Confidentiality, Data Protection & Record Retention Policy

1. Purpose of Confidentiality, Data Protection & Record Retention Policy

The purpose of this policy is to explain how LRV8 Nutrition collects, stores, uses, protects and retains personal data. It ensures confidentiality, compliance with UK data protection law, and safe handling of client information.

LRV8 Nutrition is committed to protecting client privacy and handling personal data responsibly and transparently. 

2. Legal Framework

This policy operates in accordance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Consumer Rights Act 2015 (where applicable)

LRV8 Nutrition acts as a Data Controller for all client data it collects. 

3. What Data is Collected

LRV8 Nutrition may collect and store:

  • Personal Identification details (name, contact details)
  • Health and lifestyle information provided by the client
  • Signed consent forms and agreements
  • Session notes and progress records
  • Communication records related to service delivery
  • Payment and invoicing records (excluding full card details)

Only data that is necessary for the provision of services is collected. 

4. Lawful Basis for Processing Data

Personal data is processed under the following lawful bases:

  • Contract – to provide agreed services
  • Consent – for health-related information
  • Legal obligation – record keeping and financial compliance
  • Legitimate interest – professional practice and management

Clients may withdraw consent at any time, subject to legal retention requirements. 

5. Confidentiality

All clients’ information is treated as confidential. 

Confidentiality will only be breached where:

  • There is a risk of serious harm to the client of others
  • Safeguarding concerns arise
  • Disclosure is required by law or court order

Where possible, clients will be informed before disclosure occurs. 

6. Data Storage and Security

Client records are stored securely using:

  • Password protected digital systems
  • Encrypted devices or secure cloud storage
  • Individual client folders with restricted access

LRV8 Nutrition takes reasonable steps to prevent:

  • Unauthorised access
  • Data loss or misuse
  • Accidental disclosure

Paper records, if used, are stored securely and kept to a minimum. 

7. Record Retention

Client records, including signed consent, forms and session notes, are retained for:

  • Six years after the end of the client relationship

This retention period aligns with UK legal and professional best practices. 

After this period:

  • Records are securely deleted
  • Digital files are permanently deleted
  • Paper record are securely destroyed 

8. Clients Rights under GDPR

Clients have the right to:

  • Access their own data
  • Request correction of inaccurate data
  • Request erasure of data (where legally permissible)
  • Restrict or object to processing
  • Data portability (where applicable)

Requests should be made in writing and will be responded to within statutory timeframes. 

9. Data Sharing

Client data is not shared with third parties except:

  • With explicit client consent
  • Where referral to a healthcare professional is appropriate
  • Where legally required

Data is never sold or used for marketing purposes without explicit consent. 

10. Data Breach Procedure

In the event of a data breach:

  • The issue will be assessed promptly
  • Appropriate steps will be taken to limit impact
  • The ICO and affected clients will be notified as required by law

All breaches are recorded and reviewed. 

11. Policy Review

This policy is reviewed annually, or sooner if legislation, services, or practice arrangements change. 

©Copyright 2026 - LRV8 Nutrition. All rights reserved.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.