Who we are
Our website address is: http://www.nutritioncentre.ie/en.
Maev Creaven Nutrition needs to gather and use certain information about individuals.
These can include clients, suppliers, employees and other people the organisation has a relationship with or may need to contact.
This policy describes how this personal data will be collected, handled and stored to comply with the General Data Protection Regulation.
Maev Creaven Nutrition is committed to a policy of protecting the rights and privacy of clients, staff and others in accordance with General Data Protection Regulation.
Maev Creaven Nutrition commits to:
- comply with both the law and good practice
- respect individuals’ rights
- be open and honest with individuals whose data is held
- provide training and support to staff who handle personal data, so that they can act confidently and consistently
- Register our details with the Data Protection Commissioner.
Maev Creaven Nutrition may hold data for the following purposes:
- Provision of direct healthcare
- Marketing and newsletters
- Case histories
- Staff Administration (outsource)
Special categories of data included race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health and sexual orientation.
Maev Creaven Nutrition may hold special category data for the following purposes:
- Provision of direct healthcare
How we obtain your personal data
- Completion of questionnaire
- By corresponding with us via phone, email, text message
- By signing up via our website mailing list.
- By scheduling an appointment
- By signing a terms of engagement form
- During a nutritional therapy consultation
This may include the following information:
- basic details such as name, address, contact details and next of kin
- details of contact we have had with you such as referrals and appointment requests
- health information including your previous medical history, dietary, lifestyle, supplement and medicine details, biochemical test results, clinic notes and health improvement plans
- GP contact information
- Bank details, payment details
Following completion of your healthcare we retain your personal data for the period defined by my professional association, NTOI. This enables us to process any complaint you may make. In this case the legal basis of our holding your personal data is for contract administration
If you choose to sign up to our Mailing List, we may track any links you open in our emails to you or what pages you visit on this website. You may choose to accept this tracking by clicking on the button Accept on the sign up form. This will place a cookie on your device which will expire after 30 days
Automated technologies or interactions
When you visit our website(s) we may automatically collect information about your computer, device including your IP address, information about your visit, your browsing history and how you use our website. This information may be combine with other information you provide to us, as described above. See Cookies and Analytics
There are six data protection principles that are core to the General Data Protection Regulation. Maev Creaven Nutrition will make every possible effort to comply with these principles at all times in our information-handling practices. The principles are:
- Lawful, fair and transparent
Data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used.
- Limited for its purpose
Data can only be collected for a specific purpose.
- Data minimisation
Any data collected must be necessary and not excessive for its purpose.
The data we hold must be accurate and kept up to date.
We cannot store data longer than necessary.
- Integrity and confidentiality
The data we hold must be kept safe and secure.
The main risks are in two key areas:
- information about individuals getting into the wrong hands, through poor security or inappropriate disclosure of information
- individuals being harmed through data being inaccurate or insufficient
Maev Creaven Nutrition is the data controller for all personal data held by us and is responsible for:
- Analysing and documenting the type of personal data we hold
- Checking procedures to ensure they cover all the rights of the individual
- Identifying the lawful basis for processing data
- Ensuring consent procedures are lawful
- Implementing and reviewing procedures to detect, report and investigate personal data breaches
- Storing data in safe and secure ways
- Assessing the risk that could be posed to individual rights and freedoms should data be compromised
Maev Creaven Nutrition will ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.
Maev Creaven Nutrition will keep personal data secure against loss or misuse. Where other organisations process personal data as a service on our behalf, we will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third-party organisations.
- In cases when data is stored on printed paper, it will be kept in a secure place where unauthorised personnel cannot access it
- Printed data will be shredded when it is no longer needed
- Data stored on a computer will be protected by strong passwords that are changed regularly. A password manager will be used to create and store passwords.
- Data stored on CDs or memory sticks will be encrypted or password protected and locked away securely when they are not being used
- Cloud services used to store personal data will be assessed for compliance with GDPR principles. An authenticator app will be used to access cloud data.
- Servers containing personal data must be kept in a secure location, away from general office space
- Data will be regularly backed up.
- All servers containing sensitive data must be protected by security software
- All possible technical measures will be put in place to keep data secure
Maev Creaven Nutrition will retain personal data for no longer than is necessary. This shall be in accordance with the guidelines of our professional association, NTOI.
Maev Creaven Nutrition will ensure accountability and transparency in all our use of personal data. We will keep written up-to-date records of all the data processing activities that we do and ensure that they comply with each of the GDPR principles.
We will regularly review our data processing activities and implement measures to ensure privacy by design including data minimisation, pseudonymisation, transparency and continuously improving security and enhanced privacy procedures.
Maev Creaven Nutrition will ensure that consents are specific, informed and plain English such that individuals clearly understand why their information will be collected, who it will be shared with, and the possible consequences of them agreeing or refusing the proposed use of the data. Consents will be granular to provide choice as to which data will be collected and for what purpose. We will seek explicit consent wherever possible.
We will maintain an audit trail of consent by documenting details of consent received including who consented, when, how, what, if and when they withdraw consent. For online consent, we may use a cryptographic hash function to support data integrity. Alternatively we will maintain the consents information in a spreadsheet with links to the consent forms.
We will regularly review consents and seek to refresh them regularly or if anything changes.
Maev Creaven Nutrition will comply with both data protection law and Privacy and Electronic Communication Regulations 2003 (PECR) when sending electronic marketing messages. PECR restricts the circumstances in which we can market people and other organisations by phone, text, email or other electronic means.
We will seek explicit consent for direct marketing. We will provide a simple way to opt out of marketing messages and be able to respond to any complaints.
An individual has the right to receive confirmation that their data is being processed, access to their personal data and supplementary information which means the information which should be provided in a privacy notice.
Maev Creaven Nutrition will provide an individual with a copy of the information requested, free of charge. This will occur within one month of receipt. We endeavour to provide data subjects access to their information in commonly used electronic formats (as described in section 4.3).
If complying with the request is complex or numerous, the deadline can be extended by two months, but the individual will be informed within one month.
We can refuse to respond to certain requests, and can, in circumstances of the request being manifestly unfounded or excessive, charge a fee. If the request is for a large quantity of data, we can request the individual specify the information they are requesting.
Once a subject access request has been made, we will not change or amend any of the data that has been requested. Doing so is a criminal offence.
We will provide the data requested in a structured, commonly used and machine-readable format. This would normally be a PDF file, although other formats are acceptable. We must provide this data either to the individual who has requested it, or to the data controller they have requested it be sent to within one month.
7. Transferring data internationally
There are restrictions on international transfers of personal data. We will not transfer personal data abroad without express consent.
As a data controller and/or data processor, we will have written contracts in place with any third-party data controllers (and/or) data processors that we use. The contract will contain specific clauses which set out our and their liabilities, obligations and responsibilities.
As a data controller, we will only appoint processors who can provide sufficient guarantees under GDPR and that the rights of data subjects will be respected and protected.
As a data processor, we will only act on the documented instructions of a controller. We acknowledge our responsibilities as a data processor under GDPR and we will protect and respect the rights of data subjects.
Our contracts will comply with the standards set out by the Data Protection Commissioner and, where possible, follow standard contractual clauses. Our contracts with data controllers (and/or) data processors will set out the subject matter and duration of the processing, the nature and stated purpose of the processing activities, the types of personal data and categories of data subject, and the obligations and rights of the controller.
The following are third party Suppliers we contract with for processing purposes:
Booking An Appointment
PayPal Inc is the application of the personal data we hold and that is provided to us when you book an appointment with us
Aweber is the Processor of the person data we hold and that is provided to us when you sign up to our Mailing List(s). You can unsubscribe at any time from our Mailing List by clicking ‘unsubscribe’ in the Newsletter or emailing us directly.
Any breach of this policy or of data protection laws will be reported as soon as practically possible. This means as soon as we become aware of a breach.
Maev Creaven Nutrition has a legal obligation to report any data breaches to Data Protection Commissioner.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
|AcceptCookies||Eg, This is used to store whether you have agreed to receive cookies. Persistent for one year.|
|Eg, These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.|
|FaceBook Pixel||This Cookie is place by Facebook. Its enables Maev Creaven Nutrition to measure, optimise and building audiences for advertising campaigns on Facebook.
About Facebook Pixel: https://www.facebook.com/business/help/651294705016616
Facebook, Twitter, Instagram, LinkedIn
See privacy terms at each Third Party Supplier site
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information