Privacy policy.

Effective Date: 28.01.2025

 

Welcome to the Fin the Dietitian’s Privacy Policy (“Policy”). We care about your privacy and handle your data in accordance with applicable laws, including the General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 (“DPA”) and any other laws that apply to your location.

 

This Policy describes the data we collect through our website at https://www.finthedietitian.com/ (the “Site”) and electronic health platform on Practice Better (the “Portal”) in connection with our dietary consultation and nutrition counselling services (our “Services”).

 

You must review this Policy and other policies and agreements we present regarding our Services. This includes our Terms of Service, consent forms, rescheduling, cancellation and refund policy on the Site and Portal.

 

By interacting with our Services, you confirm your agreement with this Policy. If you do not agree to this Policy, your only recourse is to refrain from our Services.

 

1.    Data Controller Information

Please note that Fin the Dietitian operates as a personal brand and trade name under Altus Clinic Limited. All data processing activities regarding our Site, Portal and Services are generally managed by Altus Clinic Limited. This means that for the purpose of the GDPR and similar data protection laws, Altus Clinic Limited is your Data Controller.

 

If you have any questions or concerns regarding how your personal data is handled, or you wish to exercise your data protection rights, please contact us using the details below:

 

Data Controller:

Altus Clinic Limited

Arbutus, Waterford, X91V6EC

info@altusclinic.com

info@finthedietitian.com

 

2.    The Data We Collect And How

We may collect data that can identify you (personal data) and de-identified, anonymous data that cannot identify you (non-personal data) when you use our Site, Portal and Services. We categorise this data and manner of collection into the following categories:

 

a.     The data you willingly provide to us

You may provide us with your data willingly. This may include the following data:

 

•       Your Name;

 

•       Date of birth;

 

•       Gender;

 

•       Contact information (such as your email address, home address and telephone numbers);

 

•       Details of your GP and NHS/HSE number;

 

•       Details of Services (e.g. your dietary plan) and/or treatment you have received from us or which have been received from a third party (e.g. NHS/HSE) and referred to us;

 

•       Nutritional health information such as blood test results, lifestyle, current medical conditions and other results from intake forms;

 

•       Current dietary habits, food consumed, eating patterns, etc.

 

•       Previous dietary history, including surgeries, supplements and medications, lab results, etc.

 

•       Credit and debit card details (cardholder name, CVC, etc.);

 

•       Follow up and progress monitoring information;

 

•       Records of correspondence between us. This includes text messages, emails, notes made during consultations and related to your health plan, the result of the treatment and any aftercare instructions;

 

•       The name and contact details (including phone number) of your next of kin. Please note that you are responsible for ensuring the individual is aware of and accepts this Policy;

 

•       Details of referrals, quotes and other contact and correspondence we may have had with you;

 

•       Information obtained from customer surveys, promotions and competitions that you have entered or taken part in; and

 

•       Information about complaints and incidents.

 

Some of the data we request from you may include sensitive personal data. This includes information related to mental or physical health or racial or ethnic origin. By providing us with sensitive personal data, you give us your explicit consent to process this sensitive personal data for the purposes set out in this Policy. We take additional steps to ensure sensitive personal data is secure from unauthorised access.

 

You may provide us with your data when you:

 

•       book a consultation call and engage us;

•       contact us (through our Site, email, phone and Portal);

•       complete your intake form on our Portal;

•       submit your bank details data to pay for our Services;

•       Fill in a form or survey from us or participate in a competition, promotion or other marketing activity; and

•       Use any other forms we present.

 

You are under no obligation to provide us with any data willingly. However, we require this data to attend to you. Therefore, without it, we cannot provide our Services.

 

b.    The data we collect automatically

We collect some data automatically (mostly de-identified and anonymous) when you access and interact with our Site, Portal and email content.

 

The data we collect automatically may include the following:

 

•       Your device information, including browser type, version, IP address, operating system, geolocation, etc.;

 

•       Your anonymous activities on our Site, including pages accessed, duration of access and similar actions;

 

•       Details of your transactions, including the plan bookings, plans purchased, date and time, amount paid, payment method used, etc.; and

 

•       Metrics to track engagement on our Site, Portal and email content. This may include your IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.

 

We use third-party analytics gathering tools like Squarespace Analytics, Google Analytics and Practice Better Analytics to gather data automatically. These tools use tracking technologies like cookies, beacons and pixels to gather this data. See the cookie policy and analytics sections for more about cookies and analytics.

 

c.     The data we collect from third parties

Third parties may provide us with your data. These may include where:

 

•                Stripe, our third-party payment processor, provides us with information about your transactions;

 

•                We obtain your blood test from Randox Health Dublin or other Medicine laboratories (if relevant); and

 

•                We obtain sensitive information from healthcare providers based on your consent.

 

3.    How We Use Your Data

In summary, we use your data to provide our Services, secure our Site and comply with applicable laws. Specific uses of your data may include the following:

 

•       Name, Date of Birth and Gender are used to identify you, determine your nutritional and body needs, as well as to ensure the best ongoing standards of care in the delivery of our Services.

 

•       Contact information such as email addresses, home address, and telephone numbers is used to contact you, including (i) sending test results or correspondence (related to our Services) to your home address; (ii) responding to any inquiries, complaints or message you send to us; (iii) sending you marketing messages based on your consent; (iv) providing support services; and (v) notifying you of changes to our Services.

 

•       Details of your GP and NHS/HSE number are used to communicate nutritional information with your GP based on your consent.

 

•       Your device properties, including IP address, web browser type and version, operating system, etc. are used to ensure that content from our Site is presented in the most effective manner for you and your computer.

 

•       Details of our Services and/or treatment you have received from us (e.g. your health plan, your record of appointments) or which have been received from a third party (e.g. NHS/HSE) and referred to us is used to (i) process potential future formal complaints; (ii)  respond to requests where we have a legal or regulatory obligation to do so; (iii) assess the quality and/or type of care you have received (including allowing you to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated; and (iv) support your doctor or other healthcare professionals.

 

•       Personal health information such as biometric data, blood test results, lifestyle, nutrition, medical history and other results from intake forms is used to tailor the provision of our Services or treatments to you, and to ensure ongoing best standards of care in the delivery of our Services.

 

•       Credit and debit card details are used to process payments for the fulfilment of any plan or bookings you purchase.

 

•       Records of correspondence between us, including text messages, emails, notes made during consultations and other data related to your nutritional plan are used to provide you with ongoing best standards of care in the delivery of our Services and check the accuracy of information about you and the quality of your treatment or care, including auditing medical and billing information for insurance claims as well as part of any claims or litigation process.

 

•       Your use of our Site and interaction with our newsletters helps us to provide educational and informative material in our newsletters, relevant offers and new Services. It also ensures that you have the best experience when using our Site.

 

4.    Our Lawful Basis for Collecting Your Data

The lawful bases we rely on for processing your data include the following:

 

•       Consent: You have given us explicit consent to process your data. This includes signing consent forms, agreeing to our newsletters and similar practices. You can withdraw your consent at any time. You can do this by contacting us at info@altusclinic.com or the Portal.

 

•       Contract performance: We require your data to perform the contract we have entered with you. This includes obtaining your data to provide the Service you paid for.

 

•       Legal obligation: We are legally obligated by applicable laws to collect data such as details of transactions, health information, communication logs and consents. 

 

•       Legitimate interest: We may collect certain data if it is necessary for our legitimate interest, provided that the interest does not override your right. This may include collecting data to improve our Services, secure our Site and Portal and prevent fraud or misuse of our Services.

 

•       Vital interest: We may collect your data to protect your vital interest or those of others (for example, to notify your next-of-kin in a medical crisis).

 

5.    Who We Share Your Data With 

We may share the data we collect about you with third parties only under the following circumstances:

 

a.     Altus Clinic Limited: Because we are a trading name under Altus Clinic Limited, we may share information with Altus Clinic Limited including in connection with internal record keeping and accounting purposes.

 

b.    Other providers: With your consent, we may share your data with other providers in your care. This may include sharing nutritional health information with your GP strictly after getting your written consent to do so.

 

c.     Third-party service providers: We utilise the services of certain third parties to perform some of our Services. We may share your data with these third parties to enable them to provide their services. These third parties and the services they perform may include, without limitation:

 

•                Squarespace for hosting our Site, storing your data, gathering analytics and marketing our Services;

•                Stripe for processing your payments;

•                Google for gathering analytics and marketing;

•                Practice Better for booking your call, communicating with you, sending invoicing and storing your data shared via the Portal; and

•                Randox Health Dublin for blood testing (if applicable).

 

Please note that these third parties are under an obligation not to use your data for anything other than to perform the services for which we contract them.

 

d.    Compliance with legal obligations: We may disclose your data if the law requires it. This may include complying with legal, regulatory or law enforcement requests such as court orders and legal proceedings (for example, we may be required to report if you have any communicable diseases such as foodborne illnesses; or any required insurance claims or billing).

 

e.     Protecting rights and interests: We may disclose personal data if we believe it is necessary to protect and defend our legal rights and property; investigate and prevent potential fraud, unauthorised access or other illegal activities; or safeguard the health and safety of users, staff or the public in emergencies.

 

f.      Disclosure with your consent: In cases where disclosure is not covered by the above, we will seek your explicit consent before sharing your data.

 

g.     Anonymized or Aggregated Data: We may disclose anonymized or aggregated data, which cannot identify you, to third parties for research, analytics or reporting purposes.

 

Please note that sensitive personal data related to your health will only be disclosed to those involved with your treatment or care in accordance with applicable laws and guidelines of professional bodies or for clinical audits (unless you object).

 

6.    The Cross-Border Transfer of Your Data

Fin the Dietitian operates in Ireland and relies on the GDPR, DPA and other applicable laws when handling your data. This means that we process and maintain your data in Ireland and in accordance with what relevant laws require.  

 

However, some third-party service providers we use, including Stripe, Practice Better and Squarespace, are located outside of Ireland, the EEA, the EU, the UK and locations under the GDPR; therefore, we may transfer your data to these parties in their respective locations.

 

However, when transferring personal data internationally, we ensure appropriate safeguards are in place, such as:

 

  • Transferring to countries recognised by the European Commission as providing an adequate level of data protection (such as Practice Better with headquarters in Canada).

  • Implementing contracts based on the European Commission’s Standard Contractual Clauses (SCCs) with service providers in countries without an adequacy decision.

  • Requiring all service providers to comply with GDPR and other applicable laws to protect your data.

 

By using our Services, you acknowledge that your data may be transferred to and processed in countries outside the EEA, EU, UK and other countries under the GDPR and similar laws. However, we are committed to safeguarding your personal information and ensuring it remains secure, regardless of where it is processed.

 

7.    How Long We Store Your Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, regulatory or professional obligations.

 

Specifically, we keep your nutritional health records, including details of your treatment plan, intake forms and consultation records for 7 years after the date of your final session. After this period, your data will be permanently deleted or securely disposed of. We keep other data collected through our Site or for non-clinical purposes (e.g., email subscriptions or inquiries) only as long as necessary to provide the requested Service or as required by applicable laws. We do not store your payment method data – they are only used by Stripe to process your payments. Read Stripe’s privacy policy here.

 

When we no longer need your data, we will ensure that it is securely destroyed or anonymised in a way that it can no longer identify you.

 

8.    How We Secure Your Data

All the data you provide to us is stored securely using industry best practices. Your data (including treatment plan details, intake forms and consultations) is collected via our Portal, a GDPR-compliant electronic health platform. Records from your sessions, including updated plans or recommendations made to you are stored securely. These health documents are anonymised and stored separately from your personal details (i.e. name, date of birth and address).

 

Whether you are visiting our Site or Portal, we use reasonable security measures to protect the confidentiality of personal data under our control and appropriately limit access to it. We limit access to your data only to authorised personnel and use various security tools, such as encryption, to protect your data.

 

However, while we try to protect your data, it is important to note that electronic transmissions over the internet are not entirely immune to interception. As a result, we cannot guarantee the security or confidentiality of data transmitted electronically. We recommend you use secure networks and exercise caution when transmitting sensitive data online.

 

9.    Email Marketing

If you consent to receive updates and news on our Site and Portal, we will use your provided email address to send updates about our Services, including promotions, plans, bonuses and deals we think may catch your interest. Your email is stored securely and will not be shared with third parties for marketing purposes.

 

If, at any time, you want us to stop sending you marketing emails, you can simply unsubscribe by clicking the "unsubscribe" link in our emails or send a withdrawal of consent message to info@finthedietitian.com. Once unsubscribed, your email will be removed from our mailing list unless required for legal purposes.

 

10. Interest-Based Advertising

We may engage in interest-based advertising (also known as targeted or behavioural advertising) using Google Ads, Facebook, Instagram and LinkedIn. This means that your interest and activity across our Services, including our Site, the Portal, emails content and other networks may be used to serve relevant adverts to you.

 

Platforms like Google Ads, Facebook, Instagram and LinkedIn may use cookies or similar tracking technologies to collect information about your browsing activities and preferences to display ads relevant to your interests. This may involve data collected by cookies or similar technologies on our Site and actions regarding our email newsletters, as well as your interactions with ads or content on third-party websites.

 

You have control over the use of your data for interest-based advertising. For example, you can:

 

•       Manage your cookie preferences through our cookie banner or your browser settings.

•       Adjust ad preferences directly on platforms like Google Ads, Facebook or similar platforms.

•       Use tools like the Your Online Choices platform to manage your advertising preferences across multiple services.

 

Please note, however, that opting out of interest-based advertising does not prevent ads from being shown to you. It only prevents us and third parties from serving ads that are based on your online activities and interests.

 

11. Cookies and Similar Technologies

Our Site uses cookies and similar tracking technologies (web beacons, pixels, tags, etc.) to provide a better user experience, analyse Site traffic and support essential Site functionality.

 

Cookies are small text files stored on your device by your web browser when you visit our Site. They enable us to recognise your device and store data about your preferences or actions.

 

We use the following types of cookies on our Site:

 

•       Strictly necessary cookies: These cookies are essential for the Site to function properly and cannot be turned off. They include cookies that support session management and accessibility.

 

•       Performance and analytics cookies: These cookies help us understand how visitors interact with our Site by collecting anonymised data. For example, Squarespace Analytics tracks Site traffic, visitor behaviour and Site performance; Google Analytics collects information about your visit, including pages viewed, time spent and referral sources.

 

•       Advertising cookies: These cookies may be used by platforms like Google Ads, Facebook and Instagram to deliver personalised advertising based on your browsing activity and preferences.

 

Your Cookie Preferences

You can manage or disable cookies through your browser settings. Most web browsers allow you to:

 

•       View and delete stored cookies.

•       Block cookies from specific websites.

•       Set preferences for first-party and third-party cookies.

 

We will request your consent before using non-essential cookies, such as those for analytics and advertising. You can update your cookie preferences at any time through our cookie banner or your browser privacy settings.

 

12. Analytics

We use analytics tools, including Google Analytics, Squarespace Analytics and Practice Better Analytics, to understand how users interact with our Site, Portal and email content. These tools collect anonymised or aggregated data such as IP address, browser type, pages visited, time spent on the Site, visitor statistics and trends in Site and Portal usage.

 

This information helps us to analyse Site traffic, monitor performance, optimise user experience and improve our offerings. Some tools, like Google Analytics, may use cookies to track this data. You can opt out of Google Analytics tracking by using the Google Analytics Opt-out Browser Add-on.

 

Analytics data is anonymised or aggregated where possible and is not used to personally identify you. For more information on how these tools collect and process data, please refer to their respective privacy policies.

 

13. Your Data Protection Rights

We are committed to ensuring that your personal data is handled in compliance with the GDPR and other applicable data protection laws. Depending on your location, you may have the following rights regarding your personal data:

 

•       Your right of access – You can ask us for copies of your personal data, including information about how we use it and who we share it with.

 

•       Your right to rectification – You can ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete data you think is incomplete.

 

•       Your right to erasure – You can ask us to erase your personal data in certain circumstances, such as if the data is no longer necessary for the purposes it was collected of if you withdraw your consent. The erasure of your data is subject to our data retention policy, as described above.

 

•       Your right to restriction of processing – You can ask us to restrict the processing of your personal data in certain circumstances.

 

•       Your right to object to processing – You can object to the processing of your personal data in certain circumstances.

 

•       Your right to data portability – In certain cases, you may request a copy of your personal data in a structured, commonly used and machine-readable format and transfer it to another data controller where technically feasible.

 

•       Right to withdraw consent If we rely on your consent to process your personal data, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

 

•       Right to lodge a complaint – If you have any complaints regarding how we use your data, you can file a complaint with us at info@finthedietitian.com. If you believe we have not adequately addressed your concerns regarding your personal data, you can lodge a complaint with the relevant data protection authority. If you are in Ireland, you can complain to the Data Protection Commission (DPC) (www.dataprotection.ie). If you are located outside Ireland, you may contact the data protection authority in your jurisdiction.

 

•       California Privacy Rights (CCPA/CPRA) – If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal data we collect, sell or share and the right to opt out of the sale of your personal data.

 

•       Other Global Privacy Rights Depending on your location, you may have additional rights under local privacy laws, such as the Privacy Act (Australia) or the Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada).

 

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

 

Please contact us at info@finthedietitian.com or any of our contact channels on the Site and Portal if you wish to make a request. We will respond to your request within the time frame required by applicable laws and at no cost to you unless your request is excessive, repetitive or unfounded, in which case we may charge a reasonable fee or decline the request.

 

14. Do Not Track (DNT) Signals

Some web browsers offer a "Do Not Track" (DNT) setting, which allows you to signal to websites, including our Site that you do not want your online activity to be tracked. At this time, our Site does not respond to DNT signals.

 

You can learn more about DNT by visiting www.allaboutdnt.com.

 

15. Children’s Privacy

Our Services are not intended for use directly by individuals under 16, and we do not knowingly collect or process personal data from individuals below 16. If you are under 16, please do not provide any personal data to us. You may only do so if at least a parent or legal guardian consents and supervises it.

If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete the information as soon as possible.

16. Third-Party Links and Collaborator Privacy Policy

Our Site may include links to third-party websites, services or collaborators not owned or controlled by Fin the Dietitian. These links and collaborations are provided for your convenience and do not constitute an endorsement of their privacy practices or content.

 In addition to these links, our Site may link to the Altus Clinic Limited’s website. When you access the Altus Clinic Limited’s website through our Site, the privacy policy on the Altus Clinic Limited’s website governs the collection and use of your data thereon. You may review the Altus Clinic Limited’s privacy policy at https://www.altusclinic.com/privacy-policy.

 

17. Updates to this Policy

We may update this Policy occasionally to reflect changes in our practices, legal requirements or other operational needs. Any updates will be posted on this page with a revised "Last Updated" date at the top of the Policy.

 

If we make significant changes to how we handle your personal data, we will notify you through a prominent notice on our Site, Portal or other communication channels established between us, including your email address (if you have provided it).

 

We encourage you to review this Policy periodically to stay informed about how we protect your data. Your continued use of our Services after any updates constitutes your acknowledgement and acceptance of the revised Policy.

 

18. Contact Us

If you have any questions, issues, complaints, feedback or concerns regarding how we handle your data as described in this Policy, please contact us at info@finthedietitian.com or use our Portal.