The General Data Protection Regulation (GDPR) came into force on 25th May 2018. Sunlight Nutrition Limited regularly review and update their privacy policy and terms and conditions in line with these regulations and any amendments.
Sunlight Nutrition Limited takes data protection responsibilities very seriously and will make every effort to keep your data safe.

Treatment, by any healthcare professional working for Sunlight Nutrition, cannot be provided without consent to store personal data.
GDPR sets that an individual over the age of 16 has capacity to provide their own consent.

If the patient is under the age of 18, they can give consent, but this must be countersigned by a named parent or guardian with ‘parental responsibility’.
If an adult (an individual over 18 years of age) is unable to provide consent, due to illness, physical disability or reduced mental capacity the individuals’ next of kin or an individual with ‘lasting power of attorney’ may provide consent.

As healthcare professionals we can act ‘in the best interests’ of the patient and will make an individual assessment where required. In exceptional circumstances, where the patient is unable to provide consent, we may contact other health care providers, e.g., GP to decide on the most appropriate person to provide consent.

We hold records for all our patients. It is a requirement of our professional governing bodies, and of the Health and Care Professions Council (HCPC) that we store patient records.
It is recommended that adult patient records are stored for 10 years from our last contact and that we store paediatric patient records until the child is 28 years of age. If the child is still under our care at the age of 18 years and beyond the data will be stored for 10 years from the last contact as with adult records.

Our patient records include:

• Personal information including names, address, contact telephone numbers and email addresses, date of birth, next of kin details, NHS number, GP details and any details of other health care professionals involved in the care of our patient.

• Medical History and Drug History

• Records of clinical assessments, including telephone / online / email advice or information provided.

• Copies of any letters / reports written by Sunlight Nutrition Limited

• Any correspondence and other reports from medical professionals

  and other parties relating to the patient.

If we receive any enquiry via telephone, our website or via email the details will be stored for up to 6 months. This data will not be used for marketing purposes, simply to ensure continuity if we receive further communication from the individual.

After 12 months records from the website / emails / telephone contacts will be deleted / destroyed if no bookings have been made. If an enquiry becomes a booking the data will be stored as part of the patient record.

Copies of letters and reports written by Sunlight Nutrition Limited are shared with GPs and other healthcare providers, schools, and workplaces with permission of the patient and only if this is clinically indicated.
In exceptional circumstances information may be shared with Social Services or the Police if we felt that an individual was at risk. This would be in-line with local safeguarding policies.

Data will not be shared with any outside parties for the purposes of marketing.

An individual has the right to view or receive copies of the information we hold. Any requests for personal information will be dealt with promptly (within 30 days in compliance with GDPR). We are not able to provide original documentation or erase records until it has been stored for the recommended 10 years for adult patients and until the child is 28 years for paediatric patients (see section 2).

All paper records are stored in a locked filing cabinet in compliance with GDPR. All electronic records / documents are password protected and any computers containing personal data are stored in a locked house / room / filing cabinet in compliance with GDPR.

All laptops use bit locker encryption.
Access to email on mobile devices has fingerprint or face recognition authorisation.
Any personal information sent via email will be password protected. Passwords will be sent to clients via text message.

If a data breach were suspected or reported Sunlight Nutrition Limited would contact the Information Commissioners Office (ICO) to notify them of the breach and seek advice from them on how to manage this. Individuals affected would be informed in line with ICO policy.

With an individual’s consent we store a list of contact names, postal addresses, and email addresses. We will use this data to keep individuals informed of our products and services.

Virtual appointments will be offered via Doxy.me, a remote Telemedicine service, Zoom or Teams. These services use encrypted point-to-point connections, and nothing will be recorded or stored.

Policy written: 20th May 2018

Reviewed:

12th March 2021

8th December 2023

20th February 2025