Privacy Policy

← Back to home

This privacy policy, as part of the consent form, sets out how Mary Brant uses and protects any personal information that you provide me.

Mary Brant is committed to ensuring that your privacy is protected. Should I ask you to provide certain information by which you can be identified when using my services, you can be assured that it will only be used in accordance with this privacy policy.

This policy is effective from 04/06/2026.

Lawful basis for processing

I process personal data under the following lawful bases under UK GDPR:

• Consent (e.g. mailing list subscriptions)
• Contract (to provide professional services)
• Legal obligations (e.g. record keeping, safeguarding, insurance requirements)
• Legitimate interests (e.g. secure service delivery and professional record keeping)

Special category health data is processed only where necessary for the provision of nutrition, dietetic, yoga and wellbeing services and in accordance with UK GDPR requirements.

Why I collect your data

I collect and process personal data in order to provide independent nutrition, dietetic, yoga and wellbeing services, maintain professional records, send newsletters and updates (based on your consent), communicate with relevant healthcare professionals where appropriate, and comply with legal and professional obligations.

What I collect

I may collect the following information:

• Information in relation to consent forms;
• Contact details including name, address, phone number and email address;
• Health and medical information relevant to nutrition, dietetic, yoga or wellness services;
• GP or healthcare professional details where relevant;
• Session notes and clinical records;
• Emergency contact information where appropriate;
• Further clinical information in relation to reports from other health professionals.

What I do with the information I gather

I require this information for the purpose of:

• Marketing via my mailing list, if you have opted into my mailing list;
• Professional clinical record keeping of client information;
• Providing nutrition, dietetic, yoga and wellbeing services;
• Communicating with relevant healthcare professionals where necessary for your care and with your consent, unless otherwise required by law.

Marketing (Mailing List)

If you subscribe to my mailing list, your contact details will be used only for sending newsletters and updates.

These details will be kept for up to one year following your last engagement with my emails or until you unsubscribe, whichever comes first.

This retention period applies only to marketing communications and does not apply to clinical or service-related records.

Data Retention

Marketing Data:
Mailing list data is retained only for the purpose of sending communications and is deleted in line with the retention period above.

Clinical or service-related data:
Service-related client records are retained securely for a minimum of eight (8) years after the end of services, in the case of a minor for a period of at least seven (7) years after that minor would have attained majority and, in the case of persons lacking capacity for a period of at least seven (7) years after the person has regained capacity or died. Records may be retained longer where required for legal, insurance, safeguarding or regulatory purposes.

Security

I am committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, I have put in place encrypted electronic systems, password-protected devices, and standard operating procedures to safeguard and secure the information I collect.

Your information may be securely processed while services are provided remotely or while the practitioner is working internationally. Appropriate safeguards are maintained to protect personal data in accordance with UK GDPR.

International data transfers

Some third-party service providers used to deliver services (including Google Workspace, Google Drive, Google Forms and related services provided by Google) may process or store personal data outside the UK and European Economic Area (EEA).

Where this occurs, appropriate safeguards are used to ensure your data is protected in accordance with UK GDPR. These safeguards may include:

• the UK adequacy decision
• the EU–US Data Privacy Framework
• Standard Contractual Clauses approved by the UK Information Commissioner's Office

Third-party services

Third-party providers may be used for:

• appointment booking
• video consultations
• payment processing
• secure data storage

These providers only process data on my instructions and are required to comply with data protection law.

Controlling your personal information

I will not distribute, sell or lease your personal information to third parties unless I have your explicit permission or are required by law to do so.

You may request details of personal information which I hold about you under the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. If you would like a copy of the information that I am holding on you, please contact Mary Brant, Data Controller.

If you believe that any information that I am holding on you is incorrect or incomplete, please email Mary Brant as soon as possible, using the data controller contact details below. I will promptly correct any information found to be incorrect.

How you can withdraw and request to be deleted from my files

If you do not wish me to make use of your Personal Information, please contact Mary Brant, the data controller. You have the right to withdraw consent where consent is the lawful basis for processing. Please note that certain health records may need to be retained in accordance with legal, insurance, safeguarding or professional obligations.

Data Controller Contact Details

Mary Brant
Email: [email protected]

Questions and Complaints

If you have any questions regarding this privacy policy, General Data Protection Regulation (GDPR) or the personal data held about you, please contact me, the data controller, using the email address above.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Changes to this policy

This privacy policy may be updated from time to time. The latest version will always be available on request or via my website (if applicable).

Version 1.0
Last updated: 04/06/2026