ThistleRoot Wellness | Edinburgh Nutrition & Dietary Consultancy

Privacy Policy from ThistleRoot Wellness

At ThistleRoot Wellness, we are committed to protecting your privacy and handling your personal data with transparency and care. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with our services, including personalized nutrition plans, dietary assessments, corporate wellness programs, nutritional workshops, weight management coaching, and sports nutrition advice.

1. Information We Collect

We collect various types of information in connection with the services we provide.

Personal Identification Information: This includes your name, address, email address, phone number, and date of birth, collected when you register for our services, participate in our programs, or communicate with us.
Health and Dietary Information: Given the nature of our services (nutrition and dietary consultancy), we collect sensitive personal data such as dietary habits, health conditions, medical history, allergies, and lifestyle information. This data is essential for providing personalized and effective nutrition guidance. We only collect this information with your explicit consent.
Payment Information: When you purchase our services, we collect payment details. However, we typically use third-party payment processors, and we do not store your full payment card details on our servers.
Usage Data: We may collect information about how you access and use our website or online platforms, including IP address, browser type, operating system, referral URLs, pages viewed, and the dates/times of your visits. This helps us improve our service delivery.
Communication Data: Records of your correspondence and communication with us, including emails and other interactions.

2. How We Use Your Information

We use the information we collect for various purposes, primarily to provide and improve our services to you:

Service Delivery: To provide personalized nutrition plans, dietary assessments, and other consultancy services tailored to your specific needs and health goals.
Communication: To communicate with you regarding your services, appointments, updates, and to respond to your inquiries.
Service Improvement: To monitor and analyze trends, usage, and activities in connection with our services to improve functionality and user experience.
Marketing and Promotions: With your consent, to send you information about new services, promotions, workshops, or other news that may be of interest to you. You can opt out of these communications at any time.
Legal Obligations: To comply with applicable laws, regulations, and legal processes.
Security: To protect against, investigate, and deter fraudulent, unauthorized, or illegal activity.

3. Legal Basis for Processing (GDPR)

Our legal basis for collecting and using your personal information depends on the specific context in which we collect it. We will generally collect personal information from you where:

We need the information to perform a contract with you (e.g., to deliver your personalized nutrition plan).
The processing is in our legitimate interests and not overridden by your rights (e.g., for direct marketing with your consent).
We have your explicit consent to do so (especially for sensitive health data).
We have a legal obligation to collect personal information from you.

4. Disclosure of Your Information

We do not sell, trade, or otherwise transfer your personal identification information to outside parties. We may share your information only in limited circumstances:

With Your Consent: We may disclose your information to third parties when you provide us with explicit consent to do so.
Service Providers: We may employ third-party companies and individuals to facilitate our services (e.g., payment processing, IT support, hosting services). These third parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
Business Transfers: In the event of a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different Privacy Policy.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. We use secure servers, encryption, and strict access controls. While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure.

6. Data Retention

We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy, and to comply with our legal and regulatory obligations. For health and dietary information, we retain data for a period that allows for ongoing client support and to fulfill legal record-keeping requirements relevant to healthcare services.

7. Your Data Protection Rights

Under UK data protection law and the GDPR, you have certain rights concerning your personal data:

The right to access: You have the right to request copies of your personal data.
The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The right to withdraw consent: You have the right to withdraw your consent at any time where ThistleRoot Wellness relied on your consent to process your personal information.

If you make a request, we have one month to respond to you. To exercise any of these rights, please contact us using the details provided below.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We encourage you to review this Privacy Policy periodically for any changes.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

ThistleRoot Wellness
4502 Heathfield Road, Suite 3B
Edinburgh, Scotland, EH12 5ND
United Kingdom

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.