Privacy Notice
**Effective date:** October 2025
This Privacy Notice explains how **Nataliya Langhorne Nutrition and Wellness** (sole trader) collects, uses, shares, and protects your personal information when you use our website, purchase digital content, or book consultations and testing services. We follow the **UK GDPR** and **Data Protection Act 2018**.
---
## 1) Who we are and how to contact us
**Controller:** Nataliya Langhorne Nutrition and Wellness (sole trader)
**Email:** [info@nataliyalanghorne.com](mailto:info@nataliyalanghorne.com)
**Postal address:** [insert address]
**ICO registration:** [insert Z‑number]
---
## 2) The data we collect
### 2.1 Information you give us
* Identity and contact: name, email, phone, postal address, date of birth.
* Health and lifestyle data (special category): symptoms, medical history, medications, allergies, diet, activity, sleep, stress, goals; test results from third‑party labs.
* Transaction data: purchases, bookings, invoices, payment amounts (we **do not** store full card details).
* Communications: emails, messages, testimonials, survey responses.
### 2.2 Information we collect automatically
* Technical data: IP address, device/browser details, pages viewed, referral source.
* Cookies and similar technologies (see **Cookie Policy**).
### 2.3 Information from third parties
* Payment processors (payment status), booking platforms, laboratories (test status/results), couriers, analytics providers, advertising/marketing platforms (only where you consent).
---
## 3) How we use your data and lawful bases
| Purpose | Examples | Lawful basis |
| -------------------------- | ------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------- |
| Provide services | Pre‑test assessment, consultations, personalised plans, coordinating test kits, results sessions | **Contract** (perform our contract with you) |
| Process payments & orders | Take payment, issue invoices/receipts, prevent fraud | **Contract**; **Legal obligation** (tax) |
| Health data handling | Reviewing symptoms, history, test results to provide nutrition and lifestyle advice | **Explicit consent** (special category health data) |
| Communications | Service emails, appointment reminders, responding to queries | **Contract** / **Legitimate interests** |
| Marketing | Newsletters, offers, events | **Consent** (you can unsubscribe anytime) |
| Site operation & analytics | Troubleshooting, security, usage stats, performance | **Legitimate interests** (to run our business and improve services) |
| Legal & regulatory | Record‑keeping, HMRC, insurance | **Legal obligation** |
> Where we rely on **consent**, you may withdraw it at any time (this won’t affect processing already carried out).
---
## 4) Special category data (health information)
We only process health information with your **explicit consent** (e.g., ticking a consent box or confirming in writing) and solely to provide nutrition and lifestyle services. You can withdraw consent, but we may then be unable to provide the service.
---
## 5) Sharing your data
We share data with trusted **processors** and **partners** only as needed:
* Payment processors (e.g., Stripe/PayPal)
* Booking/scheduling tools (e.g., Calendly/Practice Better)
* Laboratory partners (e.g., hormone/stool test providers)
* Couriers/postal services
* Email + CRM/marketing platforms (e.g., MailerLite/Mailchimp)
* Cloud hosting/IT support providers (e.g., Microsoft/Google)
* Professional advisers (accountant, legal) and insurers
* Regulators or law enforcement where required
We require processors to protect your data and not use it for their own purposes.
---
## 6) International transfers
Some providers may store/process data outside the UK. Where this occurs, we ensure appropriate safeguards, such as **UK Addendum to the EU Standard Contractual Clauses**, UK International Data Transfer Agreement (IDTA), or an adequacy decision.
---
## 7) How long we keep your data
* Enquiries (no purchase): up to **12 months**.
* Client records (consultations, plans, test results): generally **7 years** after last contact (insurance and professional standards).
* Purchase records and invoices: **6 years** (HMRC).
* Marketing contacts: until you **unsubscribe** or your consent is withdrawn, then retained on a suppression list.
We keep data only as long as necessary for the purposes above, then delete or anonymise it.
---
## 8) Your rights
You have the right to **access**, **rectify**, **erase**, **restrict**, **object** (to certain processing), and **data portability**, and to withdraw consent where relied upon. You also have the right to not be subject to decisions based solely on automated processing. To exercise your rights, email **[info@nataliyalanghorne.com](mailto:info@nataliyalanghorne.com)**.
You can complain to the **Information Commissioner’s Office (ICO)**: ico.org.uk or 0303 123 1113. We would appreciate the chance to address your concerns first.
---
## 9) Security
We use administrative, technical, and physical safeguards to protect your information, including secure platforms, access controls, and encryption in transit where available. No system is 100% secure; please keep your account credentials confidential.
---
## 10) Children
Our services are for adults **18+**. If a parent/guardian believes a child has provided data without consent, contact us and we will delete it where appropriate.
---
## 11) Cookies and tracking
See our separate **Cookie Policy** for details on cookies, consent, and how to manage preferences.
---
## 12) Changes to this Notice
We may update this Notice from time to time. We will post changes with a new **Effective date** and, where appropriate, notify you by email or site banner.
---
## 13) Contact
Questions about this Notice or your data rights? Email **[info@nataliyalanghorne.com](mailto:info@nataliyalanghorne.com)**.