Free shipping on all orders over €65
Closed for orders 24th to 29th December, 31st December, and 1st January. Open 30th December and reopening 2nd Jan 2025

Understanding histamine and immune health

Experts in supporting those with immune imbalances and histamine related conditions to address their histamine overload and balance their immune response

How we can help

Functional Testing Nutrition Lifestyle Modification Supplements Underlying drivers of behaviour Compassion
We are experts in personalised functional support that places our clients at the heart, and optimises all aspects of physical, mental emotional and spiritual function rather that just addressing symptoms. Our functional medicine practitioners are experts in supporting those with various health conditions from brain health concerns, chronic digestive conditions, skin conditions, allergies and autoimmune diseases. We work to bring your body back to balance through a number of modalities including nutrition, targeted supplementation, lifestyle changes, and compassion for the psychological and autonomic root causes of illness.

The Support You Need

What is Functional Medicine?

Functional Medicine looks at the body and mind holistically rather than treating them as separate from each other.
The Functional Medicine approach aims to investigate and address root causes of chronic disease and ill-health. These can and often are, multifactorial for every individual. The goal is to alleviate symptoms then seek out and address root causes, optimise diet, lifestyle and nutrient status and support mental, emotional and physical health. We spend time with our clients, listening to their story. We work in partnership to understand how their illness may have developed, while empowering them not just for our time working together, but for life.

Take action for your health

Contact Us

We deliver from our warehouse in Wexford Our clinic is based online and in person in Rathgar in Dublin
Our address
Orwelllness 10A Orwell Rd, Dublin 6, D06 N526
Opening hours
Product orders: Mon to Fri 9am-5pm Clinic : Tuesdays 10am to 5pm Thursdays 12noon to 8pm

Terms & Conditions

What information do we collect? We collect your name, email address, address, phone number etc. for admin and marketing purposes which will be done according to your wishes and in accordance with the law. At times we may ask to collect more information, we will ask for your approval before doing so and give you the choice to opt-in or out in accordance with the law. We also collect information about our users by the use of cookies. Please see below for more information about cookies. The information we collect is used for the following purposes: To fulfil orders; To collate statistical information about our website; To provide our customers with a better service and products To deliver our customers a better user experience Cookies Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. We use cookies to identify registered users automatically when they log on and also to track users as they travel through the system. You can set up your browser to reject cookies but you should be aware that this could limit your ability to use certain features on our site. For more information on cookies, how to enable or disable cookies on your computer, how they are used and how to delete them please visit www.allaboutcookies.org/cookies/. If you disable cookies you will not be able to log in to the site or add an item from the Nouveau Healthcare Store to your basket. Credit Card Details No credit card details are stored and we don’t share or lease them with any third party under any circumstances. Information gathered by us when you browse the website Although we will do all that we reasonably can to ensure that availability of our website will be uninterrupted and error free, we cannot guarantee this due to the nature of the internet. The website may also be down from time to time to allow us to maintain or repair it, or to change the services that we offer. When you visit the website to browse information that it contains, you do so anonymously unless you choose to provide us with information about yourself. If you do nothing during your visit but browse through the web site – reading pages, viewing images, for example – we will gather and store certain information about your visit automatically. This information does not identify you personally. Information gathered automatically is used for only two purposes: site management and, in the case of suspected unauthorised activity, for law enforcement and possible criminal prosecution. The following are representative of the types of information automatically collected and stored about your visit: the internet domain and Internet Protocol (IP) address from which you access our website; the type of internet browser and the operating system of the computer you use to access our website; the date and time of your visit; the pages you visit on our website; if you linked to our website from another one, the address of the other website; and, if you linked to our website from a search website, the address of that website and the search term you used. Any information that you may provide will only be shared with partners within the Knowledge4Health and Nouveau Healthcare Ltd Group. Information sent to Knowledge4Health Ltd may be shared with any other relevant businesses in order to fulfil your information needs about products or services of those other businesses and our partners in which you register an interest. Such information may include your contact details (if you have requested us to contact you in this regard). We will not pass any information to any party outside the Knowledge4Health Ltd Group and our partners. Although we reserve the right to pass your details to law enforcement agencies if required to do so by applicable law. If the ownership of Knowledge4Health Ltd is changed, or the assets of Knowledge4Health Ltd are sold we reserve the right to pass your details to the new purchaser, subject to notifying you of this as soon as is reasonably possible in the case of an asset sale. Disclaimer By accepting and purchasing our products you agree to these terms and conditions. By completing and submitting the electronic order form (or proceeding through the ‘checkout process’) you are making an offer to purchase goods which, if accepted by us, will result in a binding contract. Neither submitting an electronic order form nor completing the checkout process constitutes our acceptance of your order. By accepting to purchase our products, you agree we are not obliged to fulfil your order, and will be refunded you the full amount including any shipping or other miscellaneous charges. Your card will be debited with the sum and cost of the products when you submit and purchase our products by pressing the button within checkout. This will be refunded if your offer is refused by us if not processed or shipped by us. We will notify our customers of any pricing errors, and you agree when accepting our terms by placing an order with us, that we have the option to cancel or confirm the order at our discretion. If cancelled we will return the paid amount to you in full. Changes to our privacy policy Any changes to our privacy policy will be posted here although we may choose to email you directly or direct you to an updated policy when you visit our site if the changes are significant.
Cancellation You may cancel your order by contacting KNowledge4Health Ltd on +353 (0)897088640 or emailing us within 14 days of placing the order. If you cancel your order after we have dispatched the products you must return the products in accordance with the returns policies below, unopened and in their complete packaging, to our head office address: Knowledge4Health Ltd. Unit 2, Berry Sports Medicine Centre, Adamstown, Enniscorthy, Co Wexford. Y21 A0K8, Ireland. Returns Cancellation period is 14 days after receiving the goods. Please notify us of any returns as soon as possible or within the 14 days cancellation period. Before returning your goods, you must first email us to clarify Reason for Return. Upon acceptance of the return we will issue you with a Returns Authorisation Code. Returns must be sent to us within 14 days of the cancellation period. Please notify us of any returns via email before sending back any items and include your invoice number and returns authorisation code within the parcel. We cannot guarantee a refund or refunds may be delayed if your invoice number and authorisation code isn’t included in the parcel. Items must be unused and in all original packaging with seals intact to receive a full refund. You cannot cancel your order or demand a refund once you have opened the products health seal, or if you have used the product. We cannot accept and issue a refund for any item which is damaged. Orders will not be refunded until the items have been received and inspected by us. We will process the refund back to the original credit/debit card/PayPal account used to purchase the item. Please note we do not take any responsibility for items lost or damaged when being returned to us, to avoid problems ensure items are packed securely, keep a proof of postage receipt from the post office or send the items back to us via a tracked/recorded service which insures the value of your goods.
We provide a tracked, signed and insured delivery service for every country we deliver too. We have an in-house dedicated team of logistics experts who specialise in order fulfilment. Delivery Republic of Ireland Products will be delivered within 2-3 working days via AN Post Tracked & Signed delivery service. We offer a free delivery service on all orders above €75 We do not offer a weekend delivery service. EU member states Products will be delivered within 5-7 working days via AN Post Tracked & Signed delivery service. We offer a free delivery service on all orders above €75 We do not offer a weekend delivery service. Rest of Europe UK not included Products will be delivered within 5-7 working days DHL express shipping at a cost of £29.00 We do not offer a weekend delivery service Fur United Kingdom and USA and Canada contact our partners at www.nhinnovations.com
General Unless otherwise specified, the materials on this website are directed solely at consumers who access this website from the Republic of Ireland and the EU. Knowledge4Health Ltd. does not represent that any product referred to in the materials on this website is appropriate for use, or available, in other locations from this website. Those who choose to access this site from other locations are responsible for compliance with local laws if and to the extent local laws are applicable. Any contract between us, whether for use of the site or in relation to the purchase of products or services through the site will be governed by the laws of the Republic of Ireland and the EU and all parties submit to the non-exclusive jurisdiction of their Courts. Any contract will be communicated in English. We have taken every care in the preparation of the content of this website, however we cannot guarantee uninterrupted and totally reliable access to this website, and so therefore cannot guarantee that the information will always be completely up to date and free of mistakes. To the extent permitted by applicable law, Knowledge4Health Ltd. disclaim all warranties; express or implied, as to the accuracy of the information contained in any of the materials on this website and will accept no liability for any loss or damage arising as a result of problems with access. Knowledge4Health Ltd. shall not be liable to any person for any loss or damage, which may arise from the use of any of the information contained in any of the materials on this website. Certain (hypertext) links in this site may lead to other websites, which are not under the control of Knowledge4Health Ltd. When you activate any of these you will leave the Knowledge4Health Ltd .website and Knowledge4Health Ltd. has no control over and will accept no responsibility or liability for the material on any website which is not under the control of Knowledge4Health Ltd. We may make software owned or operated by third-party companies available to you. You must only use this software in accordance with the terms and conditions imposed by the third-party provider. The exclusions of liability set out in these terms and conditions shall not apply to any damages arising from death or personal injury caused by the negligence of Knowledge4Health Ltd., or any of their employees or agents. These terms and conditions shall be governed by and construed in accordance with EU Law. If any provision of these terms and conditions shall be unlawful, void or for any reason unenforceable then that provision shall be deemed severable and shall not affect the validity and enforceability of the remaining provisions. Knowledge4Health Ltd. reserves the right to alter these terms and conditions from time to time by posting new terms and conditions on this website. Discount, offers or special deals Please note, Knowledge4Health Ltd. is allowed to cancel or change a special offer or deal at any time. Any offers, percentage or price discounts are subject to change at the companies discretion. If a discount is applied by mistake at Knowledge4Health Ltd.'s discretion, Knowledge4Health Ltd. will refund the price paid and will notify you immediately once this has been resolved. License for using our information You are permitted to print and download extracts from our website for your own use only (and on no account for commercial purpose), provided that you do not modify any documents or their related graphics in any way; you do not use graphics separately from corresponding text; and our logo shall appear with all copies printed and downloaded. This license does not extend to the commercial use of our website, any collection or use of any product listings, descriptions of our products or services, our pricing or any access to, and downloading of details of any third party who may be identified from any of the contents of our website. You are granted a non-exclusive and revocable license to create a hyperlink to our home page. Your hyperlink must not portray Knowledge4Health Ltd., our products and services, our agents, associates and affiliates in an offensive manner, or be misleading or false. You may not use our trademarks as part of your link without our written agreement for you to do so. You acknowledge that Knowledge4Health Ltd. may terminate or suspend your right to use this website if you breach, or if Knowledge4Health Ltd. has reasonable grounds to suspect that you have breached, the provisions of these Terms of Use. Your use of the Knowledge4Health Ltd. website Apart from your personal information, which is covered by our Privacy Policy any other material that you may post to our website will be considered non-confidential and non-proprietary. Knowledge4Health Ltd. shall have no obligations with regard to such material. Knowledge4Health Ltd. shall be free to copy, disclose, distribute, incorporate and use this material and all things embedded in it for its own commercial and non-commercial purposes. When you use our website, you may not use it in any way that may be technically harmful (such as infecting it with computer viruses, logic bombs, Trojan horses, worms or any other harmful components, corrupted data, malicious or harmful software). You may not use our website for any fraudulent or illegal purpose or in connection with a criminal offence. You may not post or transmit material to, from or through our website that may be threatening, defamatory, obscene, indecent, seditious, offensive, pornographic, abusive, liable to incite racial or religious hatred, discriminatory, scandalous, inflammatory, blasphemous or that may infringe the rights of any third party. You may not cause annoyance or inconvenience to any person by using our website. Knowledge4Health Ltd. shall co-operate with any law enforcement authorities or court order requesting or directing to disclose the identity or locate anyone posting any material in breach of any of these provisions. Completing Forms on the Knowledge4Health Ltd. website If you choose to provide us with information via a form on the Knowledge4Health Ltd. website we will use that information only to complete the request specified by that form, or to update you regarding similar products and services to those purchased. If you choose to complete any Knowledge4Health Ltd. forms, we will collect your information by an automated process. We will not share your information with any external third party, other than our direct partners. This is simply to provide a better service for using our products and services. We do not create individual profiles with the information that you have provided. We will retain the information provided by you only for so long as is reasonably appropriate under the Data Protection Act 1998. Copyright Statement All content within our website and software, passwords and code used or supplied in connection with its operation is the property of Nouveau Healthcare Limited or its licensors unless stated otherwise. You expressly agree not to reproduce, duplicate, copy, sell, resell or exploit for any commercial purposes, any portion of this website or connected Nouveau Healthcare Limited websites or content, products or service made available via those sites. Disclaimer While we endeavour to ensure that the information on this Website is correct, we do not warrant the accuracy and completeness of the material on this Website. We may make changes to the material on this Website, or to the products and prices described in it, at any time without notice. The material on this Website may be out of date, and we make no commitment to update such material. Users should seek appropriate advice before proceeding on the basis of any information.
PRIVACY NOTICE Knowledge4Health Ltd. holds some information about you. This document outlines how that information is used, who we may share that information with and how we keep it secure. This notice does not provide exhaustive detail. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the info@knowledge4health.ie. We keep our Privacy Notice under regular review. This Privacy Notice was last reviewed in April 2024. 1. What We Do Knowledge4Health Ltd. provides nutritional therapy services to clients to improve their health through diet and lifestyle interventions. We focus on preventative healthcare, the optimisation of physical and mental health and chronic health conditions. Through nutritional therapy consultations, dietary and lifestyle analysis and biochemical testing, we aim to understand the underlying causes of your health issues which we will seek to address through personalised dietary therapy, nutraceutical prescription (supplements) and lifestyle advice. 2. How We Obtain Your Personal Data Information provided by you You provide us with personal data in the following ways: - By completing a nutritional therapy questionnaire - By signing a terms of engagement form - During a nutritional therapy consultation - Through email, over the telephone or by post - By taking credit card and online payment This may include the following information: - basic details such as name, address, contact details and next of kin - details of contact we have had with you such as referrals and appointment requests - health information including your previous medical history, dietary, lifestyle, supplement and medicine details, biochemical test results, clinic notes and health improvement plans - GP contact information - Bank details We use this information in order to provide you with direct healthcare. This means that the legal basis of our holding your personal data is for legitimate interest. Following completion of your healthcare we retain your personal data for the period defined by our professional association, NTOI. This enables us to process any complaint you may make. In this case the legal basis of our holding your personal data is for contract administration. Information we get from other sources We may obtain sensitive medical information in the form of test results from biochemical testing companies. We use this information in order to provide you with direct healthcare. This means that the legal basis of our holding your personal data is for legitimate interest. We may obtain sensitive information from other healthcare providers. The provision of this information is subject to you giving us your express consent. If we do not receive this consent from you, we will not be able to coordinate your healthcare with that provided by other providers which means the healthcare provided by us may be less effective. 3. How we use your personal data We act as a data controller for use of your personal data to provide direct healthcare. We also act as a controller and processor in regard to the processing of your data from third parties such as testing companies and other healthcare providers. We act as a data controller and processor in regard to the processing of credit card and online payments. We undertake at all times to protect your personal data, including any health and contact details, in a manner which is consistent with our duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data storage. We may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime. Also where there is a legal requirement such as a formal court order. We may use your data for marketing purposes such as newsletters but this would be subject to you giving us your express consent. 4. Do you share my information with other organisations? We will keep information about you confidential. We will only disclose your information with other third parties with your express consent with the exception of the following categories of third parties: - Our professional body NTOI, for the processing of a complaint made by you - Any contractors and advisors that provide a service to us or act as our agents on the understanding that they keep the information confidential - Anyone to whom we may transfer our rights and duties under any agreement we have with you - Any legal or crime prevention agencies and/or to satisfy any regulatory request, if we have a duty to do so or if the law allows us to do so. We may share your information with supplement companies and biochemical testing companies as part of providing you with direct healthcare. We will not include any sensitive information. We will seek your express consent before sharing your information with your GP or other healthcare providers. However if we believe that your life is in danger then we may pass your information onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests. We may share your case history in an anonymised form with our peers for the purpose of professional development. This may be at clinical supervision meetings, conferences, online forums, and through publishing in medical journals, trade magazines or online professional sites. We will seek your explicit consent before processing your data in this way. 5. What are your rights? Every individual has the right to see, amend, delete or have a copy, of data held that can identify you, with some exceptions. You do not need to give a reason to see your data. If you want to access your data you must make a subject access request in writing to Knowledge4Health Ltd. Under special circumstances, some information may be withheld. We shall respond within 20 working days from the point of receiving the request and all necessary information from you. Our response will include the details of the personal data we hold on you including: - Sources from which we acquired the information - The purposes of processing the information - Persons or entities with whom we are sharing the information You have the right, subject to exemptions, to ask to: • Have your information deleted • Have your information corrected or updated where it is no longer accurate • Ask us to stop processing information about you where we are not required to do so by law or in accordance with the NTOI guidelines. • Receive a copy of your personal data, which you have provided to us, in a structured, commonly used and machine readable format and have the right to transmit that data to another controller, without hindrance from us. • Object at any time to the processing of personal data concerning you We do not carry out any automated processing, which may lead to automated decision based on your personal data. If you would like to invoke any of the above rights then please write to the Data Controller at Knowledge4Health Ltd. or email info@knowledge4health.ie 6. What safeguards are in place to ensure data that identifies me is secure? We only use information that may identify you in accordance with GDPR. This requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful. Within the health sector, we also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. We will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. We also ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it). We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed. Knowledge4Health Ltd. is registered with the Data Protection Commissioner as a data controller and collects data for a variety of purposes. A copy of the registration is available through www.dataprotection.ie 7. How long do you hold confidential information for? All records held by the Knowledge4Health Ltd. will be kept for the duration specified by guidance from our professional association NTOI. 8. Website technical details a. Forms We do use electronic forms on our website making use of an available ‘forms module’ which has a number of built-in features to help ensure privacy. We also aim to use secure forms where appropriate. In compliance with EU legislation, the following table lists the use of cookies on this web site: Cookie name Purpose Eg, AcceptCookies Eg, This is used to store whether you have agreed to receive cookies. Persistent for one year. Eg, Google Analytics _utma _utmb _utmc _utmz Eg, These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Cookies are small. We do not make use of cookies to collect any private or personally identifiable information. The technical platform of this website uses cookies solely to aid the proper technical functioning of the website. The cookies used contain random strings of characters alongside minimal information about the state and session of the website – which in no way collects or discloses any personal information about you as a visitor. Advanced areas of this site may use cookies to store your presentation preferences in a purely technical fashion with no individually identifiable information. Note also our statement on analytics software below – as analytics software also uses cookies to function. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout 9. Analytics Like most websites, we make use of analytics software in order to help us understand the trends in popularity of our website and of different sections. We make no use of personally identifiable information in any of the statistical reports we use from this package. We use an analytics package called Google Analytics who provide details of their privacy policy on the Google website. 10. Complaints If you have a complaint regarding the use of your personal data then please contact us by writing to the Data Controller at Knowledge4Health Ltd. or email info@knowledge4health.ie we will do our best to help you. If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Data Protection Commissioner at www.dataprotection.ie
As part of your healthcare: Knowledge4Health.ie may share your sensitive information with third parties to support your ongoing healthcare. If we do not receive this consent from you, we will not be able to coordinate your healthcare with that provided by other providers which means the healthcare provided by us may be less effective. Please tick the appropriate boxes to confirm your consent:  I consent to my sensitive information being shared with other healthcare providers, whose details I have provided  I consent to my sensitive information being shared with my GP if appropriate You can withdraw your consent to the above at any time by emailing info@knowledgehealth.ie Marketing and information Knowledge4Health.ie would like to contact you occasionally by email with promotional offers, information on upcoming events and activities, and newsletters. Please tick the appropriate box to confirm your consent to be contacted for these purposes:  I would like to receive regular newsletters  I would like to receive promotional offers and information on upcoming events and activties You can withdraw your consent to the above communications at any time by clicking on the unsubscribe link at the bottom of the emails. Case Histories Knowledge4Health.ie seeks to continuously improve our practice through professional development, a key part of which is sharing case histories with our peers through clinical supervision, online forums and discussion groups. Your name, address and contact details will never be shared. If you are happy for us to use your data for this purpose, please tick the box below to confirm your consent:  I consent to my data being used for the purpose of professional development: Knowledge4Health.ie would like to share your case history with peers for educational purposes. This could be through conferences, lectures, online forums, and publishing in medical journals, trade magazines or online professional sites. Your name, address and contact details will never be shared. I consent to my data being used for educational purposes. Please tick the appropriate box to confirm your consent:  Conferences  Lectures  Online forums  Medical journals  Trade magazines  Online professional sites  Books You can withdraw your consent to the above at any time by emailing info@knowledge4health.ie Signature ……………………………. Date…………………………………… Print Name……………………………
DATA PROTECTION POLICY FOR NT BUSINESS Contents 1 Introduction 3 1.1 Purpose of Policy 3 1.2 Policy Statement 3 1.3 Personal Data 3 1.4 Data Protection Principles 3 1.5 Key risks 4 2 Responsibilities 4 3 Data Recording, Security and Storage 4 3.1 Data accuracy and relevance 4 3.2 Data security 4 3.3 Storing data securely 4 3.4 Data retention 5 4 Accountability and Transparency 5 5 Consent 5 6 Direct Marketing 5 7 Subject Access Requests 6 7.1 What is a subject access request? 6 7.2 How to deal with subject access requests 6 7.3 Data portability requests 6 8 Transferring data internationally 6 9 Third Parties 6 9.1 Using third party controllers and processors 6 9.2 Contracts 6 10 Reporting breaches 7   1 Introduction 1.1 Purpose of Policy needs to gather and use certain information about individuals. These can include clients, suppliers, employees and other people the organisation has a relationship with or may need to contact. This policy describes how this personal data will be collected, handled and stored to comply with the General Data Protection Regulation. 1.2 Policy Statement Knowledge4Health Ltd.is committed to a policy of protecting the rights and privacy of clients, staff and others in accordance with General Data Protection Regulation. Knowledge4Health Ltd. commits to: • comply with both the law and good practice • respect individuals’ rights • be open and honest with individuals whose data is held • provide training and support to staff who handle personal data, so that they can act confidently and consistently <delete if you don’t employ staff> • Register our details with the Data Protection Commissioner. 1.3 Personal Data Knowledge4Health Ltd.may hold data for the following purposes: - Provision of direct healthcare - Marketing and newsletters - Case histories - Staff Administration <delete if you don’t employ staff> Special categories of data included race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health and sexual orientation. Knowledge4Health Ltd. may hold special category data for the following purposes: - Provision of direct healthcare 1.4 Data Protection Principles There are six data protection principles that are core to the General Data Protection Regulation. Knowledge4Health Ltd.will make every possible effort to comply with these principles at all times in our information-handling practices. The principles are: 1) Lawful, fair and transparent Data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used. 2) Limited for its purpose Data can only be collected for a specific purpose. 3) Data minimisation Any data collected must be necessary and not excessive for its purpose. 4) Accurate The data we hold must be accurate and kept up to date. 5) Retention We cannot store data longer than necessary. 6) Integrity and confidentiality The data we hold must be kept safe and secure. 1.5 Key risks The main risks are in two key areas: • information about individuals getting into the wrong hands, through poor security or inappropriate disclosure of information • individuals being harmed through data being inaccurate or insufficient 2 Responsibilities Knowledge4Health Ltd.is the data controller for all personal data held by us and is responsible for: • Analysing and documenting the type of personal data we hold • Checking procedures to ensure they cover all the rights of the individual • Identifying the lawful basis for processing data • Ensuring consent procedures are lawful • Implementing and reviewing procedures to detect, report and investigate personal data breaches • Storing data in safe and secure ways • Assessing the risk that could be posed to individual rights and freedoms should data be compromised 3 Data Recording, Security and Storage 3.1 Data accuracy and relevance Knowledge4Health Ltd. will ensure that any personal data we process is accurate, adequate, relevant, and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this. 3.2 Data security Knowledge4Health Ltd. will keep personal data secure against loss or misuse. Where other organisations process personal data as a service on our behalf, we will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third-party organisations. 3.3 Storing data securely • In cases when data is stored on printed paper, it will be kept in a secure place where unauthorised personnel cannot access it • Printed data will be shredded when it is no longer needed • Data stored on a computer will be protected by strong passwords that are changed regularly. A password manager will be used to create and store passwords. • Data stored on CDs or memory sticks will be encrypted or password protected and locked away securely when they are not being used • Cloud services used to store personal data will be assessed for compliance with GDPR principles. An authenticator app will be used to access cloud data. • Servers containing personal data must be kept in a secure location, away from general office space • Data will be regularly backed up. • All servers containing sensitive data must be protected by security software • All possible technical measures will be put in place to keep data secure 3.4 Data retention Knowledge4Health Ltd. will retain personal data for no longer than is necessary. This shall be in accordance with the guidelines of our professional association, NTOI. 4 Accountability and Transparency Knowledge4Health Ltd. will ensure accountability and transparency in all our use of personal data. We will keep written up-to-date records of all the data processing activities that we do and ensure that they comply with each of the GDPR principles. We will regularly review our data processing activities and implement measures to ensure privacy by design including data minimisation, pseudonymisation, transparency and continuously improving security and enhanced privacy procedures. 5 Consent Knowledge4Health Ltd. will ensure that consents are specific, informed and plain English such that individuals clearly understand why their information will be collected, who it will be shared with, and the possible consequences of them agreeing or refusing the proposed use of the data. Consents will be granular to provide choice as to which data will be collected and for what purpose. We will seek explicit consent wherever possible. We will maintain an audit trail of consent by documenting details of consent received including who consented, when, how, what, if and when they withdraw consent. For online consent, we may use a cryptographic hash function to support data integrity. Alternatively we will maintain the consents information in a spreadsheet with links to the consent forms. We will regularly review consents and seek to refresh them regularly or if anything changes. 6 Direct Marketing Knowledge4Health Ltd. will comply with both data protection law and Privacy and Electronic Communication Regulations 2003 (PECR) when sending electronic marketing messages. PECR restricts the circumstances in which we can market people and other organisations by phone, text, email or other electronic means. We will seek explicit consent for direct marketing. We will provide a simple way to opt out of marketing messages and be able to respond to any complaints. 7 Subject Access Requests 7.1 What is a subject access request? An individual has the right to receive confirmation that their data is being processed, access to their personal data and supplementary information which means the information which should be provided in a privacy notice. 7.2 How to deal with subject access requests Knowledge4Health Ltd. will provide an individual with a copy of the information requested, free of charge. This will occur within one month of receipt. We endeavour to provide data subjects access to their information in commonly used electronic formats (as described in section 4.3). If complying with the request is complex or numerous, the deadline can be extended by two months, but the individual will be informed within one month. We can refuse to respond to certain requests, and can, in circumstances of the request being manifestly unfounded or excessive, charge a fee. If the request is for a large quantity of data, we can request the individual specify the information they are requesting. Once a subject access request has been made, we will not change or amend any of the data that has been requested. Doing so is a criminal offence. 7.3 Data portability requests We will provide the data requested in a structured, commonly used and machine-readable format. This would normally be a PDF file, although other formats are acceptable. We must provide this data either to the individual who has requested it, or to the data controller they have requested it be sent to within one month. 8 Transferring data internationally There are restrictions on international transfers of personal data. We will not transfer personal data abroad without express consent. 9 Third Parties 9.1 Using third party controllers and processors As a data controller and/or data processor, we will have written contracts in place with any third-party data controllers (and/or) data processors that we use. The contract will contain specific clauses which set out our and their liabilities, obligations and responsibilities. As a data controller, we will only appoint processors who can provide sufficient guarantees under GDPR and that the rights of data subjects will be respected and protected. As a data processor, we will only act on the documented instructions of a controller. We acknowledge our responsibilities as a data processor under GDPR and we will protect and respect the rights of data subjects. 9.2 Contracts Our contracts will comply with the standards set out by the Data Protection Commissioner and, where possible, follow standard contractual clauses. Our contracts with data controllers (and/or) data processors will set out the subject matter and duration of the processing, the nature and stated purpose of the processing activities, the types of personal data and categories of data subject, and the obligations and rights of the controller. 10 Reporting breaches Any breach of this policy or of data protection laws will be reported as soon as practically possible. This means as soon as we become aware of a breach. Knowledge4Health Ltd. has a legal obligation to report any data breaches to Data Protection Commissioner.