Claire Maiwald Nutrition
Privacy Policy
Privacy Policy
1. Introduction
Welcome to Claire Maiwald Nutrition (“we,” “our,” or “us”). We are committed to protecting your privacy and handling your personal data transparently and responsibly. This Privacy Policy explains how we collect, use, and protect your information when you visit our website and use our nutritional therapy services, both online and in person.
We comply with UK GDPR, the Data Protection Act 2018, and the professional standards of CNHC and BANT. If you have any questions, please contact us using the details at the end of this policy.
2. Information We Collect
We may collect the following types of personal data:
2.1 Personal Information
Name, contact details (email, phone number, address), date of birth.
Payment details (processed securely via third-party platforms).
2.2 Health Information (Special Category Data)
Medical history, dietary preferences, lifestyle details, allergies.
Other health-related data necessary for providing nutritional therapy services.
We will only process this data with your explicit written consent, as required under UK GDPR.
2.3 Technical Data (Website & Online Interactions)
Technical data such as your IP address, browser type, and device information may be collected for security purposes, to analyse website usage, and to improve user experience.
2.4 Cookies and tracking technologies (see Section 8).
3. How We Use Your Information
We process your personal data for the following purposes:
- Providing nutritional therapy services. Legal Basis (UK GDPR): Contractual necessity & explicit consent for health data
- Scheduling & managing appointments. Legal Basis (UK GDPR): Contractual necessity
- Processing payments & invoices. Legal Basis (UK GDPR): Contractual necessity
- Communicating about services & progress. Legal Basis (UK GDPR): Legitimate interest or explicit consent
- Improving our website & client experience. Legal Basis (UK GDPR): Legitimate interest
- Complying with legal & regulatory obligations. Legal Basis (UK GDPR): Legal obligation
You may withdraw consent for marketing communications at any time by emailing us or using the unsubscribe link in our emails.
4. Sharing Your Information
We never sell or rent your personal data. We may share your data only in the following circumstances:
4.1 Third-Party Service Providers
We use trusted third-party providers for services such as:
- Appointment scheduling (e.g. Calendly)
- Payment processing (e.g. Stripe, PayPal)
- Document management (e.g. DocuSign, Practice Better)
Each provider has its own privacy policy, and we ensure they comply with UK GDPR.
4.2 Healthcare Professionals
We may share your health data with other healthcare professionals, but only with your explicit consent.
4.3 Legal or Regulatory Authorities
We may disclose data if required by law, such as with CNHC or BANT in case of a professional complaint or investigation.
5. International Data Transfers
Some third-party providers (e.g., Google, Calendly, DocuSign) process data outside the UK, in countries with different data protection laws.
We ensure all international transfers comply with UK GDPR by:
- Using Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements.
- Ensuring appropriate safeguards as required by the UK Information Commissioner’s Office (ICO).
- Allowing clients to request further details on these safeguards.
6. Data Security
We take appropriate security measures to protect your data, including:
- Encryption of sensitive data.
- Secure storage with restricted access.
- Regular security reviews of our third-party service providers.
While we strive for maximum security, no system is 100% secure. If we detect a data breach, we will notify affected clients and relevant authorities as required by law.
7. Data Retention Periods
We retain personal data only as long as necessary for the purposes outlined in this policy, in line with legal and regulatory obligations.
Data Type:
Personal Data (name, contact details, payment information). Retention Period: Up to 7 years after your last service, as required for tax and legal purposes.
Health Data (medical history, therapy notes, dietary information). Retention Period: 7 years after your last session (or until the client reaches the age of 25 if they were under 18 at the time of the last session, in accordance with professional guidelines and legal obligations).
Technical Data (IP address, browser details, cookies): Retention Period: We may collect and store certain technical data, such as your IP address, browser details, and cookies, to improve user experience. If this data is stored, it will not be kept for longer than necessary, and after up to 12 months, it will either be anonymized or deleted.
Marketing Data (emails, preferences): Retention Period: Until you withdraw consent or after 3 years of inactivity, whichever comes first.
You may request early deletion of your data, but some records must be retained for legal reasons.
8. Cookies & Tracking Technologies
We may use third-party services such as Google Analytics, Stripe, PayPal, or other partners that set cookies to track user interaction or for other purposes. By using our site, you agree to the use of cookies. You can also control or block cookies through your browser settings. Please note that blocking cookies may affect your ability to use certain features of our website.
Cookie Type Purpose Retention
Session Cookies Maintain session activity while browsing. Expires after 30 minutes of inactivity.
Security Cookies Protect against unauthorised access. Stored for 6 months.
Analytics Cookies (e.g., Google Analytics) Track user interaction to improve website. Stored for 12 months.
You can control cookies through your browser settings. Blocking cookies may affect website functionality.
9. Your Data Protection Rights
Under UK GDPR, you have the right to:
✔ Access your data (request a copy).
✔ Correct inaccurate or outdated information.
✔ Request deletion of your data (subject to legal exceptions).
✔ Withdraw consent for health data processing.
✔ Object to processing for marketing purposes.
✔ Request data transfer (data portability).
✔ Lodge a complaint with the ICO (see Section 11).
To exercise these rights, contact us at the details below.
10. Third-Party Links
Our website may contain links to third-party websites or services. These third parties have their own privacy policies, and we recommend reviewing them before providing any personal data.
11. Complaints & Contact Details
If you have concerns about how we handle your data, please contact us:
📍 Claire Maiwald Nutrition
📧 hello@clairemaiwaldnutrition.co.uk
📞 +44 7391 073 899
If we cannot resolve your issue, you may escalate your complaint to:
📍 Information Commissioner’s Office (ICO)
🔗 www.ico.org.uk
12. Updates to This Policy
We may update this Privacy Policy occasionally. The latest version will always be available on our website, with an updated effective date at the top.