Privacy notice

This Privacy Notice explains how Paula Nacif collects, uses, and protects your personal information in compliance with the UK General Data Protection Regulation (UK GDPR). Your privacy is important, and this notice outlines your rights and how your data is managed.

1. Data Controller

Paula Nacif
Email: hello@paulanacif.com

For any data protection queries, please contact the Data Controller at the details above.

2. Information Collected

The following personal data may be collected, stored, and used:

  • Personal Information: Name, email address, phone number, and date of birth.

  • Health Information: Medical history, current medications, lifestyle details, treatment goals, and other health-related information shared during consultations or treatments.

  • Appointment Details: Records of appointments, treatments, and communications.

  • Payment Information: Payment records.

  • Marketing Preferences: Whether you opt in or out of receiving marketing emails.

Sensitive personal data, such as health information, is collected only with your explicit consent to ensure safe and effective treatment.

3. Legal Basis for Processing Data

Personal data is processed under the following lawful bases:

  • Consent: For the collection and use of health information, explicit consent is obtained.

  • Contract: To provide services, including consultations, treatments, and follow-ups.

  • Legal Obligation: To comply with legal or regulatory requirements, such as record-keeping for insurance or tax purposes.

  • Legitimate Interests: To manage and improve services, respond to inquiries, and maintain records for continuity of care.

4. How Data is Used

Personal data is used to:

  • Provide consultations, treatments, and follow-up care.

  • Ensure treatments are safe and tailored to individual needs.

  • Communicate appointment reminders and updates.

  • Maintain accurate records for legal, regulatory, and insurance purposes.

  • Send marketing communications about services, offers, or updates, if consent has been given.

5. Marketing Emails

Marketing emails may be sent to share updates, promotions, or information about services. These will only be sent if explicit consent has been provided.

  • Clients can opt in to receive marketing communications during the initial consultation or through online sign-up forms.

  • To opt out, use the “unsubscribe” link included in any marketing email or contact hello@paulanacif.com directly.

Your choice to opt in or out of marketing will not affect your access to treatments or services.

6. Sharing of Data

Personal data will only be shared when necessary and in accordance with the law:

  • With consent: Sharing details with other healthcare providers or professionals at your request.

  • Legal obligations: Providing information to regulatory authorities, if required by law.

  • Service providers: Trusted third-party providers for IT, record-keeping, or payment processing (all compliant with data protection laws).

Your data will never be sold or shared for marketing purposes without consent.

7. Data Storage and Retention

  • Personal data is stored securely in physical or electronic records, protected by encryption and other security measures.

  • Health records are retained for a minimum of 8 years after the last appointment, or as required by UK law for healthcare practitioners.

  • Payment data is stored only as long as necessary to process transactions and meet legal requirements.

8. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data held about you.

  • Correction: Request correction of inaccurate or incomplete data.

  • Erasure: Request deletion of data where it is no longer necessary, unless required by law.

  • Restriction: Limit how your data is used.

  • Portability: Receive a copy of your data in a commonly used format.

  • Objection: Object to the processing of your data under certain conditions.

To exercise these rights, contact the Data Controller at hello@paulanacif.com.

9. Security Measures

Paula Nacif takes appropriate technical and organisational measures to protect personal data, including:

  • Secure storage systems.

  • Restricted access to data on a need-to-know basis.

  • Encryption for electronic data.

10. Complaints

If you believe your data has been handled improperly, you can contact the Data Controller at hello@paulanacif.com. You also have the right to file a complaint with the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk
Phone: 0303 123 1113

Last Updated: 8 January 2025