Privacy Policy

The Nutrient Pharmacist Ltd holds information on you in order to provide the services that we offer.  We aim to be transparent and give clear information on how we use this information.  It is our responsibility under the Data Protection Act (DPA) (2018) and the UK General Data Protection Regulations (UK GDPR) to set out the legal basis for us to collect, process and store your Data and to explain Your rights.

1.   Scope of Privacy Policy

1.1.   This privacy policy applies between You  (‘Patient’, ‘Client’, ‘Your’); the User of Our website and/or the user/patient of our other products and services (e.g. consultation service), and The Nutrient Pharmacist Ltd (‘The Nutrient Pharmacist’, ‘The Company’, ‘Us’, ‘We’, ‘Our’); the owner and provider of our website and other products/services. This policy does not extend to any other websites, that can be accessed from our website including, but not limited to, any links we may provide to social media websites. This policy does not extend to any other products and/or services that you may obtain from third-party suppliers (e.g. private laboratory tests) during your time with Us as a patient.  You are advised to read the privacy policy or statement from such third-party websites and/or suppliers.

1.2.   Your rights under this privacy policy are non-transferable to any other person. We may transfer Our rights under this privacy policy where we reasonably believe your rights will not be affected.

1.3.   If any provision (or part provision) of this privacy policy is found to be unenforceable, illegal, or invalid then that provision or part-provision will be deemed to be deleted to the extent required. The validity and enforceability of the other privacy policy provisions will not be affected.

1.4.   Unless otherwise agreed, either party’s delay, act or omission in exercising any right or remedy will not be deemed to be a waiver of that, or any other, right or remedy.

1.5.   This Agreement will be governed and interpreted according to the laws of England and Wales. Any disputes or claims under this agreement will be subject to the exclusive Governing Legal jurisdiction of the courts of England and Wales.

 

2.   Who are We with regards to Data Protection?

2.1.   The Nutrient Pharmacist Ltd is the data ‘controller’. Under the DPA and UK GDPR, the ‘controller’ is a person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In other words, they have overall control of the data they collect and how and why it will be processed.  We are registered as a data ‘controller’ with the Information Commissioner’s Office (ICO) under the DPA.  Our registration number is  ZA769488 and further details can be found at ico.org.uk.

2.2.   All individuals about whom personal Data is being collected, held or processed and who can be identified directly or indirectly by reference to that personal Data, are known as Data ‘Subjects’. Within these terms of service, You, as the Client, are the Data ‘Subject’ and as such You have a number or ‘rights’ which are further detailed in this Privacy Policy.

 

3.   What is Personal Data?

3.1.   Personal Data is any information about an individual from which that person is identifiable or can be identified. This does not include anonymised data, which is not subject to UK GDPR. You may give us information that is classed as Personal Data about You and/or others you are acting on behalf of when you;

–   Visit and/or use our website;

–   Sign-up to and/or register to use any of our services/products, including but not limited to our email notifications/newsletters and consultation service;

–   Fill out and sign a Health Questionnaire, terms of service agreement and any other forms relating to any of the services we provide;

–   Provide us with information and/or test results from other Healthcare providers;

–   Correspond with us during and between consultation/s;

–   Contact/correspond/enquire with us through our website, email, direct message, over the telephone, by email, via the post and/or video conferencing (or via any other means); and

–   Pay for any services provided to you e.g. via card payment and/or online payment.

3.2.   We may collect, process and store the Personal Data that You provide to Us. In addition, we may process personal data that we do not obtain directly from you. We have grouped the personal data we may process into general categories, explaining the source we obtain it from and how and why we process this data as well as our legal basis for this processing.  This information is detailed in section 4.

 

4.   What Personal Data We Hold on You and How we use this personal data

In this section we have set out:

–   General categories of personal data that we may process about You

–   The specific category and source from which we obtain your personal data, if we did not obtain this data directly from you

–   The purposes for Us to process your Personal Data

–   The legal basis for Us to process your Personal Data

4.1.   Identity Data: we may process identity information that you provide to us. This identity information may include your first name, last name, username or similar identifier, next of kin, marital status, title, date of birth and gender. The identity data may be processed for the purposes of providing you with Our products and/or services including but not limited to Our clinic consultation service. The legal basis for Us to process this data is for the performance of a contract between You and Us and/or taking steps at your request to enter into such a contract.

4.2.   Contact Data: we may process contact information that you provide to us. This contact information may include your address, email address, telephone numbers and any correspondence we have with you as well as your GP and/or other healthcare professional contact information. The contact data may be processed for the purposes of providing you with appointments and offering you our clinic consultation service.  The legal basis for Us processing this data is for the performance of a contract between You and Us and/or taking steps at your request to enter into such a contract.

4.3.   Health Data: we may process health information that you provide to Us directly. This information may also come directly from Our personal communication with other sources such as third-party private laboratory test/nutritional supplement companies and/or Your other healthcare providers including your GP.  This may include information about your health including your medical history and/or current health status including but not limited to your dietary, lifestyle, supplements and medicines details, test results and diagnoses.  The health data may be processed for the purposes of keeping accurate clinic notes, making clinical assessments and in order to make safe clinical decisions when providing you with medical advice and health plans tailored to you, as part of our consultation service.  UK GDPR considers health data to be ‘Special Category’ data, and therefore must meet certain processing requirements.  The legal basis for Us processing this data is for the performance of a contract between You and Us and/or taking steps at your request to enter into such a contract.  The processing of this data also meets the condition of being necessary to provide You with direct healthcare under Article 9 of the UK GDPR.  For health information we directly obtain from Our personal communication with other third-party sources Our legal basis is Your consent (see section 7 for more information on third-party data sharing).

4.4.   Enquiry Data: we may process data contained in any enquiry you submit to us regarding any of Our products and/or services. This may include your name, contact information to reply to your enquiry and the details of your enquiry message.  The enquiry data may be processed for the purposes of replying to your enquiry in order to offer, market or sell the relevant products and/or services to you.  The legal basis for Us processing this data is the performance of a contract between You and Us and/or taking steps at your request to enter into such a contract (e.g. if you have an enquiry about your health plan as part of Our consultation service contract with You) and/or our legitimate interests, particularly the proper administration of our website and business in replying to our customer enquiry requests.

4.5.   Notification Data: we may process personal information that you provide to us for the purposes of subscribing to our newsletters, email notifications, SMS/MMS text message and/or instant messaging notifications. This notification data may include your first name, last name, email address/s and telephone number/s (for SMS/MMS appointment notifications).  The notification data may be processed for the purposes of sending you the relevant newsletters and/or appointment notifications.  The legal basis for Us processing this data is consent.

Please note: you may unsubscribe or opt-out from receiving our newsletter at any time by clicking the unsubscribe link at the bottom of these emails or contacting us directly using the contact information in section 15 of this policy.  To opt-out of receiving email, text messaging and/or instant messaging appointment notifications You will need to contact us directly using the information provided in section 15 of this policy.

4.6.   Technical and Usage Data: we may process technical information about your use of our website and/or services. This usage data may include your; internet protocol (IP) address, browser type and version, operating system and platform, login details, time zone setting and geographical location, browser-plugin types and any other technology you use to access our website, referral source, length of visit, page views, website navigation paths as well as information about the timing, frequency and pattern of your service use.  The source of this data is Our analytical tracking software.  The processing of this technical and usage data is for the purposes of analysing the use of Our website and other services.  The legal basis for Us processing this data is Our legitimate interest, particularly improving and protecting Our website and other services.

4.7.   Transaction Data: we may process information relating to transactions, including purchases of goods and/or services that you enter into with us and/or through our website. This transaction data may include your contact details, your bank and payment card details and the transaction details.  The source of the transaction data is You and/or Our payment service provider.  The transaction data may be processed for the purposes of providing you with the purchased goods and/or services and keeping proper records of such transactions.  The legal basis for Us processing this data is the performance of contract between You and Us and/or taking steps at your request to enter into such a contract.

4.8.   We may process any of your personal data identified in this policy as reasonably necessary to obtain and/or maintain insurance coverage, manage risks and obtain professional advice. The legal basis for the processing of this data is our legitimate interest, particularly the protection of Our business against risks.

4.9.   We may process any of your personal data identified in this policy as reasonably necessary for the establishment, defence or exercise of any legal claims whether that be part of in court proceedings or out of court/administrative proceedings. The legal basis for the processing of this data is our legitimate interest, particularly the protection and exercise of our legal rights, your legal rights and the legal rights of others.

4.10.   In addition to the specific purposes for processing your personal data as outlined in section 4, we may also process any of your personal data identified in this policy where the processing is necessary to comply with a legal, professional and/or regulatory obligation to which we are subject and/or to protect your vital interests or the interests of any other natural person/s.

4.11.   Anonymous data may be used for Clinical Audits (to evaluate our services), educational and research purposes and will not contain any identifying information of the client.

 

Data Retention and Security

5.   Keeping data secure

5.1.   The Nutrient Pharmacist Ltd complies with existing UK laws such as the DPA (2018) and access to medical records legislation as well as guidance from organisations that govern the provision of healthcare and pharmacy services in England such as the Department of Health and the General Pharmaceutical Council (GPhC).

5.2.   The company may process your data electronically, on paper or a mixture of both. We will use technical and organisational measures to safeguard your personal data as follows:

–   Storing of your Data on secure electronic servers with username and password protected access and/or in lockable storage with regards to paper files;

–   All of our staff, contractors, agents, committee members or other parties working on behalf of the Company handling personal Data receive appropriate and regular training to ensure they are aware of their legal and contractual obligations to uphold confidentiality;

–   Restricted access to personal information to authorised personnel only.  Only a limited number of authorised staff have access to personal Data appropriate to their role on a strictly need-to-know basis;

–   Implementation of measures to deal with any suspected data breach.  All data breaches are reported to the ICO without delay, and in any event, within 72 hours after becoming aware of it.  If you suspect any misuse, loss and/or unauthorised access to your Data, please let us know immediately by contacting us via email: info@thenutrientpharmacist.co.uk;

–   We ensure that any external data processors that support the running of our website and/or the provision of any of our products/services are legally and contractually bound to operate and prove that they have security arrangements in place where personal Data is being processed;

–   We maintain our duty of confidentiality to you at all times.  We will only ever pass on your personal Data to others involved in the direct provision of your healthcare if there is a genuine need for it.  We will protect your personal Data and inform you of how your personal Data will be used.  We will not disclose your personal Data to any third party without your permission unless; there is a legal, professional, regulatory and/or public interest obligation as outlined in section 7; and

–   Keep personal data up to date and secure by; storing and destroying it securely; not collecting or retaining excessive amounts of data; making sure technical measures are in place to protect data from loss, misuse, unauthorised access and disclosure.

 

6.   Data Retention

6.1.   The company shall not keep personal data for any longer than is necessary to fulfil the purpose and/or purposes for which it was originally collected, stored and processed as described in this privacy policy or until you request that the Data be deleted.

6.2.   Even if your personal data is deleted, it may still remain on archival and/or backup media for legal, tax and/or regulatory purposes.

6.3.   With regards to the healthcare records that we hold on You when you take part in the Clinic Consultation service, the company will retain your personal data as follows:

Record TypeRetention StartRetention PeriodAction at end of retention periodNotes and any special conditions
Un-anonymised healthcare records held in secure storagePatient last seen8 years for adult aged 18 years and over.  For a child, until their 25th birthday or 26th birthday if the patient was 17 at the conclusion of treatment.Review and if no longer needed then destroyWe check for any other involvements that may extend the retention time.
Invoices and consent formsDate of invoice creation and/or signing of consent form.6 complete tax yearsReview and if no longer needed then destroyWe check for any other involvements that may extend the retention time.
Patient concerns and complaintsClosure of incident (see notes*)10 yearsReview and if no longer needed then destroy*Incident is not closed until all subsequent processes have ceased including legal action.  Where legal action has commenced, we keep records as advised by legal representatives.
Anonymous clinical audit dataDate of creation5 yearsReview and if no longer needed then destroyWe check for any other involvements that may extend the retention time.

 6.4.   Regardless of the retention provisions outlined in this section 6, we may retain your personal data for a longer retention period where there is a legal/professional/regulatory obligation, to which we are subject and/or in order to protect your vital interests or that of another natural person/s as outlined in section 7.

 

7.   When can we disclose personal data?

We may disclose personal information in the following circumstances:

7.1.   When You provide consent as follows:

–   We specifically request your consent when you take part in Our consultation services, either verbally or in writing (explicit) for the purposes of sharing your personal data to; contact and/or make referrals to your General Practitioner and/or other healthcare professionals for further treatment, to inform them of any test results, health strategies/care we have provided to you whilst you are a patient with Us and/or to discuss any aspect of your case when considered necessary. We may also request your separate consent to disclose your personal data as reasonably necessary to facilitate referrals to third-party laboratory testing/ nutritional supplement companies so that they can provide; nutritional supplements, testing services, any other services and/or discounts (where available) that we may recommend to you if and when you choose to accept that recommendation. .  This is for the purposes of; providing Our contracted services to you and facilitating safe healthcare, medical advice and tailored health plans as part of Our consultation service and to; ensure our clinical intervention decisions, clinical notes and clinical assessments are safe and accurate.  Therefore, Our legal basis is Your consent and the processing of this data also meets the condition of being necessary to provide You with direct healthcare under Article 9 of the UK GDPR.

You can object to your information being shared with other healthcare providers such as your NHS GP at any time, however Our consultation services cannot proceed without this consent which will be explained by the Pharmacist and/or in Our Terms of Service before proceeding with any consultations.

There is no obligation to uptake on any private laboratory tests and/or nutritional supplements that we may recommend and we will request your consent before transferring any personal data to any third-party testing and/or nutritional supplement companies.  We will take all reasonable steps to ensure that your data is handled safely, securely and in accordance with your rights and our obligations when transferring to any third-party suppliers.

–   The personal data that you enter onto electronic forms contained on Our website for the purposes of; subscribing to our newsletters, contacting Us with any sort of enquiry and/or booking a consultation appointment may be stored on the database on the servers of our hosting service provider.  We use a number of in-built features on any ‘form modules’ we use on our website as well as the additional organisational and technical measures outlines in section 5 to safeguard the personal data that you enter on such forms.  This is for the purposes of providing Our website services as described above.  You will be asked that you agree and consent to the terms of our privacy policy before submitting any electronic form information.

7.2.   Notwithstanding the provisions of point 7.1. where consent is obtained, personal data may be disclosed without your explicit consent in the following circumstances:

–   It is required by law- we may disclose your personal data when there is a legal, professional and/or regulatory obligation to which we are subject.  We may disclose your personal data to; other professionals/agencies including but not limited to your GP, any of our professional advisers and insurers as reasonably necessary to obtain and/or maintain insurance coverage, manage risks and obtain professional advice or if there is a need to do so for the establishment, defence or exercise of any legal claims whether that be part of in court proceedings or out of court/administrative proceedings.

–   When it is in the public interest- we may disclose your personal data to protect your vital interests or the interests of any other natural person/s.

7.3.   We may use third-party data processors to facilitate Our use of Your personal data for the services we provide as described in section 4 of this privacy policy. This may include but is not limited to; payment processors, analytical processors and website hosting servers.

7.4.   Any reception or administration staff that we employ now or in the future may require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff. Your personal information is not passed onto any third parties except for in the above circumstances.

 

8.   International transfers of personal data

8.1.   To enable us to provide effective services, we use servers located within the United Kingdom (UK) where possible to store and process any of the personal data described in this policy. However, we may transfer (‘transfer’ includes making available remotely) personal data to countries outside the UK and/or use third party data processors that are located outside the UK.

8.2.   Where we transfer any personal data outside the UK, we will ensure to take all reasonable steps to ensure that your data is treated as securely as it would be in the UK and under UK GDPR. As such transfers outside the UK will only occur if one or more or the following applies:

–   The transfer is covered by a UK “adequacy regulation”-   this means that the UK has found that the legal framework in place in that country, territory, sector or international organisation has ‘adequate’ protection for individuals’ rights and freedoms with regards to their personal data;

–   The transfer is covered by ‘appropriate safeguards’ which are listed in the UK GDPR; or

–   The transfer is covered by an exception covered in Article 49 of the UK GDPR.

Further guidance on the transfer of personal data outside the UK can be found on the ICO website at:

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers/

8.3.   We use a third-party practice management application (data processor) called ‘Practice Better’ (owned and operated by Green Patch Inc.), who have their servers located outside of the UK.  Practice Better is an electronic practice management tool which stores health records, appointment information, and communications between practitioners and clients.  We encourage you to use two-factor authentication (2FA) with the Practice Better web portal or app where possible to ensure the security of your data.  For more information on the privacy practices of Practice Better please visit the Practice Better Privacy web page:  https://practicebetter.io/privacy/

8.4.   You acknowledge that any personal data that you submit for publication through our website or other services may be available worldwide via the internet. We cannot prevent or take responsibility for the use (or misuse) of such personal data by others.

 

9.   Your Rights

9.1.   In compliance with data protection law, You have the right to:

–   Access/view your personal Data:  you can request copies of the information that we hold about you at any time.  This is known as a Subject Access Request (SAR).  If we provide access to the information that we hold about You, we will give you a copy in an intelligible form and we will not charge you for the handling of this Subject Access Request (SAR).  The Company reserves the right to charge You a reasonable fee for additional copies of information that have already been provided to You (the data subject), and for requests that are “manifestly unfounded or excessive”, particularly where such requests are repetitive.  We may refuse your request, where we are legally permitted to do so.  If we refuse your request, we will tell you the reasons why.

–   Be informed about the collection and use of your personal Data: including; our purpose for processing your personal data, our retention period for your personal data and any third parties this information will be shared with (as set out in the entirety of this document).

–   Be notified if critical information about You is inappropriately accessed which results in a high risk of adversely affecting Your rights and freedom.

–   Have any inaccurate and/or incomplete personal Data we hold about You updated, corrected and/or completed:  it is important that data we hold about your is accurate and up-to-date.  Please keep us informed if your Data changes during the time for which we hold it.

–   Apply to have your personal Data deleted:  You can make an application for deletion.  Each case will be looked at individually and if there has been minimal or no contact, then the request may be granted at our discretion.  For legal purposes we maintain personal data records for the retention periods set out in section 6.  For past website users and/or patients who no longer wish to remain on our contact list and who do not wish their data to be accessed, their data will be stored (for the retention time set out in section 6), in a secured form away from our patient database.  During this time, contact details will be removed from our systems and the records will not be accessed for any purpose/s other than  legal/professional/regulatory obligation, to which we are subject and/or in order to protect your vital interests or that of another natural person/s, should this need arise.

–   Restrict the processing of Your personal Data: you can request to limit the way in which we use your data.

–   Object to the processing of Your personal Data.

–   Data portability:  you can request to move, copy or transfer your Data to another organisation or to You.

–   Complain to a supervisory authority:  If you are not satisfied with the way in which we handle a complaint in relation to your Data, you may be able to refer your complaint to the relevant data protection authority.  For the UK, this is the Information Commissioner’s Office (ICO).  Contact details for the ICO can be found at their website https://ico.org.uk/

–   Withdraw consent to the processing of your Data (where the legal basis for us processing your Data is consent).

These rights are subject to certain exceptions and limitations.  If you would like to learn more about the rights of data subjects you can visit https://ico.org.uk/your-data-matters/

9.2.   To exercise any of your rights in relation to your personal data please contact Us in writing using the contact details set out below in section 15, addressing to Our Director (Kaye Millard). We will respond within one month of receipt of any requests.

 

10.   Security of Contact and Communication

If You contact us via our practice email address it is at your own discretion and any such personal details you provide is at your own risk.  Your personal Data is stored securely and privately until it is no longer required or has no use and every effort is made to ensure safe and secure technical and organisational processes are available for email data submission.  However, we advise that You are responsible for the security of your personal details until it is received by The Nutrient Pharmacist Ltd and as such You are responsible for transmitting your personal details to Us in a secure manner.  If you would like to discuss this before transmitting any sensitive personal data please contact us using the details set out below in section 15.

 

11.   Links to other websites

This website may provide links to other third-party websites.  We have no control over such websites, the content of these websites, their use of your data and/or cookies.  This privacy policy does not extend to your use of such websites and you are advised to read the privacy & cookie policies or statement of other websites before using them.

 

12.   Cookies

We use cookies on our website.  For more information on the cookies we use, please see our Cookie Policy.

 

 

13.   Changes of business ownership and control

13.1.   We may, from time to time, expand or reduce our business and this may involve the sale and/or transfer of control of all or part of our business. Any personal data that you have provided to Us will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by us.

13.2.   If we have a prospective purchaser of our business or any part of it, we may disclose Data to them.

13.3.   In any of the above circumstances in points 13.1. and 13.2., we will take reasonable steps to ensure your privacy is protected.

13.4.   In any of the above circumstances in points 13.1. and 13.2., where any of your data is to be transferred in such a manner, we will not contact you in advance to inform you of the changes.

 

14.   Changes to this policy

14.1.   We may update this policy from time to time as deemed necessary or as may be required by law.

14.2.   Any changes will be immediately posted on our website and you should check Our website occasionally to ensure you are happy with any changes to this policy.

14.3.   We may notify you of changes to this policy by email.

14.4.   You are deemed to have accepted the terms of this privacy policy on your first use of the Website following any alterations.

 

 

15.   Our Details 

Our website and Our other products/services are owned and operated by The Nutrient Pharmacist Ltd

The Nutrient Pharmacist Ltd is a Private Limited Company limited by shares registered in England and Wales under the registration number 11483049.  Our registered office address is:   The Coach House, Greensforge, Kingswinford, West Midlands, DY6 0AH

You can contact us:

–   Via post, to the registered office address (as given above);

–   By telephone on 07309612305;

–   By email, at info@thenutrientpharmacist.co.uk; or

–   Using our website contact form.

V: 06/04/2021

Join the Nutrient Pharmacist Community

Get the latest news, articles and recipes straight to your inbox.

By signing up to our newsletter, you accept the terms of our website Terms & Conditions, Privacy Policy and consent to receiving emails with the latest news and content.