Privacy Policy for Nutrition Clients and Website Visitors

Effective date: October 2025

This Privacy Policy explains how Nataliya Langhorne Nutrition & Wellbeing collects, uses and protects your personal data, including information collected via cookies, in line with UK GDPR.

This Privacy Notice explains how Nataliya Langhorne Nutrition and Wellness (sole trader) collects, uses, shares, and protects your personal information when you use our website, purchase digital content, or book consultations and testing services. We follow the UK GDPR and Data Protection Act 2018.

1) Who we are and how to contact us

Controller: Nataliya Langhorne Nutrition and Wellness (sole trader)
Email: info@nataliyalanghorne.com

2) The data we collect

2.1 Information you give us

• Identity and contact: name, email, phone, postal address, date of birth.

• Health and lifestyle data (special category): symptoms, medical history, medications, allergies, diet, activity, sleep, stress, goals; test results from third-party labs.

• Transaction data: purchases, bookings, invoices, payment amounts (we do not store full card details).

• Communications: emails, messages, testimonials, survey responses.

2.2 Information we collect automatically

• Technical data: IP address, device/browser details, pages viewed, referral source.

• Cookies and similar technologies (see Cookie Policy).

2.3 Information from third parties

• Payment processors (payment status), booking platforms, laboratories (test status/results), couriers, analytics providers, advertising/marketing platforms (only where you consent).

3) How we use your data and lawful bases

• Purpose: Provide services
  Examples: Pre-test assessment, consultations, personalised plans, coordinating test kits, results sessions
  Lawful basis: Contract (perform our contract with you)

• Purpose: Process payments & orders
  Examples: Take payment, issue invoices/receipts, prevent fraud
  Lawful basis: Contract; Legal obligation (tax)

• Purpose: Health data handling
  Examples: Reviewing symptoms, history, test results to provide nutrition and lifestyle advice
  Lawful basis: Explicit consent (special category health data)

• Purpose: Communications
  Examples: Service emails, appointment reminders, responding to queries
  Lawful basis: Contract / Legitimate interests

• Purpose: Marketing
  Examples: Newsletters, offers, events
  Lawful basis: Consent (you can unsubscribe anytime)

• Purpose: Site operation & analytics
  Examples: Troubleshooting, security, usage stats, performance
  Lawful basis: Legitimate interests (to run our business and improve services)

• Purpose: Legal & regulatory
  Examples: Record-keeping, HMRC, insurance
  Lawful basis: Legal obligation

Where we rely on consent, you may withdraw it at any time (this won’t affect processing already carried out).

4) Special category data (health information)

We only process health information with your explicit consent (e.g., ticking a consent box or confirming in writing) and solely to provide nutrition and lifestyle services. You can withdraw consent, but we may then be unable to provide the service.

5) Sharing your data

We share data with trusted processors and partners only as needed:

• Payment processors (e.g., Stripe/PayPal)

• Booking/scheduling tools (e.g., Calendly/Practice Better)

• Laboratory partners (e.g., hormone/stool test providers)

• Couriers/postal services

• Email + CRM/marketing platforms (e.g., MailerLite/Mailchimp)

• Cloud hosting/IT support providers (e.g., Microsoft/Google)

• Professional advisers (accountant, legal) and insurers

• Regulators or law enforcement where required

We require processors to protect your data and not use it for their own purposes.

6) International transfers

Some providers may store/process data outside the UK. Where this occurs, we ensure appropriate safeguards, such as UK Addendum to the EU Standard Contractual Clauses, UK International Data Transfer Agreement (IDTA), or an adequacy decision.

7) How long we keep your data

• Enquiries (no purchase): up to 12 months.

• Client records (consultations, plans, test results): generally 7 years after last contact (insurance and professional standards).

• Purchase records and invoices: 6 years (HMRC).

• Marketing contacts: until you unsubscribe or your consent is withdrawn, then retained on a suppression list.

We keep data only as long as necessary for the purposes above, then delete or anonymise it.

8) Your rights

You have the right to access, rectify, erase, restrict, object (to certain processing), and data portability, and to withdraw consent where relied upon. You also have the right to not be subject to decisions based solely on automated processing. To exercise your rights, email info@nataliyalanghorne.com.

You can complain to the Information Commissioner’s Office (ICO): ico.org.uk or 0303 123 1113. We would appreciate the chance to address your concerns first.

9) Security

We use administrative, technical, and physical safeguards to protect your information, including secure platforms, access controls, and encryption in transit where available. No system is 100% secure; please keep your account credentials confidential.

10) Children

Our services are for adults 18+. If a parent/guardian believes a child has provided data without consent, contact us and we will delete it where appropriate.

11) Cookies and tracking

See our separate Cookie Policy for details on cookies, consent, and how to manage preferences.

12) Changes to this Notice

We may update this Notice from time to time. We will post changes with a new Effective date and, where appropriate, notify you by email or site banner.

13) Contact

Questions about this Notice or your data rights? Email info@nataliyalanghorne.com.