Privacy Policy

Last Updated: 6/1/25

1. Who We Are

Insight Eating Insight HEalth (“we,” “us,” or “our”) operates this website and is responsible for collecting and processing personal data in compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws.

2. Data We Collect

  • Personal Information: When you submit our referral forms, we collect personal data such as your name, contact information, date of birth, and any details necessary for us to provide therapy services.
  • Consent and Preferences: We record your explicit consent regarding how we process your data and your preferences for communication.
  • Usage Data (Cookies & Analytics): This website may use essential cookies for session management, login authentication, and ensuring the proper functionality of forms. No non-essential tracking or advertising cookies are used.

3. How We Use Your Data

  • Providing Services: We use the data you submit via our referral forms to arrange therapy sessions, conduct initial meetings, and coordinate with healthcare professionals (“HCPs”).
  • Communication: We may contact you via email or phone to confirm appointments or request additional information.
  • Legal and Compliance: We process data as required by law or to comply with legal obligations.

4. Data Sharing

  • No Advertising or Third-Party Sharing: We do not share your personal data with advertisers or unrelated third parties.
  • Healthcare Professionals: We only share your data with HCPs if and when you expressly authorize it, solely for the purpose of providing therapy services.
  • Service Providers: We may use trusted service providers (e.g., hosting platforms, backup services) who act on our behalf under strict confidentiality and data protection agreements.

5. Legal Basis for Processing

  • Consent: We rely on your explicit consent to collect and process your personal data.
  • Contractual Necessity: Processing some data is necessary for providing therapy services or fulfilling requests you have made.
  • Legitimate Interests: We may process data to maintain our website’s security and functionality.

6. Data Security

  • Encryption in Transit: All data transmitted between your browser and our server is encrypted (HTTPS/SSL/TLS).
  • Encryption at Rest: Sensitive form fields are encrypted using Gravity Forms Encrypted Fields.
  • Access Control & 2FA: Only authorized staff can access your data, and we use role-based permissions and two-factor authentication for enhanced protection.
  • Regular Backups: Encrypted backups are stored off-site in GDPR-compliant locations.

7. Data Retention

  • Retention Period: We retain personal data only as long as needed to fulfill the purposes outlined in this policy or as required by law. Once data is no longer necessary, it is securely deleted from our systems and backups.
  • Your Rights to Erasure: You may request the deletion of your data at any time if it is no longer required for legal or contractual obligations.

8. Your GDPR Rights

  • Access: You can request a copy of the personal data we hold about you.
  • Rectification: You can ask us to correct or update inaccurate or incomplete information.
  • Erasure: You can request the deletion of your data, subject to certain legal limitations.
  • Objection & Restriction: You have the right to object to or restrict certain data processing activities.
  • Data Portability: You can request to receive your personal data in a commonly used format.

To exercise any of these rights, please contact us at [Contact Email].

9. Children’s Data

  • Our services are not intended for individuals under 16 without parental consent. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently done so, please contact us to remove the data.

10. Changes to This Policy

  • We may update this Privacy Policy periodically to reflect legal changes or improvements to our services. The “Last Updated” date at the top indicates the most recent revisions.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: