Last updated: February 2021 

We are dedicated to safeguarding and preserving your privacy when visiting our site or communicating electronically with us. 

This Privacy Notice (“Notice”) provides an explanation as to what happens to any Personal Data that you provide to us, or that we collect from you. 

 

By continuing to use our Website and services (“Services”), you are deemed to agree to our Terms and Conditions (“Terms”) and this Privacy Notice for the collection and processing of your Personal Data.  Please note that any consent that is given for the purposes of  consultations and/or therapy is a separate consent from that granted for the processing of your Personal Data. 

 

This Privacy Notice sets out our use of any and all data collected by us in relation to your use of our website, https://www.thegutexpert.com (“Website”). The Website is operated by The Gut Expert, Nishtha Patel (“The Gut Expert”, “we”, “us”, “our”, “ourselves”). 

 

For the purposes of processing your Personal Data, we are the data controller (as set out under EU General Data Protection Regulation 2018 (“GDPR”) and the UK GDPR.   

 

This Privacy Notice should be read in conjunction with our Terms. We may amend or update this Notice from time to time and will publish revised versions on this Website. We reserve the right to alter and make changes to this Notice at our sole discretion and we therefore request all users to regularly refer to our Privacy Notice for updates and variations. 

 

 

Who is the person responsible for the management of your data? 

We are registered with the Information Commissioner’s Office (ICO) under registration number ______ [Insert ICO registration number] 

The Person responsible for data protection is Mrs. Nishtha Patel [insert name as registered with the ICO/any other person you would like to designate].For any queries relating to the management of your Personal Data please do not hesitate to send us an email at hello@thegutexpert.com [insert email address].  

 

 

What Personal Data do we need/receive? 

“Personal Data” has been defined under the GDPR as “any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural  person.”  

 

Any references to “Personal Data” in this Notice therefore means information about living individuals, which, alone or in conjunction with other information held by us is capable of identifying them. The Data Protection Act 2018, the UK GDPR and the GDPR regulate our use of your Personal Data.  

  

In order to provide our Services or for the purposes of conducting our business we may need the following data from the individuals we are dealing with (“you”“yours”“yourself/yourselves”). 

We have tried to cover categories of data that we generally require while providing Services to our clients or for operating our business. However, this is not an exhaustive list. 

  

  • Your name 

  • Your physical and electronic addresses 

  • Your phone number 

  • If you are a company, the company registration number and registered office address 

  • For the purposes of making payments or any other transactions, bank details 

  • For employment purposes, National Insurance number 

  • In the case you are a client, your family history, medical history, nutrition and lifestyle records, medical records and data relating to your health. 

  • Details of your visits to our Website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data. 

  • Any other information that you provide by filling in forms on our Website, such as when you register for information or make a purchase. 

  • Any other information provided to us when you communicate with us for any reason. 

 

 

Sources of Personal Data 

We may obtain Personal Data from you when you contact us or get in touch with us via our Website or when you, or your organisation correspond with us through any means of communication. This includes Personal Data you provide to us when you: 

  • Contact us with a question or query 

  • Ask us to provide our Services to you 

  • Ask us to collaborate with you on any assignment 

  • Contact us or authorise anyone to contact us about your health and nutrition, medical conditions and/or history and/or for the purposes our Services 

  • Contact us to provide us your services or goods 

  • Correspond with us to submit any complaints that you may have 

  • Correspond with us to address any complaints we may have raised 

  • Register for a seminar, event where information is shared between fellow members 

  • Register to receive updates and newsletters from us 

  • Attend events and provide our staff with your personal information, business cards or contact details 

  • Deal with us when we are providing Services to our clients (which may be you, your dependent, your organisation or a third party) 

  • Submit identity documents directly to us or to third party agencies commissioned by us to collect your data for the purposes of carrying out identity checks and due diligence (We shall continue to remain the data controller for any information submitted to third-parties in connection with your dealings with us) 

  • Contact us for the purposes of employment or apprenticeships 

  • Connect with us on social media platforms or join groups created and administered by us on social media 

​ 

 

We may also collect and retain Personal Data   

  • Obtained from public sources about you or your organisation, which includes all information available on your website, the Companies House or other online sources accessible through Search Engine Optimisation searches; 

  • Obtained from third parties, that may include our clients or their caregivers, fellow-professionals and their firms or clinics, professional regulators, public bodies, and other entities, including providers of analysis, screening and database services who have a right to disclose this information to us and 

  • Relating to whether our contacts read electronic correspondence from us or click on links we send them. 

 

 

Your record 

As your therapist we will fulfill our duty to: 

Maintain full and accurate records of the consultation and nutrition program we provide to you 

  • Ensure that your records are confidential, secure and accurate 

  • Provide a copy at your request that is in an accessible format (for example, in large type if you are partially sighted). Your record may include some or all of the following: 

  1.    Your name, address and date of birth 

  2.    Contacts we have had with you, such as appointments 

  3.   Notes and reports on your health 

  4.    Details of treatment and care, images and test results (if applicable) 

  5.    Information on medicines, side effects and allergies 

  6.    Relevant information from people who care for you and know you well, such as health professionals and relatives 

  7.    Your nutrition and lifestyle details 

  8.     Your progress from your first consultation and/or during the course of the nutrition program or therapy 

 

 

Identifying you as an individual 

We may have clients with similar names, so it is vital for us that all clients are properly identified as individuals.  In order to be absolutely sure that you have been correctly identified we may ask you for a number of pieces of information. Suitable items include:  

  • Full name 

  • Date of birth 

  • NHS number 

  • National Insurance number 

  • A photo ID such as a passport or driving license 

  • Permanent (home, not a temporary) address 

 

We have tried to cover categories of data that we generally require while providing Services to our clients. However, this is not an exhaustive list. 

 

Where our clients have requested us to share their information with caregivers or relatives (expressly nominated by them and given their express consent) or where we have been approached by individuals for treatment of their dependents such as but not limited to minors, elderly parents and/or any other dependents who are physically and/or mentally incapable of accessing our Services directly, we will carry out a complete due diligence on such persons and for which we may need to collect all or any of the following data such as: 

  • Full name of the caregiver 

  • Photo ID such as a passport copy or driving license copy 

  • National Insurance number 

  • Permanent residential address and supporting documents for proof of address 

  • Any document that proves that the client has expressly appointed the individual as their caregiver 

  • Any document that proves that the individual is the legal guardian of the client (where the client is a minor or is above the age of 17 years but is physically or mentally incapacitated from participating in the consultations, directly with The Gut Expert 

 

Information will be shared with care-givers subject to satisfactory due diligence results. 

Information will generally be shared with persons nominated as a client’s “Emergency Contact” or where an Emergency Contact has not been nominated, with the next of kin, particularly in cases of emergencies and where the interests (health and safety) of the client over-ride our obligation of confidentiality. For such circumstances it shall be deemed that the client has consented to their information being shared with the Emergency Contact or next of kin. 

 

How you can help us to keep your health record accurate 

  • Let us know when you change address, telephone number or name 

  • Tell us if any information relating to your record is incorrect 

  • Inform us if there have been any changes or updates to your medical history, including changes to your diet or changes to the information relating to your use of any medication or changes after starting our therapy 

  • Give your consent so that we can share information about you with other healthcare professionals to make sure you receive the right healthcare 

  • Inform us if you are under the care of a caregiver and if you would like us to communicate your records, line of treatment, follow-ups and progress with them. As mentioned above any data will be shared with them subject to your express consent and/or subject to satisfactory results in relation to the due diligence that we have carried out on them  

  • Tell us if you change your mind about how we share the information in your record(s). 

 

Use of Cookies 

On occasion, we may gather information about your computer for our Services and to provide statistical information regarding the use of our Website. 

Such information will not identify you personally as it is statistical data about our visitors and their use of our site. This statistical data does not identify any personal details whatsoever. 

Similarly to the above, we may gather information about your general internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer as cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Website and the Services that we provide to you. 

All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our Website. 

Our advertisers may also use cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on advertisements on our Website. 

 

Use of Your Information 

The information that we collect and store relating to you is primarily used to enable us to provide our Services to you. In addition, we may use the information for the following purposes: 

i. To provide you with information requested from us, relating to our products or Services. To provide information on other products which we feel may be of interest to you, where you have consented to receive such information. 

ii. To meet our contractual commitments to you. 

iii. To notify you about any changes to our Website, such as improvements or Service/product changes, that may affect our Service. 

iv. If you are an existing customer, we may contact you with information about goods and services similar to those which were the subject of a previous sale to you. 

v. To send you newsletters and other promotional material if you have opted-in. 

vi. To connect with you on social media. 

By completing our Contact Forms or intake form you provide consent for the use of your Personal Data as detailed above. 

 

Lawful basis for processing your Personal Data 

The following is the lawful basis for processing your Personal Data: 

  

Consent 

In order to avail of our Services, you consent to us obtaining and processing your Personal Data. While dealing with you we may issue Terms of Business or execute a contract outlining the terms and conditions of our engagement with you. The Terms of Business/contract along with this Notice set out the purposes for which your Personal Data may be obtained and processed by us. By accepting the Terms of Business or by using our Website or by executing a contract with us and by continuing to deal with us you confirm that you have consented to us processing your Personal Data. 

 

Contractual necessity 

One of the grounds for obtaining and processing your Personal Data is so that we can perform our Services in line with the scope of work and Terms of Business mutually agreed to by us. 

 

Compliance with legal obligations 

We may have to collect Personal Data in order to comply with certain legislative and regulatory requirements relating to client due diligence. Consequently, we may process your data to carry out identity checks and maintain records of customer due diligence. 

  

We employ third party service providers for the purposes of carrying out client identity checks. However, we remain the Data Controllers. [Only if applicable] 

  

Legitimate interests 

In circumstances where you are a client or are an employee at The Gut Expert we may have to process your Personal Data to promote and pursue legitimate interests of the public and/or our organisation, and/or yours as our client or employee.   

  

 

Storing Your Personal Data 

We may transfer data that we collect from you to locations outside of the United Kingdom and the European Economic Area for processing and storing. Also, it may be processed by staff operating outside the European Economic Area who work for us or for one of our suppliers. For example, such staff maybe engaged in the processing and concluding of your order, the processing of your payment details and the provision of support services. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all reasonable steps to make sure that your data is treated securely and in agreement with this Privacy Notice. 

In accordance with the General Data Protection Regulations (GDPR) we have confirmed with all of the companies that process data on our behalf or that we use to provide Services or products where Personal Data is involved that they are compliant and retain compliance with GDPR. 

Data that is provided to us is stored on our secure servers. Details relating to any transactions entered into on our site will be encrypted to ensure its safety. 

The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and transmission of such data is therefore entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access certain parts of our site, you are responsible for keeping this password confidential. 

Our Policy is that we retain your Personal Data for a Period of 7 [seven] years from your last Treatment / Consultation or contact with us and at the expiry of this period your information will be deleted unless you request us to retain your information for a further period of time. All of the Personal Data is disposed of securely to ensure compliance with GDPR. 

 

 

Disclosing Your Information 

Once treatments commence your contact details will be disclosed to the laboratories in which we commission your tests (if applicable), the dispensaries and supplement providers in which we or you order your treatments (if applicable). Your Personal Data will not be disclosed to any other party without your express permission unless such Personal Data belongs to a minor or person physically or mentally incapable of accessing our Services directly, in which case the Personal Data will be shared with the legal guardian/caregiver subject to a due diligence conducted by us. 

 

Information will also generally be shared with persons nominated as a client’s Emergency Contact or where an Emergency Contact has not been nominated, with the next of kin, particularly in cases of emergencies and where the interests (health and safety) of the client over-ride our obligation of confidentiality. For such circumstances it shall be deemed that the client has consented to their information being shared with the Emergency Contact or next of kin. 

 

Third Party Links 

You might find links to third party websites on our Website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them. 

 

Access to Information 

The General Data Protection Regulations (GDPR) and The Data Protection Act 1998 gives you the right to access the information that we hold about you. We will provide the information that we hold on you free of charge as long as this information hasn’t been provided to you already. If the information is a copy of information already provided or is excessive then an administration cost of £10 will be charged. Should you wish to receive details that we hold about you please contact us using the contact details below. You will need to provide suitable evidence that you are the person that the information pertains to before we will release it. Information will be provided to you within one month of receipt of request 

 

Erasure of your information 

If you are no longer undergoing or have not undertaken consultations and treatments from The Gut Expert then you have a right to erasure of your information. Once we have received your request for erasure we will ensure all Personal Data we hold on you is erased within one month of the receipt of the request 

 

 

Other rights 

Under the Data Protection Act you have the following rights in relation to your own Personal Data: 

  • to prevent us using your data for direct marketing 

  • to have (in certain circumstances) inaccurate Personal Data corrected, blocked or destroyed 

  • to access a copy of the information comprised in your Personal Data that is undergoing processing (“subject access rights”) 

  • to object to automated decisions. The Gut Expert does not, however, use automated decision making 

  • data portability, which allows you to get and use your Personal Data for different purposes 

  • the right to withdraw consent from us continuing to process your Personal Data and 

  • a right to object to processing that is likely to cause or is causing damage or distress. 

  

If you want to (1) tell us to stop using your data for direct marketing or withdraw consent from us processing your Personal Data for any of the purposes mentioned in this Notice; (2) exercise your subject access rights; (3) tell us about inaccurate Personal Data you think we hold on you; or (4) object to a use you believe we’re making of your data which is causing, or is likely to cause damage or distress, please contact our Data Protection Manager or write to us at this address: 

  

The Data Protection Manager 

(Company Address) ​ 

​ 

 

Contacting Us 

We welcome any queries, comments or requests you may have regarding this Privacy Notice. Please do not hesitate to contact us at hello@thegutexpert.com.  

 

 

Complaints 

If you are unhappy with the way we are processing your Personal Data you can submit a complaint by writing to our Data Protection Manager at ______[provide email address] or by sending your complaint to: 

​ 

The Data Protection Manager 

(Company Name)  

(Company Address) 

 

You are also entitled to make a complaint at the Information Commissioner’s Office (ICO)