Privacy policy.

Welcome to Hygieia Health and Wellbeing. We value your privacy and are committed to protecting your personal information. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of your information when you use our services. All handling of your personal data is done in compliance with the Data protection Act 2018, which includes the General Data Protection Regulation (GDPR). The Data Controller is Mandy Cotten, who can be contacted at Mandy@hygieiahealthandwellbeing.com.

 

What Information we collect:

We collect or use the following information:

  • Personal Information: Name, address, date of birth, telephone number, email address, occupation, marital status, emergency contact details

  • Health Information: Details you provide about your health and wellness which could include medical conditions, allergies, medical requirements and medical history. You may also provide test results (e.g. bloods)

  • Payment details: Card or bank information for transfers

  • Records of meetings and decisions

  • Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

  • Usage Data: Information about how you use our website

 

What are the lawful bases for processing personal data?

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

When you supply your personal details to us they are stored and processed for 4 reasons:

  • We need to collect personal information about your health in order to provide health coaching services. Your requesting a consultation/health advice and our agreement to provide that service constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that we would not be able to provide health coaching services.

  • We have a “Legitimate Interest” in collecting that information, because without it we couldn’t do our job effectively and safely.

  • We also want to communicate with you in order to confirm your appointments with us or to update you on matters related to your health coaching plan. This again constitutes “Legitimate Interest”.

  • By signing our Terms and Conditions you are giving us consent to your present and future use of our Health Coaching services. You may withdraw this consent at any time – just let us know by any convenient method.

Where we get personal information from

We only collect the personal information that you provide to us directly.

 

How long we keep information

We have a legal obligation to retain your records for 7 years after your most recent appointment.

 

Who we share information with

  • We will never share your data with anyone who does not need access without your written consent or unless we are legally required to do so.

  • Where necessary, our data processors may transfer personal information outside the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.

 

How we store information

  • On paper, in a locked filing cabinet.

  • Electronically (“in the cloud”), by our service providers Google & Microsoft subject to their detailed privacy policies. Access to this data is password protected, and the passwords are changed regularly.

  • On our office computer. This is password-protected and backed up regularly.

 

Your rights

You can find out more about your data protection rights and exemptions which may apply on the ICO’s website:

  • Your right of access - You have the right to ask us for copies of your personal information.

  • Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.

  • Your right to erasure - You have the right to ask us to delete your personal information provided the minimum period has elapsed.

  • Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information.

  • Your right to object to processing - You have the right to object to the processing of your personal data.

  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.

  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time.

  • If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

If you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to the Data Controller as detailed at the top of this Data Privacy Notice.

If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.

 

Changes to our Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy from time to time for any changes.

Effective Date: 22/11/2024