Cookies are text files that are stored on your computer or device when you visit the Single Step Nutrition website, to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
The General Data Protection Regulation (GDPR) came into force in May 2016 and will apply from 25th May 2018. It builds on existing data protection laws and will strengthen the rights and controls that individuals have over how their personal data is used, processed or disposed of.
For the purpose of these Regulations Single Step Nutrition (Rebecca Wilson) is the Data Controller, 26 Greenway Gardens, Chippenham, Wiltshire, SN15 1AL, and we can be contacted by e-mail at: firstname.lastname@example.org or by phone 07840 364779. We are registered with the Information Commissioners Office Ref ZA475647.
Single Step Nutrition may change this policy from time to time by updating this page. You should check this page periodically to ensure that you are happy with any changes.
Obtaining Personal Data
We may obtain personal data either from information given by you or from information made available by third parties or from other sources in the public domain. We will only use information from third parties where it is permitted in law and where it can be demonstrated that consent has been given to release such information.
We may obtain your personal data in the following ways:
- in conversation or in writing
- electronically via e-mail, our website or in social media
- via your completing a food diary and pre-consultation form
- by your signing our terms of engagement form
- during a nutritional therapy consultation.
Personal information we hold may include by way of example the following:
- Contact information including name, email address and contact telephone numbers
- Health information including your previous medical history
- Dietary, supplement and medicine details
- Clinic notes and food plans
- Information about your use of our website. For more information, see our Cookies Policy
Why and How We Use Personal Data
We act as a data controller for use of your personal data to provide you with nutritional advice. We also act as a controller and processor in regard to the processing of your data from third parties such as other healthcare providers
We undertake at all times to protect your personal data, including any health and contact details, in a manner which is consistent with the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data storage.
Legal basis for processing personal information
The legal basis for processing your Data means identifying what (or who) gives us the right to process your Data. Without at least one of these rights being present, we would have no legal right to do so. We rely on 2 different legal bases to process your Data.
- Your consent – We will ask for your consent to process your data when our Legitimate Interests are not appropriate. You may withdraw your consent at any point, however we may still be able to process your Data lawfully using the additional legal base below.
- Legitimate Interests – Processing is necessary for the purpose of our own legitimate interests, except where this is overridden by your own interest, rights or freedoms. There will be times when we will want to process your Data for our own interests, rather than yours. There are more details on what this really means below, but we will never use this basis where your own interests, right or freedoms are more compelling.
We may process your personal information for our legitimate business interests.
“Legitimate Interests” mean the interests of our company in conducting and managing our business to enable us to give you the best service/products and the best and most secure experience. For example, we have a legitimate interest in processing your data to provide you with nutritional advice.
When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Whom we share personal information with
We may share your personal information with:
- Organisations that support the products or services we provide to you.
- Anyone you give us permission to share it with.
- Official bodies to detect and prevent criminal activity e.g. money laundering, theft, fraud, terrorism, cybercrime.
Your personal data is not sold or rented to third parties unless we have your permission or are required by law to do so.
Protecting your Data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, and other third parties who have a business need to know. Processors we appoint will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Data retention periods
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any current legal, statutory, or regulatory obligations. In doing so we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Banking and Payment Card details are never stored and are destroyed once payments have been processed.
Access and Control of Your Personal Data
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at email@example.com .
You may request details of personal information which we hold about you via a Subject Access Report (SAR). We will respond to these requests within one month of receipt. Our response will include details of the personal data that we hold about you, including the sources we gathered the data from and the purposes the data is processed for. If you would like a copy of the information held on you please email firstname.lastname@example.org , or write to: Data Protection Administrator, 26 Greenway Gardens, Chippenham, Wiltshire, SN15 1AL
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
You can ask us to erase your personal data. We will not erase your personal data if it is still required for the purpose for which it was collected or if we are legally obliged to continue processing your personal data. It is important to note if you exercise this right we will keep a copy or a record of your request as it is our legitimate interest to show that you have exercised this right.
The Supervisory Authority in the UK is the Information Commissioner’s Office (ICO) and you can complain to them if you are not happy with any aspects in relation to us processing your personal data. Their website is www.ico.org.uk
We pride ourselves on our transparency, should you have any issues please do not hesitate to contact us in order that we may try and resolve any issue you may have.