Privacy Policy

This website is operated by Maria Lucey Dietitian Limited, trading as Maria Lucey Dietitian (‘Company’, ‘we’, or ‘us’). The term ‘you’ refers to any user or viewer of our website and social media channels.

We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use this website, book consultations, or interact with us online.

We advise that you read this Privacy Statement to ensure that you are aware of your rights. By using this website, you are accepting the terms of this Privacy Statement. If you do not agree with, or you do not accept any aspect of the Privacy Statement, you should not use this website.

We reserve the right to change this Privacy Policy on the Website at any time without notice. In the event of a material change, we will let you know via email and/or a prominent notice on our Website.

Every time you use this website you will be bound by the most recent version of the Statement. Therefore, we recommend that you should review the Privacy Statement each time you use this website.

AT A GLANCE

• We only collect personal data needed to provide services (like consultations, payments, or newsletters).
• We never sell your data to third parties.
• You can access, update, or delete your data at any time.
• Medical records are stored securely for 8 years (or until age 21 for minors) in line with CORU standards.
• Cookies are used for website functionality and analytics — you can disable them in your browser.
• Advertising on this site is managed by Raptive, which has its own privacy notice (included below).

If you have any questions, please contact us at [email protected].

WHO WE ARE

My name is Maria Lucey, and I operate under Maria Lucey Dietitian. I am a Registered Dietitian with:

• CORÚ (Ireland) — Registration number DI019908
• Irish Nutrition and Dietetic Institute (INDI) — Member number 1449
• Bermuda Health Council — Registration number 49

We are also registered with the Data Protection Commission (DPC) in Ireland.

PRIVACY & DATA PROTECTION

We take appropriate security measures to protect your data, but please be aware that transmitting information over the internet always carries some risk and may mean that your personal information is processed by third-parties. Although we will endeavour to protect your personal data, we cannot guarantee the security of your data is transmitted to our site. Any transmission of data is at your own risk. Once we receive your personal data, we will use appropriate security measures to prevent unauthorised access.

INFORMATION WE COLLECT "PERSONAL DATA"

To deliver our services and operate this website effectively, we collect only the information that is necessary. This may include:

• Website use: IP address, browser type, date/time of access (via analytics tools).
• Cookies: Used only for site functionality and analytics (see “Cookies” section).
• Emails & Forms: Name, email, and details you provide when you contact us.
• Subscribers: Name and email (via ConvertKit, GDPR-compliant). Double opt-in is used.
• Clients: Information needed for consultations (contact details, diet/medical history, invoices). Explicit consent is obtained.
• Payments: Name, address, email, phone, and payment details (via PayPal and Stripe, both GDPR-compliant).
• View a co-branded offer. In this case, we will make clear as to who is collecting the information and whose privacy policy applies. If both / all parties are retaining the information you provide, this will also be made clear, as will links to all privacy policies.
• Comments: When visitors leave comments on the site, we collect the data shown in the comments form, the visitor’s IP address, and browser user agent string to help with spam detection. An anonymized string created from your email address (also called a hash) may be sent to the Gravatar service to check if you are using it. After approval of your comment, your profile picture is visible to the public alongside your comment. The Gravatar service privacy policy is available here: https://automattic.com/privacy/.

We are committed to protecting the security of your data. We do not require you to provide personal information unless you wish to avail of features or services on this website (such as making an appointment). Where you do send us data it will be used for the stated purpose and any other reasonable purposes only. We do not sell or distribute your personal information to third parties for purposes of allowing them to market products and services to you.

Please note that the information above (“Personal Data”) that you are giving to us is voluntarily, and by providing this information to us you are giving consent for us to use, collect and process this Personal Data.

CHILDREN'S ONLINE PRIVACY PROTECTION ACT COMPLIANCE.

We do not collect any information from anyone under 18 years of age in compliance with COPPA (Children’s Online Privacy Protection Act) and the GDPR (General Data Protection Regulation of the EU). Our Website and its content is directed to individuals who are at least 18 years old or older.

Dietetic services for minors are only provided with parental consent, and their records are stored until age 21 as required by CORU.

A NOTE ON MEDIA

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

VIEWING BY OTHERS.

Note that whenever you voluntarily make your Personal Data available for viewing by others online through this Website or its content, it may be seen, collected and used by others, and therefore, we cannot be responsible for any unauthorized or improper use of the information that you voluntarily share (i.e., sharing a comment on a blog post, posting in a Facebook group that we manage, sharing details on a group coaching call, etc.).

WHAT WE DO WITH INFORMATION WE COLLECT.

You may send us information via this website, such as through the “Contact Us”, “Book an Appointment”, “Subscribe” pages or any other area where you may send e-mails, ask us to contact you or provide feedback. By choosing to participate in these, you may need to provide us with some personal information.

This information will only be used by us for the purposes for which it was provided by you and any reasonable / relevant purposes such as to:

• Provide consultations and services (contractual necessity).
• Process payments securely.
• Send newsletters and updates (with consent).
• Run advertisements and social media campaigns (with consent).
• Meet legal, professional, and tax obligations (legitimate interest/legal requirement).
• Verification purposes and statistical analysis investigate any improper use of our products, services or the network; 
• Carry out activities necessary to the running of our business, including systems testing, network monitoring, staff training and quality control.
• We may share your information with trusted third paries such as our newsletter provider in order to contact you via email, or our merchant accounts to process payments, and Google / social media accounts in order to run advertisements and our affiliates.

DATA STORAGE & RETENTION

• General inquiries: Deleted after 1 year if no ongoing relationship.
• Medical records: Stored for 8 years (or until age 21 for minors) in line with CORU standards.
• Subscribers: Stored until you unsubscribe by the ConvertKit service which is GDPR compliant.
• Order/payment details: Stored for 10 years for tax and accounting purposes.
• Any contact I receive on social media is also handled securely and confidentially in line with the GDPR. I will delete any social media messages upon request from the individual concerned.

All data is stored securely on GDPR-compliant platforms (Practice Better, JotForm, Zoom, ConvertKit, cloud storage services).

It is important to note that we may transfer data internationally. For users in the European Union, please be aware that we transfer Personal Data outside of the European Union. By using our Website and providing us with your Personal Data, you consent to these transfers in accordance with this Privacy Policy.

CONFIDENTIALITY & SECURITY

We treat all information as confidential and secure it through:

• Password-protected devices
• Firewalls and encrypted platforms
• Restricted access only to those with a legitimate need

We may disclose information if required to do so by law or in the good-faith belief that: (1) such action is necessary to protect and defend our property or rights or those of our users or licensees, (2) to act as immediately necessary in order to protect the personal safety or rights of our users or the public, or (3) to investigate or respond to any real or perceived violation of this Privacy Policy or of our Website Disclaimer, Terms and Conditions, or any other Terms of Use or agreement with us.

COOKIES

Cookies help the website function and allow analytics tracking. We do not make use of cookies to collect any private or personally identifiable information. To learn more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. You can disable cookies in your browser. To opt out of Google Analytics tracking, visit: tools.google.com/dlpage/gaoptout.

YOUR RIGHTS

Under GDPR and other data protection laws, you have the right to:

• Access the data we hold about you
• Correct inaccuracies
• Request deletion (where legally allowed — note: medical records must be retained for 8 years)
• Withdraw consent for marketing at any time

To exercise these rights, email [email protected]. I (Maria Lucey) am the data controller and Data Protection Officer (DPO) at Maria Lucey Dietitian Limited.

We will provide you with a copy of the data held by us as soon as reasonably possible and no more than 30 days after we receive a valid request in writing.

Please be aware that we may require you to provide additional information to enable us to identify your personal data and/or to verify your identity.

THIRD PARTY SERVICES

We work with GDPR-compliant service providers to deliver our services (e.g. ConvertKit, PayPal, Stripe, Practice Better, Zoom, Raptive). These providers only access data necessary for their functions.

We are not responsible for the privacy practices of external websites linked from this site.

ANTI SPAM POLICY

We have a no spam policy and provide you with the ability to opt-out of our communications by selecting the unsubscribe link at the footer of all e-mails. We have taken the necessary steps to ensure that we are compliant with the CAN-SPAM Act of 2003 by never sending out misleading information. We will not sell, rent or share your email address.