Privacy Notice

Nicky Keay Fitness is the trading name of Dr Nicola Keay, BA, MA, MB, BChir (Cantab), MRCP.

I, Dr Nicola Keay, hold some information about you. This document outlines how that information is used, whom I may share that information with and how I keep it secure.

1.     What I Do

I provide medical advisory services to clients to improve their health and performance through personalised lifestyle advice. I focus on the optimisation of health and preventative healthcare. Through advisory appointments, lifestyle discussion and results from investigations (including blood tests and imaging), I aim to understand the underlying causes of your health and performance issues which I will seek to address through personalised lifestyle advice.

I also offer Pilates and Ballet classes which are tailored to address personal objectives of health and performance.

2.     How I Obtain Your Personal Data

Information provided by you

You provide me with personal data in the following ways:
– Through email, over the telephone or by post
– By agreeing to my terms and conditions
– During an online advisory appointment
– Through comments, using the contact page or joining the mailing list

Data may include the following information:
– basic details such as name, address and date of birth
– contact details, including email address and mobile phone number
– details of contact I have had with you such as referrals and appointment requests
– health information including your previous medical history, dietary, lifestyle, training, supplement and medicine details, test results (including blood and imaging) and clinical notes
– GP contact information

I use this information to provide you with health advice. This means that the legal basis of my holding your personal data is for legitimate interest.

Following appointments, I retain your personal data. In this case the legal basis of my holding your personal data is for contract administration.

Information I receive from other sources

I may obtain sensitive medical information in the form of test results from biochemical testing companies or other sources that you grant me access to. I use this information to provide you with health advice. This means that the legal basis of my holding your personal data is for legitimate interest.

I may obtain sensitive information from other healthcare providers. The provision of this information is subject to you giving me your express consent. If I do not receive this consent from you, I will not be able to coordinate your health advice with that provided by other providers, which means the health advice provided by me may be less effective.

3.     How I use your personal data

I act as a data controller and data processor of your personal data to provide health advice and regarding the processing of invoices.

I undertake always to protect your personal data in a manner which is consistent with my duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. This includes taking reasonable security measures to protect your personal data storage. Personal data is retained for at least five years.

I may use your personal data where there is an overriding public interest in using the information e.g. to safeguard an individual, or to prevent a serious crime. Also, where there is a legal requirement such as a formal court order.

4.     Do I share your information with other organisations?

I will keep information about you confidential. I will only disclose your information with other third parties with your express consent, except for the following categories of third parties:
– Anyone to whom I may transfer my rights and duties under any agreement I have with you
– Any legal or crime prevention agencies and/or to satisfy any regulatory request, if I have a duty to do so or if the law allows me to do so
 – My professional indemnity organisations, for the processing of a complaint made by you

I will seek your express consent before sharing your information with your GP or other healthcare professionals.

5.     What are your rights?

You have the right to request a copy, to correct inaccuracies or to delete your personal data, with some exceptions. You also have the right to object to the processing of your personal data or ask me to stop processing information about you, where I am not required to do so by law. You do not need to give a reason to see your data.

If you would like to invoke any of the above rights, then please email to the Data Controller at . Under exceptional circumstances, some information may be withheld. I shall respond within one calendar month from the point of receiving the request and all necessary information from you.

6.     What safeguards are in place to ensure data that identifies me is secure?

I only use information that may identify you in accordance with GDPR. This requires me to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.

Within the health sector, I must also follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing health advice.

I also ensure the information I hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment such as laptops with password protection.

Dr Nicola Keay is registered with the Information Commissioner’s Office (ICO) as a data controller and collects data for a variety of purposes.

7.     Website technical details

Forms and comments

When you use the contact form on the contact page or comment on a blog, you provide your name, email address and any information you leave in the comment field. This data is given freely with your consent in order to respond to your comment or enquiry. Electronic forms used on my website have a several built-in features to help ensure privacy.


Cookies are used on my website. These are tiny pieces of information stored on your computer, to verify who you are. Cookies contain “hashed” data which encrypts personal information. Commenting on a blog creates cookies stored that are stored on your computer, so that you do not need to re-type all your information again when leaving another comment. Three cookies are set for commenters:

  • comment_author_{HASH}
  • comment_author_email_{HASH}
  • comment_author_url_{HASH}

The commenter cookies are set to expire a little under one year from the time they are set.