Privacy Policy

2. Scope of this Privacy Policy

This Privacy Policy only applies to the actions of EYZHN and Users with respect to this Website. It does not extend to any websites that can be accessed from this Website including, but not limited to, any links we may provide to social media and/or third-party websites.

For purposes of the applicable Data Protection Laws, EYZHN is the “Data Controller”. This means that we determine the purposes for which, and the manner in which, your Data is processed. “Data Controller”, '“personal data” and “processing” shall have the same meaning as in the GDPR.

3. What we do

EYZHN provides Nutritional Therapy services to maintain and improve the health of its clients through diet and lifestyle interventions. We focus on preventative healthcare, the optimisation of physical and mental health and chronic health conditions. Through consultation, dietary, lifestyle analysis and functional testing, we aim to understand the underlying causes of our clients’ health issues which we seek to address through personalised dietary therapy, nutraceuticals (supplements) and lifestyle advice.

4. Data collected

We may collect the following Data from you:

• Basic details such as name, ID, address, contact details and next of kin;

• Details of communication we have had with you such as referrals and appointment requests;

• Health information, including your previous medical history, dietary, lifestyle, supplement and medicine details, functional testing results, clinic notes and health plans; and

• Primary care physician (GP) and other healthcare provider contact details.

in each case, in accordance with this Privacy Policy. If we hold this information, we use it in order to provide you with direct healthcare. This means that the legal basis of our holding your personal Data is for legitimate interest.

Following completion of your healthcare we retain your personal Data for the period defined by our professional association, the British Association for Nutrition and Lifestyle Medicine (BANT). This enables us to process any complaint you may make. In this case the legal basis of our holding your personal data is for contract administration.

5. How we collect Data

We collect Data in the following ways:

• Data is given to us by you

• Data is received from other sources

• Data is collected automatically.

Data that is given to us by you

We may collect your Data in a number of ways, for example:

• When you contact us through the Website, by telephone, post, e-mail or through any other means;

• When you register with us and set up an account to receive our products/services;

• By completing a client intake form or during consultation;

• By submitting forms via Google Forms;

• By signing and agreeing to Terms and Conditions and Terms of Engagement;

• When you complete surveys that we use for research purposes (if you respond to them);

• When you enter a competition or promotion through social media;

• When you make payments to us, through this Website or otherwise;

• When you elect to receive marketing communications from us;

• When you use our services;

• Via Google Analytics, MailerLite, Stripe, Airwallex, and other third-party services specified;

in each case, in accordance with this Privacy Policy.

Data that is shared with and received from third parties

We may receive Data about you from the following third parties:

• Test results from functional testing companies. We also collect information submitted via Google Forms, which is stored securely in Google Drive as part of Google Workspace. We use this information in order to provide you with direct healthcare. This means that the legal basis of our holding your personal Data is for legitimate interest.

• We may obtain sensitive information from other healthcare providers. The provision of this information is subject to you giving us your express consent. If we do not receive this consent from you, we will not be able to coordinate your healthcare with that provided by other providers which means the healthcare provided by us may be less effective.

• If we are involved in processing a supplement order or verifying authorisation with a third-party provider. The provision of this information is subject to you giving us your express consent.

Data that is collected automatically

To the extent that you access the Website, we may collect your Data automatically, for example:

• We automatically collect some information about your visit to the Website. This information helps us to make improvements to Website content and navigation, and includes your IP address, the date, times and frequency with which you access the Website and the way you use and interact with its content.

• We will collect your Data automatically via Cookies, in line with the cookie settings on your browser. For more information about cookies, and how we use them on the Website, see the section below headed “Cookies”.

6. How we use Data

Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using the Website. Specifically, Data may be used by us for the following reasons:

• Internal record keeping

• Improvement of our products/services

• Transmission by email of marketing materials that may be of interest to you

• Contact for market research purposes which may be done using email, telephone, fax or mail. Such information may be used to customise or update the Website

in each case, in accordance with this Privacy Policy. We may use your Data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances (see the section headed “Your rights” below).

For the delivery of direct marketing to you via e-mail, we’ll need your consent, whether via an opt-in or soft-opt-in:

• Soft opt-in consent is a specific type of consent which applies when you have previously engaged with us (for example, you contact us to ask for more details about a particular product/service, and we are marketing similar products/services). Under “soft opt-in” consent, we will take your consent as given unless you opt-out.

• For other types of e-marketing, we are required to obtain your explicit consent; that is, you need to take positive and affirmative action when consenting by, for example, checking a tick box that we’ll provide.

• If you are not satisfied about our approach to marketing, you have the right to withdraw consent at any time. To find out how to withdraw your consent, see the section headed “Your rights” below.

When you register with us and set up an account to receive our products/services, the legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

7. Who we share Data with

All personal Data collected and held by us will be kept confidential. We will not disclose your Data to third parties without your express consent, with the exception of the following reasons and/or categories of third parties:

• Our employees, agents and/or any contractors that provide a service to us or act as our agents – to obtain advice from professional advisors.

• Third party service providers who provide services to us which require the processing of personal Data – to help third party service providers in receipt of any shared Data to perform functions on our behalf to help ensure the Website runs smoothly.

• Third party payment providers who process payments made over the Website – to enable third party payment providers to process User payments and refunds. Online transactions are integrated using Stripe and Airwallex and are subject to their respective Terms of Use and Privacy Policies: Stripe’s Terms of Use and Privacy Policy; Airwallex’s Terms of Use and Privacy Policy.

• Banks, financial institutions, credit card issuing companies or debt collection agencies.

• Relevant authorities – to facilitate the detection of crime or the collection of taxes or to satisfy any regulatory request or if we have a duty to do so or if the law allows us to do so.

• Anyone to whom we may transfer our rights and duties under any agreement we have with you.

• Our professional association, BANT, for the processing of a complaint made by you.

• Supplement companies and functional testing companies as part of providing you with direct healthcare. We do not share sensitive information with supplement companies. Testing companies provide us with results

in each case, in accordance with this Privacy Policy. We will seek your express consent before sharing your information with your GP or other healthcare providers. However, if we believe that your life is in danger then we may pass your information onto an appropriate authority (such as the police to prevent a serious crime, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests.

We may share your case history in an anonymised form with our peers for the purpose of professional development and/or education. This may be at clinical supervision meetings, conferences, online forums, and through publishing in medical journals, trade magazines or online professional sites. We will always seek your explicit consent before processing your Data this way.

8. Keeping Data secure

We will use technical and organisational measures to safeguard your Data, for example:

• We only use information that may identify you in accordance with the PDPO and GDPR. This requires us to process personal Data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.

• Within the health sector, we also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. We will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.

• We use Google Forms to collect Data, which is securely stored in Google Drive as part of our Google Workspace platform.

• We ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment such as laptops with encryption (which masks Data so that unauthorised users cannot see or make sense of it).

• We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where Data that could or does identify a person are processed.

• Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately by contacting us via this e-mail address: tamara@eyzhn.co.

• If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org.

9. Data retention

All records held by us will be kept for the duration specified by guidance from our professional association BANT or until you request the Data be deleted. Even if we delete your Data, it may persist on backup or archival media for legal, tax or regulatory purposes.

10. Your rights

You have the following rights, subject to exemptions, in relation to your Data:

• Right to access – the right to request (i) copies of the information we hold about you at any time, or (ii) that we modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is “manifestly unfounded or excessive.” Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.

• Right to correct – the right to have your Data rectified if it is inaccurate or incomplete.

• Right to erase – the right to request that we delete or remove your Data from our systems where we are not required to do so by law or in accordance with BANT guidelines..

• Right to restrict our use – the right to “block” us from using your Data or limit the way in which we can use it.

• Right to portability – the right to request that we move, copy or transfer your Data, without hindrance from us.

• Right to object – the right to object to our use of your Data including where we use it for our legitimate interests.

We do not carry out any automated processing, which may lead to automated decision based on your personal Data. It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period for which we hold it.

If you wish to access your Data and/or invoke any the above rights please email your request in writing to the Data Controller at: tamara@eyzhn.co. We shall respond within 30 working days from the point of receiving the request and all necessary information from you including formal identification to process your request. Our response will include the details of the personal Data we hold on you as requested including:

• Sources from which we acquired the information

• The purposes of processing the information

• Entities with whom we are sharing the information.

If you are not satisfied with the way a complaint you make in relation to your Data is handled by us, you may be able to refer your complaint to the relevant data protection authority.

11. International transfers

Data which we collect from you may be stored and processed in and transferred outside of the EU or the UK. For example, this could occur if our servers are located in a country outside the EU or the UK, or if one of our service providers is situated in a country outside of the EU or the UK. Examples of this include Google Workspace, Google Drive and Google Analytics. All reasonable efforts are made to ensure that any Data held by us is stored in a secure and safe place, and that all personal Data which we collect is kept confidential to the best of our ability.

For details about the privacy practices of Google Workspace, Google Drive, and Google Analytics, please refer to Google’s Privacy Policy.

12. Third-party links

This Website may, from time to time, provide links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share Data about you. We have no control over such websites and are not responsible for the content of these websites. You are advised to read their privacy policy or statement prior to using them.

13. Hosting, forms and analytics software

Hosting

This Website is hosted by Squarespace and subject to Squarespace's Terms of Use and Privacy Policy. Squarespace collects personal Data when you visit the Website, including:

• Information about your browser, network and device

• Web pages you visited prior to coming to this website

• Web pages you view while on this website

• Your IP address

Squarespace needs the Data to run this Website, and to protect and improve its platform and services. Squarespace analyses the Data in an anonymised form.

Quizzes

This Website makes use of electronic quizzes, which include a number of built-in features to help ensure privacy. Quizzes are hosted by ProProfs and subject to ProProf’s Terms of Use and Privacy Policy.

Analytics software

This Website makes use of analytics software, including Google Analytics, in order to better understand our Users’ needs and to optimise our service and experience. It uses Cookies and other technologies to collect Data on our Users’ behaviour and their devices. This may includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our Website.

Any analytics software we use stores this information on our behalf in an anonymised user profile and is contractually forbidden to sell any of the Data collected on our behalf. We make no use of personally identifiable information in any of the statistical reports we use from this package. Analytics are processed using Google Analytics and subject to Google Analytics’ Terms of Use and Privacy Policy.

If you do not want Google Analytics to collect and use your data, you can opt out by using the Google Analytics Opt-out Browser Add-on. This add-on allows you to prevent your data from being used by Google Analytics across all websites. Note that this tool is available for Chrome, Firefox, Safari, and Microsoft Edge browsers.

14. Cookies

This Website may place and access certain Cookies on your computer. We use Cookies to improve our range of products/services. We have carefully chosen these Cookies and have taken steps to ensure that your privacy is protected and respected at all times. All Cookies used by this Website are used in accordance with current Cookie Law.

Before the Website places Cookies on your computer, you will be presented with a message bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling us to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.

The Website may place the following Cookies: