How We Look After Your Information

The Dietetic Clinic is an independent dietetic practice providing personalised, evidence-based nutrition and dietetic care.

We are the data controller for the personal information we hold about you. This means we are responsible for deciding how and why your information is used, and for keeping it safe.

We collect only the information necessary to provide safe, personalised dietetic care. This may include:

Health information is classed as “special category data” under UK GDPR and is given the highest level of protection.

We collect information in the following ways:

• Directly from you — through intake forms, consultations, emails, or telephone calls
• From referrers — GPs, consultants, or other healthcare professionals who refer you to us (with your knowledge)
• From other healthcare providers — where you have given consent for information to be shared
• Through our website — if you submit a contact or enquiry form

We use your information to:

• Provide safe, personalised dietetic assessment and treatment
• Maintain accurate and up-to-date clinical records
• Communicate with you about your care, appointments, and progress
• Prepare reports, letters, or care plans where requested
• Meet our legal, regulatory, and professional obligations as an HCPC-registered dietitian
• Respond to your enquiries and provide information about our services
• Process payments and manage our administrative records

We will never use your information for marketing purposes without your explicit consent.

Under UK GDPR, we must have a lawful basis for processing your personal information. We rely on the following:

For special category health data, we rely on:

• Provision of health or social care — the primary basis for processing clinical information
• Explicit consent — where we ask for your specific agreement, for example to share information with your GP
• Substantial public interest — in limited circumstances required by law

Where we rely on consent, you have the right to withdraw it at any time. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal.

We treat your information with the utmost confidentiality. We will only share it in the following circumstances:

We never sell, rent, or share your personal information with third parties for marketing purposes.

We take the security of your personal information seriously. Our measures include:

• Encrypted, password-protected devices and systems
• Two-factor authentication on accounts holding personal data
• Secure, UK/EU-based data storage and cloud services
• Restricted access to clinical records on a need-to-know basis
• Regular review of our data security practices
• Secure disposal of paper records when no longer needed

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform you directly where required.

We retain your information only for as long as necessary. Our retention periods are guided by professional and legal requirements:

After the relevant retention period, records are securely deleted or destroyed.

You have the following rights in relation to your personal information:

To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month. We may need to verify your identity before processing your request.

We aim to store and process your data within the UK or European Economic Area (EEA). Where any third-party service provider processes data outside the UK or EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the ICO, to protect your information to the same standard as required under UK GDPR.

Our website may use cookies and similar technologies to support its functionality. This may include:

• Essential cookies required for the website to function
• Analytics cookies to help us understand how visitors use the site (where consent is given)
• Third-party cookies from embedded booking widgets or forms

We do not use cookies to track you across other websites or to sell your data to third parties. For more detail, please see our Cookie Policy.

If you have any concerns about how we handle your personal information, please contact us in the first instance so we can try to resolve the matter:

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent data protection authority:

• Website: www.ico.org.uk
• Telephone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We review and update this privacy notice periodically to reflect changes in our practice, legal requirements, or guidance from the ICO. The most current version will always be available on our website. This notice was last reviewed and updated in June 2026.