Privacy Policy for ThistleVale Nutrition

ThistleVale Nutrition is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, and disclose information when you use our services, including personalized nutrition planning, dietary consultations, weight management programs, sports nutrition guidance, and corporate wellness workshops.

We adhere to the General Data Protection Regulation (GDPR) and other applicable data protection laws in the United Kingdom regarding the collection, use, and retention of personal information.

1. Information We Collect

We collect various types of information to provide and improve our services to you.

Information You Provide Directly to Us:

• Personal Identification Information: Name, address, phone number, email address, date of birth.
• Health and Dietary Information: Details about your health status, medical history, dietary preferences, allergies, current medications, lifestyle habits, and fitness goals. This is considered sensitive personal data and is collected only with your explicit consent.
• Consultation Notes: Information gathered during consultations, progress tracking, and feedback related to your nutrition plan.
• Payment Information: While we do not store full payment card details on our servers, we may collect billing address and transaction details. Payment processing is handled by secure third-party payment gateways.

Information We Collect Automatically:

• Usage Data: Information about how you interact with our online platform, such as pages visited, time spent on pages, and referring URLs.
• Device Information: IP address, browser type, operating system, and other device identifiers.
• Cookies and Tracking Technologies: We use cookies and similar tracking technologies to track the activity on our service and hold certain information.

2. How We Use Your Information

We use the collected information for various purposes, primarily to deliver our healthcare and nutrition services effectively:

• To Provide Services: To deliver personalized nutrition plans, conduct dietary consultations, manage weight management programs, offer sports nutrition guidance, and facilitate corporate wellness workshops.
• To Communicate with You: To send appointment reminders, service updates, respond to your inquiries, and provide necessary information related to your plan.
• To Administer Our Business: For internal record keeping, billing, and operational purposes.
• For Improvement and Development: To analyze service usage, understand trends, and improve the quality and range of our services.
• For Legal Compliance: To comply with legal obligations, enforce our terms and conditions, and protect our rights and the rights of others.

3. Legal Basis for Processing (GDPR)

Our legal basis for collecting and using the personal information described in this Privacy Policy depends on the information we collect and the specific context in which we collect it:

• Consent: We will process sensitive personal data (e.g., health information) only with your explicit consent. You have the right to withdraw your consent at any time.
• Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into such a contract (e.g., providing nutrition guidance).
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject (e.g., maintaining medical records).
• Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

4. Sharing Your Information

We do not sell your personal data. We may share your information with third parties only in the following circumstances:

• Service Providers: We may engage trusted third-party companies and individuals to facilitate our services (e.g., IT support, payment processing, data hosting). These third parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
• Legal Requirements: We may disclose your information if required to do so by law, in response to a subpoena or court order, or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement.
• Business Transfers: In the event of a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different Privacy Policy.
• With Your Consent: We may share your information with other third parties when we have your explicit consent to do so.

5. Data Retention

We retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Health and medical records are retained in accordance with relevant healthcare regulations and professional guidelines applicable in the United Kingdom.

6. Data Security

The security of your data is paramount to us. We implement appropriate technical and organizational measures designed to protect your personal data from unauthorized access, accidental loss, destruction, alteration, or disclosure. These measures include:

• Encryption: Using encryption for data in transit and at rest where appropriate.
• Access Controls: Restricting access to personal data to authorized personnel only, who are bound by confidentiality obligations.
• Regular Audits: Conducting regular security assessments and audits of our systems.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

7. Your Data Protection Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• The Right to Access: You have the right to request copies of your personal data.
• The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions.
• The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
• The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• The Right to Lodge a Complaint: If you are concerned about our processing of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority set up to uphold information rights.

If you make a request, we have one month to respond to you. To exercise any of these rights, please contact us using the details provided below.

8. Links to Other Websites

Our service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

9. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personally identifiable information from anyone under the age of 16. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Contact Us

If you have any questions about this Privacy Policy, your personal data, or your rights, please contact us:

• Address: ThistleVale Nutrition, 315 Chestnut Grove, Suite 4B, Edinburgh, Scotland, EH3 9RG, United Kingdom

Last updated: 17 May 2024