Privacy policy.

Last updated: June 2026

This Privacy Policy explains how Georgina Nicole Nutrition collects, uses, stores and protects your personal data. This policy applies to all clients and website visitors and covers obligations under both the Gibraltar General Data Protection Regulation (Gibraltar GDPR) and the UK General Data Protection Regulation (UK GDPR), as applicable depending on where you are based.

1. Data Controller

The data controller responsible for your personal data is Georgina Blackburn, trading as Georgina Nicole Nutrition.

Location: Gibraltar

Email: info@georginanicolenutrition.com

Website: www.georginanicolenutrition.com

2. Which data protection law applies to you

Georgina Nicole Nutrition is based in Gibraltar and operates under the Gibraltar GDPR and the Data Protection Act 2004, administered by the Gibraltar Regulatory Authority (GRA).

Georgina Nicole Nutrition also works with clients based in the United Kingdom. Where personal data relating to UK-based individuals is collected and processed, the UK GDPR also applies. The Gibraltar GDPR is closely aligned with the UK GDPR and the standards applied under this policy are equivalent to both frameworks. An adequacy arrangement is in place that permits the free flow of personal data between Gibraltar and the UK.

In practice, the protections described in this policy apply equally to all clients regardless of where they are based.

3. How personal data is collected and when

Personal data is collected at two points:

Discovery call booking: If you book a free 15-minute discovery call through the website, this is managed via Acuity Scheduling. Acuity will collect your name and email address in order to confirm and manage your appointment. Acuity Scheduling is a third-party platform operated by Squarespace Inc. and is subject to its own privacy policy. No payment information is collected at this stage.

Becoming a client: If you proceed to a consultation or package, your appointment and client records are managed through Wellsum, a client management platform. When booking through Wellsum, you will be asked to sign a separate GDPR consent form before any health information is collected. Payment for consultations booked through Wellsum is also processed through that platform.

In-person consultations at Body and Mind Wellness Centre: If you book and pay through Body and Mind Wellness Centre directly, your booking and payment are managed by Body and Mind. In this context, Georgina Nicole Nutrition collects only the clinical information shared during the consultation, which is stored securely in client records.

4. What personal data is collected

Depending on how you engage with Georgina Nicole Nutrition, the following data may be collected:

•  Contact information: name and email address (collected via Acuity Scheduling at the discovery call stage)

•  Health and medical information: health history, current symptoms, dietary habits, lifestyle information, medication and supplement use, test results and any other health-related information shared during consultations (collected via Wellsum consent form and during appointments)

•  Appointment records: dates, notes and correspondence relating to consultations

•  Website usage data: cookies and anonymised analytics data collected via the website (see Section 8)

Payment card details are not collected or stored at any point by Georgina Nicole Nutrition. Payment processing is handled entirely by Wellsum or by Body and Mind Wellness Centre, as applicable.

5. Why personal data is collected and the legal basis for doing so

Health and clinical information is classified as special category data under both the Gibraltar GDPR and the UK GDPR. This data is collected and processed on the following legal bases:

•  Explicit consent: consent is provided when you sign the GDPR consent form through Wellsum prior to your first consultation

•  Contractual necessity: to provide the nutrition therapy services you have engaged Georgina Nicole Nutrition for

•  Legitimate interests: to manage the practice, maintain client records and improve services

You have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

6. How your data is used

Your personal data is used to:

•  Manage and confirm appointment bookings

•  Provide nutrition therapy consultations and follow-up support

•  Prepare personalised dietary, supplement and lifestyle plans

•  Communicate with you about your health and appointments

•  Comply with professional obligations as a registered nutrition therapist

•  Improve services

7. How long your data is kept

Client health records are retained for a minimum of 7 years following the end of the working relationship, in line with professional practice guidelines. If you booked a discovery call but did not proceed to a consultation, your contact details held via Acuity Scheduling will be deleted within 12 months.

8. Third-party platforms

The following third-party platforms are used to manage bookings and client records. Each platform operates under its own privacy policy and data processing terms:

•  Acuity Scheduling (operated by Squarespace Inc.) - used for discovery call bookings via the website

•  Wellsum - used for client management, consultation bookings, consent forms and payment processing for direct clients

Your personal data is not sold, rented or traded to any third party. Where these platforms process your data on behalf of Georgina Nicole Nutrition, they do so under appropriate data processing agreements.

9. Cookies and website data

The Georgina Nicole Nutrition website is hosted on Squarespace, which uses cookies to operate the site and collect anonymised analytics data. Cookies are small text files stored on your device. You can control or disable cookies through your browser settings, though this may affect how the website functions. By continuing to use this website, you consent to the use of cookies in accordance with this policy.

10. How your data is stored and protected

Your data is stored securely using password-protected systems and encrypted communications where possible. Reasonable technical and organisational measures are taken to protect your personal data against unauthorised access, loss or disclosure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, the relevant supervisory authority will be notified within 72 hours and you will be informed as required by law.

11. Your rights

Under both the Gibraltar GDPR and the UK GDPR, you have the following rights regarding your personal data:

•  The right to access the personal data held about you

•  The right to have inaccurate data corrected

•  The right to have your data deleted (the "right to be forgotten"), subject to legal obligations to retain certain records

•  The right to restrict or object to processing of your data

•  The right to data portability

•  The right to withdraw consent at any time

To exercise any of these rights, please get in touch via [your email address]. A response will be provided within 30 days.

12. Complaints

If you have a concern about how your data is handled and are not satisfied with the response received, you have the right to lodge a complaint with the relevant supervisory authority.

If you are based in Gibraltar:

Gibraltar Regulatory Authority (GRA)

2nd Floor, Eurotowers 4, 1 Europort Road, Gibraltar

Email: info@gra.gi  |  Website: www.gra.gi

If you are based in the United Kingdom:

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Website: www.ico.org.uk  |  Helpline: 0303 123 1113

13. Changes to this policy

This Privacy Policy may be updated from time to time. Any changes will be posted on this page with an updated date at the top. It is recommended to review this policy periodically.

14. Contact

For any questions about this Privacy Policy or how your data is handled, please get in touch at:

Email: info@georginanicolenutrition.com

Website: www.georginanicolenutrition.com