Privacy Policy

Last updated: 29th November 2018

This privacy policy is designed to help you understand what data we collect and how we retain and process your data. It also sets out your rights in relation to your information and who you can contact for more information or queries.

The Nightingale Trust is strongly committed to protecting your personal information. This privacy statement describes how we handle personal information collected through

We use and store your data to fulfil a contact when an interest in training is placed and for marketing when provided with your consent. You may withdraw marketing consent or restrict which channels at any time.

1. Who we are

The Nightingale Trust (collectively known as “we”, “us”, or “our” in this privacy policy) is a UK based registered charity who is committed to the educational support of nutrition nurses in NHS Trusts and medical institutions within the United Kingdom.

We have appointed a Data Privacy Manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions or want to exercise your rights as an individual, their contact details can be found below.

We are registered with the Information Commissioner’s Office (ICO), our registration number is ZA117946.

2. What data we collect

To enable us to successfully process your interest in our nutrition courses or educational support funding, we will ask you to provide the following personal details:

·       Full Name
·       Email Address
·       Postal Address
·       Telephone Number

We also collect the following data to help our site function correctly and to improve our services to you:

·       Cookies
·       Website traffic statistics
·       Anonymous site usage and user behaviour

3. How we collect your data

We use a number of different methods to collect data from and about you, including:

3.1. Direct interactions

You may give us identity and contact details when interacting with us electronically, via telephone or in person, these include

·       Requesting information regarding training via website
·       Subscribing to our newsletter
·       Requesting charity information to be sent to you
·       Entering a competition, promotion or survey

As you interact with our website, we may automatically collect technical data about your device, browsing actions and patterns. We collect this data using cookies and other similar technologies. All technical data and tracking will be collected anonymously unless otherwise stated in this policy.

3.2. Third party and publicly available sources

We may receive data about you from various third parties, with whom we partner with:

·       We work with other, related charities and health trusts 

4. How we use your data

We will only use your data when and where we require it and where the law allows us to. Most commonly for the following purposes:

·       Where we need to communicate with you for training enrolement
·       Where required by law or regulation
·       Where you consent

Where you give consent to the processing of your data, you have the right to withdraw consent at any time by contacting us on 

We use the data you provide us to successfully process and dispatch your orders and to send you relevant communications about our products and services.

The Nightingale Trust will always treat your data with respect, only collecting what we need, and we will never pass or sell your data to third-parties except to those who are vital to processing orders or to provide communications.

These are called ‘data processors’ and all companies based within the EU are bound by the relevant General Data Protection Regulations (GDPR). For those outside the EU, The Nightingale Trust have ensured they only share data with companies that are part of the EU-US Privacy Shield, which ensures that data is processed in a GDPR compliant manner.

4.1. Communications

To provide you with up to date fundraising news, activities and other relevant charity information we will share your data with communication service provider: Mailchimp.

We ensure that explicit consent is given before we send any email communication and you are free to opt out at any time.

When clicking links within our Mailchimp campaigns, we also keep track of the links clicked and products purchased. Your product purchase history may be used to improve our recommendations to you.

4.2. Feedback

We work with Trustpilot to collect and collate customer feedback to help us improve our service. When placing an order, we share order details with Trustpilot to allow a scheduled feedback reminder and to verify the feedback as a genuine purchaser.

More details can be found on Trustpilot’s Data Processing Agreement.

This data is stored securely and we will never share this data with any third-party other than with the NHS Trust laboratory that provides your results.

Occasionally we create anonymised statistical data trends based on aggregated data collected during the vitamin D testing for research and marketing purposes. No identifiable information will ever be shared, and you are free to opt-out of this profiling at any time.

5. Data retention

Unless instructed otherwise, your data will be retained for a period of 10 years after your last interaction with us.

Interactions include making a purchase, opening a marketing email, filling in a form or survey and other similar activities.

6. Cookies and tracking

Some of our pages utilise small files called “cookies” and other tracking technologies. A cookie is a small text file saved onto your device that is used to track site activity, purchase history and retain site settings.

You can block cookies and delete existing ones by changing the settings in your browser. Please visit the help section of your browser to learn how to do this. Please note, that if you do this some elements of the website may not work correctly.

6.1. Google Analytics

We use Google Analytics which makes use of cookies to define user sessions, page visits and products purchased. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports by Google Analytics to better understand website traffic and webpage usage.

6.2. Remarketing

We use Google Analytics remarketing code to log when users visit specific pages or take specific actions on our website, this allows us to provide relevant advertising through Google and third-party services to display tailored adverts on pages across the internet.

You can opt out of personalised remarketing if you wish by visiting Google’s website and updating your settings or alternatively visiting the Network Advertising Initiative’s opt-out page.

6.3. Facebook & Twitter Pixels

We use both Facebook and Twitter pixels on our site which allow us track the pages visited and items purchased by users which may be used to create personalised Facebook and Twitter remarketing ads.

The pixels also allow us to carryout conversion tracking by reporting on the actions people take after visiting our website through an ad. This helps us measure the effectiveness and improve the relevancy of our advertisements.

No personal information is contained or collected as a result of using these pixels.

6.4. Affiliates

We work with a number of specially selected affiliates who create and share content around our brand and are each provided with a unique affiliate link. When accessing through this link, we will store information about orders you have placed. The cookie will be stored on your device for 30 days, any purchases made during this period will be tracked. No identifiable information is shared.

7. Payment methods

We do not process or store credit or debit card information on internal servers. All card payments are securely processed by Virgin Money payment gateway.

8. Your legal rights

As an individual, you have the right to request:

8.1. Access – Commonly known as “Subject access request”, this allows you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

8.2. Rectification – You can update incorrect or incomplete data we hold about you, though we may ask for proof to confirm the accuracy of this new data.

8.3. Erasure – This allows you to ask us to delete or remove personal data if; it is no longer necessary in relation to the purposes for which they were collected or processed, where the personal data have been unlawfully processed or the personal data has to be erased for compliance with a legal obligation.

Where we have a legal requirement to hold data for auditing purposes (financial transaction data), we may choose to anonymise your data.

8.4. Restrict processing – You may object to processing or require a restriction of processing your personal data during the following scenarios:

·       If you want us to correct the data’s accuracy
·       Where the use of the data is unlawful but you do not wish for us to erase it
·       Where you need us to hold the data if we no longer require it as you need it to establish, exercise or defend legal claims
·       You have objected to our use of your data but we need to verify whether we have overriding legitimate basis to use it.

8.5. Data portability / transfer – You may request for us to transfer your data to a third party. We will provide your data in a csv format. This right only applies to data for which you initially provided consent – excluding purchase and transaction history.

8.6. Withdraw consent – You may withdraw consent at any time where we are relying on consent to process your personal data. If you withdraw consent, your data will still be processed where necessary to complete a contract we have entered with you. If you withdraw consent, this may impact how we provide products and services to you. We will advise if this is the case at point of withdrawal.

9. Processing requests

9.1 Fees

You will not have to pay a fee to access your personal data or exercise any other right. However, a reasonable fee may be charged if your request is clearly unfounded, repetitive or excessive. In any of these cases, we may refuse to comply with your request.

9.2. Information required

We may need you to provide further information or to prove your identity before we are able to process your request. This is a security measure to ensure that personal data is not disclosed to anyone who doesn’t have the right to receive it. We may also ask for additional information to help speed up your request.

9.3. Time limit

We will try to respond to all legitimate requests within one month. Occasionally, for additional or complex requests, this may take us longer than this but we will notify you at every stage.

10. Our Contact Details

For anything relating to your data or to exercise your rights, please email our appointed Data Privacy Manager at


You have the right to make a complaint about our data processing activities at any time to the ICO ( We would appreciate the chance to deal with your concerns before your approach the ICO, so please contact us in the first instance.