Data Protection Policy
Policy information
Organisation
: NTA Health
Data Controller
: NTA Health (Sonia O’Donnell)
Scope of policy
This policy applies to all personal data processed and held by NTA Health in relation to clients and prospective clients. This includes data held electronically and in paper form, whether processed at home or via secure third-party systems used for client management, testing, communication, and payment processing.
Policy operational date:
10 February 2026
Policy prepared by
: Sonia (NTA Health)
Policy review date
t: his policy will be reviewed every three years, or sooner if there are material changes to data processing activities.
Introduction
Purpose of this policy NTA Health is committed to protecting the privacy and personal data of its clients. This policy sets out how personal data is collected, used, stored, and protected in accordance with UK GDPR and the Data Protection Act 2018. The aims of this policy are to comply with the law, follow good practice, protect clients, and ensure transparency around data use.
Personal data covered by this policy
Personal data processed by NTA Health may include:
– Client contact details
– Case history and health questionnaires
– Clinical test results
– Treatment and support plans
– Prescriptions and remedy recommendations
– Correspondence by email or digital platforms
– Payment and invoicing records (excluding full card details)
Special category data
Health-related information is treated as special category data and is processed with additional care and security.
Lawful basis for processing
NTA Health processes personal data under the lawful bases of: - Consent - Performance of a contract for services - Legitimate interests related to providing safe and effective complementary health support Health data is processed under explicit consent and for the provision of health-related services.
Client consent
Consent is obtained through written forms, online submissions, and explicit agreement to Terms and Conditions. Consent is ongoing and may be withdrawn at any time, subject to legal retention requirements.
Client rights
Clients have the right to: - Access their personal data - Request correction of inaccurate data - Request deletion of data (subject to legal retention obligations) - Request restriction of processing - Request data portability - Withdraw consent
Requests should be made in writing and will be responded to within statutory time limits.
Data accuracy
Reasonable steps are taken to ensure that personal data is accurate and kept up to date. Clients are encouraged to notify NTA Health of any changes to their information.
Data storage and security
Paper records are stored securely with restricted access. Electronic records are stored using password-protected systems and secure platforms that comply with GDPR requirements. Third-party processors are used only where appropriate safeguards are in place.
Data retention
Client health records are retained for a minimum of seven years in line with professional and legal requirements. After this period, data is securely destroyed or anonymised.
Data sharing
Personal data is not shared with third parties without consent, except where required by law, safeguarding obligations, or regulatory requirements. Payment processing is handled by third-party providers who operate under their own data protection policies.
International data transfers NTA Health does not routinely transfer personal data outside the UK.
Data breaches
In the event of a personal data breach, appropriate steps will be taken to contain and assess the breach. Where required, the Information Commissioner’s Office (ICO) and affected individuals will be notified within 72 hours.
Complaints
Any concerns about data protection should be raised directly with NTA Health. Clients also have the right to complain to the Information Commissioner’s Office.
ICO registration
NTA Health is registered as a Data Controller with the Information Commissioner’s Office.
Policy approval
This policy is approved by NTA Health and is effective from the date stated above.