Privacy Policy
Introduction
This privacy policy outlines how Rachael Camp stores and processes personal information. If you have any queries, comments, or concerns about how your information has been or may be used, please contact me using the website contact form.
In this Privacy Notice, “we”, “us”, “me”, or “this” refers to Rachael Camp as the data controller of your personal information.
What services do I offer?
My purpose is to provide nutrition care that empowers you to make personalised, sustainable changes. I deliver services via consultations, programmes (including IBS/FODMAP), and related support.
What types of data do I capture?
As a client, the personal information I may hold about you includes:
-
Name
-
Contact details (postal address, email, phone/mobile)
-
Financial information (e.g., insurance details; payment reference data)
-
Occupation
-
Emergency contact / next of kin
-
Background/referral details
I also process special category data (sensitive data) about your physical and mental health. This may include:
-
Details of your current or past health, diagnoses, investigations, clinic/hospital visits, and medications; information shared from GPs/consultants (NHS or private)
-
Details of services you have received from me
-
(If disclosed) religion, genetic/biometric data, sex life, and/or sexual orientation (only where directly relevant to dietetic care)
Nurish Pro context:
Client intake forms, health questionnaires, diaries, messages, bookings, and clinical notes may be collected and stored within Nurish Pro (an encrypted platform). Form versions and historical updates are retained so that clinical records remain complete. See [Nurish Pro Privacy Policy] for platform-level processing and security details. nurishpro.com
I treat all information confidentially and comply with UK data protection law (UK GDPR and Data Protection Act 2018) and professional confidentiality guidance.
If you amend previously provided data (e.g., updating a pre-populated Nurish Pro form), my records will be updated; earlier entries may remain as part of the clinical record history.
If you provide personal information about another person (e.g., next of kin), please ensure they are aware of this policy.
How do I collect your information?
I may collect personal information from:
-
Directly from you, including via Nurish Pro forms and client portal, website contact forms, email, telephone, post, or social media
-
Medical records from your GP, consultants, hospitals (NHS or private), and mental health providers
-
Commissioners or insurers (where applicable)
Nurish Pro context:
Online questionnaires, consent forms, food/symptom diaries, and programme onboarding are typically delivered through Nurish Pro. Submissions are stored within your client record on the platform. See [Nurish Pro Privacy Policy] for details of how the platform logs submissions and secures data. nurishpro.com
Do I collect information from third parties?
Yes, where relevant to your care and with appropriate authority/consent, I may obtain information from:
-
Referrers (e.g., GP, consultant, other healthcare professionals)
-
Your family (where you ask me to liaise)
-
Insurers or benefit providers
-
Other expert services supporting your care
How will I communicate with you?
I may contact you by telephone, SMS, email, post, or in-app messaging via Nurish Pro (where available). If I reach voicemail, I’ll leave minimal identifying details.
-
Reminders and admin: I may send appointment confirmations and reminders (SMS/email/Nurish Pro).
-
Clinical information: I may share plans, results, or updates via secure email or within Nurish Pro. Email will be encrypted where available; if you request unencrypted email, you accept the associated risks.
-
Providing your contact details and channel preferences allows me to use those channels for your care; the legal basis is performance of a contract/healthcare provision, not consent.
What is my role in protecting your data?
Data Controller: Rachael Camp. I determine the purposes and means of processing your personal data.
Processor(s): Nurish Pro acts as a data processor for the services I use (forms, records, scheduling, messaging, payments where enabled). Nurish Pro is responsible for platform-level security, access controls, logging, and any sub-processors it appoints. See [Nurish Pro Privacy Policy] for their security posture, sub-processor use, and international transfer mechanism(s). nurishpro.com
I may also use Microsoft 365 for internal administrative note-taking and document management; Microsoft provides enterprise-grade security and UK GDPR compliance controls.
I typically deliver care from a home office setting; personal data is processed in line with this policy and professional standards, using secure systems and devices.
Lawful bases/purposes for using your information
I process your data under the following lawful bases:
-
Contract / provision of healthcare (Article 6(1)(b)) and healthcare services special category condition (Article 9(2)(h))
-
Legitimate interests (e.g., quality assurance, business records, outcome monitoring, responding to complaints)
-
Legal obligation (e.g., regulatory, tax, accounting)
-
Establish, exercise, or defend legal claims
-
Consent (only where relied upon—for example, certain marketing or optional data fields)
If you do not provide the information needed for care/contract set-up, I may be unable to register you or provide services.
Nurish Pro context:
Where data is collected or processed within Nurish Pro (e.g., via forms, messaging, diaries), the same legal bases apply. Nurish Pro processes data on my instructions for these purposes. See [Nurish Pro Privacy Policy]. nurishpro.com
Purpose 1: Provide you with healthcare and related services
-
Legal grounds: (a) Provision of healthcare; (b) Contract performance
-
Special category ground: Provision of health care (Art. 9(2)(h))
Nurish Pro context:
Clinical notes, care plans, attachments, and outcome tracking may be stored and accessed within Nurish Pro to deliver your care efficiently and securely. nurishpro.com
Billing accuracy: I will use your personal information to ensure account and billing accuracy (legitimate interests). Payment processing may involve Nurish Pro-integrated or third-party payment providers you select.
Purpose 3: Clinical audit (local)
I may process de-identified or minimal personal data for internal audit to assess outcomes and improve care (legitimate interests/public interest in research/statistics). You may object to this.
Nurish Pro context:
Where feasible, I will minimise personal data and/or use de-identified extracts from Nurish Pro for audit. nurishpro.com
Purpose 4: Communicating with you / queries/complaints
-
Necessary for healthcare provision and/or legal claims.
Nurish Pro context:
Secure messaging and documentation of communications may occur within Nurish Pro so there is a complete care record. nurishpro.com
Purpose 5: Updating others involved in your care (where appropriate)
-
Legal grounds: healthcare provision; legitimate interests (continuity of care)
-
Special category ground: provision/management of health or social care
Nurish Pro context:
Where sharing is necessary and lawful, relevant extracts may be compiled from Nurish Pro and shared with your consent (or as otherwise permitted by law). nurishpro.com
Purpose 6: Legal/regulatory obligations; legal rights
I may need to disclose data to regulators or authorities, or access records to respond to claims/complaints—only to the extent necessary and lawful.
Purpose 7: Business operations (accounts, analytics, professional advice)
-
Legal ground: legitimate interests.
Special category data is not routinely required for this purpose and will be avoided wherever possible.
Disclosures to third parties
I may disclose your information to:
-
Healthcare professionals involved in your care (GP, dentist, consultants, allied health), and their secretaries
-
Support/admin staff directly assisting your care
-
People you nominate (e.g., next of kin)
-
NHS organisations and other providers, as necessary for care continuity
-
Insurers (where applicable)
-
Professional advisers (legal/accountancy), where necessary and lawful
-
Service providers/IT systems used in my practice (including Nurish Pro as data processor) under appropriate data protection terms
Nurish Pro context:
Nurish Pro may use carefully selected sub-processors (e.g., hosting, email/notification, analytics, strictly necessary for service operation). Any such processing is governed by Nurish Pro’s data protection terms; see [Nurish Pro Privacy Policy] for current details. nurishpro.com
International transfers
My default position is to store/process data in the UK/EU where possible. Nurish Pro may host or route certain services using reputable third parties and, where data leaves the UK/EEA, will rely on a lawful transfer mechanism (e.g., adequacy decisions or Standard Contractual Clauses). See [Nurish Pro Privacy Policy] for current hosting/transfer information. nurishpro.com
Security
I use appropriate technical and organisational measures to protect your data (access controls, device security, encryption, least-privilege access, training, audit). Records are kept in secure systems; data is not stored on personal devices without safeguards.
Nurish Pro context:
Nurish Pro applies platform-level security (encrypted transport/storage, authenticated access, role-based permissions, audit logs). For the platform’s current security posture and certifications, see [Nurish Pro Privacy Policy]. nurishpro.com
Automated decision-making
No decisions producing legal or similarly significant effects are made solely by automated means.
How long do I keep personal information?
I retain records for at least 10 years from the date of treatment.
For a minor, at least 10 years after they reach the age of majority.
For patients with mental incapacity, records may be retained indefinitely.
(If you need specific retention details, please contact me.)
Nurish Pro context:
Records created/stored in Nurish Pro form part of your clinical record and follow the same retention schedule. Secure deletion or export will be actioned in line with these periods and platform capabilities. nurishpro.com
Your rights
You have rights under data protection law, including: access; rectification; erasure (with exemptions for clinical/legal needs); restriction; data portability; objection to certain processing; complaint to the Information Commissioner’s Office (ICO). If you withdraw consent (where consent is relied upon), this will not affect processing already carried out.
Requests will usually be fulfilled electronically unless you request otherwise. Some requests may be limited where other people’s data would be affected or where legal exemptions apply.
Marketing
I do not add you to marketing lists without consent. You can unsubscribe at any time. (Service/appointment communications are not marketing.)
Cookies and website embeds
My website may use cookies for essential functionality and analytics. If I embed Nurish Pro widgets or forms, Nurish Pro may set strictly-necessary cookies to make the feature work; see [Nurish Pro Privacy Policy] and my site cookie notice for details. nurishpro.com
Changes to this policy
I may update this policy to reflect changes in law, services, or platforms used (including Nurish Pro). The most up-to-date version will be available at www.rachael-camp.com. Significant changes will be notified where appropriate.
What technology do we use to support our business?
-
Nourish Pro is my primary technology provider. I use their secure, GDPR-compliant platform to collect, store, and manage client information. All forms, communications, and client records are handled within Nourish Pro’s encrypted system, which meets current UK Data Protection and NHS DSP Toolkit standards.
You can view Nourish Pro’s privacy and data security policy here (or insert the direct link to their policy page). -
Client notes and records are securely stored within the Nourish Pro platform, which uses encrypted servers located in accordance with UK and EU data-protection regulations.
-
I continue to use Microsoft Office applications for internal administrative purposes and note-taking; these are protected by Microsoft’s enterprise-grade security and privacy compliance measures.
-
If you have any questions about how your information is handled or would like to request access to your data, please contact me directly.
-
My website, like all websites today do captures cookies. However I do not make use of cookies to collect any private or personally identifiable information. The technical platform of this website uses cookies solely to aid the proper technical functioning of the website. The cookies used contain random strings of characters alongside minimal information about the state and session of the website, which in no way collects or discloses any personal information about you as a visitor.
-
Advanced areas of this site may use cookies to store your presentation preferences in a purely technical fashion with no individually identifiable information.
-
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
-
You can also find out how Wix.com uses cookies here