Privacy Policy
​
This privacy notice sets out how the Sole Trader, Beau Waugh trading as Pinpoint Nutrition, collects, processes and protects any information that you provide in accordance with the General Data Protection Regulation (GDPR) which came into force on 25 May 2018.
​
Beau Waugh is committed to ensuring that your privacy is protected. Should you provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this privacy statement. Beau Waugh may amend this policy by updating this page, and you should check this page from time to time to ensure that you are happy with the changes. This policy is effective from 24 May 2018.
This notice does not provide exhaustive detail. If you require any additional information or explanation, please send a request to beau.waugh@gmail.com
Beau Waugh, trading as Pinpoint Nutrition is the Data Controller and Data Protection Officer and is responsible for your personal data (will be referred to as “we”, “us” or “our” in this privacy notice).
What We Do
​
We provide evidence based nutrition advice to clients who want to improve their physical, mental and emotional health. We operate as a “health professional" and focus on preventative healthcare, the optimisation and management of food to help your performance in daily life and sporting contexts. We will provide personalised nutrition programmes for food and fluid, supplement recommendations, and lifestyle advice. We provide these services within the scope of our practice and qualifications. We don't treat, diagnose or cure medical conditions and don't give advice on prescribed medication. Our approach is based on science-based research which is relayed to you, the client.
What Data We Collect
PERSONAL DATA PROVIDED BY YOU
Personal data means any information that can directly or indirectly identify an individual. It does not include anonymised data.
​
We may collect the following personal data from you:
​
• identity data such as your full name, date of birth, gender.
• contact details such as your email address, telephone numbers.
• details of contact we have had with you such as referrals and appointment requests.
• GP's name, address.
We collect and process these data in accordance with the "legitimate interest" condition. This means that the lawful basis of our holding your personal data is for legitimate interest.*
SPECIAL CATEGORY DATA/SENSITIVE DATA
Special category data is personal data which according to the GDPR is considered more sensitive and therefore needs more protection.
Such data includes details about your race or ethnic origin, religious views and beliefs, sex life or sexual orientation, political opinions, trade union membership, information about your health and genetics and biometric data.
We collect the following sensitive data about you:
​
• health information provided by you including your previous and present medical history covering your physical and mental health, and details of diagnosed conditions.
• dietary and lifestyle habits and supplementation details.
• details on your past and present medication.
• copies of private medical test results such as blood tests, x rays etc. provided by you.
• third party/functional biochemical test results and genetic information.
• clinic notes and health improvement programmes.
​
We use this information in order to provide you with direct healthcare. Even though, we may seek your explicit consent for processing, our primary condition for processing is "preventative healthcare and health management", and the the lawful basis of our holding your personal data is for legitimate interest.
​
On occasions, we may also obtain sensitive data from other healthcare providers or individuals authorised by you to give out such information. The provision of this information is subject to you giving us your express consent. If we do not receive this consent from you, we will not be able to coordinate your healthcare with these providers.
We also understand that collecting, processing and holding your special category data requires us to comply with the "common law of confidentiality", independently of the GDPR regulations.
How We Collect Your Personal Data
We may collect your personal data in the following ways:
• by completing a health, medical and lifestyle questionnaire.
• by signing a terms and conditions form if applicable.
• during a personal one-on-one consultation.
• through email, video call, telephone, post, online chat or social media.
• by taking debit/credit card and online payment.
• through automated technologies such as cookies.
​
Our purpose of collecting your data through the above ways is to provide you with direct healthcare. This means that the legal basis of our holding your personal data is for legitimate interest.
How Long We Hold Your Data
​
Following completion of your sessions, we will hold records of your personal data for at least 7 years following the last occasion on which we last spoke. In the case of sessions with minors, we will keep the records at least 7 years after they reach the age of majority (18).
​
This is in accordance with our professional associations and insurance company's policy, and it enables us to process any complaint you may make. In this case the lawful basis of our holding your personal data is for legitimate interests.
​
You have the right to object and the right to request your data to be erased. However, such requests will be declined under provisions of the GDPR which gives us the overriding right to hold your data in order to comply with legal obligations.
​
How We Use Your Personal Data
We act as a data controller for use of your personal data to provide direct healthcare. We also act as a controller and processor in regard to the processing of your data from third parties such as online management software and other healthcare providers. We act as a data controller and processor in regard to the processing of debit/credit card and online payments.
​
We undertake at all times to protect your personal data, including any health, medical, identity and contact details, in a manner which is consistent with our duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data storage.
​
We may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime. We will do this in accordance of the "vital interest" condition. We will also be obliged to share your data when there is a legal requirement such as a formal court order. This will be on the basis of "legal obligation". We may use your data for marketing purposes such as newsletters but this would be subject to you giving us your express consent.
Disclosure Of Your Personal Data
We will keep information about you strictly confidential, and will not disclose your data with other third parties without your express consent.
Exceptions to this apply for the following categories of third parties:
• Our professional association we are a member of and our insurance company for the processing of a complaint made by you.
• Your GP, healthcare providers, police, social services in a case when we believe your life is in danger on the lawful basis of vital interest.
• Anyone to whom we may transfer our rights and duties under any agreement we have with you.
• Any legal or crime prevention agencies and/or to satisfy any regulatory request if we have a duty to do so or if the law allows us to do so.
On occasions, we may share a brief summary of your health concerns in an anonymised form for the purpose to seek professional health opinion in order to provide you with better healthcare, or for the purpose of professional development. This may be at clinical supervision meetings, conferences, private and professional health online forums. In such cases your personal data and identity will not be disclosed and will remain fully confidential.
We may publish your anonymised full case history in medical journals, trade magazines or online professional sites. We will seek your explicit consent before processing your data in this way.
Your Legal Rights
Every individual has the right to see, amend, delete or have a copy of data held that can identify you, with some exceptions. You do not need to give a reason to see your data.
​
The GDPR defines the following rights in relation to your personal data:
​
1 The right to be informed
2 The right of access
3 The right to rectification
4 The right to erasure
5 The right to restrict processing
6 The right to data portability
7 The right to object
8 Rights in relation to automated decision making and profiling (not relevant to us)
If you would like to invoke any of the above rights then please email the Data Controller at beau.waugh@gmail.com. We shall respond within 30 days from the point of receiving the request and all necessary information from you.
Under certain circumstances, some information may be withheld.
Data Protection And Security
We only use information that may identify you in accordance with the GDPR. This requires us to process personal data only if there is a lawful basis for doing so and that any processing must be fair and lawful.
As a "health professional" within the health sector, we are also obliged to follow the "common law of confidentiality", which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. We will ensure that your information is protected and is only used in a way which complies with the law and our privacy policy.
We have put in place appropriate security measures to prevent your personal data from being accessed, changed or used in an unauthorised way. We keep a paper copy of your personal data, including sensitive data in a secure filing system accessible only by us. We may also keep a copy of such data electronically on a laptop with encryption (which masks data so that unauthorised users cannot see or make sense of it). We use email providers such as Gmail who use encryption to secure cyber transit of your personal data and we take responsibility for the protection of your data upon receipt. However, we do not take responsibility for the security measures you are taking at your end when you provide your data to us electronically.
We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
Cookies
Cookies are small pieces of data stored in encrypted text files and located in browser directories. Their purpose is to make the website easier to use, help analyse web traffic or remember your preferences either for a single visit (through session cookies) or for repeated visits (through persistent cookies).
If you are not happy with this, you can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
To find out more about how to manage and delete cookies, visit aboutcookies.org. For more details about advertising cookies, and how to manage them, visit youronlinechoices.eu (EU based), or aboutads.info (US based).
Analytics
Just like many websites, we use an analytics software called Google Analytics in order to understand the trends in popularity of our website and of different sections. We make no use of personally identifiable information in any of the statistical reports we use from this software. Google Analytic's own privacy policy can be read here
Complaints
If you have a complaint regarding the use of your personal data then please email us at beau.waugh@gmail.com and we will do our best to help you.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to www.oicjersey.org
​
Security Policy
​
How We Use Hold Personal Data
​
Following completion of your sessions, we will hold records of your personal data for at least 7 years following the last occasion on which we last spoke. In the case of sessions with minors, we will keep the records at least 7 years after they reach the age of majority (18).
​
This is in accordance with our professional associations and insurance company's policy, and it enables us to process any complaint you may make. In this case the lawful basis of our holding your personal data is for legitimate interests.
​
You have the right to object and the right to request your data to be erased. However, such requests will be declined under provisions of the GDPR which gives us the overriding right to hold your data in order to comply with legal obligations.
​
How We Secure Your Personal Data
​
Any written files are kept in a locked filing cabinet to which only we have access. Your file is not accessed unless we are working on your case.
​
Any electronic files such as session notes, diet diaries, medical record copies, or training plans, are kept on a password-locked computer to which only we have access. On the computer, your file is anonymised and kept in a password locked folder.
​
This computer is backed up onto an encrypted hard drive which is kept in the locked filing cabinet.
Your electronic files are backed up into a ‘cloud-based software’ which is encrypted in it’s journey to be saved, and further encrypted once saved. This software is ‘Dropbox’ which complies with GDPR.
​
Queries
​
If you have a query regarding the use of your personal data then please email us at beau.waugh@gmail.com and we will do our best to help you.
​
Procedure (for DPO only)
​
How We Secure Your Personal Data
​
• Any written files are kept in a locked filing cabinet to which only we have access. Your file is not accessed unless we are working on your case.
​
• Any electronic files such as session notes, diet diaries, medical record copies, or training plans, are kept on a password-locked computer to which only we have access. On the computer, your file is anonymised and kept in a password locked folder.
​
• This computer is backed up onto an encrypted hard drive which is kept in the locked filing cabinet.
​
• Your electronic files are backed up into a ‘cloud-based software’ which is encrypted in it’s journey to be saved, and further encrypted once saved. This software is ‘Dropbox’ which complies with GDPR.
​
• Software used: Gmail, Paypal, Dropbox, Whatsapp, Nutritics, Facetime,
Queries
​
If you have a query regarding the use of your personal data then please email us at beau.waugh@gmail.com and we will do our best to help you.