Privacy Policy

This privacy notice tells you what to expect me (Evie Cook trading as Replenish and Rise) to do with your personal information. I am committed to protecting your privacy and ensuring that your personal data is handled securely and in compliance with UK data protection laws, including the UK GDPR and Data Protection Act 2018.

This privacy notice is effective from 20th July 2025 and is reviewed and updated regularly.

Contact Details

Email: replenishandrise@gmail.com

What Information I Collect, Use, and Why

I collect and use personal information for the purpose of providing client care, services, and related goods. This includes:

  • Name, address, and contact details

  • Gender and pronoun preferences

  • Date of birth

  • Next of kin details and support networks

  • Emergency contact details

  • Health information (e.g., medical conditions, allergies, history, medications)

  • Information about care needs (disabilities, dietary requirements, home environment)

  • Test results (e.g., scans, blood tests, psychological evaluations)

  • Payment details (e.g., card or bank information for transfers and direct debits)

  • Records of meetings, sessions, and decisions

Special Category Data

I also collect health-related information to provide clinical services. This type of data requires additional protection due to its sensitive nature.

Lawful Bases and Your Data Protection Rights

Under UK data protection law, I must have a “lawful basis” for collecting and using your personal information. My primary lawful bases are:

  • Consent – You have given clear consent for me to process your personal data for a specific purpose.

  • Contract – Processing is necessary to deliver the service you have requested.

  • Legal obligation – To comply with legal or regulatory requirements.

  • Legitimate interests – For purposes such as ensuring the safe and effective delivery of services.

Your Rights

You have rights under UK data protection law, including:

  • The right to access your personal data

  • The right to rectification if data is inaccurate or incomplete

  • The right to erasure of your personal data (in certain circumstances)

  • The right to restrict processing

  • The right to object to processing

  • The right to data portability

  • The right to withdraw consent at any time

To exercise these rights, email replenishandrise@gmail.com. I will respond within one month.

Where and How I Store Your Personal Data

I am committed to ensuring that your information is secure. To prevent unauthorised access, loss, misuse, or disclosure, I have put in place appropriate technical, organisational, and security measures:

Security Measures

  • Laptops and devices are password protected.

  • Documents containing personal data are encrypted and password protected.

  • I use Practice Better, a GDPR-compliant electronic system, to securely store client records and payment details.

Website Hosting

My website is hosted by Squarespace. No personal data is stored on the website itself. However, when you visit my website, certain technical information may be collected automatically, such as:

  • Internet Protocol (IP) address

  • Browser type and version

  • Time zone settings and plug-in types

  • Operating system and platform

This data is used solely for technical and security purposes to maintain and improve the website.

Retention of Records

  • Client records are retained for eight years after your last contact, in line with British Dietetic Association Guidance for Record Keeping.

  • For clients under 18, records are kept until their 25th birthday (or 26th birthday if aged 17 at treatment).

  • In some cases, I may retain records longer to meet obligations under my professional indemnity insurance.

When data is no longer needed, it will be securely deleted or destroyed.

Sharing of Data

I do not share your information with third-party marketing agencies without your explicit consent. Nor will I contact you for marketing purposes unless you have opted in.

If you consent to marketing, you may withdraw consent at any time by emailing replenishandrise@gmail.com.

Third-Party Services

To support my services, I sometimes use third-party suppliers and platforms. These include:

  • Practice Better for secure electronic health records

  • Social media platforms (e.g., Facebook, Instagram) to share updates, subject to their privacy policies

All third-party providers are required to comply with UK data protection laws.

Where I Get Personal Information From

  • Directly from you

  • Family members or carers (with your consent)

Who I Share Information With

I only share information where necessary and in compliance with data protection law:

  • Practice Better – for secure storage of records and payment details

  • Other health providers (e.g., GPs, consultants) – only with your consent or in circumstances where it is necessary to protect your vital interests

  • Legal obligations – e.g., if required by a court order or to prevent serious harm

In exceptional cases, I may share information without consent where there is an overriding public interest (e.g., prevention of serious crime).

How Long I Keep Information

I retain client records and personal information as outlined in the retention schedule above. For more details, contact replenishandrise@gmail.com.

How to Complain

If you have any concerns about how I use your data, please contact me directly at replenishandrise@gmail.com.

If you remain dissatisfied, you can complain to the Information Commissioner’s Office (ICO):

Address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint