Apricity Clinic is committed to protecting your privacy and ensuring the security of your personal information. This privacy notice explains how we collect, use, and safeguard your data when you visit our website or interact with our services and who we may share it with. By accessing our website and providing your personal information, you agree to the practices outlined in this privacy notice. We protect your data in line with the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This notice does not provide exhaustive detail. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to ellie@apricityclinic.co.uk. We keep our Privacy Notice under regular review. This Privacy Notice was last reviewed in January 2026.

What We Do

Apricity Clinic provides nutritional therapy services to support clients’ health and well-being through diet and lifestyle interventions. We focus on preventive healthcare, the optimisation of physical and mental health, and the management of chronic health conditions. Through nutritional therapy consultations, dietary and lifestyle analysis, and biochemical testing, we aim to understand the underlying causes of your health issues and address them through personalised dietary therapy, nutraceutical prescriptions (supplements), and lifestyle advice. In addition to individual consultations, we may also offer group workshops, courses, or other forms of nutritional and lifestyle education.

How We Obtain Your Personal Data

We use Practice Better to collect intake forms/questionnaires, store clinical notes, book appointments, send secure messages/files, and issue invoices/receipts.

Information provided by you

You provide us with personal data in the following ways:

By completing a nutritional therapy questionnaire

By signing a terms of engagement form

During a nutritional therapy consultation

Through email, over the telephone or by post

By taking credit cards and online payments

This may include the following information:

basic details such as name, address, contact details and next of kin

details of contact we have had with you, such as referrals and appointment requests

health information including your previous medical history, dietary, lifestyle, supplement and medicine details, biochemical test results, clinic notes and health improvement plans

GP contact information

payment and invoicing records (we do not store full card details)

We use this information to provide you with direct healthcare. This means that the legal basis for our processing of your personal data is that it is necessary for the performance of a contract with you (UK GDPR Article 6(1)(b)) and for our legitimate interests in operating and administering our practice (UK GDPR Article 6(1)(f)). Where we process health information (special category data), we do so for the provision of health care (UK GDPR Article 9(2)(h)).

Upon completion of your healthcare, we retain your personal data for the period defined by our professional association, BANT (British Association for Nutrition and Lifestyle Medicine), and our registrant body, CNHC (Complementary & Natural Healthcare Council). This enables us to respond to queries, process any complaint you may make, and meet legal, professional, and insurance obligations.

Information we get from other sources

We may obtain sensitive medical information, such as test results, from biochemical testing companies. We use this information to provide you with direct healthcare. This means that the legal basis for our processing of your personal data is that it is necessary for the performance of a contract with you (UK GDPR Article 6(1)(b)) and, where applicable, our legitimate interests in administering our practice (UK GDPR Article 6(1)(f)). Where we process health information (special category data), we do so for the provision of health care (UK GDPR Article 9(2)(h)).

We may obtain sensitive information from other healthcare providers. The provision of this information is subject to your giving us your express consent. If we do not receive your consent, we will not be able to coordinate your healthcare with that provided by other providers, which may make the healthcare we provide less effective.

How we use your personal data

We are the data controller for your personal data, including your health information, for the purpose of providing our services to you. We use trusted service providers (known as data processors) to help us deliver our services and manage your information securely. These processors act on our instructions and must keep your information confidential.

We always undertake to protect your personal data, including any health and contact details, in a manner consistent with our duty of professional confidence and the requirements of the UK General Data Protection Regulation (UK GDPR) regarding data protection. We will also take reasonable security measures to protect your personal data storage.

We use Practice Better (Green Patch Inc.) as our practice management system to book appointments, store client records, securely share documents, and manage communications. Practice Better acts as our data processor and uses approved sub-processors to provide the service. A list of Practice Better’s sub-processors is available via their documentation, or we can provide it on request.

Practice Better and its approved sub-processors may process and/or host information outside the UK (including Canada and/or the United States). Where this involves a transfer of personal data, we rely on appropriate safeguards such as UK-approved contractual clauses (e.g., the UK IDTA or the UK Addendum to EU Standard Contractual Clauses). Further details are available on request. Access to your record is restricted to authorised users and protected by account security controls (e.g., strong passwords and two-factor authentication where available).

We take payments through third-party payment providers. When you pay, your payment card information is processed securely by the payment provider; we do not store full card details on our systems. The payment provider may process your information for purposes such as payment processing and fraud prevention in line with their own privacy notice.

We may use your personal data where there is an overriding public interest in doing so, e.g. to safeguard an individual or to prevent a serious crime. Also, where there is a legal requirement, such as a formal court order. We may use your data for marketing purposes, such as newsletters, but this would be subject to your express consent.

Do you share my information with other organisations?

We will keep your information confidential. We will only disclose your information to other third parties with your express consent, except for the following categories of third parties:

Our registrant body, CNHC, and our professional association, BANT, for the processing of a complaint made by you

Any contractors and advisors that provide a service to us or act as our agents on the understanding that they keep the information confidential

Anyone to whom we may transfer our rights and duties under any agreement we have with you

Any legal or crime prevention agencies and/or to satisfy any regulatory request (eg, CNHC) if we have a duty to do so or if the law allows us to do so

We may share your information with supplement and biochemical testing companies to provide you with direct healthcare. Where this is necessary, we may share relevant health information and will only share the minimum information required to provide you with direct healthcare, and we will ensure it is handled securely.

We will seek your express consent before sharing your information with your GP or other healthcare providers. However, if we believe that your life is in danger, then we may pass your information onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests.

We may share your case history in an anonymised form with our peers for professional development. This may occur during clinical supervision meetings, conferences, online forums, and through publishing in medical journals, trade magazines, or online professional sites. We will seek your explicit consent before processing your data in this way where there is any reasonable possibility that you could be identified.

What are your rights?

Every individual has the right to see, amend, delete, or obtain a copy of data that can identify them, with some exceptions. You do not need to give a reason to see your data.

If you want to access your data, you must make a subject access request in writing to ellie@apricityclinic.co.uk. Under special circumstances, some information may be withheld. We shall respond within one month from the date we receive your request and all necessary information from you (this may be extended by up to two further months where requests are complex or numerous). Our response will include the details of the personal data we hold, including:

Sources from which we acquired the information

The purposes of processing the information

Persons or entities with whom we are sharing the information

You have the right, subject to exemptions, to ask to:

• Have your information deleted

• Have your information corrected or updated where it is no longer accurate

• Ask us to stop processing information about you where we are not required to do so by law or in accordance with the BANT and CNHC guidelines.

• Receive a copy of your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller, without hindrance from us.

• Object at any time to the processing of personal data concerning you.

We do not carry out any automated processing that may result in an automated decision based on your personal data. If you would like to exercise any of the above rights, please write to the Data Controller at ellie@apricityclinic.co.uk.

What safeguards are in place to ensure data that identifies me is secure?

We only use information that may identify you in accordance with UK GDPR. This requires us to process personal data only if there is a legitimate basis for doing so, and that any processing must be fair and lawful.

Within the health sector, we must also follow the common law duty of confidence, which means that identifiable information about you has been given in confidence and should be treated as confidential and shared only for the purpose of providing direct healthcare. We will protect your information, inform you of how it will be used, and allow you to decide whether and how it can be shared.

We also ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only, and protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it). We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person is processed.

Ellie Bicker is registered with the Information Commissioner’s Office (ICO) as a Data Controller and collects data for a variety of purposes. A copy of the registration is available through the ICO website (search by business name).

How long do you hold confidential information for?

All records held by the Apricity clinic will be kept for the duration specified by guidance from our professional association, BANT, and our registrant body, CNHC, and in accordance with legal and insurance requirements.

Website technical details

Our website is hosted using Canva’s website platform. The technical platform of this website uses cookies and similar technologies to ensure proper technical functioning, security, and performance. These cookies may include random strings of characters and minimal information about the website’s state and session and are not used by us to directly identify you.

We also use cookies and/or similar identifiers for analytics purposes (see section 8). We do not currently operate a cookie control tool (cookie banner) on this website. You can manage or block cookies through your browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

To opt out of Google Analytics tracking across all websites, you can use the Google Analytics opt-out browser add-on: http://tools.google.com/dlpage/gaoptout.

Analytics

Like most websites, we use analytics software to understand the popularity trends of our website and its different sections. We make no use of personally identifiable information in any of the statistical reports we use from this package.

We use an analytics package called Google Analytics. Google Analytics collects information about how visitors use the website (for example, the pages visited, time spent on pages, and interactions). This information helps us understand how the site is used and improve the website and user experience. Google provides details of its privacy policy on the Google website.

Complaints

If you have a complaint regarding the use of your personal data, please contact the Data Controller at ellie@apricityclinic.co.uk, and we will do our best to help you. If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them via the ICO website or by telephone.