A Modern Topic (hereinafter referred to as AMT) takes a proactive approach and is committed to protecting your privacy. As Data Controllers and Processors, Sophie Harris and AMT comply with the principles of the relevant data protection regulations, including the Data Protection Act (DPA) and the General Data Protection Regulation (GDPR). This policy is kept under regular review and was last reviewed in 2021.

This privacy policy explains how and why your personal data is collected, how it is used and how it is kept secure. Protection of personal data is maintained in and at all stages- starting with data collection and ending with data destruction.

If you would like to speak about this policy or the data held on you, please contact sophie@amoderntopic.com.


HOW YOUR PERSONAL DATA IS OBTAINED

Information obtained from you

You provide your personal data in the following ways:
• By completing an initial case intake questionnaire
• By signing a terms of engagement form on the questionnaire
• During a consultation
• Through email, the telephone or by post
• By taking online payments
• By completing a contact form.

This may include the following information:
• Basic details such as name, address and contact details
• Details of contact we have had with you such as referrals and appointment requests
• Health information including your previous medical history, dietary, lifestyle, supplement and medicine details, biochemical test results and clinic notes
• Health improvement plans
• GP contact information
• Bank details

This information is used in order to provide you with direct healthcare. This means that the legal basis of holding your personal data is for legitimate interest.


Information obtained other sources

Sensitive medical information may be obtained in the form of test results from biochemical testing companies. This information is used in order to provide you with direct healthcare. This means that the legal basis of holding your personal data is for legitimate interest.

Sensitive information may be obtained from other healthcare providers. The provision of this information is subject to you giving your express consent. If AMT does not receive this consent from you, AMT will not be able to coordinate your healthcare with that provided by other providers, which means the healthcare provided by us may be less effective.


HOW YOUR PERSONAL DATA IS USED

AMT acts as a data controller for use of your personal data to provide direct healthcare. AMT also act as a controller and processor in regard to the processing of your data from third parties such as testing companies and other healthcare providers. AMT acts as a data controller and processor in regard to the processing of credit card and online payments.

AMT may use your personal data where there is an overriding public interest in using the information e.g., in order to safeguard an individual, or to prevent a serious crime. Also, where there is a legal requirement such as a formal court order. AMT may use your data for marketing purposes such as newsletters but this would be subject to you giving your express consent. This is achieved through you signing up to the mailing lists via the website. 

AMT acts at all times to protect your personal data, including any health and contact details, in a manner which is consistent with our duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. Reasonable security measures to protect your personal data storage are also taken.


INFORMATION SHARING WITH OTHER ORGANISATIONS

All information about you is confidential. AMT only disclose your information with other third parties with your express consent with the exception of the following categories of third parties:
• Our registrant body, CNHC and our professional association, BANT, for the processing of a complaint made by you
• Anyone to whom we may transfer our rights and duties under any agreement we have with you
• Any legal or crime prevention agencies and/or to satisfy any regulatory request (e.g., CNHC) if we have a duty to do so or if the law allows us to do so

AMT will seek your express consent before sharing your information with your GP or other healthcare providers. However, if AMT believe that your life is in danger then information may be passed onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests.

AMT may share your information with supplement companies and biochemical testing companies as part of providing you with direct healthcare. No sensitive information is ever included.

AMT may share your case history in an anonymised form with peers for the purpose of professional development. This may be at clinical supervision meetings, conferences, online forums, and through publishing in medical journals, trade magazines or online professional sites. Your explicit consent will be sought first before processing your data in this way.


SAFEGUARDS IN PLACE TO ENSURE ALL IDENTIFYING DATA IS SECURE 

AMT only uses information that may identify you in accordance with GDPR. This requires the processing of personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.
Within the health sector, AMT also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. AMT will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.

AMT ensures information held is kept in secure locations with access to information restricted to authorised personnel only. AMT also ensures that the external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.

A Modern Topic is registered with the Information Commissioner’s Office (ICO) as a data controller. A copy of the registration is available through the ICO website (please search by business name).


RETAINING CONFIDENTIAL INFORMATION 

All records held by A Modern Topic will be kept for the duration defined by my professional association, BANT and registrant body, CNHC. This enables us to process any complaint you may make. In this case the legal basis of our holding your personal data is for contract administration.


YOUR RIGHTS

Every individual has the right to see, amend, delete or have a copy, of data held that can identify you, with some exceptions. You do not need to give a reason to see your data.

If you want to access your data you must make a subject access request in writing to sophie@amoderntopic.com. AMT shall respond within 20 working days from the point of receiving the request and all necessary information from you. The response will include the details of the personal data held on you including:
• Sources from which the information was acquired
• The purposes of processing the information
• Persons or entities with whom the information is shared

You have the right, subject to exemptions, to ask to:
• Have your information deleted
• Have your information corrected or updated where it is no longer accurate
• Ask me to stop processing information about you where not required to do so by law or in accordance with the BANT and CNHC guidelines
• Receive a copy of your personal data, which you have provided, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller, without hindrance from me.
• Object at any time to the processing of personal data concerning you

If you would like to invoke any of the above rights then please write to me as the Data Controller at sophie@amoderntopic.com.

You also have the right to raise a complaint with the ICO if you are unhappy with the way we have collected, stored or used your personal data.


INFORMATION COLLECTED WHEN USING OUR WEBSITE

This website is hosted by Showit.

Like most websites, AMT makes use of analytics software in order to help us analyse webpage data and understand the trends in popularity of the website and of different sections. AMT uses an analytics package called Google Analytics who provide details of their privacy policy here. Google Analytics tracks anonymous usage statistics and does not collect any personal information that can be used to identify you. 

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org . To opt out of being tracked by Google Analytics across all websites visit here. 

If you do not want your information to be shared through cookies, you can disable them in your browser.


EXTERNAL WEBSITES AND LINKS

Although AMT only aim to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links.

AMT cannot guarantee or verify the contents of any externally linked website despite best efforts. Users should therefore note they click on external links at their own risk and AMT cannot be held liable for any damages or implications caused by visiting any external links mentioned.


NEWSLETTER SUBSCRIPTION AND MAILING LIST

AMT operates an email mailing list, which is a primary way of sharing information about upcoming relevant events, blog posts, special offers, or useful recipes or tips. Subscribers must give their consent to be added to the list and may unsubscribe at any time through the service option as detailed in the footer of all sent marketing messages. The type and content of marketing messages subscribers receive is clearly outlined at the point of subscription.
AMT will not sell, distribute, lease nor share your personal information to third parties. 
Email marketing messages may contain tracking facilities within the actual email in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data. Access to member information is strictly controlled and the Flodesk account can only be accessed by me and the people who need to do their job – it is only made visible to members of staff who have a reason to work with it.
My email marketing provider is Flodesk and you can read their privacy policy here.


SOCIAL MEDIA PLATFORMS
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.


EVENT INFORMATION

AMT will only collect and retain basic, relevant and essential data for the purposes of communicating with members about events they have registered for and for taking payment for tickets. All data collected will be retained against individual events within the events system and managed in accordance with Eventbrite’s terms and conditions and privacy policy.

Your data is always held securely. Access to customer information is strictly controlled and the Eventbrite account can only be accessed by people who need to do their job – it is only made visible to those who have a reason to work with it.
Our event marketing and organisation provider is Eventbrite and you can read their privacy policy here.

If you have any questions about this Privacy Policy or require more information, please don’t hesitate to contact sophie@amoderntopic.com.

Privacy Notice