PRIVACY POLICY

Sarah Gale Nutrition Limited holds some information about you. This document outlines how that information is used, who we may share that information with and how we keep it secure. This notice does not provide exhaustive detail, however we are happy to provide any additional information or explanation needed. Any requests should be sent to [email protected].

We keep our Privacy Notice under regular review.

 

WHAT WE DO

Sarah Gale Nutrition Limited provides nutritional therapy services to clients to improve their health through diet and lifestyle interventions. We focus on preventative healthcare, the optimisation of physical and mental health and chronic health conditions.

Through nutritional therapy consultations, dietary and lifestyle analysis and biochemical testing, we aim to understand the underlying causes of your health issues, which we will seek to address through personalised dietary therapy, nutraceutical recommendations (supplements) and lifestyle advice.

We also provide digital products, online programmes, educational workshops and presentations on health and nutrition topics.

 

HOW WE OBTAIN YOUR PERSONAL DATA

Information provided by you

You provide us with personal data in the following ways:

  • By completing a nutritional therapy questionnaire
  • By signing a terms of engagement form
  • During a nutritional therapy consultation
  • In person, through email, over the telephone, through social media or by post
  • By making a purchase via our website or online platforms
  • By subscribing to newsletters or downloading resources

This may include the following information:

  • Basic details such as name, address and contact details
  • Details of contact we have had with you such as referrals and appointment requests
  • Health information including medical history, dietary, lifestyle, supplement and medication details, test results, clinic notes and health plans
  • GP contact information
  • Payment details (processed securely via third-party providers)
Information we get from other sources

We may obtain sensitive medical information in the form of test results from biochemical testing companies.

We may also obtain information from other healthcare providers where you have given your explicit consent.

If we do not receive this consent, we may not be able to coordinate your healthcare effectively.

 

HOW WE USE YOUR PERSONAL DATA

We act as a data controller for your personal data.

We process your information to:

  • Provide healthcare services
  • Deliver digital products and online programmes
  • Communicate with you regarding services, bookings or enquiries
  • Send newsletters or marketing communications (where you have opted in)

Where you purchase digital products or access online programmes, we process your personal data to deliver those products and provide access to relevant content. This use does not constitute the provision of healthcare services or create a practitioner-client relationship.

We do not sell your personal data to third parties.

 

Legal basis for processing your data

We process your personal data under the following legal bases:

  • Performance of a contract (to provide services and deliver products you have purchased)
  • Legitimate interests (to operate and improve our business and services)
  • Consent (for marketing communications and where required for sharing information)
  • Provision of healthcare and health-related services, including the processing of special category data (such as health information) where necessary

Where we rely on your consent, you have the right to withdraw it at any time.

 

ONLINE SERVICES AND THIRD PARTIES

We use third-party platforms to support our business operations, including:

  • Practice Better (for client records, health questionnaires, consultations and secure messaging)
  • Kajabi (for hosting programmes, courses and email communications)
  • Stripe and PayPal (for secure payment processing)
  • Google Analytics (for website analytics)

These providers may process your data on our behalf and are required to comply with data protection regulations.

Some of our third-party providers may process your data outside of the UK or Guernsey. Where this occurs, we ensure appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

 

DO YOU SHARE MY INFORMATION WITH OTHER ORGANISATIONS?

We keep your information confidential and only share it where necessary.

We may share your information with:

  • Our registrant body (CNHC) and professional association (BANT) for handling complaints
  • Contractors and service providers acting on our behalf
  • Legal or regulatory authorities where required
  • Third-party service providers supporting our business operations

We may share information with supplement or testing companies as part of providing healthcare services, but we will not include unnecessary sensitive information.

We will always seek your consent before sharing your information with your GP or other healthcare providers unless there is a safeguarding concern or legal obligation.

We may share anonymised case studies for professional development, teaching or publication. We will seek your consent before doing so where appropriate.

 

HOW LONG WE KEEP YOUR DATA

We retain personal data for as long as necessary for the purposes it was collected, including:

  • Healthcare clients: in line with guidance from BANT and CNHC
  • Digital product customers: for as long as needed to provide access and meet legal obligations
  • Marketing subscribers: until you unsubscribe or withdraw consent

 

WHAT ARE YOUR RIGHTS?

You have the right to:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request deletion of your data (where applicable)
  • Request restriction of processing
  • Request transfer of your data (data portability)
  • Object to processing

To exercise any of these rights, please contact us at [email protected].

We will respond within a reasonable timeframe and in accordance with applicable data protection laws.

 

DATA SECURITY

We take appropriate technical and organisational measures to protect your personal data.

This includes:

  • Secure storage systems
  • Restricted access to authorised personnel only
  • Encryption of devices and systems where appropriate
  • Ensuring third-party processors meet data protection standards

We are registered with the Office of the Data Protection Authority (ODPA) as a data controller.

 

COOKIES AND WEBSITE USAGE

Cookies are small files placed on your device when you visit a website.

We use cookies and similar technologies to:

  • Ensure the website functions properly
  • Understand how visitors use our website (analytics)
  • Improve user experience

We may use third-party services such as Google Analytics, which use cookies to collect anonymised information about website usage.

You can control or disable cookies through your browser settings. Please note that disabling cookies may affect how the website functions.

 

COMPLAINTS

If you have a concern about how your data is handled, please contact us at [email protected].

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Authority (ODPA), please visit their website https://www.odpa.gg.