Privacy Notice

This Privacy Notice explains how Paula Nacif collects, uses, and protects your personal information in compliance with the UK General Data Protection Regulation (UK GDPR). Your privacy is important, and this notice outlines your rights and how your data is managed.

1. Data Controller

Paula Nacif
Email: hello@paulanacif.com

For any data protection queries, please contact the Data Controller using the details above.

2. Information Collected

The following personal data may be collected, stored, and used:

  • Personal information: Name, email address, phone number, and date of birth.

  • Health information: Medical history, current medications, lifestyle details, treatment goals, and other health-related information shared during consultations or treatments.

  • Appointment details: Records of appointments, treatments, and communications.

  • Payment information: Payment records (note: payment card details are not stored directly by Paula Nacif).

  • Marketing preferences: Whether you opt in or out of receiving marketing emails.

Sensitive personal data, such as health information, is collected only with your explicit consent to ensure safe and effective treatment.

3. Legal Basis for Processing Data

Personal data is processed under the following lawful bases:

  • Consent: For the collection and use of health information and for marketing communications.

  • Contract: To provide services, including consultations, treatments, bookings, and follow-ups.

  • Legal obligation: To comply with legal or regulatory requirements, such as record-keeping for tax or insurance purposes.

  • Legitimate interests: To manage and improve services, respond to enquiries, and maintain continuity of care.

4. How Data Is Used

Personal data is used to:

  • Provide consultations, treatments, and follow-up care.

  • Ensure treatments are safe and tailored to individual needs.

  • Communicate appointment confirmations, reminders, changes, and other essential service-related information via the telephone number or email address you provide.

  • Maintain accurate records for legal, regulatory, and insurance purposes.

  • Send marketing communications about services, offers, or updates, where consent has been given.

5. Marketing Emails

Marketing emails may be sent to share updates, promotions, or information about services. These will only be sent if explicit consent has been provided.

You can opt in online or through online sign-up forms. You may unsubscribe at any time using the link in any marketing email or by contacting hello@paulanacif.com. Opting out of marketing will not affect your access to treatments or services.

6. Sharing of Data

Personal data is shared only when necessary and in accordance with the law:

  • With consent: Sharing information with other healthcare or wellness professionals at your request.

  • Legal obligations: Disclosure to regulatory or legal authorities when required.

  • Service providers: Trusted third-party providers who support business operations, including website hosting, appointment scheduling, and payment processing. All providers are required to comply with data protection laws.

Your data is never sold or shared for third-party marketing purposes.

7. Website, Cookies, and Third-Party Services

This website is hosted on Squarespace, which uses cookies and similar technologies to support essential site functionality, security, performance, and analytics. Some cookies are strictly necessary for the website to function and cannot be switched off.

Non-essential cookies, such as analytics or marketing cookies, are only used with your consent. When you visit this website, you can choose to accept, decline, or manage your cookie preferences via the cookie banner provided by Squarespace. You can also change your preferences at any time through your browser settings.

Appointment booking is managed through Acuity Scheduling (Squarespace). Personal details provided when booking are processed securely to manage appointments, confirmations, reminders, and related communications.

Payments are processed securely via Stripe, a third-party payment processor. Stripe processes payment card information directly and complies with applicable data protection laws. Paula Nacif does not store or have access to your full payment card details.

For more information about how these third-party providers handle data and cookies, please refer to their respective privacy policies.

8. Data Storage and Retention

Personal data is stored securely in physical and/or electronic systems protected by appropriate technical and organisational measures.

  • Health records are retained for a minimum of 8 years after the last appointment, as required by UK law.

  • Payment records are retained only as long as necessary to meet legal and accounting obligations.

9. Your Rights

Under UK GDPR, you have the right to:

  • Request access to your personal data.

  • Request correction of inaccurate or incomplete data.

  • Request erasure of data where it is no longer necessary, subject to legal requirements.

  • Restrict or object to certain types of processing.

  • Request data portability in a commonly used format.

To exercise any of these rights, please contact hello@paulanacif.com.

10. Security Measures

Appropriate technical and organisational measures are in place to protect personal data, including:

  • Secure storage systems.

  • Restricted access on a need-to-know basis.

  • Encryption and password protection for electronic records.

11. Complaints

If you have concerns about how your data is handled, please contact the Data Controller at hello@paulanacif.com. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: www.ico.org.uk
Phone: 0303 123 1113

Last updated: 18 December 2025