ThistleCove Nutrition | Personalised Nutrition & Wellness

Privacy Policy of ThistleCove Nutrition

At ThistleCove Nutrition, we are committed to protecting the privacy and security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you engage with our services, including personalized nutrition consultations, meal planning, weight management programs, chronic disease dietary support, and corporate wellness nutrition workshops.

By using our services, you consent to the data practices described in this policy.

1. Information We Collect

We collect various types of personal information to provide our tailored nutrition and wellness services. This may include:

Personal Identifiers: Name, address (315 Harcourt Road, Suite 4B, Edinburgh, EH11 1RQ, Scotland, United Kingdom), phone number (+44 131 555 7284), and email address (contact@thistlecove.co.uk).
Health and Dietary Information: Medical history, current health conditions, dietary preferences (allergies, intolerances), lifestyle habits, physical activity levels, and nutritional goals, all collected to provide personalized nutritional assessments and dietary support. This is considered special category data under GDPR.
Consultation Details: Notes from consultations, progress tracking, and feedback related to your engagement with our programs.
Billing Information: Details necessary for processing payments for our services.

2. How We Use Your Information

The information we collect is used for the following purposes:

To Provide Services: To deliver personalized nutrition consultations, develop meal plans, manage weight programs, offer chronic disease dietary support, and conduct corporate wellness workshops tailored to your needs.
Communication: To communicate with you regarding your appointments, progress, relevant information about your dietary plan, or updates about our services.
Improve Our Services: To understand how our services are utilized and to make improvements based on client feedback and needs.
Billing and Administration: For invoicing, accounting, and general business administration.
Legal and Regulatory Compliance: To comply with applicable laws, regulations, and professional standards, especially concerning health data.

3. Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds under GDPR:

Consent: For processing special categories of personal data (e.g., health information), we obtain your explicit consent. You have the right to withdraw your consent at any time.
Contractual Necessity: Processing is necessary for the performance of a contract for services with you or to take steps at your request before entering into such a contract.
Legitimate Interests: Where processing is necessary for our legitimate interests (e.g., improving services, administrative purposes), provided these do not override your fundamental rights and freedoms.
Legal Obligation: Where processing is necessary to comply with a legal or regulatory obligation.

4. Disclosure of Your Information

We do not sell, rent, or lease your personal information to third parties. We may share your information with:

Service Providers: Trusted third-party service providers who assist us in operating our business (e.g., IT support, payment processors, administrative services), under strict confidentiality agreements.
Legal Requirements: When required by law or in response to valid requests by public authorities (e.g., a court order or government agency).
Professional Advisors: Our professional advisors, such as lawyers, accountants, or auditors, where necessary.

We ensure that any third parties with whom we share your data are compliant with relevant data protection regulations and handle your information securely.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:

Secure storage of physical and electronic records.
Access controls and authentication procedures.
Regular security assessments and updates.
Confidentiality agreements with staff and third-party service providers.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure.

6. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period for health-related information may vary based on professional guidelines and legal obligations.

When personal data is no longer required, we will securely delete or anonymize it.

7. Your Data Protection Rights

Under GDPR, you have the following rights concerning your personal data:

The Right to Be Informed: To receive clear and transparent information about how we handle your data.
The Right to Access: To request a copy of the personal data we hold about you.
The Right to Rectification: To request that we correct any inaccurate or incomplete personal data.
The Right to Erasure (Right to Be Forgotten): To request the deletion of your personal data under certain conditions.
The Right to Restrict Processing: To request that we limit the way we use your data under certain circumstances.
The Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format, or to have it transmitted directly to another controller.
The Right to Object: To object to the processing of your personal data in certain situations, especially for direct marketing.
Rights in Relation to Automated Decision Making and Profiling: To object to decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you.

To exercise any of these rights, please contact us at the address provided below. We will respond to your request in accordance with applicable data protection laws.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page, and we encourage you to review this policy periodically.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

ThistleCove Nutrition
315 Harcourt Road
Suite 4B
Edinburgh, EH11 1RQ
Scotland, United Kingdom

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority set up to uphold information rights.