Privacy Policy
Ebony Redhead Nutrition
07967736934
Date effective: April 2026 (last reviewed April 2026)
1. Purpose of this Notice
This Privacy Notice explains how I collect, use, and store your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all clients, prospective clients, and visitors to my website or clinic.
2. Who I Am
Ebony Redhead Nutrition is a provider of nutritional therapist services, registered with ANP /GNC.
I am the data controller for the personal information I collect and process in the course of providing the professional services.
3. Information I Collect
To provide safe and effective care, I may collect the following types of information:
• Personal details (name, address, contact details, date of birth, GP contact)
• Health and medical history, symptoms, and relevant test results
• Information about diet, lifestyle, medication, supplements, and goals
• Consultation notes and correspondence
• Payment details (if applicable)
4. Lawful Basis for Processing
I process your personal data under the following lawful bases:
• Contract: to provide you with agreed nutritional therapy services.
• Legitimate interests: to maintain records and manage my business safely and professionally.
• Consent: for processing sensitive (special category) health information. You may withdraw your consent at any time.
• Legal obligation: to comply with legal or insurance record-keeping requirements.
Special categories of data included race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health and sexual orientation.
I may hold special category data for the following purposes:
• Provision of direct healthcare
I process your data under the following articles of General Data Protection Regulation:
• Article 6(1)(b) – Contract: to provide professional services requested by you
• Article 9(2)(h) – Provision of healthcare: processing necessary for health and treatment purposes.
5. How I Use Your Information
Your information is used to:
• Provide safe and effective care
• Assess suitability of personalised health advice
• Communicate with you about your care
• Keep accurate clinical records
• Process payments and manage bookings
• Meet professional, insurance, and legal obligations
• [Marketing and newsletters subject to your consent]
I undertake at all times to protect your personal data, including any health and contact details, in a manner which is consistent with my duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. I will also take reasonable security
measures to protect your personal data storage.
I may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime.
Your data will never be sold or used for marketing without your explicit consent.
Your data may be shared with other parties for the following reasons if you have consented to in the GDPR consent form:
• To obtain functional tests (such as blood or urine).
• For booking and administrative purposes.
• To courier and logistics providers who ship products to you.
• To companies supplying supplements or other products directly to you on my recommendation.
6. How Your Information Is Stored
All personal information is stored securely in:
• Password-protected devices
• Encrypted clinical software
7. Online Consultations and Electronic Communication
Online consultations are conducted using reputable platforms with appropriate security measures in place. Although all reasonable steps are taken to protect your information, no internet-based communication system can be guaranteed to be completely secure. If you choose to communicate via email, please be aware that standard email is not fully encrypted.
8. How Long Records Are Kept
In line with professional standards and insurance requirements, clinical records are retained for:
• 7 years from the date of last consultation
• For children: until age 25 (or 26 if aged 17 at end of treatment)
After this period, records are securely deleted or destroyed. In certain cases, such as where records may be relevant to an insurance claim or legal proceeding, they may be retained for longer.
9. Data Regulations for Minors
Where the client is under the age of 18, consent from a parent or legal guardian is required before nutritional therapy can begin. The child remains the data subject under data protection law. Both parents may have the right to access the child’s records unless there is a legal restriction or court order in place that
limits this access.
10. Sharing Your Information
I will not share your information with third parties unless:
• You have given explicit consent (for example, to share with your GP or another healthcare provider);
• Disclosure is required by law (for example, in cases of serious risk of harm);
• It is necessary for accounting or administrative purposes (e.g., my professional indemnity insurer or accountant, who are GDPR-compliant).
11. Your Rights
Under UK GDPR, you have the right to:
• Access the personal data I hold about you.
• Request to move, copy or transfer your data to a third party.
• Request correction of inaccurate information
• Request deletion of your data (where legally permissible)
• Restrict or object to certain forms of processing
• Withdraw consent at any time
• Lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk
Please note that clinical records cannot be deleted where retention is required by law, insurance, or professional standards.
12. Communication and Updates
I may occasionally update this Privacy Notice to reflect legal or procedural changes. The latest version will always be available on request and can be found at www.ebonyredhead.co.uk.
13. Reporting breaches
Any breach of this policy or of data protection laws will be reported as soon as practically possible. This means as soon as I become aware of a breach.
I have a legal obligation to report any data breaches to UK Supervisory authority which is the Information Commissioners Officer within 72 hours.
If you have any questions about how your information is handled, please contact:
Ebony Redhead [Data Controller]
Email: info@ebonyredhead.co.uk | Phone: 07967736934
14. Website technical details
The website www.ebonyredhead.co.uk collects personal information to power our site analytics, including:
Information about your browser, network, and device
Web pages you visited prior to coming to this website
Your IP address
This information may also include details about your use of this website, including:
Clicks
Internal links
Pages visited
Scrolling
Searches
Timestamps
We provide this information to Squarespace, our website analytics provider, to learn about site traffic and activity.
This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. For information about viewing the cookies dropped on your device, visit The cookies Squarespace uses.
These necessary and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this website to you.
These analytics and performance cookies are used on this website, as described below, only when you acknowledge our cookie banner. This website uses analytics and performance cookies to view site traffic, activity, and other data.
This website is hosted by Squarespace. Squarespace collects personal information when you visit this website, including:
Information about your browser, network and device
Web pages you visited prior to coming to this website
Web pages you view while on this website
Your IP address
Squarespace needs the data to run this website, and to protect and improve its platform and services. You can read more about how Squarespace uses your data (site usage information of end users) for its own purposes in their Privacy Policy.