Privacy Policy

Version 1.0 | May 2026

This Privacy Policy explains how NICA ("we", "us") collects, uses, stores, and protects your personal information when you use our website (www.thisisnica.com) or participate in the NICA programme, delivered jointly by Nicole Mackintosh and Dr Carolyn Bond.

We take your privacy seriously and comply with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, Common Law Duty of Confidentiality, and all applicable healthcare and data protection legislation.

1. Who We Are

The NICA programme is delivered jointly by Nicole Mackintosh Ltd (Company No. 11218618), website www.thisisnica.com, email hello@thisisnica.com, and Bond Medical Consulting Ltd, which is registered with the ICO and adheres to the same data protection standards as set out in this policy.

Nicole Mackintosh Ltd and Bond Medical Consulting Ltd act as joint data controllers in respect of personal data processed in connection with the delivery of the NICA programme. Each party is independently responsible for ensuring compliance with UK GDPR in respect of the processing it carries out.

2. What Information We Collect

2.1 Personal Details

Name, address, and date of birth; contact details including email, telephone, and mobile; and next of kin details.

2.2 Health Information (Special Category Data)

The following is collected as part of delivering healthcare and coaching services: medical history and current medications; consultation notes and assessment outcomes; treatment and care plans; test results including blood tests and imaging; information shared by your GP or other healthcare professionals; and information provided in questionnaires or during sessions.

Health data is special category data under UK GDPR and is subject to additional safeguards. We will only collect and process this data with your explicit consent or where otherwise permitted by law.

2.3 Financial Information

Payment details are processed securely via third-party payment providers. We do not store full card details on our own systems.

2.4 Technical and Website Data

IP address; website usage patterns and browsing behaviour; and cookie and analytics data (see Section 10 for full details).

3. How We Collect Your Information

3.1 Directly from you: when you contact us via the website, telephone, email, or any other means; when you register for the NICA programme; during consultations and coaching sessions; through questionnaires and health assessments; when you make payments; and when you opt in to marketing communications.

3.2 From other healthcare providers, with your consent: your GP, specialists or consultants, and other clinicians involved in your care.

3.3 Automatically: when you use our website, through cookies and analytics tools (see Section 10).

4. Legal Basis for Processing

We are required under UK GDPR to identify a lawful basis for processing your personal data, and an additional condition for processing special category health data.

Delivering clinical care: standard data basis is performance of contract; health data basis is Article 9(2)(h), healthcare provision.

Coordinating care between practitioners: standard data basis is legitimate interests; health data basis is Article 9(2)(h), healthcare provision.

Maintaining clinical records: standard data basis is legal obligation; health data basis is Article 9(2)(h), healthcare provision.

Processing payments: standard data basis is performance of contract; health data not applicable.

Marketing communications: standard data basis is consent or soft opt-in; health data not applicable.

Clinical audit and quality monitoring: standard data basis is legitimate interests; health data basis is Article 9(2)(j), public interest in health.

Safeguarding and legal obligations: standard data basis is legal obligation; health data basis is Article 9(2)(c), vital interests.

Website analytics: standard data basis is legitimate interests; health data not applicable.

5. How We Use Your Information

5.1 Direct Care: delivering the NICA programme including the Bredesen Protocol framework; clinical interpretation and personalised recommendations; coaching, behavioural change support, and cognitive optimisation; and sharing relevant information between Nicole Mackintosh and Dr Carolyn Bond as co-practitioners in your care.

5.2 Clinical Governance: clinical audit and quality monitoring; and service improvement and development.

5.3 Legal and Regulatory Requirements: safeguarding adults or children at risk; preventing serious harm; and responding to lawful requests from regulatory authorities or courts.

5.4 Communications: appointment reminders by email, SMS, or telephone; programme updates and health-related information; and marketing communications, only with your consent or soft opt-in.

You may opt out of marketing at any time by contacting us at hello@thisisnica.com or using the unsubscribe link in any marketing email.

6. How Long We Keep Your Information

We retain your data only for as long as necessary to fulfil the purposes set out in this policy, or as required by law.

Adult clinical records are retained for 8 years from the date of the last entry. Records relating to children are retained until the patient's 25th birthday, or 26th if the young person was 17 at the conclusion of treatment. Financial and payment records are retained for 6 years for tax and legal compliance purposes. Marketing consent records are retained until consent is withdrawn, then for a further year. Website analytics data is retained as configured in analytics platform settings, typically 26 months.

Backup copies may persist on secure archival media for legal, tax, or regulatory purposes beyond these periods.

7. Who We Share Your Information With

We only share your information where it is necessary and lawful to do so.

7.1 We may share data with: co-practitioners involved directly in your care, with your knowledge and where required your consent; your GP or other healthcare professionals, with your consent; third-party payment processors to facilitate secure transactions; professional advisors such as legal and accounting professionals where necessary; and regulatory bodies where we are legally required to do so.

7.2 We will not share your information for commercial purposes, with third parties for their own marketing, or without your consent unless required by law or necessary to protect your safety or the safety of others.

7.3 Exceptional Disclosure: in rare circumstances we may share information without your consent where there is a serious risk of harm to you or others, or where we are required to do so by law, for example under safeguarding legislation or a court order. We will tell you when we have done this unless doing so would itself create a risk of harm.

8. How We Protect Your Information

We use a combination of technical and organisational measures to safeguard your data, including secure password-protected systems with access restricted to authorised personnel only; SSL encryption for payment and data transmission; secure cloud-based storage with regular encrypted backups; regular staff training on confidentiality and data protection obligations; and procedures to detect, report, and respond to suspected data breaches.

We comply with the UK GDPR, Data Protection Act 2018, Common Law Duty of Confidentiality, Human Rights Act 1998, and Health and Social Care Act 2015.

If you suspect any misuse, loss, or unauthorised access to your data, please contact us immediately at hello@thisisnica.com.

9. Your Rights

Under UK GDPR you have the right to access a copy of the information we hold about you; to have inaccurate or incomplete data corrected; to request deletion of your data, subject to our legal obligations; to restrict how we use your data in certain circumstances; to request that we transfer your data to another provider; to object to our use of your data including for legitimate interests or direct marketing; and to withdraw consent at any time where consent is the basis for processing, without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at hello@thisisnica.com. We will respond within one calendar month.

If you are not satisfied with how we handle your data or a complaint you have raised, you may refer the matter to the Information Commissioner's Office at https://ico.org.uk/

10. Cookies

Our website uses cookies to improve your experience and help us understand how the site is used. Cookies are small text files placed on your device when you visit our website.

Essential cookies are necessary for the website to function, for example session management and security, and cannot be disabled. Analytics cookies help us understand visitor behaviour and improve the website, for example through Google Analytics, and are only placed with your consent. Functional cookies remember your preferences and settings to improve your experience.

When you first visit our website you will be asked to consent to non-essential cookies via our cookie banner. You can change your preferences at any time through your browser settings or via our cookie management tool on the website.

For more information on managing cookies, visit www.aboutcookies.org or www.allaboutcookies.org.

11. Your Right to Opt Out

You may opt out of marketing communications; use of your data for clinical audit or service improvement, unless we are legally required to process it; and information sharing with other healthcare providers, though this may affect the care we are able to provide.

Where opting out may affect your care or our ability to meet legal obligations, we will explain the implications clearly before actioning your request.

12. Keeping Your Information Up to Date

It is important that the information we hold about you is accurate and current. Please notify us promptly if your name, address, contact details, or GP details change. You can update your information by contacting us at hello@thisisnica.com.

13. External Links

Our website may contain links to external websites. We are not responsible for the privacy practices or content of those sites. We recommend you read their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in the law or our services. The latest version will always be available at www.thisisnica.com. Where changes are material we will notify you by email or a prominent notice on our website. Continued use of our services following notification constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at hello@thisisnica.com, visit www.thisisnica.com,