1. Who We Are

2. What Data We Collect

2.1 Data you provide directly

We may collect the following information when you contact us or book an appointment:

• Name and contact details (email address, phone number, postal address)
• Date of birth and basic demographic information
• Medical history, medications, allergies, and relevant health information
• Payment-related information (e.g. payment confirmations – we do not store full card details)
• Any other information you choose to provide in forms or correspondence

2.2 Data collected automatically

When you use our website we may automatically collect:

• IP address and general location (city/region level)
• Device and browser type
• Pages visited, time spent on pages, and referring sites
• Cookie data (see our Cookie Policy for more details)

3. Legal Bases for Processing

We process your personal data under the UK GDPR on the following legal bases:

• Consent – e.g. when you opt in to receive marketing emails.
• Contract – to provide consultations and treatments you have booked.
• Legal obligation – to meet regulatory or tax requirements.
• Legitimate interests – e.g. to improve our services and protect our clinic from fraud.
• Provision of healthcare – for processing health data as part of delivering safe medical care.

4. How We Use Your Data

We use your personal data to:

• Arrange and manage consultations and treatments
• Assess your suitability for treatment and maintain accurate clinical records
• Respond to enquiries and customer service requests
• Send appointment reminders and important service messages
• Process payments and manage accounts
• Comply with legal, regulatory, and clinical governance requirements
• Improve our website and services through anonymised analytics
• Send occasional marketing communications (only where you have consented)

5. Sharing Your Data

We do not sell your data. We may share your data with:

• Healthcare professionals involved in your care within our clinic
• IT, hosting, and practice management providers who support our systems
• Payment processors and banks (for payment purposes)
• Regulators, insurers, or legal advisers where we are required to do so by law

Where third parties process data on our behalf, they are required to keep it secure and only process it according to our instructions.

6. International Transfers

If any of our service providers transfer data outside the UK, we will ensure that appropriate safeguards (such as UK-approved standard contractual clauses) are in place.

7. Data Retention

We keep your data only for as long as necessary for the purposes described in this policy and in accordance with professional and legal requirements:

• Clinical records are typically retained for a minimum period required by medical regulators.
• Enquiry and non-clinical data are usually retained for a shorter period, unless needed for legal reasons.

8. Your Rights

Under UK data protection law you have the right to:

• Access a copy of your personal data
• Request correction of inaccurate or incomplete data
• Request deletion of your data (where applicable)
• Restrict or object to certain types of processing
• Withdraw consent where processing is based on consent
• Data portability (where applicable)

To exercise these rights, please contact us at info@healing-prp.co.uk. We may need to verify your identity before responding to your request.

9. Marketing Communications

If you have opted in, we may send you occasional emails or messages about clinic updates, new treatments, or special offers. You can unsubscribe at any time by using the link in the email or by contacting us.

10. Security

We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or misuse. However, no system is fully secure and we cannot guarantee absolute security of information transmitted over the internet.

11. Cookies

Our website uses cookies and similar technologies. For more information, please see our Cookie Policy.

12. Contact and Complaints

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact:

You also have the right to complain to the UK Information Commissioner's Office (ICO) if you are unhappy with how we use your data: https://ico.org.uk.