PRIVACY NOTICE

Arabella Porter Healthhello@arabellaporterhealth.com London, United Kingdom Date effective: May 2026

1. Purpose of this Notice

This Privacy Notice explains how I collect, use, and store your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all clients, prospective clients, and visitors to my website.

2. Who I Am

Arabella Porter is a certified health and nutrition coach, holding a CNM qualification and NACC certification, providing personalised health coaching and nutrition services through Arabella Porter Health. I am the data controller for the personal information I collect and process in the course of providing these services.

ICO Registration: ZC144812

3. Information I Collect

To provide safe and effective care, I may collect the following types of information:

  • Personal details (name, address, contact details, date of birth)

  • Health and medical history, symptoms, and relevant test results

  • Information about diet, lifestyle, medication, supplements, and goals

  • Consultation notes and correspondence

  • Payment details (where applicable)

4. Lawful Basis for Processing

I process your personal data under the following lawful bases:

  • Contract: to provide you with agreed health coaching and nutrition services

  • Legitimate interests: to maintain records and manage my practice safely and professionally

  • Consent: for processing sensitive (special category) health information. You may withdraw your consent at any time

  • Legal obligation: to comply with legal or insurance record-keeping requirements

I process your data under the following articles of the UK GDPR:

  • Article 6(1)(b) — Contract: to provide professional services requested by you

  • Article 9(2)(h) — Provision of healthcare: processing necessary for health and treatment purposes

  • 5. How I Use Your Information

  • Your information is used to:

  • Provide safe and effective personalised health coaching and nutrition support

  • Assess suitability of personalised health and nutrition advice

  • Communicate with you about your programme and care

  • Keep accurate clinical records

  • Process payments and manage bookings

  • Meet professional, insurance, and legal obligations

  • Send you marketing and programme updates, subject to your explicit consent

I will at all times protect your personal data, including health and contact details, in a manner consistent with my duty of professional confidence and the requirements of UK GDPR. Your data will never be sold or used for marketing without your explicit consent.

6. How Your Information Is Stored

All personal information is stored securely using the following systems:

  • Password-protected devices with two-factor authentication enabled

  • Secure PDF and Word documents stored on encrypted devices

  • All devices are password protected with automatic locking enabled

  • Practice Better (primary practice management platform for client records, session notes, intake forms, and programme delivery - hosted on AWS servers in North America under GDPR-compliant terms, with a Data Processing Agreement in place)

  • Google Drive (password-protected, used for documents and correspondence); password-protected devices with two-factor authentication and automatic locking enabled. All systems are accessed only by me.

  • I do not use public Wi-Fi to access client records without a VPN. All systems are accessed only by me.

7. Online Consultations and Electronic Communicati

Online consultations are conducted via Zoom or Google Meet, with appropriate security settings enabled including password protection and waiting rooms where applicable.

Although all reasonable steps are taken to protect your information, no internet-based communication system can be guaranteed to be completely secure. If you choose to communicate via email, please be aware that standard email is not fully encrypted.

My primary business email is hello@arabellaporterhealth.com, which is used for all client communication. Sensitive health information is not transmitted via unsecured email.

8. How Long Records Are Kept

In line with professional standards and insurance requirements, client records are retained for:

  • Adult records: 7 years from the date of last consultation

  • Children's records: until the age of 25, or 26 if the client was 17 at the end of treatment

After this period, records are securely deleted or destroyed. In certain cases, such as where records may be relevant to an insurance claim or legal proceeding, they may be retained for longer.

9. Data Regulations for Minors

Where a client is under the age of 18, consent from a parent or legal guardian is required before any coaching or consultation can begin. The child remains the data subject under data protection law. Both parents may have the right to access the child's records unless there is a legal restriction or court order in place that limits this access.

10. Sharing Your Information

I will not share your information with third parties unless:

  • You have given explicit consent (for example, to share with your GP or another healthcare provider)

  • Disclosure is required by law (for example, in cases of serious risk of harm)

  • It is necessary for accounting or administrative purposes (for example, my professional indemnity insurer or accountant, who are GDPR-compliant)

Your data will never be sold to third parties.

11. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data I hold about you

  • Request to move, copy, or transfer your data to a third party

  • Request correction of inaccurate information

  • Request deletion of your data (where legally permissible)

  • Restrict or object to certain forms of processing

  • Withdraw consent at any time

  • Lodge a complaint with the Information Commissioner's Office (ICO): www.ico.org.uk

Please note that clinical records cannot be deleted where retention is required by law, insurance, or professional standards.

12. Subject Access Requests

You have the right to request access to the personal data I hold about you. If you make a valid Subject Access Request:

  • A copy of the requested information will be provided free of charge

  • The information will be supplied within one month of receiving the request

  • Where the request is complex, this period may be extended by up to two further months. You will be informed within the initial one-month period if an extension is required

  • Identity verification will be required before any records are released

13. Reporting Breaches

Any breach of this policy or of data protection laws will be reported as soon as practically possible. I have a legal obligation to report any data breaches to the Information Commissioner's Office (ICO) within 72 hours of becoming aware of a breach.

14. International Transfers of Personal Data

Your data is stored and processed on Practice Better, which uses Amazon Web Services infrastructure located in North America. This constitutes an international transfer of personal data outside the UK. Practice Better maintains GDPR compliance and a Data Processing Agreement is in place. Data is protected by AES-256 encryption in transit and at rest. No data will be transferred to any other platform without appropriate safeguards.

15. Cookies

If you visit my website at www.arabellaporterhealth.com, cookies may be used to improve your browsing experience.

Types of cookies that may be used:

  • Strictly necessary cookies — required for the website to function. These do not require consent.

  • Analytics cookies — used to understand how visitors use the website. These require your consent.

  • Third-party cookies — some external services such as online booking systems may place their own cookies.

You can manage your cookie preferences via the cookie banner on this website or through your browser settings. More information about cookies can be found at www.allaboutcookies.org

16. Updates to this Notice

I may occasionally update this Privacy Notice to reflect legal or procedural changes. The latest version will always be available at www.arabellaporterhealth.com and on request by emailing hello@arabellaporterhealth.com.

Contact

If you have any questions about how your information is handled, please contact:

Arabella Porter - Arabella Porter Health hello@arabellaporterhealth.com

Surrey, United Kingdom