Privacy and Data Protection Policy

Juliana Bernardes | Nutritional Therapist and Naturopath

1. Data Controller

For the purposes of UK data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the Data Controller is:

Juliana Bernardes
Registered Nutritional Therapist and Naturopath
United Kingdom

References to “I”, “me”, or “my” in this policy refer to Juliana Bernardes.

2. Commitment to Privacy

I am committed to protecting and respecting your privacy. Personal and health information shared with me is treated as confidential and processed in accordance with UK GDPR, professional standards, and the common law duty of confidence.

3. What I Do

I provide nutritional therapy services to support health through personalised dietary, lifestyle, and supplement recommendations, informed by clinical assessment and, where appropriate, functional testing. Services focus on supporting physiological function and are not a replacement for medical care.

In addition to client consultations and programmes, I also provide professional education and related services, which may include student supervision, practitioner training, workshops, online courses, educational resources, and other nutrition-related educational or consultancy activities. These educational services are distinct from client care and do not constitute personalised healthcare advice unless explicitly stated.

4. Personal Data Collected

I may collect and process the following personal data:

  • Name, address, email address, and telephone number
    • Date of birth
    • Emergency contact or next of kin details, where provided
    • Health information relevant to nutritional therapy support, including medical history, symptoms, dietary patterns, lifestyle factors, medications, supplements, and test results
    • Consultation notes, recommendations, reports, and correspondence
    • Payment and billing information

Health information is classified as special category data under UK GDPR and is handled with additional care.

5. How Personal Data Is Obtained

Personal data may be collected when you:

  • Enquire about or book services
    • Complete intake questionnaires or forms
    • Attend consultations or programmes
    • Communicate by email, telephone, or video consultation
    • Make payments for services
    • Use this website

Health data may also be received from third parties such as laboratory testing companies or other healthcare providers, where you have given explicit consent.

6. Lawful Basis for Processing

Personal data is processed for the purpose of providing nutritional therapy services. The lawful bases for processing include:

  • Performance of a contract
    • Legitimate interests in delivering safe and effective care
    • Explicit consent, particularly in relation to health data
    • Legal obligation where record retention or disclosure is required

Consent may be withdrawn at any time, subject to legal, professional, and clinical record-keeping obligations.

7. How Personal Data Is Used

Personal data is used to:

  • Deliver nutritional therapy consultations and programmes
    • Prepare for and document consultations
    • Review and interpret test results
    • Communicate clinical recommendations and administrative information
    • Maintain accurate clinical records
    • Meet legal, regulatory, professional, and insurance obligations

Personal data is not used for unrelated purposes or automated decision-making.

8. Data Sharing

Personal data is kept confidential and will only be shared where:

  • You have given explicit consent
    • It is clinically necessary for your care
    • It is required by law or regulatory obligation

This may include sharing relevant information with your GP, other healthcare professionals, or laboratory testing companies, where appropriate and with consent.

In circumstances where there is a serious risk to your safety or the safety of others, confidential information may be disclosed without consent in accordance with legal and professional obligations.

Anonymised case information may be used for professional supervision or development purposes only with your explicit consent.

9. Transcription Services and AI-Supported Tools

Transcription services or AI-supported tools may be used as part of the clinical process and record keeping to support accurate documentation and administrative efficiency. These tools are used solely for clinical and record-keeping purposes.

If you do not consent to this, you must inform me at the start of your consultation.

10. Data Storage and Security

All personal data is stored securely using appropriate technical and organisational measures. Digital records are password protected and access is restricted.

Email communication is not fully secure. By choosing to communicate via email, you acknowledge and accept this risk.

Third-party systems used for scheduling, payment processing, or secure storage operate under GDPR-compliant agreements.

11. Data Retention

Clinical records are retained in line with UK GDPR and professional guidance, including guidance from relevant professional bodies such as BANT and CNHC.

Records are generally retained for a minimum of 8 years from the date of your last consultation, or longer where required by law or in the case of clients under 18.

After the applicable retention period, records are securely deleted.

12. Your Rights

Under UK GDPR, you have the right to:

  • Request access to your personal data
    • Request correction of inaccurate or incomplete data
    • Request restriction of processing
    • Request erasure, subject to legal and professional obligations
    • Object to processing in certain circumstances
    • Request data portability, where applicable

Requests should be made in writing and will be responded to within statutory timeframes. Identity verification may be required.

13. Complaints

If you have concerns about how your personal data is handled, you are encouraged to contact me directly, via email, in the first instance.

info@julianabernardes.com

If you are not satisfied with how I handle your request, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit their website (http://www.ico.org.uk).

14. Governing Law

I keep my Privacy Policy under regular review and as a result it may be amended from time to time without notice.

I am governed by the laws of the UK and Wales and I cannot be responsible for knowing or implementing global laws.