Privacy Policy

Who we are

Our website address is: http://www.nutritioncentre.ie/en.

Maev Creaven, trading as ‘Maev Creaven Nutrition’ and ‘Galway Nutrition Centre’ and Functional Medicine Confeence is an experience and registered Nutritional Therapist specialising in Nutrition Therapy and promoter of Functional and Lifestyle Medicine events in Ireland and Europe. This privacy policy is issued on behalf of Maev Creaven Nutrition and will use, we, us or our in this privacy notice. We are referring to Maev Creaven Nutrition whom is responsible for processing your data. Maev Creaven Nutrition is responsible and the data controller of this website.

Click here for full Privacy Policy for Maev Creaven

 

1       Introduction

1.1      Purpose of Policy

Maev Creaven Nutrition needs to gather and use certain information about individuals.

These can include clients, suppliers, employees and other people the organisation has a relationship with or may need to contact.

This policy describes how this personal data will be collected, handled and stored to comply with the General Data Protection Regulation.

1.2      Policy Statement

Maev Creaven Nutrition is committed to a policy of protecting the rights and privacy of clients, staff and others in accordance with General Data Protection Regulation.

Maev Creaven Nutrition commits to:

  • comply with both the law and good practice
  • respect individuals’ rights
  • be open and honest with individuals whose data is held
  • provide training and support to staff who handle personal data, so that they can act confidently and consistently
  • Register our details with the Data Protection Commissioner.

1.3      Personal Data

Maev Creaven Nutrition may hold data for the following purposes:

  • Provision of direct healthcare
  • Marketing and newsletters
  • Case histories
  • Staff Administration (outsource)

Special categories of data included race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health and sexual orientation.

Maev Creaven Nutrition may hold special category data for the following purposes:

  • Provision of direct healthcare

How we obtain your personal data

  • Completion of questionnaire
  • By corresponding with us via phone, email, text message
  • By signing up via our website mailing list.
  • By scheduling an appointment
  • By signing a terms of engagement form
  • During a nutritional therapy consultation

This may include the following information:

  • basic details such as name, address, contact details and next of kin
  • details of contact we have had with you such as referrals and appointment requests
  • health information including your previous medical history, dietary, lifestyle, supplement and medicine details, biochemical test results, clinic notes and health improvement plans
  • GP contact information
  • Bank details, payment details

We use this information in order to provide you with direct healthcare.  This means that the legal basis of our holding your personal data is for legitimate interest. By provind us with this information, you expressly consent to our use of your sensitive personal information in accordance with this privacy policy.

 

Following completion of your healthcare we retain your personal data for the period defined by my professional association, NTOI.  This enables us to process any complaint you may make.  In this case the legal basis of our holding your personal data is for contract administration

 

Mailing List

If you choose to sign up to our Mailing List, we may track any links you open in our emails to you or what pages you visit on this website. You may choose to accept this tracking by clicking on the button Accept on the sign up form. This will place a cookie on your device which will expire after 30 days

Automated technologies or interactions

When you visit our website(s) we may automatically collect information about your computer, device including your IP address, information about your visit, your browsing history and how you use our website. This information may be combine with other information you provide to us, as described above. See Cookies and Analytics

1.4      Data Protection Principles

There are six data protection principles that are core to the General Data Protection Regulation.  Maev Creaven Nutrition will make every possible effort to comply with these principles at all times in our information-handling practices.  The principles are:

  • Lawful, fair and transparent

Data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used.

  • Limited for its purpose

Data can only be collected for a specific purpose.

  • Data minimisation

Any data collected must be necessary and not excessive for its purpose.

  • Accurate

The data we hold must be accurate and kept up to date.

  • Retention

We cannot store data longer than necessary.

  • Integrity and confidentiality

The data we hold must be kept safe and secure.

1.5      Key risks

The main risks are in two key areas:

  • information about individuals getting into the wrong hands, through poor security or inappropriate disclosure of information
  • individuals being harmed through data being inaccurate or insufficient

       Responsibilities

Maev Creaven Nutrition is the data controller for all personal data held by us and is responsible for:

  • Analysing and documenting the type of personal data we hold
  • Checking procedures to ensure they cover all the rights of the individual
  • Identifying the lawful basis for processing data
  • Ensuring consent procedures are lawful
  • Implementing and reviewing procedures to detect, report and investigate personal data breaches
  • Storing data in safe and secure ways
  • Assessing the risk that could be posed to individual rights and freedoms should data be compromised

2       Data Recording, Security and Storage

2.1      Data accuracy and relevance

Maev Creaven Nutrition will ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.

2.2      Data security

Maev Creaven Nutrition will keep personal data secure against loss or misuse. Where other organisations process personal data as a service on our behalf, we will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third-party organisations.

2.3      Storing data securely

  • In cases when data is stored on printed paper, it will be kept in a secure place where unauthorised personnel cannot access it
  • Printed data will be shredded when it is no longer needed
  • Data stored on a computer will be protected by strong passwords that are changed regularly. A password manager will be used to create and store passwords.
  • Data stored on CDs or memory sticks will be encrypted or password protected and locked away securely when they are not being used
  • Cloud services used to store personal data will be assessed for compliance with GDPR principles. An authenticator app will be used to access cloud data.
  • Servers containing personal data must be kept in a secure location, away from general office space
  • Data will be regularly backed up.
  • All servers containing sensitive data must be protected by security software
  • All possible technical measures will be put in place to keep data secure

2.4      Data retention

Maev Creaven Nutrition will retain personal data for no longer than is necessary. This shall be in accordance with the guidelines of our professional association, NTOI.

3       Accountability and Transparency

Maev Creaven Nutrition will ensure accountability and transparency in all our use of personal data.  We will keep written up-to-date records of all the data processing activities that we do and ensure that they comply with each of the GDPR principles.

We will regularly review our data processing activities and implement measures to ensure privacy by design including data minimisation, pseudonymisation, transparency and continuously improving security and enhanced privacy procedures.

4       Consent

Maev Creaven Nutrition will ensure that consents are specific, informed and plain English such that individuals clearly understand why their information will be collected, who it will be shared with, and the possible consequences of them agreeing or refusing the proposed use of the data.  Consents will be granular to provide choice as to which data will be collected and for what purpose.  We will seek explicit consent wherever possible.

We will maintain an audit trail of consent by documenting details of consent received including who consented, when, how, what, if and when they withdraw consent.  For online consent, we may use a cryptographic hash function to support data integrity.  Alternatively we will maintain the consents information in a spreadsheet with links to the consent forms.

We will regularly review consents and seek to refresh them regularly or if anything changes.

5       Direct Marketing

Maev Creaven Nutrition will comply with both data protection law and Privacy and Electronic Communication Regulations 2003 (PECR) when sending electronic marketing messages.  PECR restricts the circumstances in which we can market people and other organisations by phone, text, email or other electronic means.

We will seek explicit consent for direct marketing. We will provide a simple way to opt out of marketing messages and be able to respond to any complaints.

6       Subject Access Requests

6.1      What is a subject access request?

An individual has the right to receive confirmation that their data is being processed, access to their personal data and supplementary information which means the information which should be provided in a privacy notice.

6.2      How to deal with subject access requests

Maev Creaven Nutrition will provide an individual with a copy of the information requested, free of charge. This will occur within one month of receipt. We endeavour to provide data subjects access to their information in commonly used electronic formats (as described in section 4.3).

If complying with the request is complex or numerous, the deadline can be extended by two months, but the individual will be informed within one month.

We can refuse to respond to certain requests, and can, in circumstances of the request being manifestly unfounded or excessive, charge a fee. If the request is for a large quantity of data, we can request the individual specify the information they are requesting.

Once a subject access request has been made, we will not change or amend any of the data that has been requested. Doing so is a criminal offence.

6.3      Data portability requests

We will provide the data requested in a structured, commonly used and machine-readable format. This would normally be a PDF file, although other formats are acceptable. We must provide this data either to the individual who has requested it, or to the data controller they have requested it be sent to within one month.

7. Transferring data internationally

There are restrictions on international transfers of personal data. We will not transfer personal data abroad without express consent.

8       Third Parties

8.1      Using third party controllers and processors

As a data controller and/or data processor, we will have written contracts in place with any third-party data controllers (and/or) data processors that we use. The contract will contain specific clauses which set out our and their liabilities, obligations and responsibilities.

As a data controller, we will only appoint processors who can provide sufficient guarantees under GDPR and that the rights of data subjects will be respected and protected.

As a data processor, we will only act on the documented instructions of a controller. We acknowledge our responsibilities as a data processor under GDPR and we will protect and respect the rights of data subjects.

8.2       Contracts

Our contracts will comply with the standards set out by the Data Protection Commissioner and, where possible, follow standard contractual clauses. Our contracts with data controllers (and/or) data processors will set out the subject matter and duration of the processing, the nature and stated purpose of the processing activities, the types of personal data and categories of data subject, and the obligations and rights of the controller.

The following are third party Suppliers we contract with for processing purposes:

Booking An Appointment

PayPal Inc is the application of the personal data we hold and that is provided to us when you book an appointment with us

Mailing List

Aweber is the Processor of the person data we hold and that is provided to us when you sign up to our Mailing List(s). You can unsubscribe at any time from our Mailing List by clicking ‘unsubscribe’ in the Newsletter or emailing us directly.

9       Reporting breaches

Any breach of this policy or of data protection laws will be reported as soon as practically possible. This means as soon as we become aware of a breach.

Maev Creaven Nutrition has a legal obligation to report any data breaches to Data Protection Commissioner.

Cookies and Analytics

Like most websites, we make use of analytics software in order to help us understand the trends in popularity of our website and of different sections. We make no use of personally identifiable information in any of the statistical reports we use from this package. We use an analytics package called Google Analytics who provide details of their privacy policyon the Google website.

 

Cookies are small. We do not make use of cookies to collect any private or personally identifiable information. The technical platform of this website uses cookies solely to aid the proper technical functioning of the website. The cookies used contain random strings of characters alongside minimal information about the state and session of the website – which in no way collects or discloses any personal information about you as a visitor.

Advanced areas of this site may use cookies to store your presentation preferences in a purely technical fashion with no individually identifiable information. Note also our statement on analytics software below – as analytics software also uses cookies to function.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org

 

In compliance with EU legislation, the following table lists the use of cookies on this web site:

Cookie name Purpose
AcceptCookies Eg, This is used to store whether you have agreed to receive cookies. Persistent for one year.
Google Analytics_utma

_utmb

_utmc

_utmz

Eg, These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
FaceBook Pixel This Cookie is place by Facebook. Its enables Maev Creaven Nutrition to measure, optimise and building audiences for advertising campaigns on Facebook.

(third party)

About Facebook Pixel: https://www.facebook.com/business/help/651294705016616

 

Social Sharing

Facebook, Twitter, Instagram, LinkedIn

 

See privacy terms at each Third Party Supplier site

YouTube  
Wistia  
Dropbox  
   

 

Analytics

Like most websites, we make use of analytics software in order to help us understand the trends in popularity of our website and of different sections. We make no use of personally identifiable information in any of the statistical reports we use from this package. We use an analytics package called Google Analytics who provide details of their privacy policyon the Google website.

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout

 

Additional Information

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

info@nutritioncentre.ie