Privacy Policy

Wellthy Clinic Ltd

The effective date of this Privacy Policy is 9th October 2023

Your Privacy is important to us.

Your Privacy and Personal Data are very important. We believe in maintaining the highest standards for all personal data protection and complying with all data protection legislation and best business practices.

This Policy explains how we collect, process, store and protect your data.

We own and operate the website, which gathers important information from visitors and customers.

This Policy specifically applies to our business and services, online or at our clinic, clients, instructors and therapists and any other organisation or individual using our services.

Compliance with the law

Our Privacy Policy aims to comply with the UK Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation 2018 (GDPR).

We have divided this Policy into six sections to make it easier for you to find the information you need.

  1. Information, who we are and what our obligations are. 

  2. Disclosure: who collects your data and what is collected.

  3. Purpose and legal basis: why we collect your data and information, how we use it, and our legal basis for processing your data.

  4. Security: how we keep your data safe and how we store it.

  5. Access: how you access your data, change or edit it, and your data protection rights.

  6. Accountability: how you can correct your data and contact the person responsible for overseeing your data.

    1. INFORMATION

Who are we?

We are: Wellthy Clinic Ltd

Registered office: Unit 28 City Business Centre, Lower Road, London, SE16 2XB

Company Number: 12411051

ICO Registration number: ZB383117

What are our responsibilities?

We provide Osteopathy, Nutrition and Pilates services online and at our clinic.

We are the data controller of personal data and may have a Data Processing Agreement with our partners and affiliates if necessary to ensure that your Data is handled appropriately, correctly, and in compliance with the law. In some cases, we may be the data processor; in this case, we will ensure that we have taken appropriate steps to safeguard your data and comply with the law.

How does this notice affect you?

This Privacy Policy will help you understand why and how we collect and process your information and how we store your information and keep it safe. This Policy also explains your rights, helping you make informed choices when browsing our website and using our services.  In addition, it covers information or personal data that could identify you and information that could not.

The law requires us to tell you about your rights, our obligations concerning the collecting processing, and how we look after your personal data. For more information on the relevant legislation, please go to www.knowyourprivacyrights.org    

Cookies

We also use cookies on our website. You will be asked for your consent to use cookies when you first visit our site, or you may refuse all but essential cookies. Please read our Cookie Policy for more information.

2. DISCLOSURE

What data do we collect?

Categories of data being processed

  • Basic identifiable data: name, email address, correspondence address, phone number, ID, and, in some cases, date of birth.

  • Certain information needed to verify your identity, e.g. to process payments

  • In some cases, we may collect data concerning your health, which is a special data category.

  • Electronic identifiable data: Cookies, IP addresses, cookies, and beacons.

  • Electronic location data: tracking technology.

  • Internet activity, e.g. browsing history, search history.

We get the categories of information listed above from the following sources.

  1. Directly from you, for example, when you give us your name and email address.

  2. Indirectly from you, for example, observing your actions on our website.

  3. In some cases, we may obtain data from third parties, for example, if they refer you to us.

We also collect the following information for business purposes.

  • Auditing

  • Detecting security incidents

  • Debugging to identify and repair errors

  • Keeping records under a legal obligation

  • Short-term uses

  • Internal research for technological development and demonstration

  • Testing or improving the quality or safety of a service

Specific Data We Collect

We also collect your information when you use our services, enter an agreement with us, choose to subscribe to a newsletter, register on our website, become a member, chat with one of our staff or representatives online or at our clinic or contact us.

We may process the personal data you provided when using our services. This data may include information about your sex, age, health, and any relevant factors to deliver our services. We gather this information directly from you. In addition, service data (i.e. from our website) may be processed to provide our services more effectively.

Special Category of data

The UK GDPR (Article 9)  highlights some types of personal data which may be more sensitive and need extra protection. In our case, data concerning health is a special category of data. Health data, for example, can include information from you, medical records or data obtained from health and fitness devices.

  • We need to process such data to provide our services and give the best, most effective, and safe treatment.

  • We will always ask for your explicit consent to collect and process health data.

  • We will only collect, process and store your data concerning health that is necessary to provide our services as health professionals.

  • We will only disclose such data to health professionals or if we have a legal obligation to do so.

  • You may have access to your health data at any time and ask us to remove it from our systems.

  • We are required to store data concerning health at a higher level of security, which includes encryption and anti-hacking measures, access only to authorised persons, and safe transfer of data within internal systems.

  • In some cases, there may be some specific exceptions where we can refuse to disclose data concerning health. Please go to https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/right-of-access/health-data/#healthdata7  for more information on this topic.

Google Analytics

Google Analytics is an analytics service which supplies statistics and basic analytical tools for search engine optimisation and marketing purposes.

Here are some examples of how Google may collect information from you.

  • Terms you search for.

  • Views and interactions with content and ads.

  • People with whom you communicate or share content.

  • Activity on third-party sites and apps that use our services.

Google may collect information about your location using your  GPS and other sensor data from your device or your IP address.

Google Analytics uses technologies to collect and store information, including cookies, pixel tags and local storage, such as browser web storage or application data caches, databases, and server logs.

However, you may opt-out at any time.

If you would like to opt out of tracking by Google Analytics on our website, you can do so here: https://tools.google.com/dlpage/gaoptout.

Please read Google's Privacy Notice if you would like more information on how they keep your data safe at: https://policies.google.com/privacy.

Third Parties

Information we obtain from third parties

Although we do not disclose your personal information to any third party unless we have stated otherwise in this Policy, we sometimes receive data that is indirectly made up of your personal information from third parties whose services we use.
No such information is personally identifiable to you.

Credit reference

To assist in combating fraud, we may share information with credit reference agencies concerning our clients or customers who instruct their credit card issuer to cancel payment without providing an acceptable reason for us to refund their money.

Payment processing

Square processes most of our payments; any international payments may be through PayPal.

For more information on how Square look after personal data, please read their Privacy Notice at: https://squareup.com/gb/en/legal/general/privacy

Or contact them at:

Squareup International Ltd.

Fumbally Square

Fumbally Lane

Dublin 8, Ireland

PayPal

We may use PayPal for international transactions, and you may read their Privacy Policy at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full?locale.x=en_GB or contact them for more information on how they look after your personal data at

Bird & Bird GDPR Representative UK,

12 New Fetter Lane,

Holburn,

London EC4A 1JP

UK

Cliniko

We use Cliniko to provide our booking system, which means that they may store your personal data in their cloud systems.

For more information on how they look after your personal data, please read their Privacy Policy at: https://www.cliniko.com/policies/privacy/

You may also contact their Data Protection Officer at dpo@cliniko.com

VeraSafe United Kingdom Ltd.

37 Albert Embankment

London SE1 7TL

United Kingdom

Squarespace

We use Squarespace for our hosting requirements. They also store data, including your personal data, obtained from our website or systems using their cloud or servers.

Because Squarespace is a US company, technically, they transfer your data to their servers or cloud in the US and are covered by the EU-U.S. Data Privacy Framework.

For more information on how Squarespace handles your data, please read their Privacy Policy. https://www.squarespace.com/privacy

Or contact them at:

Squarespace Ireland Limited

Attention: Legal - Privacy

Squarespace House

Ship Street Great

Dublin 8, D08N12C

Ireland


3. PURPOSE AND LEGAL BASIS

Under GDPR, we need a legal reason or basis to collect, process and store your personal data. This does not mean that we need your consent in every situation. We may use a different legal basis, giving us the right to process particular data.

We may process your data for the following reasons:

  1. We have a legitimate interest as our legal basis to use your data to increase the efficiency of our business and the operation of our website; to administer and manage your account and our service, compile anonymous statistical Data and analysis for use internally, request feedback and contact you about your use of our website or Services, responding to your enquiries and correspondence, resolve issues, disputes and troubleshoot problems, support for our website and services, resolve issues, disputes and troubleshooting problems, support for our website and services.

  2. Because we have an agreement to provide our Services, our legal basis for processing your Data is that it is necessary to perform that Contract. This also includes pre-contractual negotiations and after-sales care or processing of any data concerning that contract. Therefore, for Data collected and processed outside that contractual relationship, we must use a different legal basis.

  3. Data processing is necessary to send you marketing information, such as a newsletter. In this situation, consent will be our legal basis. (Article 6 (1) (a).

  4. When we need to optimise service processes for sales and after-sales care, including complaints or responding to unsolicited communication from you to which we believe you would expect a response, protecting and asserting the legal rights of any party, insuring against or obtaining professional advice that is required to manage business risk, protecting your interests where we believe we must do so. We use legitimate interest (Article 6(1)(f) GDPR) as our legal basis for processing this type of personal data.

  5. Because we may use Special Category Data concerning health, we will obtain your explicit consent as our legal basis to process such Data.

  6. In some instances, we need to archive and retain data and records to comply with the law or provide proof of transactions or facts and secure information in the event of a legal requirement to prove facts. Our legal basis for processing this type of personal data is that we have a  legal obligation (Article 6(1)(c) GDPR);

  7. It is also in our Legitimate interest as our legal basis when we use your personal data obtained by third parties. If we use Google Analytics to help provide, improve and market our service. However, in some cases, your consent may be required, for example, using third-party cookies.

  8. If there are any allegations, investigations or defences against legal claims which are our legitimate interest (Article 6(1)(f) GDPR

Your Consent

You do not always have to give your consent for us to process your personal data. For example, if you have an agreement with us, we need to be able to process your personal information so we can carry out the obligations under that contract.

However, in some cases, you must give us consent to use your data in situations where we do not have another legal basis, or it is appropriate to ask for your consent.

Information we process with your consent


Through specific actions when there is no contractual relationship between us, such as when you subscribe to our newsletter, or provide your consent to process your Personal Data  concerning your health.

You must give your consent by a clear affirmative act; for example, you can opt-in to receiving newsletters by ticking the appropriate box. We are also obliged to keep a record of your consent.

Marketing

We may like to occasionally send you information, such as newsletters by email, for which we need your consent.

If you have given us explicit permission to do so, we may also, from time to time, pass your name and contact information to selected associates whom we consider to provide services or products you would find useful.

We continue to process your information on this basis until you withdraw your consent, or we can assume that your consent no longer exists.

You may withdraw your consent at any time by instructing us via email

However, if you do so, you may be unable to use some of our websites or services.

Opt-out or unsubscribe

You may withdraw your consent for us to use your data. Or you may ask us to remove or delete your information from our systems and databases.

To unsubscribe or opt-out, email us

Information concerning children

Only children over 16 (this may vary in different jurisdictions) can consent to their data use. Therefore, we cannot ask for or process data from children under 16 without consent from someone who holds parental responsibility for the child given in writing.

If you are under 16, you may only use our website with consent from a parent or guardian.

4. SECURITY

How your Data is stored

We process your information to provide, improve, and administer our Services, sell products, communicate with you for security and fraud prevention, and comply with the law. We may also process your information for other purposes with your consent. We process your Data only when we have a valid legal reason to do so

When you give us your data, such as name and email address,

  1. We may store some of your information on specific servers or clouds we use to operate our business, such as Square or Cliniko. If you would like to learn more about how they look after your data and what security measures they have in place, please contact them directly. Furthermore, to fulfil our responsibilities under GDPR and ensure that your personal data is safe and looked after in jurisdictions that do not have adequacy status, we may have an appropriate Data Protection Addendum (DPA) in place with those companies with their servers outside the EU or UK. In all cases, we will seek to comply with the law to ensure we look after your data correctly and safely.

  1. Store in our computer system, including access to Cliniko from our mobile phones we use to operate our business, securely encrypted and only accessible by authorised representatives or staff.

Your Payments

Your payment information is never taken by us or transferred to us through our website or otherwise. Our employees and contractors never have access to it.

How long we keep your Data

If you have given consent for us to process your personal data, it will be stored until you withdraw your consent or we no longer need it.

We will keep your personal information only as long as you use our services or until our contract has finished. However, we do not delete all your Data immediately after you have used our services in case you return to use our services again. We will carefully consider how long we store your data and will only keep it if we can justify its retention.

When we no longer need your data, we will delete it from our servers and systems.

Additionally, we may be required to store specific data and information by law, which we must comply with. For example, invoices must be kept for a particular time as tax records (for example, in the UK, it is six years).

Data Encryption

We use Secure Sockets Layer (SSL) certificates to verify our identity in your browser and to encrypt any data you give us.

Whenever information is transferred between us, you can check that it is done using SSL by looking for a closed padlock symbol or other trust marks in your browser's URL bar or toolbar.

5. ACCESS

You have the following rights.

You have the following rights under the General Data Protection Regulation  (GDPR). Please contact us if you would like to exercise any of these rights.

The right of access – You have the right to ask us to give you copies of your data. (Article 15 GDPR)

The right to correct data – You have the right to ask us to correct any information you believe is inaccurate. You also have the right to ask us to complete the information you think is incomplete. (Article 16 GDPR)

The right to delete data – You have the right to ask us to delete your data. (Article 17 GDPR)

The right to limit processing – You have the right to ask us to restrict the processing of your data. (18 GDPR) For example, you can ask us to stop processing your data until you have corrected an inaccuracy.

The right to object to processing – You have the right to object to us processing your data.

The right to transfer data – You can ask us to transfer your data to another organisation or directly to you.

The right to make a complaint – You have the right to make a complaint to the Information Commissioner's Office (ICO) or the equivalent authority in your region.

Please get in touch with us if you would like to review or update the Personal Data we hold about you by sending us a request via email

We have 30 days to respond to your request. After receiving the request, we will let you know when we will provide you with the information. We may be entitled to charge a small fee for providing this information under certain circumstances, but in most cases, this will be free of charge.

Data removal

Please contact us if you want us to remove or delete your Personal Data. However, this may mean we cannot offer you our full service and products.

To protect your privacy, we will carry out identity checks to verify it is you before you can access, edit or delete your Personal Data or exercise your rights.

Changes to this privacy policy

We may make changes to this privacy policy at any time by notifying you on this page and sometimes within this App. We may send you notice using your contact details if legally and technically applicable. We strongly recommend that you check this page often and refer to the last modification date at the bottom of this page.

Third-Party Websites

We are not responsible for the privacy practices or the content of these other websites. You must check the policy statements of third-party websites with links from our website. If you access a linked site, you may disclose your personal information. You are responsible for checking how third-party websites look after your data. We have no responsibility or authority over third-party websites.

ACCOUNTABILITY

How to contact us

Please get in touch with us If you have any questions about our Privacy Policy, the Data we hold on you, or if you would like to use one of your data protection rights or to correct any inaccurate data, opt-out or cancel your consent.

Your Data is important, and we take our legal responsibilities seriously. Therefore, we are more than happy to deal with any issues or questions you may have concerning your data.

Wellthy Clinic Ltd

63 New Cavendish Street,

Marylebone,

London, W1G 7LP  
United Kingdom

Or contact us

Complaints

When we receive a complaint, we record all the information you give us.

We use that information to resolve your complaint.

If your complaint reasonably requires us to contact some other person, we may decide to give that person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter of our sole discretion as to whether we give information and, if we do, what that information is.

We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.

How to contact an appropriate authority

If you wish to make a complaint or you feel that we have not addressed your concerns satisfactorily, you have a right to lodge a complaint with the Information Commissioner's Office (ICO) at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

For more detailed information on your data protection rights, please visit the UK ICO website at https://ico.org.uk

If you do not live in the UK, you may contact the appropriate Information Commissioner's office or authority for your jurisdiction or region. You will find this information online.

This Privacy Policy was updated on 9th October 2023