments made and any outstanding debt. Merchant copies of credit card receipts are kept for accounting records. Other information: Employment details. Referrals and appointment records.
Diagnostic information: Diagnosis of the condition and recommended treatments will be recorded. Test results.
WHAT FORM DOES THE INFORMATION HAVE AND IS IT SECURE?
Personal data is held at the clinic in a variety of forms:
All online and cloud storage of data is encrypted and protected by logins and passwords. All of our external data processors that support us (such as Paypal and our booking and financial software providers) are legally and contractually bound to operate and prove security arrangements are in place to protect personal information.
HOW LONG IS INFORMATION KEPT?
This information is held in accordance with guidelines issued by our professional bodies and in accordance with the requirements of our insurers.
WHO DO WE SHARE DATA WITH?
Personal contact information and financial information provided by the client is processed by reception staff, finance/book keeping staff and accountants, and is available to the clinician. The clinician and staff see the health and other information necessary for the consultation and they have to follow the common law duty of confidence: Where information is given by the patient in confidence it is treated as confidential and protected accordingly. Individual expressed consent will be obtained to share information with the patient’s GP.
None of the information is shared with other organisations except:
In all cases, the patient provides permission to do so. Anonymous information concerning particular health issues and case histories may be shared with peers for the purpose of professional development. This may be at clinical supervision meetings or at conferences. Personal data may be shared where there is an overriding public interest in doing so, for instance, to safeguard an individual, or to prevent a serious crime. We do not share any information for marketing purposes.
WHAT ARE YOUR RIGHTS?
An individual has the right to withdraw from consent to us holding their information and also has the right to request that personal data is kept in a particular form. However, that may result in the business relationship being unable to continue as the information in its current form is necessary for the desired outcome. An individual has the right to have their personal information rectified if it is inaccurate or incomplete. An individual has the right to have their personal information deleted, with some exceptions. An individual has the right to access their information. Requests for access must be in writing, by letter or email. We will comply with the request for information within 1 month. Access can be given to examine the records free of charge. If you would like to invoke any of your rights, please contact the office by email firstname.lastname@example.org. An individual has the right to complain to the Information Commissioner’s Office.
Complaints regarding the use of personal information can be made by contacting the office by email: email@example.com. If a complaint is not resolved satisfactorily, a more formal complaint can be made to the Information Commissioner’s Office (ICO) on 01625 545745 or 0303 1231113.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.