Privacy Policy - Protecting Your Personal Health Information

Privacy Policy

Privacy Policy – Amy‑Jane Higgins Nutrition

Effective from: 1 May 2026 Reviewed: Every 3 years

1. Introduction

This Privacy Policy explains how Amy‑Jane Higgins Nutrition collects, uses, stores, and protects your personal information. I am committed to safeguarding your privacy and complying with UK GDPR and the Data Protection Act.

By using this website or working with me, you agree to the terms outlined here.

2. Who I Am

Data Controller: Amy‑Jane Higgins Sole Trader, Nutritional Therapist United Kingdom

Contact: ajhnutrition.co.uk

3. What Personal Data I Collect

Information you provide directly

Name, email address, phone number

Health history and case‑taking information

Clinical test results

Nutrition and lifestyle information

Appointment information

Payment details (processed externally)

Information collected through the website

Contact form submissions

Cookies (see Cookie Policy)

Website analytics (non‑identifiable)

4. Lawful Basis for Processing

I process your data under:

Consent – for collecting and using health information

Contract – to provide nutritional therapy services

Legitimate interest – for business administration

Legal obligation – record‑keeping for health services

5. How Your Data Is Used

Your data is used to:

Provide personalised nutritional therapy

Communicate with you about appointments and care

Maintain accurate clinical records

Process payments

Respond to enquiries

Meet legal and professional obligations

I do not use your data for automated decision‑making or profiling.

6. How Your Data Is Stored & Secured

Digital data

Stored on encrypted, password‑protected systems

Access limited to me only

Secure cloud services with GDPR‑compliant providers

Paper records (if used)

Stored in a locked cabinet in my home office

Access limited to me only

Payment data

Processed securely by PayPal or Stripe and subject to their privacy policies.

7. How Long Your Data Is Kept

Health records are retained for 7 years, in line with legal and professional requirements. After this period, they are securely destroyed (shredding or digital deletion).

8. Sharing Your Data

Your data is never shared without your explicit consent, except:

When required by law (e.g., safeguarding)

With laboratories or test providers (with your consent)

With payment processors (PayPal/Stripe)

I do not sell or trade personal information.

9. Your Rights Under UK GDPR

You have the right to:

Access your personal data

Request correction of inaccurate data

Request deletion (where legally possible)

Withdraw consent

Restrict processing

Request data portability

Object to processing

To exercise your rights, email: [your email]

I will respond within 30 days.

10. Data Breaches

If a breach occurs, I will:

Notify affected individuals

Notify the ICO within 72 hours (where required)

11. Cookies & Website Tracking

This website uses cookies for:

Basic site functionality

Analytics (non‑identifiable)

You can manage cookies through your browser settings.

12. ICO Registration

I am registered with the Information Commissioner’s Office (ICO) as a Data Controller.

13. Updates to This Policy

This policy may be updated periodically. The latest version will always be available on this website

Information icon

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.