Book Call Now

Privacy Policy

Effective Date: 14/08/2025

1. Introduction

Welcome to Healthy Sprouts Nutrition Limited. This Privacy Policy explains how we collect, use, store, and protect your personal data, and your rights in relation to that data, when you use our services or interact with our website.

We are committed to protecting your privacy and handling your personal data in a transparent and secure manner, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are (Data Controller)

Healthy Sprouts Nutrition Limited is the data controller of the personal information you provide.

  • Company Name: Healthy Sprouts Nutrition Limited
  • Registered Address: 61 Windsor Road, Maidenhead, SL6 2DN
  • Email: info@healthysprouts.co.uk
  • Phone: 07813183494
  • ICO Registration Number: ZB917088

Our nominated data protection contact is Sunita Mutneja, who can be contacted at info@healthysprouts.co.uk.

3. Data Processing Principles

We are guided by the following principles when processing your personal data, ensuring we handle your information responsibly and lawfully:

  • Purpose Limitation: We will only collect and process data for specific, explicit, and legitimate purposes as outlined in this policy, and will not process it further in a manner that is incompatible with those purposes.
  • Data Minimisation: We will only collect data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. We will minimise the amount of information we collect from you to what we need to deliver the services required.
  • Accuracy: We will take all reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date. We will accept requests from you for amendment of the data held.
  • Storage Limitation: We will not store data in an identifiable form longer than is necessary to accomplish its purpose or as required by law.
  • Integrity and Confidentiality (Security): We will apply high technical and organisational standards to make our processing of data secure, protecting against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
  • Lawfulness, Fairness, and Transparency: We will process your data lawfully, fairly, and in a transparent manner in relation to you.

4. Data We Collect and Why (Lawful Basis)

As a paediatric dietitian providing healthcare services, we collect and process various types of personal data to provide our services.

As a paediatric dietitian providing healthcare services, we collect and process various types of personal data to provide our services.

A. Personal Data (Article 6 UK GDPR)

  • Name of Parent/Carer:
    • Purpose: To identify the primary contact person responsible for the child, for communication regarding appointments, services, invoicing, and to establish a professional relationship.
    • Lawful Basis: (b) Performance of a Contract; (f) Legitimate Interests (managing client relationships and communications effectively).
  • Name of Child:
    • Purpose: To identify the primary patient (the child) for whom the dietetic services are being provided. This is essential for accurate record-keeping, clinical assessment, and tailoring advice to the specific individual.
    • Lawful Basis: (b) Performance of a Contract.
  • Date of Birth (DOB) of Child:
    • Purpose: Crucial for clinical assessment and providing age-appropriate dietetic advice. Nutritional needs, growth patterns, developmental milestones, and feeding strategies vary significantly with age. It also helps in identifying children who fall within our service’s age range (0-18).
    • Lawful Basis: (b) Performance of a Contract.
  • Phone Number:
    • Purpose: For direct communication regarding appointments, urgent queries, follow-ups, and to provide consultation services (e.g., via phone calls or messaging apps if agreed upon).
    • Lawful Basis: (b) Performance of a Contract; (f) Legitimate Interests (efficient client communication and service delivery).
  • Email Address:
    • Purpose: For sending appointment confirmations, resources, invoices, and general correspondence.
    • Secure Communication of Sensitive Data: For consultation notes and other highly sensitive clinical information, we utilise additional security measures, such as password-protected documents sent via email (with passwords communicated separately) or a secure client portal, to ensure your data remains protected.
    • Lawful Basis: (b) Performance of a Contract; (f) Legitimate Interests (efficient client communication and service delivery); (a) Consent (for marketing communications only, if explicitly opted-in).

B. Special Category Data (Health Data – Article 9 UK GDPR)

  • Height of Child:
    • Purpose: Essential for assessing growth patterns, plotting on growth charts, calculating nutritional requirements, and monitoring progress, especially for concerns like faltering growth or healthy weight management.
    • Lawful Basis: (h) Health or social care (processing necessary for the purposes of medical diagnosis and the provision of health care or treatment).
  • Weight of Child:
    • Purpose: Crucial for assessing growth, calculating nutritional needs (e.g., energy, protein requirements), monitoring progress, and diagnosing/managing conditions related to growth (underweight, overweight).
    • Lawful Basis: (h) Health or social care (processing necessary for the purposes of medical diagnosis and the provision of health care or treatment).
  • Medical Information for Child (e.g., presenting complaint, allergies, existing care, medical history):
    • Purpose: This is core to our service. It allows us to understand the child’s health status, identify specific nutritional challenges, assess the complexity of the case, ensure our service is appropriate, and tailor evidence-based dietetic interventions. It also helps us determine if the child is already under specialist care, which is important for integrated care and avoiding duplication.
    • Lawful Basis: (h) Health or social care (processing necessary for the purposes of medical diagnosis, the provision of health care or treatment, or the management of health care systems and services by a health professional).

5. How We Collect Your Data

We collect data from you through various methods, including:

  • Direct Interactions: You provide data directly to us when you:
    • Sign up for our newsletter or mailing list.
    • Download an opt-in resource.
    • Fill out our consultation qualification form or contact forms (e.g., via Calendly, our website forms and pre-consultation assessment).
    • Communicate with us by email, phone, or in person.
    • Provide information during consultations.
    • Submit a testimonial or review.
    • Work with us in a commercial capacity (e.g., as a supplier).
  • Automated Technologies or Interactions (Website Data): As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies and other similar technologies (e.g., analytics tools).
    • Cookies: Our website uses cookies (small files of letters and numbers automatically placed on your device) to function effectively and to understand how visitors use our site. You will be prompted to provide consent for non-essential cookies via a cookie banner. We use them to remember preferences, store information (e.g., from shopping carts if applicable), and to provide anonymised tracking data. You can manage your cookie preferences through your browser settings.
    • Analytics: We use [e.g., Google Analytics or Plausible] as our chosen traffic tracking platform. Through this, we collect anonymous data to track how people use our website, including: number of visitors, pages visited and time spent per page, page interaction information (e.g., scrolling, clicks), source location, and technical information relating to end-user devices (e.g., IP address, browser type). None of this data is stored with your identifiable personal details.
    • Embedded Content: Articles on our site may include embedded content (e.g., videos, images, articles from other websites). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content.

6. Payment Information

We do not directly store your bank or credit card details on our systems. Payment for our services is processed securely through a third-party payment processor.

  • We use Stripe to handle all transactions. These processors are PCI DSS compliant, ensuring the highest level of security for your financial data.
  • We receive only payment confirmation and transaction IDs from the processor.
  • Please refer to the payment processor’s own Privacy Policy for full details on how they collect, process, and store your financial information.

7. How We Store and Protect Your Data

We are committed to ensuring that your information is secure. We have implemented appropriate technical, organisational, and security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered, or disclosed. These measures include:

  • Electronic Records: We use secure, GDPR-compliant electronic systems for storing electronic records. These platforms are not publicly accessible and are protected by robust security features.
  • Physical Records: Any paper records containing your Personal Data are stored in locked cabinets with restricted access, only accessible to authorised personnel.
  • Access Controls: Access to your personal data is strictly limited to authorised personnel who have a business need to know.
  • Password Protection: Our laptops and documents containing sensitive data are password protected.
  • Encryption: Data is encrypted both when it is stored (at rest) and when it is transmitted (in transit), where appropriate, including for sensitive clinical notes.
  • Regular Reviews: We conduct regular security reviews and keep our systems updated to protect against evolving threats.
  • Data Breach Procedures: We have in place appropriate procedures to handle any potential Personal Data Breaches, in accordance with Data Protection Legislation. Any such breaches will be reported to the relevant supervisory authority (ICO) and notified to the affected data subjects where we are legally required to do so.

We ensure that all employees, agents, contractors, and other third parties who have access to your data are subject to a duty of confidentiality and are only permitted to process your data in accordance with our instructions and data protection laws.

8. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

As a healthcare provider, we adhere to professional guidelines for record retention, which typically require medical records (including dietetic notes) to be kept for a minimum period. For children, this is generally 8 years after the child’s 18th birthday, meaning until they are 26 years old.

For general enquiries via our contact form or email, if no clinical services are engaged, we typically retain your data for no longer than one year after your last correspondence, unless a longer retention period is required by law or for our legitimate interests.

9. Data Sharing

We will only share your personal data with third parties where it is necessary for the provision of our services, legally required, or with your explicit consent. These may include:

  • Other Health Professionals: We will only share your child’s medical or nutritional information with their GP, other NHS professionals, or private consultants with your explicit, informed consent, where it is deemed beneficial for your child’s integrated care. This consent will be sought separately and specifically.
  • IT and System Providers: Third-party service providers who assist us with website hosting, email services, booking systems (e.g., Calendly), electronic record-keeping systems (Microsoft 365), and other IT support. These providers are only permitted to process your data in accordance with our instructions and data protection laws.
  • Payment Processors: As detailed in Section 6.
  • Professional Advisers: Lawyers, accountants, or other professional advisers where necessary for legal, accounting, or business purposes.
  • Regulatory Bodies / Law Enforcement: If legally required to do so, or to protect our rights, property, or safety, or the safety of others.
  • Exceptional Circumstances: In rare circumstances, information about a client may be disclosed without consent if it is in the public interest to do so (e.g., to prevent serious crime or serious harm to other people).
  • Business Transfer: In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer.

Important Note on AI Training: We will not give consent to third-party service providers or platforms to use your information, including any audio or video recordings you may provide, for the training and development of AI modelling software, or similar purposes, other than those for which the information was originally collected and necessary for the delivery of our products and services.

We do not sell or share your data with third parties for marketing purposes without your explicit consent.

10. International Transfers

We may store or process your data on cloud-based platforms or through service providers whose servers are based outside of the UK (e.g., within the European Economic Area or other countries with adequate data protection laws). We will only use such third-party service providers where we are confident that appropriate safeguards are in place to ensure that any personal data is subject to an equivalent level of security and protection as required under UK Data Protection Legislation.

11. Your Legal Rights

Under UK GDPR, you have the following rights regarding your personal data. To exercise any of these rights, please contact us at info@healthysprouts.co.uk.

  • The right to be informed: You have the right to be informed about how your personal data is collected and used (as outlined in this Privacy Policy).
  • The right of access: You have the right to request a copy of the personal data we hold about you.
  • The right to rectification: You have the right to request that any inaccurate or incomplete personal data we hold about you is corrected.
  • The right to erasure (“the right to be forgotten”): You have the right to request that your personal data be deleted in certain circumstances (e.g., if it is no longer necessary for the purpose for which it was collected, or if you withdraw consent and there is no other lawful basis for processing). Please note that we are obliged to retain clinical records for specific periods as per professional guidelines (see Section 8).
  • The right to restrict processing: You have the right to request that we limit how we use your personal data in certain circumstances (e.g., if you contest its accuracy, or object to its processing).
  • The right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
  • The right to object: You have the right to object to our processing of your personal data in certain situations, particularly where we are relying on legitimate interests or for direct marketing.
  • Rights in relation to automated decision-making and profiling: We do not use automated decision-making or profiling in a way that would significantly affect you.

 12. Children’s Data

We are committed to protecting the privacy of children. Our services are directed at parents and carers, and we collect data about children only with the explicit consent of a parent or legal guardian. As stated in Section 4, we collect specific health data about children to provide our dietetic services under the lawful basis of “health or social care.” We do not use full names or identifiable images of children in testimonials or marketing materials without specific, limited consent (e.g., first name only in reviews).

13. Marketing Communications (Consent for Marketing)

We will request your explicit, opt-in consent before sending you any marketing emails, such as newsletters, updates on new services, or promotions. You may withdraw your consent at any time by contacting us at info@healthysprouts.co.uk or by using the ‘unsubscribe’ link provided in our marketing emails.

14. Website Analytics & Targeted Marketing

We use website analytic  [e.g., Google Analytics or Plausible] to provide the best user experience and service to you and to evaluate and improve our site. These third-party data analytics service providers collect information using cookies on our behalf in accordance with our instructions and in line with their own privacy policies. This data is almost always anonymised and aggregated before reporting back to us and may include:

  • Number of visitors to our site.
  • Pages visited whilst using the site and time spent per page.
  • Page interaction information, such as scrolling, clicks, and browsing methods.
  • Source location and details about where users go when they leave the site.
  • Page response times and any download errors.
  • Technical information relating to end-user devices, such as IP address or browser plug-in.

From time to time, we may use the information collected about you to present you with targeted advertisements using platforms such as Facebook, Google, and/or Instagram. This is done based on your interaction with our website and in accordance with your cookie preferences and consent.

15. Third-Party Links

Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

16. Changes to This Privacy Policy

This Privacy Policy was last updated on 06/08/25. We regularly review and update this Privacy Policy (at least annually or upon changes to relevant Data Protection Legislation being published, whichever is sooner) to ensure it remains accurate and compliant. Any changes will be posted on this page, and the “Effective Date” at the top will be updated. We encourage you to review it periodically. For existing clients, significant changes will be communicated directly.

17. Complaints

If you are unhappy with how we have used your data, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Their website is www.ico.org.uk and their helpline number is 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

18. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: info@healthysprouts.co.uk
  • Phone: 07813183494
  • Address: 61 Windsor Road, Maidenhead, SL6 2DN
 

ABOUT US

Healthy Sprouts Nutrition Limited

info@healthysprouts.co.uk

Monday to Thursday, 10am – 6pm

MENU

SOCIAL

Instagram Facebook-f Linkedin-in

© 2025 | Healthy Sprouts  Nutrition

All rights reserved

Developed By BLACK*CHERIE