Privacy Policy

Who is the Data Controller?

The Data Controller is Vincent-Adocta Awuuh, trading as Adocta Diet Clinic, based at Fishponds, Bristol, City of Bristol, BS16. You can contact the Data Controller about anything in this policy at hello@adoctadietclinic.co.uk or 07555 833 657.

What information we collect

To provide a clinical nutrition service we need to collect both standard personal data and special category data (health information). Specifically:

• Identity & contact details: name, date of birth, sex assigned at birth, gender identity (optional), ethnicity, phone number, email address, and home address.
• Care coordination details: your GP or primary care practice and contact number, and details of any referrer.
• Health and clinical information: medical history, diagnosed conditions, medications and supplements, allergies and intolerances, anthropometric measurements (height, weight, BMI, waist circumference, blood pressure), recent blood test results, family history of diet-related conditions, dietary intake and lifestyle, GI symptoms, life-stage information, and any concerns about your relationship with food.
• Consultation records: notes from sessions, plans, correspondence, and any documents you choose to share with us.
• Website analytics (limited): minimal, aggregate site traffic information. We do not place advertising or cross-site tracking cookies. See “Cookies” below.

Why we collect it (lawful bases)

Under UK GDPR we rely on the following lawful bases to process your data:

• Article 6(1)(b) — performance of a contract: we process your information so that we can deliver the dietetic services you have engaged us for.
• Article 6(1)(c) — legal obligation: some processing is required to meet our regulatory and record-keeping obligations as registered healthcare professionals.
• Article 9(2)(h) — provision of health or social care: for special category (health) data, we rely on this condition because the processing is necessary for the provision of healthcare and treatment by a registered health professional.
• Article 9(2)(a) — explicit consent: where we share your information with your GP, consultant, or another third party, we will ask for your explicit consent first (this is captured on the intake form).

Who we share it with

We treat your information as confidential and only share it where there is a clear lawful basis to do so:

• Your GP, consultant, or care team — only with your written consent and only where clinically indicated.
• Trusted suppliers we use to run the practice — for example secure email, calendar, and accounting tools. These suppliers act as our data processors under written contracts that meet UK GDPR requirements.
• Regulators, insurers, or professional bodies — if we are legally required to do so, for example to comply with HCPC or court orders.

We never sell your personal information, and we do not use it for marketing to third parties.

Where we store it & international transfers

Records are stored on encrypted devices and within reputable, UK or EEA-based cloud services. Where a supplier is located outside the UK or EEA, transfers are protected using mechanisms permitted under UK GDPR (such as the UK International Data Transfer Addendum or equivalent safeguards).

How long we keep it

Clinical records are retained in line with the Health and Care Professions Council (HCPC) standards and current NHS guidance for dietetic records:

• Adult clinical records: a minimum of eight years after the last contact.
• Records relating to children and young people: until their 25th birthday (or 26th if the last entry was made when they were 17), or eight years after death, whichever is longer.
• Financial records (invoices, payment receipts): a minimum of six years for tax purposes.

When the retention period ends we securely destroy or permanently anonymise the records.

Your rights

Under UK GDPR you have the right to:

• Be informed about how we use your data (this policy).
• Access a copy of the personal data we hold about you.
• Have inaccurate or incomplete data corrected.
• Have your data erased — subject to our regulatory obligation to retain clinical records for the periods set out above.
• Restrict or object to certain types of processing.
• Receive your data in a portable format.
• Withdraw consent at any time where consent is the lawful basis for the processing.

To exercise any of these rights, please contact us at hello@adoctadietclinic.co.uk. We will respond within one calendar month.

Cookies

This website uses only the cookies strictly necessary to function. We do not use advertising, profiling, or cross-site tracking cookies. If we add measurement cookies in the future we will request your consent through a cookie banner before setting any non-essential cookie.

Security

We use technical and organisational measures appropriate to the sensitivity of the data we hold — including device encryption, multi-factor authentication on clinical and email systems, principle of least privilege, and secure backup. If a personal data breach affecting your data ever occurs, we will notify you and the Information Commissioner’s Office (ICO) where required by law.

Complaints

If you have a concern about how your personal data is being handled, please contact us first so we can try to resolve it. You also have the right to complain to the Information Commissioner’s Office at any time:
ico.org.uk/make-a-complaint · Helpline 0303 123 1113.

Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of this page indicates when it was last revised. Material changes will be communicated to active clients by email.