Privacy Policy

When you make or attend an appointment

• personal details like your name, date of birth, and biological sex;
• contact details like your home address, email, and phone number;
• contact details for an emergency contact or next of kin; and
• insurance details you specifically provide us if you have relevant insurance.

When you use our website or social media

• your social media handle;
• your interactions with our website or social media channels;
• how you connect to our website such as what device and browser you're using, where you clicked on a link to our site from, and your IP address;
• the technical performance of our website; and
• direct messages you send to our social media channels;

When you get in touch

If you contact us directly, we collect the following information so we can help:

• the phone number you're calling from and information you give us during the call (we record all calls);
• the email address you use and the contents of your email and any attachments;
• public details from your social media profile (like Facebook, Instagram or Twitter) if you reach out to us via these platforms, and the contents of your messages or posts to us; and
• details about why you are contacting us.

Special category data

We may need to process sensitive information about customers that data protection laws call 'special category' data. We treat this data with the highest level of scrutiny to ensure we only collect the minimum amount required for us to provide safe and effective care. Even if we don't explicitly ask about it, this is information that can reveal a person's:

• genetic data;
• health;
• sex life; and
• sexual orientation.

Data protection laws say we need a second lawful basis to use special category data. This can be: explicit consent, exercising legal rights in connection with an employment relationship, protecting vital interests, establishing, defending or exercising legal claims or reasons of substantial public interest. In the following section we explain which lawful basis we rely on to use your special category data in a certain way.

Data protection laws say we need to have a lawful basis for using your personal data. At least one of the following must apply:

• Contractual duty
• Legal obligation
• Legitimate interest
• Public interest
• Vital interest
• Consent

In this section we explain which one we rely on to use your data in a certain way.

We need to use your data for a contract we have with you, or to enter into a contract with you

We use details about you to:

• consider an appropriate treatment plan;
• book an appointment;
• provide treatment to you in a safe and effective way;
• contact you regarding your treatment or upcoming appointments; and
• investigate and fix complaints and other problems;

Legal obligation

We are required by law to retain some data for a minimum period. This includes:

• health records for a minimum of 8 years after the conclusion of treatment or death;
• health records of children and young people until the patient's 25th birthday or 26th birthday if the young person was 17 at the conclusion of treatment, or 8 years after death; and

Legitimate interest

We need to use your data for our legitimate interest. This means using your data in a way you might expect us to, for a reason which is in your and/or our interest and which doesn't involve override your privacy rights.

Product development and marketing

We may ask for feedback if you’ve shown interest in or received a service from us. We do this so that we can make our products better and understand how to market them.

Security and business management

We:

• protect the rights, property, or safety of us, our customers, and others;
• carry out security and mainteance checks to make sure everything runs smoothly;
• manage our business risk and finances; and
• store backup copies in case we face a legal claim about the information;

Public interest

We record information about your health if it's necessary to protect your well-being if you are at risk, and seeking consent would be unreasonable or negatively impact our ability to help you

Vital interest

We may share information about you externally (generally with law enforcement or other healthcare providers in an emergency) if it is necessary to protect your or another person's life and you cannot consent.

Consent

We'll ask for your consent to:

• tell you about our products and services by email, phone, or post if we think they're of interest to you. You can unsubscribe from these by email or by any of the contact methods above; and
• share information about you with companies we work with when we need your permission (see 'Who we share your data with').

You can withdraw your consent to processing at any time by contacting us at the details above.

Here we mean companies that help us provide services you use and need to process details about you for this reason.

We share as little information as we can and encrypt and/or make it impossible for the recipient to identify you where possible (for example, by using a User ID rather than your name). These are:

• card processing partners;
• analytical and cybersecurity service providers;
• cloud computing, storage, networking, and software providers;
• companies that help us with functional analytics (to help us solve technical problems with our records system, for example);
• companies that help us with marketing (we won't share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can opt out any time);
• software companies that we use to email you, or for processing and storing emails with you;
• your emergency contact in the event of an emergency occurring;
• companies that print written statements and notices; and
• companies that manage our CCTV and security if you visit our clinics.

Anyone you give us permission to share it with

We tell you when we need your consent to share your data with:

• other customers who you wish to book joint appointments with using our couples' treatment plan;
• other healthcare providers; and
• people you've asked to represent such as a solicitor.

Law enforcement and other external parties

We may share information about you with:

• the police, courts or dispute resolution bodies if we have to;
• local health authorities, such as Adult Social Services, to safeguard your wellbeing; and
• any other third parties where necessary to meet our legal obligations.

We also may share your details with our governing bodies if required.

Debt purchasers

If you default on any payments owed to us, we may share your contact details with debt purchasers who can help you manage your debt. Any debt purchasers we work with are regulated by the FCA.

We'll keep your information for 8 years after you last receive treatment from us, in case we need to respond to a legal claim. In some circumstances, like cases of medical negligence, we may keep your data linger if we need to (that's in our legitimate interest) and/or the law says we have to.

To work out how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.

We may collect information about you when

• you use our website, or you interact with our social media pages;
• you are named as an emergency contact; and
• you contact us.

The information we might collect and hold about you includes;

• your name;
• your date of birth;
• your contact details, such as your email address, phone number, and address;
• your cookie and tracking preferences;
• interactions you've had with us; and
• your social media handles and posts;

Our reasons for using special category information

We may need to process sensitive information about customers that data protection laws call 'special category' data. We treat this data with the highest level of scrutiny to ensure we only collect the minimum amount required for us to provide safe and effective care. Even if we don't explicitly ask about it, this is information that can reveal a person's:

• genetic data;
• health;
• sex life; and
• sexual orientation.

Data protection laws say we need a second lawful basis to use special category data. This can be: explicit consent, exercising legal rights in connection with an employment relationship, protecting vital interests, establishing, defending or exercising legal claims or reasons of substantial public interest. In the following section we explain which lawful basis we rely on to use your special category data in a certain way.

Data protection laws say we need to have a lawful basis for using your personal data. At least one of the following must apply: contractual or legal duty, legitimate interest, public interest, vital individual interest or consent.

We need to use your data for a contract

• to provide treatment;
• to send you receipts of your payment;
• to help you with your queries; and
• to ensure you are talking to the right person.

We need to use your data to comply with the law

• confirm your identity when you get in touch; and
• keep records of information we hold about you in line with legal requirements.

When it’s in our ‘legitimate interest’

We need to use your data for our legitimate interests or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which doesn’t involve overriding your rights.

• analytics;
• product service development;
• tell you about products and services through channels such as social media;
• may ask for feedback if you’ve shown interest in a service; and
• to test third party services.

When you give us your consent

• to share your story; and
• to answer any surveys, take part in research or prize draws

You can withdraw your consent to processing at any time by contacting us at the details above.

Companies that give services to us

Here we mean companies that help us provide services and need to process details about you for this reason.

• analytical and cybersecurity service providers;
• cloud computing, storage, networking, and software providers;
• companies that help us with functional analytics (to help us solve technical problems with our website, for example);
• companies that help us with marketing (we won't share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can opt out any time);
• software companies that we use to email you, or for processing and storing emails with you.

Law enforcement and other external parties

We may share information about you with:

• the police, courts or dispute resolution bodies if we have to;
• local health authorities, such as Adult Social Services, to safeguard your wellbeing; and
• any other third parties where necessary to meet our legal obligations.

We also may share your details with our governing bodies if required.

Anyone you give us permission to share it with

• we may share your posts on social media platforms; and
• Journalists

We'll keep your information for 8 years after you last receive treatment from us, in case we need to respond to a legal claim. In some circumstances, like cases of medical negligence, we may keep your data linger if we need to (that's in our legitimate interest) and/or the law says we have to.

To work out how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.