top of page

Privacy Policy

We are committed to ensuring that your personal data and privacy is protected.   We understand 

how important and valuable your personal data is and will only use it fairly and in ways that you 

would reasonably expect us to. 

This Privacy Policy explains  

●Who we are 

●What personal data we collect about you, and how we collect it 

●Why we collect this personal data and what we do with it 

●Who we share your personal data with 

●How we retain your information and keep it secure 

●Your rights and how to contact us 

Who we are 

Naomi O Connor Nutrition  

Health Care Professional Council ( HCPC ) Registration Number DT29578 

Codinma Registration Number MAD00992 

NIE Y6973158D 

Website Address: www.naomioconnornutrition.com 

Our contact details  

Name: Naomi O’Connor  

Address: Avenida de los Penascales, Torrelodones, Madrid, Spain 

Phone Number: 0034 711003302 

E-mail: naomi@naomioconnornutrition.com 

If you have any queries about how we use your personal data, you can contact us by emailing Naomi 

O’Connor  at naomi@naomioconnornutrition.com 

 

What Personal Data we collect and how we collect it 

We may collect and process the following information:   

●Contact details – Name, email address, Mobile number 

●Payment details – billing and payment details 

●Transaction history – details of products and services you purchase 

●General information about your lifestyle choices 

●Specific information about your health goals and desired outcomes including your progress against these goals. 

●Technical data – IP address, general location, device type, browser type and version, 

operating system and platform, date and time of visit  

●Usage data – information about how you use our website 

We will only collect the minimum amount of personal data we need in relation to the purpose that 

we need it for. 

Special Category (Sensitive) Personal Data 

The following personal data is classed as Special category data under the GDPR and UK Data 

Protection Act 2018  

●details about your ethnic or racial origin,  

●religious or philosophical beliefs,  

●genetic or biometric data,  

●sexual orientation and sex life 

●Medical and health data (including mental health) 

In order to provide you with our  1:1 services, we may need to request the following special category 

personal data:   Information about your health including medical history, medications and medical 

treatment you are receiving, recent or new diagnosis, sex life.    We need this information to ensure 

that it safe and appropriate to provide our nutrition and/or fertility services and health and wellbeing 

coaching advice and programmes to you.  We will only use this information in relation to this service. 

In some cases the information you provide may be shared with another healthcare professional with 

your consent or not in case of safeguarding. 

 

We do not specifically request any other type of special category personal data from you such as 

ethnic origin or religious beliefs in order to provide our services, but from time to time you may 

choose to share information that is considered to be special category personal data during our initial 

consultations.  If it is appropriate to do so, we may make notes of the information you have shared in 

respect of how relevant it is to our services agreement and the goals that we are working towards.   

We will only keep a note or record of the minimum amount of special category personal data 

relevant to the services we provide.  

Under GDPR there are special rules for processing Special Category personal data, we must have a 

lawful basis for doing so and must meet a specific condition of Article 9 of the GDPR – which is 

explicit consent. 

When you provide us with special category personal data, it is with your explicit consent and our 

lawful basis for processing this personal data is to fulfil our contract with you. 

 

 

How we get your personal data  

●When you contact us to request details and more information about the services we provide 

●When you sign up to our mailing list to receive regular marketing communications about our 

products and services 

●When you sign up to attend a workshop/masterclass/event we are hosting 

●When you enter a competition or complete a survey or a quiz 

●When you purchase our products / services 

●When you complete a pre-service health questionnaire or a food diary 

We may also collect technical data about you  

●From automated technologies such as cookies, pixels, web beacons and log files when you visit 

our website.  This may include your IP address, your device type, operating system, browser 

type, time zone or general location and referring website.   

●From third parties such as social media platforms when you interact with us on social media. 

●Analytics service providers (such as Google Analytics) and search engine providers. 

For more information about how we use Cookies please see our Cookie Banner 

If any of your personal details change after you have provided them to us, please do let us know so 

that we can ensure our records are accurate and kept up to date. 

We also receive personal information indirectly, from the following sources in the following 

scenarios: 

We may receive your name and contact details from a 3rd party Organisation such as The 

International Women’s Health Centre Madrid aswell as other specialist fertility and healthcare 

service suppliers,  if they refer you to our services.   We will use these details to contact you to find 

out more about your interest in our services and to arrange your initial appointment or to to arrange 

a free discovery call.  

Why we collect your personal data and what we do with it 

Under the UK Data Protection Act 2018 and the General Data Protection Regulations, we need to 

have a purpose and a lawful basis for processing your personal data.   We will only use your personal 

data for the purposes that we have collected it and in accordance with data protection law.    This will 

be to: 

●Provide a contact or service to you and manage our customer relationship 

●When you have provided your consent – such as to receive marketing information from us 

●When we have a legal obligation to do so – such as to comply with regulatory and statutory 

reporting 

●When we have a legitimate business reason for doing so, such as to manage and grow our 

business, if you would reasonably expect us to do so and it does not impact on your rights, 

freedoms and interests. 

 

 

When you visit our website  

We use automated technology such as “cookies”, pixels, beacons and log files to collect information 

about how our website is used.  Information gathered through cookies and server logs may include 

the date and time of visits, the pages viewed, time spent at our site, and the websites visited just 

before and just after our own, as well as your IP address.      

We do this to understand our visitors’ behaviour, preferences and activities and to analyse and 

improve and update our content and services and to maintain the secure operation and running of 

our website. 

For users that register on our website or on practice software and app we use called, practicebetter, 

we and they store the personal information you provide in your user profile.  You can see, edit, or 

delete your personal information at any time.  Website administrators can also see and edit that 

information.  When you log in, we will also set up several cookies to save your login information and 

your screen display choices. 

Our lawful basis is our legitimate interests to  

●manage our website and business,  

●maintain our systems security and prevent fraud 

●to manage our marketing and business activities and improve our services. 

The data that we collect about you will depend on your cookie preferences and settings.   For more 

information about how we use cookies please see our Cookie Banner on our website  

When you sign up to receive our newsletter or download our freebie  we will  

●Add your contact details to our email list /database 

●Save your marketing preferences 

●Send you our marketing information 

●Record and keep a record of your consent to marketing 

Our lawful basis will be your consent. 

Your consent can be withdrawn at any time, you can opt out of receiving our marketing information 

by either using the unsubscribe option on our emails or by contacting us at 

naomi@naomioconnornutrition.com  and asking to be removed from our mailing list.  When you opt 

out of receiving emails and marketing information from us, we will keep a minimum of data about 

you on our ‘do not contact’ list to ensure that we do not contact you further. 

Like many businesses we monitor open rates and interactions with our email marketing campaigns 

via automated technology within our email campaign software.  Emails may contain a clear GIF 

simple web beacon.  Web beacons are a small clear picture file that track whether a user has 

accessed the content.    

We do this to understand how our subscribers interact with our email marketing campaigns and to help us improve what we send.    

The information that our email software collects is  your IP address, country, the device and browser 

type that you used to open an email.   You can set your email client to display emails as text only, or 

disable cookies in your browser before opening emails to remove and prevent your information 

being monitored in this way. 

When you request further information about our products or services, we will 

●Keep a record of and reply to your request for more information about our products or 

services 

Our lawful basis for doing this is because we have a legitimate business interest in responding to your 

queries and requests for information to manage and grow our business.    

 

When you sign up to work with us and request our products or services, we will use your personal 

data to 

●Register you as a client,  

●manage our client relationship, respond to queries and communicate with you 

●Send you a health/lifestyle questionnaire, food diary, cycle tracker  to complete 

●provide the products or service you have requested 

●Set up an account on our practicebetter software and invite your to create a profile on the 

practicebetter software  

●Send you an invoice/take payment for the services you have requested 

●We will maintain records and notes of our sessions which may include general information about 

your  lifestyle choices as well as specific information about your health and nutrition. 

 

Our lawful basis will be to perform a contract with you. 

We keep client records and transaction history in order to comply with statutory and regulatory 

reporting requirements such as maintaining appropriate company records and business accounts and 

to meet our legal requirements.  Our lawful basis for doing so is our legal obligation. 

Legitimate Interests:  We use legitimate interests to manage and conduct our business, this may 

include marketing activities and hosting events either online or in person in order to grow our 

business.   We may perform due diligence checks about your business before entering into a contract 

with you to provide our services. 

If you have attended one of our events or received any other services from us and given us feedback 

or a testimonial about the services we provided, we may publish this feedback on our website, in 

marketing literature and on our social media channels in order to provide testimonials and help grow 

our business.  We will not publish any identifying personal data in connection with any feedback 

you have provided without your consent. 

Marketing  

Under Privacy and Electronic Communications Regulations if you are a consumer, sole trader 

partnership your consent is required to receive marketing in electronic communications (including 

emails, direct messages and text messages) unless you have previously done business with us or enquired about similar products or services. 

If you have previously purchased or enquired about similar services from us and have not opted out 

of marketing communications, we will rely on Legitimate interests to continue to send you marketing 

communications.   You can opt out of receiving marketing communications at any time by clicking on 

the unsubscribe section of the email, or by emailing us at naomi@naomioconnornutrition.com 

When sending marketing information to Limited companies and Corporations, our lawful basis for 

processing your personal data for the purpose of contacting you is legitimate interests to grow and 

develop our business.   You can opt out of receiving marketing communications from us at any time 

by clicking on the unsubscribe section of the email, or by emailing us at 

naomi@naomioconnornutrition.com 

When we use Legitimate Interests as our lawful basis for processing personal data, we will perform a 

Legitimate Interests balancing test and we will only use your personal data in a way that you would 

reasonably expect, ensuring that your rights and interests are protected. 

Who we share your personal data with 

We do not share or pass on your personal data to third parties for marketing purposes.  

If there is an occasion where we need to refer you to a 3rd party, such as a doctor or other medica or 

healthl procider we will share your personal details for them to contact you.   This will be clearly 

explained and agreed prior to us passing on your details. 

We may share some details of your personal data with our trusted service providers and professional 

advisors, such as insurers, accountants and legal advisors.  We do this only to the extent necessary 

for the purposes of processing our company accounts, meeting our legal obligations as a limited 

company and in the event of pursuing any insurance or legal claims.   When doing so we expect these 

service providers and professional advisors to treat your personal data securely and only for the 

purposes intended. We will only share the minimum amount of personal data necessary in these 

instances.   

Our service providers (such as email and cloud service hosting providers, website hosting and 

payment processors) may have access to your personal data when it is stored on their systems.  

These service providers only have access to your personal data for the purpose of fulfilling their 

contract with us and will not use your personal data for their own purposes.   When appropriate we 

have relevant data processing agreements in place with these service providers. 

 

We may share some details of your personal data with our service providers such as virtual assistants 

and freelancers.   When doing so we expect these service providers to treat your personal data 

securely and only for the purposes intended.  These service providers only have access to your 

personal data for the purpose of fulfilling their contract with us and will not use your personal data 

for their own purposes. 

   

In the unlikely event of non-payment of an invoice or legal dispute, we may share your personal data 

with 3rd parties in order to resolve and settle our dispute. 

 

If and when required to do so by law, we may share elements of your personal data with appropriate 

Government Departments such as HMRC  or Hacienda (Spain) only to the extent necessary for the 

purposes of meeting our legal obligations as a limited company/business owner. 

We may share or transfer your information in connection with, or during negotiations of, any merger, 

sale of company assets, financing, or acquisition of all or a portion of our business to another 

company. 

How we store your personal information  

Your information is securely stored on a secured computer network and cloud based software 

programs.   We only use mainstream software and service providers that meet GDPR requirements 

and have the appropriate measures and security protocols in place to comply with UK and EEA data 

protection laws.    All devices and equipment used to access and store your personal data have 

appropriate data security settings in place.  

We have procedures in place to deal with data security breaches in accordance with the UK Data 

Protection Act 2018 and GDPR. 

Sharing information outside the UK and EU  

We may use cloud based platforms and service providers to store and process your personal 

information that are based outside of the UK.   When doing so, we comply with the UK GDPR, making 

sure appropriate safeguards are in place. 

We will only transfer data to countries that the UK data protection authorities have deemed to 

provide an adequate level of protection.   This include countries with Adequacy Regulations, or using 

contracts or codes of conduct incorporating standard data protection clauses recognised or issued in 

accordance with UK data protection law. 

 

How long we keep your data 

We only keep personal data for as long as necessary in relation to the purpose it was collected for.   

When it is no longer required, we will dispose of your information by securely destroying the records 

we hold.   In some instances we may anonymise data so that personal references are no longer kept. 

We keep basic client records in accordance with UK statutory law and regulatory reporting timescales 

which is up to seven years.   These include customer details, contact information, transaction and 

payment history. 

We keep detailed notes  of our client sessions and food diaries  for  8 years after our client sessions 

have ended.    After this time, wherever possible we anonymise our records to remove any of your 

identifying personal data, but retain a summarised history of our client sessions to assist with 

ongoing accreditation to professional bodies. 

 

We maintain a client log including basic contact details and contact hours for 8 years  

We keep names and email addresses for prospective clients on our mailing list indefinitely or until 

the person asks to be removed from the mailing list.  

 

What rights you have over your data 

Under data protection law, you have the following rights: 

Your right of access - You have the right to ask us for copies of your personal information.  

Your right to rectification - You have the right to ask us to rectify personal information you think is 

inaccurate. You also have the right to ask us to complete information you think is incomplete.  

Your right to erasure - You have the right to ask us to erase your personal information in certain 

circumstances. If you have been a customer and purchased our products or services, we will not be 

able to delete all of your records as we have an obligation to retain some records for tax and 

accounting purposes. 

Your right to restriction of processing - You have the right to ask us to restrict the processing of your 

personal information in certain circumstances.  

Your right to object to processing - You have the the right to object to the processing of your 

personal information in certain circumstances. 

Your right to data portability - You have the right to ask that we transfer the personal information 

you gave us to another organisation, or to you, in certain circumstances. 

You are not required to pay any charge for exercising your rights. If you make a request, we have one 

month to respond to you. 

Please contact us at naomi@naomioconnornutrition.com ] if you wish to make a request. 

How to complain 

If you have any concerns or queries about our use of your personal information, you can contact us 

at naomi@naomioconnornutrition.com

You can also complain to the ICO if you are unhappy with how we have used your data, but please do 

give us a chance to answer and resolve any queries with you beforehand. 

The ICO’s address:    

        

Information Commissioner’s Office​

Wycliffe House​

Water Lane​

Wilmslow​

Cheshire​

SK9 5AF 

Helpline number: 0303 123 1113 

In Spain you can also complain to  

Agencia Espanola de Proteccion de datos AEPD 

Calle de Jorge Juan 6,  

Madrid 

28001 

Telephone Number 900 293 183 

Additional information 

Embedded content from other websites 

Articles on this website may include embedded content (e.g. videos, images, articles, etc.). 

Embedded content from other websites behaves in the exact same way as if the visitor has visited 

the other website. 

These websites may collect data about you, use cookies, embed additional third-party tracking, and 

monitor your interaction with that embedded content, including tracking your interaction with the 

embedded content if you have an account and are logged in to that website. 

Links to Other websites 

We may have links on our site to other websites that we do not operate.  If you click on a third party 

link, you will be taken directly to that site which is governed by its own privacy policy.  We do not 

control that site and assume no responsibility for the content, policies or its practices. 

Cookies 

To find out more about our use of cookies, please see our Cookie Policy.  If you would like to delete 

cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your 

web browser. 

You can find out more about cookies here    https://www.cookiesandyou.com/ 

This Privacy Policy was last updated on 27th of November 2024  

bottom of page