The Community Dietitian Privacy Policy

Last updated: November 2025

1. Who I Am

I am Victoria Dagnan, Registered Dietitian (HCPC No. DT29613), trading as The Community Dietitian. I provide one to one and group nutrition consultations, coaching and training online and in person. I take your privacy seriously and handle all information in accordance with UK GDPR, the Data Protection Act 2018 and HCPC Standards of Conduct, Performance and Ethics.

If you have any questions about this policy or wish to contact me regarding your data, please email hello@thecommunitydietitian.co.uk.

2. What Information I Collect

Contact details: name, email, phone number.

Health and lifestyle information: relevant medical history, medications, dietary habits, goals and progress notes.

Session records: consultation notes, resources shared and agreed actions.

Booking and communication data: details you provide through enquiry or booking forms such as Calendly.

Payment information: processed securely by Stripe (a third-party payment processor). I do not access or store your full banking details, though transaction records may be retained for accounting purposes.

Technical data: cookies or analytics if you visit my website.

3. How Your Information Is Used

  • Provide tailored dietetic advice and support.

  • Manage bookings, reminders and communication.

  • Maintain accurate health and consultation records.

  • Meet professional, legal and insurance obligations.

  • Improve the quality of services.

I do not sell or share your personal information for marketing purposes.

4. Lawful Basis for Processing

Contract:  to deliver the services you request.

Consent: for communication or information sharing with your GP or other professionals.

Legal obligation: to maintain professional records in line with HCPC and insurance requirements.

Health data (special category):  processed under Article 9(2)(h) UK GDPR for health and social care purposes, and with your explicit consent where required.

Legitimate interests: to operate the business securely and effectively.

5. How I Store and Protect Your Data

Client data is stored securely within Google Workspace, protected by passwords, encryption and Google's Additional Data Protection Terms which align with UK GDPR. All notes and correspondence are digital and access is restricted to me. Emails are sent through my secure Google Workspace account (vicky@thecommunitydietitian.co.uk). All devices used are password protected and regularly updated.

6. Who I Share Information With

I only share information when necessary and in line with professional and legal obligations. This may include:

  • Sharing relevant information with your GP or healthcare team with your consent.

  • Using secure service providers such as Google Workspace for email, storage and forms, Stripe for payment processing and Calendly for booking. These providers apply appropriate data protection safeguards.

Safeguarding: In rare circumstances, I have a legal duty to share information without your consent if I believe there is a serious risk of harm to you or someone else, particularly where children or vulnerable adults are involved. Any sharing will follow HCPC professional standards and relevant safeguarding laws.

7. International Data Transfers

Some service providers (such as Google Workspace) may process data outside the UK. All such providers have appropriate safeguards in place, including UK GDPR-compliant data transfer mechanisms.

8. How Long I Keep Your Information

Health records are kept for a minimum of seven years after your last appointment (or until your 25th birthday if you were under 18 at the time of treatment, whichever is later). This is in line with the HCPC Standards for Record Keeping, the Records Management Code of Practice for Health and Social Care 2021 and the Limitation Act 1980. After this period, data is securely deleted or anonymised.

9. Your Rights

You have the right to:

  • Access the personal data I hold about you.

  • Request correction or deletion of your information.

  • Request a copy of your data in a portable format.

  • Withdraw consent at any time for non-essential uses.

  • Object to or restrict certain processing.

  • Complain to the Information Commissioner's Office if you are concerned about how your data are handled: www.ico.org.uk.

To exercise any of these rights, email vicky@thecommunitydietitian.co.uk.

10. Online and In Person Consultations

Consultations may take place online through Google Meet or in person. Google Meet uses encrypted connections and meets UK GDPR standards. Sessions are not recorded. If recording is ever required for clinical or training purposes, your explicit written consent will be obtained in advance, and you will be informed of how the recording will be stored and used.

11. Cookies and Website Use

If you visit my website, cookies or basic analytics may be used to understand how the site is accessed. You can manage or disable cookies in your browser settings.

12. Data Controller

The Community Dietitian is registered with the Information Commissioner's Office as a Data Controller under the Data Protection Act 2018.

13. Updates to This Policy

This policy may be updated to reflect service or legal changes. Where changes are significant, I will notify active clients by email. Continued use of my services after notification constitutes acceptance of the updated policy. The most recent version will be available on my website or by request.