top of page

Privacy Policy

SophroNut holds some information about you. This document outlines how that information is used, who it may be shared with, and how it is kept secure. This notice incorporates the requirements of both the UK General Data Protection Regulation (GDPR) and Singapore’s Personal Data Protection Act (PDPA). It does not provide exhaustive detail but is designed to give an overview. Additional information or clarification can be requested by contacting claire@sophronut.com. This Privacy Notice is reviewed regularly. It was last updated in January 2025.

1. What We Do

SophroNut provides nutritional therapy services to clients to improve their health through diet and lifestyle interventions. The focus is on preventative healthcare, optimization of physical and mental health, and management of chronic health conditions. Through consultations, dietary and lifestyle analysis, and biochemical testing, we aim to understand the underlying causes of health issues and address them through personalized dietary therapy, nutraceutical prescriptions (supplements), and lifestyle advice.

2. How We Obtain Your Personal Data

Information Provided by You

You provide personal data in the following ways:

  • Completing a nutritional therapy questionnaire.

  • Signing a terms of engagement and consent form.

  • During consultations.

  • Through email, telephone, or postal correspondence.

  • When making payments.

 

This data may include:

  • Basic details: name, address, contact details, and next of kin.

  • Details of contact with you, such as referrals and appointment requests.

  • Health information: medical history, dietary habits, lifestyle information, supplement and medication use, test results, clinic notes, and health improvement plans.

  • GP contact information.

  • Financial details for payment processing.

 

This information is used to provide direct healthcare, under the legal basis of legitimate interest (GDPR) and reasonable purposes (PDPA).

Information from Other Sources

 

Sensitive medical information (e.g. test results) may be obtained from:

  • Biochemical testing companies.

  • Other healthcare providers, with your express consent.

If consent is not provided, coordination of healthcare may be limited.

 

3. How Your Personal Data is Used

Data Controller and Processor Roles

  • We act as a data controller for your personal data to provide direct healthcare.

  • We act as a data processor for data from third parties (e.g., testing companies, other healthcare providers, payment processors).

 

Compliance and Security

We comply with GDPR and PDPA requirements to protect personal data and ensure confidentiality. Security measures include encryption, restricted access, and secure storage systems.

 

Legal and Public Interest Exceptions

Your data may be used without consent if there is:

  • Overriding public interest, such as safeguarding individuals or preventing a serious crime.

  • A legal requirement (e.g., court order).

 

Marketing

Your data may be used for marketing (e.g., newsletters) only with your express consent.

 

4. Sharing Information with Other Organizations

Your information will remain confidential and only shared with third parties under the following circumstances:

  • With your express consent.

  • With professional associations (e.g., CNHC, BANT) for processing complaints.

  • With contractors or advisors, under confidentiality agreements.

  • With legal or regulatory authorities, if required by law.

  • With supplement or biochemical testing companies for healthcare provision (non-sensitive data only).

  • In cases of danger to life, with appropriate authorities (e.g., police, GP).

Anonymized case histories may be shared for professional development with your explicit consent.

 

5. Your Rights

Under GDPR and PDPA, you have the following rights:

  • Access: Request access to your personal data.

  • Correction: Correct inaccurate or outdated information.

  • Deletion: Request data deletion where lawful.

  • Data Portability: Receive data in a structured format and transfer it to another controller.

  • Objection: Object to data processing under specific conditions.

  • Withdrawal of Consent: Withdraw consent for optional processing activities.

Requests can be made by contacting claire@sophronut.com. Responses will be provided within 30 days in Singapore and 20 working days in the UK.

 

6. Safeguards for Secure Data Handling

We follow GDPR and PDPA standards to ensure data security:

  • Confidential data is stored securely with encryption.

  • Access is limited to authorized personnel.

  • External data processors are bound by legal and contractual obligations.

SophroNut is registered with the UK Information Commissioner’s Office (ICO) and complies with Singapore’s PDPA registration requirements.

 

7. Retention of Records

Personal data is retained in accordance with professional association guidelines (BANT and CNHC) and Singapore’s PDPA retention policies. Data is securely destroyed after the retention period.

 

8. Website Details

Forms and Cookies

This website uses secure electronic forms and cookies for functionality and analytics. No personally identifiable information is collected through cookies. Visitors can manage cookies via browser settings. For more information, visit All About Cookies.

 

Analytics

Google Analytics is used to track site performance. Data collected is anonymized. To opt out, visit Google Analytics Opt-Out.

 

9. Complaints

If you have concerns about data use, contact claire@sophronut.com. If unresolved, you may contact:

  • UK: Information Commissioner’s Office (ICO) via 0303 123 1113.

  • Singapore: Personal Data Protection Commission (PDPC) via www.pdpc.gov.sg or 6377 3131.

 

 

This Privacy Notice reflects the commitment to comply with both UK GDPR and Singapore PDPA requirements, ensuring your personal data is handled responsibly and transparently.

WhatsApp Nutritionist Singapore
bottom of page