Last updated: 10 June 2026
This policy explains what personal information we collect when you use this website or work with Dr Rebecca Hiscutt PhD, how we use it, and the rights you have over it. We handle your information in line with the UK GDPR and the Data Protection Act 2018.
The data controller is Dr Rebecca Hiscutt PhD, registered dietitian. If you have any questions about this policy or about how your information is handled, email hello@drrebeccahiscutt.com.
What we collect depends on how you use our services:
Much of what we discuss in clinic is health information, which the law treats as special category data and protects more strictly. We only process your health information with your explicit consent, and you can withdraw that consent at any time by emailing us. Withdrawing consent does not affect anything we did with your permission beforehand.
We use your personal information to:
Our lawful bases under the UK GDPR are: your consent (including explicit consent for health information), the contract between us when you book an appointment or programme, our legitimate interest in running and securing the website and the practice, and our legal obligations as a regulated healthcare professional.
If you have body composition scans with us, you may be given a private online dashboard showing your results over time. Each dashboard sits at a unique web address and is protected by a PIN we give you in person. The dashboard does not display your name or contact details. Please keep your PIN private, and let us know if you would like your dashboard taken down at any point.
We never sell your information. We share it only with the services we need to run the practice:
Each provider is contractually required to protect your information and to use it only on our instructions. We may also disclose information where the law requires it, for example in response to a court order.
Some of our providers store information outside the UK. Where that happens, the transfer is protected by safeguards recognised under UK law, such as the UK International Data Transfer Addendum or an adequacy decision.
We keep personal information only as long as we need it. Enquiry messages are deleted once the conversation has ended and no booking has followed. Clinical records are kept in line with professional record-keeping requirements for dietetic practice, then securely deleted. If you unsubscribe from email updates, we stop sending them straight away.
Under the UK GDPR you have the right to:
To exercise any of these rights, email hello@drrebeccahiscutt.com. We will respond within one month.
If you are unhappy with how we have handled your personal information, please tell us first by emailing hello@drrebeccahiscutt.com. We will acknowledge your complaint within 30 days, look into it without undue delay, and keep you updated on progress and the outcome.
You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint or on 0303 123 1113.
This website does not use advertising or analytics cookies, and we do not track you across other websites. If you open a results dashboard, your browser stores a small token for that visit so you do not have to re-enter your PIN on every page. It is removed when you close your browser.
We may update this policy from time to time. The date at the top shows when it was last changed, and we will flag significant changes prominently on the website.
Questions about this policy, or about your information? Contact us or email hello@drrebeccahiscutt.com.