For Nutritional Therapy Services Provided by Mindful Nutrition (Niamh Hamilton Jones)
1. Introduction
As a nutritional therapist, maintaining the confidentiality and security of client data is of paramount importance. This policy outlines the principles and practices I follow to ensure the protection of personal information in compliance with applicable data protection laws in both Ireland and Australia.
2. Purpose
This policy is designed to protect the privacy and confidentiality of clients' personal and health-related data, including sensitive health information, collected during the course of my work as a nutritional therapist. The policy aligns with the data protection regulations in both Ireland (General Data Protection Regulation - GDPR) and Australia (Privacy Act 1988 and the Australian Privacy Principles).
3. Legal and Ethical Framework
Ireland: I will comply with the General Data Protection Regulation (GDPR), which governs the collection, use, storage, and sharing of personal data within the EU.
Australia: I will comply with the Privacy Act 1988 and the Australian Privacy Principles (APPs) which govern the collection, storage, and use of personal information in Australia.
Where applicable, I will also comply with any other national, regional, or professional guidelines relevant to data protection.
4. Types of Information Collected
During the course of providing nutritional therapy, I may collect the following types of information:
Personal Identification Details (name, contact information, etc.)
Health and Medical Information (health history, current conditions, medications, allergies, etc.)
Lifestyle Information (dietary habits, physical activity levels, etc.)
Consultation Notes and Recommendations
5. Data Collection and Use
Data will only be collected for the purpose of providing nutritional therapy services, including assessments, advice, and follow-up care.
Information will only be shared with third parties (e.g., other healthcare providers, professionals) if explicit consent is given, or if legally required.
I will not collect more data than is necessary for the services provided, and I will ensure the data is accurate, up to date, and relevant.
6. Consent
I will always obtain explicit consent from clients before collecting personal or sensitive data. This consent may be given verbally or in writing and will outline:
The purpose of the data collection
The type of data collected
The client’s right to access, rectify, and withdraw consent
7. Data Storage and Security
I will take all reasonable steps to ensure that all personal and health-related data is stored securely, both physically and electronically.
Electronic Data: All electronic records will be stored in secure systems with encryption and password protection.
Paper Records: Physical records will be stored in locked, secure locations.
Data Retention: Data will be retained only for as long as necessary to fulfil the purpose for which it was collected or as required by law, after which it will be securely deleted or destroyed.
8. Confidentiality
All client information will be kept strictly confidential. I will not disclose any personal or health-related information to third parties unless required by law or with the explicit consent of the client.
I will respect client privacy in all communications and interactions, whether in person, via email, phone, or other forms of communication.
9. Cross-border Data Transfers
As I work between Ireland and Australia, client data may be transferred across international borders. In such cases:
I will ensure that appropriate safeguards are in place to protect the confidentiality and security of the data, in line with both GDPR and the Privacy Act 1988.
Clients will be informed if their data is being transferred and the potential risks involved.
10. Rights of Clients
Under the GDPR (Ireland) and the Privacy Act (Australia), clients have the following rights regarding their personal data:
Right to Access: Clients have the right to request a copy of the personal data I hold about them.
Right to Rectification: Clients have the right to request correction of inaccurate or incomplete data.
Right to Erasure: Clients have the right to request the deletion of their data under certain circumstances.
Right to Restrict Processing: Clients can request to restrict how their data is processed.
Right to Object: Clients can object to certain processing activities.
Right to Data Portability: Clients can request their data in a structured, commonly used format.
Requests to exercise these rights should be made in writing to me directly.
11. Data Breach Protocol
In the event of a data breach (e.g., unauthorized access, loss, or destruction of client data), I will:
Notify clients without undue delay if their data has been compromised.
Follow the necessary steps to investigate the breach, mitigate risks, and prevent future incidents.
Report the breach to relevant authorities if required by law.
12. Third-Party Service Providers
If I use third-party service providers (e.g., IT services, online platforms) that process personal data, I will ensure that these providers comply with relevant data protection laws, and appropriate agreements are in place to protect client data.
13. Changes to this Policy
This policy may be updated from time to time to reflect changes in legal requirements or my data protection practices. Any updates will be communicated to clients, and the most current version will be available upon request.
14. Contact Information
If you have any questions, concerns, or requests regarding the protection of your personal data or this policy, please contact me using the details below:
Mindful Nutrition (Niamh Hamilton Jones)
Email: mindfulnutritionie@gmail.com
Phone: +61 494 349 156