Privacy Policy

Introduction

RLT Nutrition ("we", "us", or "our") operates the RLT Nutrition Portal (the "Service"). This Privacy Policy governs the collection, use, and protection of personal data when you use our Service.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: Ruth Trimbitas, Registered Nutritional Therapist (FNTP)

Information We Collect

Personal Information

When you register as a client or are registered by a practitioner, we collect:

• Contact Information: Name, email address, phone number
• Account Information: Username, encrypted password
• Health Information: Responses to health questionnaires, food diaries, medical history, and other health-related data you provide
• Communication Data: Messages exchanged with your practitioner through the secure messaging system
• Consent Records: Your consent choices regarding data sharing, marketing preferences, and terms of engagement

Technical Information

• Login Data: IP addresses and timestamps for security purposes
• Session Data: Cookies for maintaining your secure login session
• Usage Data: How you interact with the portal to improve our services

How We Use Your Information

We process your personal data for the following purposes:

• Service Delivery: To provide nutritional therapy consultations and support
• Communication: To respond to inquiries and communicate about your care
• Health Records: To maintain accurate records of your consultations and health journey
• Coordination of Care: With your consent, to share information with other healthcare providers involved in your care
• Service Improvement: To enhance the portal functionality and user experience
• Legal Compliance: To meet professional and legal obligations
• Marketing: With your explicit consent, to send newsletters and promotional information

Legal Basis for Processing

Under UK GDPR, we process your data based on:

• Consent: For marketing communications and certain data sharing activities
• Contract: To fulfill our nutritional therapy services agreement with you
• Legitimate Interests: For service improvement and security
• Legal Obligation: To comply with professional standards and legal requirements

Data Security

We implement robust security measures to protect your personal information:

• Encryption: All sensitive personal information (names, phone numbers, health data) is encrypted both in transit (SSL/TLS) and at rest in our database
• Access Controls: Strict password requirements and role-based access permissions
• Multi-Factor Authentication: Available for enhanced account security
• Regular Security Monitoring: Continuous monitoring for unauthorized access attempts
• Secure Infrastructure: Database hosted on secure, access-controlled servers
• Backup Systems: Regular encrypted backups to prevent data loss

Data Sharing

We do not sell, trade, or rent your personal information. We may share your data only in these circumstances:

With Your Explicit Consent

• With your GP or other healthcare providers involved in your care
• With biochemical testing companies when ordering tests as part of your programme
• For anonymized case histories used in professional development (personal identifiers removed)

Service Providers

• Email service providers for sending notifications and communications
• Database hosting services under strict data protection agreements

Legal Requirements

• When required by law or to comply with legal processes
• To protect our rights, property, or safety, or that of others

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain types of data processing
• Right to Withdraw Consent: Withdraw consent for marketing or data sharing at any time

To exercise any of these rights, please contact us at privacy@rlt-nutrition.co.uk

Data Retention

We retain your personal data for:

• Client Health Records: Maintained for the duration of our professional relationship and for 7 years after the last consultation, in accordance with nutritional therapy professional standards
• Account Information: Retained while your account is active, plus the retention period above
• Marketing Consent Records: Maintained until consent is withdrawn, then archived for compliance purposes
• Legal Records: As required by UK law and professional regulations

Cookies and Session Management

The portal uses essential cookies to:

• Maintain your secure login session
• Remember your authentication status
• Ensure security and prevent unauthorized access

We do not use third-party tracking or advertising cookies. Session cookies are automatically deleted when you log out or after 30 days of inactivity.

Children's Privacy

The portal may be used by clients under 16 with parental or guardian consent. If you are a parent or guardian registering on behalf of a child, you are responsible for providing accurate information and maintaining the security of the account.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact:

Right to Lodge a Complaint

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):