Privacy Policy for Molly Hodgen Nutrition

(Last reviewed: August 2018)

 

This page outlines the personal information stored by Molly Hodgen Nutrition, including security and data sharing. As this policy is not exhaustive, please direct any further questions to our data protection officer: 

Molly Hodgen 

info@mollyhodgen.com

Akasha Wellness, The Barley Barn, Bishop's Stortford, Herts, CM23 1JG

Throughout this policy Molly Hodgen Nutrition may be referred to as "we" "our" or "us". 

1. What We Do

Molly Hodgen Nutrition is a nutritional therapy business. In our practice we provide nutritional, lifestyle and nutraceutical advice with the aim to optimise wellbeing and support those with chronic health conditions. We achieve this via one to one consultations, dietary analysis and biochemical testing. 

In order to provide this support it is necessary to collect certain information about individuals (including clients and/or suppliers). All information is stored and collected in accordance with the General Data Protection Regulation (GDPR). We are committed to respecting individual rights, to being open and honest with those whose data we hold, and to follow the six core principles of data protection: 

  • To be lawful, fair and transparent

  • To limit data collection for specific purposes

  • To collect data only where necessary

  • To ensure that data we hold is accurate and up to date

  • To store data only for the necessary time period

  • To ensure the safety and security of the data we hold

Molly Hodgen Nutrition acts as the data controller for all personal information held. We are consequently responsible for: 

  • Analysing and documenting the type of personal data we hold

  • Checking procedures to ensure they cover all the rights of the individual

  • Identifying the lawful basis for processing data

  • Ensuring consent procedures are lawful

  • Implementing and reviewing procedures to detect, report and investigate personal data breaches

  • Storing data in safe and secure ways

  • Assessing the risk that could be posed to individual rights and freedoms should data be compromised

​Molly Hodgen Nutrition is registered with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. A copy of our registration is available through the ICO website (search Molly Grace Hodgen). If you are not happy with any aspect of our data handling you have the right to make a formal complaint (www.ico.org.uk). 

We are legally obligated to report any data breaches to the ICO within 72 hours. 

2. How Your Personal Data is Collected

  • Signing the terms of engagement

  • One to one nutritional therapy consultation

  • Email and telephone correspondence

  • Credit card payment

The following information may be included: 

  • Basic details, e.g. name, address, contact details

  • Details of our correspondence, e.g. appointment requests

  • Personal health information e.g. diet, previous medical history/medication

  • GP contact details

  • Bank details

Special categories of data may include: 

  • Ethnicity, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health and sexual orientation

The sole purpose in holding any of this information is to provide direct healthcare for you as our client. The legal basis for holding this information is therefore legitimate interest. 

As our correspondence ceases and we no longer provide you with direct healthcare, your personal data is kept for a time period determined by our professional association (BANT) and registrant body (CNHC). During this time period you are able to access your data and process a complaint. The legal basis for holding this information is therefore contact administration. 

Information may also be acquired from alternative sources, including: 

  • Biochemical test results

This information is used to provide direct healthcare and thus the legal basis for holding this information is legitimate interest. 

  • Other healthcare providers

This information is obtained only with direct consent, although it is encouraged in order to improve level of care. 

3. Gaining Your Consent

All consent requests will be made transparent to ensure individuals clearly understand the nature of the request - including why their information will be collected, who it will be shared with, and possible consequences of agreeing or refusing the request. 

Molly Hodgen Nutrition will make an audit trail of consent, documenting who consented, when, how, what, if and why consent is withdrawn. Additional consent will be sought for any change in data handling. 

4. How Your Personal Data is Used 

Molly Hodgen Nutrition acts as both a data controller (providing direct healthcare in response to personal data) and a data processor (processing data from third parties e.g. testing companies) We further act as both a data controller and processor with regards to credit card payments. 

Our handling of data is consistent with the requirements of GDPR and those of professional association and registration body. 

The most common ways we use your data are as follows: 

  • To perform a contract between us

  • For legitimate interests (so long as your own interests/rights to not conflict)

  • To comply with a legal or regulatory obligation

Your data will only be used for the purpose for which it was collected and which you consented, unless the law requires otherwise. For example, where there is overriding public interest, data may be used to safeguard an individual or to prevent serious crime. 

5. Sharing Your Information

Your personal data is strictly confidential and requires direct consent in order to be shared with a third party. Exceptions to this rule are as follows: 

  • Our registrant body (CNHC) and professional association (BANT) for processing a complaint made by you

  • Any contractor/advisor that provide a service to us, on the understanding that the information remains confidential (e.g. auditors, insurers)

  • Those whom we may transfer our rights/duties to under an agreement with yourself

  • Any legal/crime prevention agencies

  • To satisfy a regulatory request if there is a duty to do so or if the law allows to do so

Information shared with supplement and/or biochemical testing companies is part of providing your direct health care. Sensitive information is not included. 

Direct consent to your GP is sought, however if it is believed that your life is in danger information may be passed to an appropriate authority regardless of consent. The legal basis here is vital interests. 

For the purpose of professional development, your case history  may be shared with peers in strictly anonymous form (e.g. online professional sites or conferences). Direct consent will be sought before pursuing this. 

6. Your Rights

  • To see, amend, delete or have a copy of your data with no reason stated

Please contact info@mollyhodgen.com in order to access your data. Under special circumstances some information may be withheld. Response shall be within one month on receipt of your request and shall not induce a charge, unless unfounded or excessive. If the request is complex or numerous the deadline may be extended by two months, however the individual shall be informed within one month. If large quantities of data are requested we may ask that individual specify the information they require. Once subject access request has been made, we will not amend any data. Doing so is a criminal offence. 

In order to process your request we may ask for additional information from yourself in order to confirm your identity and your rights to access the data. This acts as a further security to ensure the data will not reach anyone who has no right to receive it. 

Response shall include details of the personal information we hold, including: 

  • Sources from which we acquired the information

  • The purposes of processing the information

  • Persons or entities with whom we are sharing information

You may, subject to exemptions, ask to: 

  • Delete your information

  • Amend your information

  • Ask us to stop processing information about you, so long as we are not required to do so by law or in accordance with the BANT and CNHC guidlines

  • Receive a copy of your personal data in a structured and readable format, with the right to transmit this to another data controller

  • Object at any time to the processing of personal data concerning you

Molly Hodgen Nutrition does not use any form of automated processing with may result in automated decision based on your personal data. 

If you would like to invoke any of the above rights please contact the data controller at info@mollyhodgen.com.

7. Safeguarding Your Data

We protect your personal information in accordance with GDPR. Any processing of personal data is therefore only conducted under legitimate basis in a fair and lawful manner. 

Molly Hodgen Nutrition has assessed two main areas of risk to your data: 

  • Information getting into the wrong hands as a result of poor security and/or inappropriate disclosure of information

  • Individuals being harmed through data being inaccurate or insufficient

As we practice within the health sector we are obligated to follow the common law of duty of confidence. Consequently, where we have gained identifiable information in a confidential setting, this must remain strictly confidential and is only to be shared if the purpose is to provide direct healthcare. Your information is protected, we will inform you how it will be used, and allow you the right to decide if and how it can be shared. 

In addition to this, your information is held in a secure location with access restricted to authorised personnel only. All online data is encrypted meaning that unauthorised users are either unable to see or make sense of the information, including email correspondence. Strong passwords are used to protect data stored on a computer. Printed data is shredded when no longer needed. All data is regularly backed up and therefore protected from unintended loss. 

Any external data processor that we work with has been assessed to monitor their own level of safeguarding and data handling to ensure their compliance with GDPR. Written contracts are in place with any third-party data controller and/or processor to ensure liabilities, obligations and responsibilities of all. 

As a data controller, we shall only appoint processors who meet GDPR standards. As a data processor, we shall only act on documented instructions of a controller. 

8. Length Confidential Information is Held

All records held by Molly Hodgen Nutrition are kept for 8 years from the data of final consultation, as specified by guidance from our professional association (BANT). 

9. Contracts

All contracts utilised by Molly Hodgen Nutrition comply with ICO standards and, where possible, follow standard contractual clauses. Contracts with data controllers and/or processors cover subject matter, duration of processing, nature and stated purpose of the processing, type of personal data and categories of data subject, as well as obligations and rights of the controller. 

10. Marketing

 

Additional consent will be sought before using your data for any marketing purposes. You are able to opt out of this at any time by contacting info@mollyhodgen.com. 

11. Cookies

This website uses cookies. You are able to delete some/all cookies from your browser however please be aware that this might prevent some aspects of the website from working correctly. You are also able to set browser alerts to highlight if and when cookies are being used. For our full cookie policy please see here. 

© 2018 by Molly Hodgen Nutrition

Tel. 07399 660601    info@mollyhodgen.com