The Nutrigenetics coach needs to hold information about individuals. This policy outlines how that information is collected, handled and stored to comply with the UK General Data Protection Regulation (GDPR). Our details are registered with the Information Commissioner’s Office (ICO). A copy of the registration is available through the ICO website (search by business name). This policy is kept under constant review and may be modified at anytime, so please view it regularly. Any changes made take effect immediately once posted on this website.    

What we do

The Nutrigenetics Coach provides nutritional and lifestyle support to clients to help them improve their health and well-being. We hold data for the following purposes:
• Provision of direct health care
• Case histories                             

Special categories of data include - ethnic origin, genetics, biometrics.


The Nutrigenetics Coach complies with the following principles of data protection:

  • Data collection must be fair, for a legal purpose and transparent for how the data is used.
  • Data can only be collected for a specific purpose.
  • Any data collected must be necessary for its purpose and not excessive.
  • The data must be accurate and up to date.
  • The data can only be stored for a limited time.
  • The data held must be kept safe and secure.

What data we collect about you

We collect personal information from you to fulfil your service request in the following ways:

  • Completion of a questionnaire after ordering a DNA package.
  • Contact through email, telephone, or post to conclude your service request.
  • Health information during a DNA test result consultation.
  • By signing a coaching agreement.
  • By taking bank cards and PayPal payments

This may include the following information:

  • Name, address, telephone, email
  • Details of appointments
  • Health information, such as medical history, symptoms and lifestyle behaviours. 
  • Paypal payment data

We use this information in order to provide you with coaching services. This means that the legal basis of our holding your personal data is for legitimate interest.                             

Storing data securely                  

  • Data stored on computer, or memory stick is protected by strong passwords, which are changed frequently.
  • DNA test results are sent electronically as password protected files.
  • As recommended by The Association of Coaching, data will be retained for a period of 7 years. This enables the processing of any complaint that you make. The legal basis of our holding your personal data is for contract administration.
How we use your personal data

The Nutrigenetics Coach acts as a data controller for your personal information to provide healthcare. In addition, we act as a data controller and processor for your test results from third parties. As well as being a data controller and processor for the processing of your bank card and PayPal payments.

We undertake at all times to protect your personal data, in a manner consistent with our duty of professional confidence and the requirements of the GDPR.

We may use your personal data where there is an overriding public interest in using it e.g in order to safeguard an individual, or to prevent a serious crime. Also, where there is a legal requirement e.g a court order.      

Sharing of information, or information we get from other sources

We may obtain sensitive personal information in the form of test results from other companies. We use this information to provide you with health care. This means that the legal basis of holding your personal data is for legitimate business.     

We keep information about you confidential. We only disclose information about you with your express consent with the exception of the following:

  • For the processing of a complaint from you
  • Anyone to whom we have transferred our duties under an agreement we have made with you 
  • Any legal, or crime prevention agencies to satisfy a request if we have a legal duty to do so.
  • We will share your data with third parties for testing, as part of our service, but will not share any sensitive material.                             

We will seek your consent before sharing your information with other health care providers. If we believe that your life is in danger then we may pass information onto an appropriate authority using the legal basis of vital interests.                             

We do not share payment details, nor sell, rent customer details with third parties for commercial reasons.


What are your rights?

Every individual has a right to see, amend, delete, or have a copy of data that can identify you. You do not need to give a reason to see your data.      

If you want to see your data you must make a subject access request in writing to 

Under certain circumstances some information may be withheld. We shall respond within 20 working days from the point of receiving the request and all necessary information from you.


Our response will include the personal details we hold on you including:

  • Sources from which the information was acquired.
  • The purpose of processing the information.
  • With whom we are sharing the information.
  You have the right to ask to:
  • Have your information deleted.
  • Have your information corrected, or updated.
  • Receive a copy of your personal data in an easily readable format. 
  • Object about the processing of personal data about you.                             
If you would like to invoke these rights then please email     

What safeguards are in place to ensure that your data is secure?

We only use information that identifies you in accordance with UK GDPR. This requires us to process personal data only if there is a legitimate basis for doing so and any processing must be fair and lawful.    

Within the health sector, we also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. We will protect your information, inform you of how your information will be used and allow you to decide if and how your information can be shared.


We will ensure that the information we hold is kept in secure locations, restrict access to information to authorised personnel only and protect personal and confidential information held on equipment such as computers and memory sticks with encryption (which masks data so that unauthorised users cannot see or make sense of it).                             

Website technical details

We use electronic forms on our website which have several built-in features to help ensure privacy. 

We do not make use of cookies to collect any private or personally identifiable information. The technical platform of this website uses cookies solely to aid the proper technical functioning of the website. The cookies used contain random strings of characters alongside minimal information about the state and session of the website – which in no way collects or discloses any personal information about you as a visitor.                                   

Advanced areas of this site may use cookies to store your presentation preferences in a purely technical fashion with no individually identifiable information.   

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit                                   

Like most websites, we make use of analytics software to help us understand the trends in popularity of our website and of different sections. We make no use of personally identifiable information in any of the statistical reports we use from this package. We use an analytics package called Google Analytics, who provide details of their privacy policy on the Google website. To opt out of being tracked by Google Analytics across all websites visit http://                                   

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.        


Contact and complaints

If you have any complaint regarding the use of your personal data then please contact us by emailing and we will do our best to help you.

If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them at 01625 545745 or 0303 1231113

Effective date: April 20th 2023