Privacy Policy


Part 1: Data We Hold

Client Sensitive Data

What do we hold? We hold client date (personal information, notes, test results etc.)

Why do we hold it? To enable us to use and recall client-centred information in and around their consultations and treatments

For how long? For the period we are actively working together + 12 months

What happens next? After this period hard data (paper files) will be shredded and soft data will be deleted.

How do we tell them? Upon booking the consultation the prospective client will receive a document by email explaining this and will also be informed at the commencement of the consultation.

Who else might we share it with? No sensitive data is passed onto external contacts. Internally, information may be shared with Melanie Brown associates working directly with the client. For the purposes of on-going CPD, anonymised client data may be shared with a coaching supervisor or the professional bodies of which Melanie Brown is a member

Client Contact Details

What do we hold? We retain client email addresses.

Why do we hold it? To enable me to contact clients regarding their work with me should that be necessary.

For how long? For the period of 8 years.

What happens next? Nothing, unless there is a request to the contrary, in which case we shall comply within 48 hours.

How do we tell them? I inform clients at the commencement of our consultation. Our privacy policy is referenced in our terms of business upon the booking of a consultation and is published on our website

Who else might we share it with? No information is passed onto external contacts. With permission from the client, names, phone numbers or email addresses will be included for referrals from me to internal contacts involved in the care of the client.

Part 2: How do we hold data?

Our digital data is held securely on password-protected computers backed up digitally. Our paperwork is held in locked cabinets.

Part 3: Response Strategy

We will do everything possible to avoid or minimise the impact of any breach of privacy. In the unlikely event of a breach then we commit to:

Within 72 hours, contacting the person whose details have been compromised to inform them of of the nature of the breach informing

  • of the information that may have been compromised
  • of the actions we are taking
  • of how we will keep them up to date

Where appropriate, inform the Information Commissioner’s Office (ICO) of the same.

Part 4: External Parties

All Melanie Brown Nutrition associate consultants/coaches are required to confirm that they are GDPR compliant before working with any client data.

Part 5: Changes to this Policy

We reserve the right to change this Privacy Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the website and will be communicated via email to all affected parties.

Part 6: How to contact us

Everyone has the right to “be forgotten”, to be able to have their information updated and to see what we hold that relates to them. Should anyone need to contact us regarding any of the above or any matter relating to GDPR, we can be contacted on We commit to reply promptly but certainly within one week.