Privacy Notice

This Privacy Notice explains how I collect, use, and store your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all clients, prospective clients, and visitors to my website.

Natalia Schneider, sole trader, trading as Refine Longevity, is a health coach specialising in metabolic health, longevity, and sustainable behaviour change. I am registered with the Association of Naturopathic Practitioners (ANP) and the UK International Health Coaching Association (UKIHCA). I am registered with the Information Commissioner's Office (ICO). Registration number: ZC121694.

I am the data controller for the personal information I collect and process in the course of providing my professional services.

To provide safe and effective care, I may collect the following types of information:

• Personal details (name, address, contact details, date of birth, GP contact)
• Health and medical history, symptoms, and relevant test results
• Information about diet, lifestyle, medication, supplements, and goals
• Consultation notes and correspondence
• Payment details (processed securely via Stripe)
• Website usage data (via cookies, if applicable)

I process your personal data under the following lawful bases:

• Contract: to provide you with agreed health coaching services
• Legitimate interests: to maintain records and manage my business safely and professionally
• Consent: for processing sensitive (special category) health information. You may withdraw your consent at any time
• Legal obligation: to comply with legal or insurance record-keeping requirements

Special categories of data include race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, and sexual orientation.

I may hold special category data for the purpose of provision of direct healthcare.

I process your data under the following articles of General Data Protection Regulation:

• Article 6(1)(b) — Contract: to provide professional services requested by you
• Article 9(2)(h) — Provision of healthcare: processing necessary for health and treatment purposes

Your information is used to:

• Provide safe and effective care
• Assess suitability of personalised health advice
• Communicate with you about your care
• Keep accurate clinical records
• Process payments and manage bookings
• Meet professional, insurance, and legal obligations
• Send marketing and newsletters (subject to your consent)

I undertake at all times to protect your personal data, including any health and contact details, in a manner which is consistent with my duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. I will also take reasonable security measures to protect your personal data storage.

I may use your personal data where there is an overriding public interest in using the information, e.g. in order to safeguard an individual, or to prevent a serious crime.

Your data will never be sold or used for marketing without your explicit consent.

Your data may be shared with other parties for the following reasons if you have consented:

• To obtain functional tests (such as blood or urine)
• For booking and administrative purposes
• To companies supplying supplements or other products directly to you on my recommendation

All personal information is stored securely in:

• Password-protected devices
• Encrypted cloud storage (Google Workspace)
• Secure booking and payment platforms (TidyCal, Stripe)

All devices used for accessing client records are password protected with automatic locking enabled.

Online consultations are conducted using reputable platforms (Zoom, Google Meet) with appropriate security measures in place. Although all reasonable steps are taken to protect your information, no internet-based communication system can be guaranteed to be completely secure. If you choose to communicate via email, please be aware that standard email is not fully encrypted.

In line with professional standards and insurance requirements, clinical records are retained for:

• 7 years from the date of last consultation
• For children: until age 25 (or 26 if aged 17 at end of treatment)

After this period, records are securely deleted or destroyed. In certain cases, such as where records may be relevant to an insurance claim or legal proceeding, they may be retained for longer.

Where the client is under the age of 18, consent from a parent or legal guardian is required before any services can begin. The child remains the data subject under data protection law. Both parents may have the right to access the child's records unless there is a legal restriction or court order in place that limits this access.

I will not share your information with third parties unless:

• You have given explicit consent (for example, to share with your GP or another healthcare provider)
• Disclosure is required by law (for example, in cases of serious risk of harm)
• It is necessary for accounting or administrative purposes (e.g. my professional indemnity insurer or accountant, who are GDPR-compliant)

Under UK GDPR, you have the right to:

• Access the personal data I hold about you
• Request to move, copy or transfer your data to a third party
• Request correction of inaccurate information
• Request deletion of your data (where legally permissible)
• Restrict or object to certain forms of processing
• Withdraw consent at any time
• Lodge a complaint with the Information Commissioner's Office (ICO): www.ico.org.uk

Please note that clinical records cannot be deleted where retention is required by law, insurance, or professional standards.

Clients have the right to request access to the personal data held about them.

If a client makes a valid Subject Access Request:

• A copy of the requested information will be provided free of charge
• The information will be supplied within one month of receiving the request
• Where the request is complex or multiple requests are received, this period may be extended by up to two further months. The client will be informed within the initial one-month period if an extension is required
• If a request is manifestly unfounded or excessive, a reasonable administrative fee may be charged, or the request may be refused where legally permitted

Once a Subject Access Request has been received, the relevant records must not be altered, amended, or deleted.

Personal data will not be transferred outside the UK without appropriate safeguards in place. If data needs to be stored or processed outside the UK (for example, through certain cloud service providers), this will only occur where the country has been deemed to provide an adequate level of data protection, or appropriate safeguards (such as standard contractual clauses) are in place.

If you visit my website, cookies may be used to improve your browsing experience.

What are cookies?

Cookies are small text files placed on your device when you visit a website. They help the website function properly and may collect limited information about how visitors use the site.

Types of cookies that may be used:

• Strictly necessary cookies: Required for the website to function (e.g. security, booking systems, saving preferences). These do not require consent.
• Analytics cookies: Used to understand how visitors use the website (e.g. Google Analytics). These require your consent.
• Third-party cookies: Some external services (such as online booking systems or embedded videos) may place their own cookies.

You can manage your cookie preferences via the cookie banner on this website or through your browser settings.

More information about cookies can be found at: www.allaboutcookies.org

I may occasionally update this Privacy Notice to reflect legal or procedural changes. The latest version will always be available on this website.

Any breach of this policy or of data protection laws will be reported as soon as practically possible. I have a legal obligation to report any data breaches to the Information Commissioner's Office within 72 hours.