GDPR & Data
Protection Policy
One Body LDN

Last Updated: January 2025

At One Body LDN, we take your privacy and data security seriously. This GDPR & Data Protection Policy explains how we collect, process, store, and protect your personal data, ensuring full compliance with the General Data Protection Regulation (GDPR) and UK Data Protection Laws.

For more details about our privacy practices, please refer to our Privacy Policy.

1. Introduction: Why This Policy Matters

We are committed to ensuring that your personal data is processed lawfully, fairly, and transparently. This policy:

✅ Explains what personal data we collect and why
✅ Clarifies your legal rights under GDPR
✅ Outlines how we protect and secure your data
✅ Provides information on how to request, update, or delete your data

By using our services or visiting our website, you agree to the terms of this policy.

2. What Personal Data We Collect

We collect and process different types of personal data, including:

🔹 Basic Information: Name, email, phone number, address, and date of birth
🔹 Medical Information: Appointment history, treatment records, and related health data
🔹 Payment Details: Bank account information (processed via third-party providers)
🔹 Marketing Preferences: Your consent for receiving promotional content
🔹 Usage Data: IP address, browser type, device identifiers, and interactions with our website

For more details on how we handle cookies and tracking technologies, visit our Cookie Policy.

3. Legal Basis for Processing Personal Data

Under GDPR, we process personal data based on one or more of the following lawful grounds:

Consent: You have provided explicit consent for specific processing activities.
Performance of a Contract: Processing is necessary to provide services you have requested.
Legal Obligation: We are required to retain certain data to comply with UK regulations.
Vital Interests: Processing is necessary to protect someone’s health or life.
Public Interest: Processing is necessary for public health, regulatory, or legal reasons.
Legitimate Interests: Processing is necessary for our business operations, provided it does not override your rights.

If you have any questions about which legal basis applies to your data, contact us.

4. How We Use Your Personal Data

We process personal data to:

📌 Provide Medical & Wellness Services – To schedule appointments, maintain medical records, and deliver high-quality care.
📌 Manage Your Account – To handle payments, customer service, and booking requests.
📌 Send Marketing & Promotional Communications – Only when you have given explicit consent.
📌 Improve Our Services & Website Performance – Using analytics tools (e.g., Google Analytics, Facebook Pixel).
📌 Comply with Legal & Regulatory Requirements – Including health and tax regulations.

We never sell or share your personal data with unauthorised third parties.

5. Your GDPR Rights

Under GDPR, you have the following rights:

🛡 Right to Access – Request a copy of the personal data we hold about you.
Right to Rectification – Correct inaccurate or incomplete data.
🗑 Right to Erasure (“Right to Be Forgotten”) – Request deletion of your data when there’s no valid reason for us to keep it.
Right to Restrict Processing – Limit how we use your data in certain cases.
🚫 Right to Object – Stop us from processing your data for marketing or legitimate interest purposes.
📤 Right to Data Portability – Request your data in a structured, digital format to transfer to another provider.
🔄 Right to Withdraw Consent – Withdraw consent at any time for data processing based on your prior approval.

How to Exercise Your Rights

You can exercise your rights free of charge by contacting us. We will respond within 30 days unless the request is complex.

If you are not satisfied with how we handle your request, you can file a complaint with the UK Information Commissioner’s Office (ICO) (See Section 9).

6. How Long We Keep Your Data

We retain personal data only as long as necessary to:

📌 Provide medical services8 years for adults, or until age 26 for minors (in line with NHS & regulatory guidelines).
📌 Fulfil legal or contractual obligations – Including tax, regulatory, and legal compliance.
📌 Defend legal claims – If a dispute arises regarding treatment or services.

After this period, your data will be securely deleted or anonymised.

If you would like your data removed sooner, please submit a data deletion request.

7. How We Protect Your Data

We implement strict technical and organisational measures to safeguard your data, including:

🔐 Encryption & Secure Storage – Data is encrypted and stored securely to prevent unauthorised access.
🛡 Access Controls – Only authorised staff can access personal data.
💻 Cybersecurity Measures – Firewalls, anti-virus software, and system monitoring.
📚 Staff Training – Employees are trained on GDPR compliance and data security protocols.
📑 Third-Party Compliance – Our partners (e.g., payment processors) adhere to GDPR and high-security standards.

While we strive for 100% security, no system is completely immune. If a data breach occurs, we will notify you immediately and take appropriate legal action.

8. Transferring Data Outside the UK & EEA

We primarily store data within the UK & European Economic Area (EEA). However, some service providers (e.g., Google, Meta) may process data outside the EEA.

To ensure GDPR compliance, we use standard contractual clauses (SCCs) and secure encryption protocols to protect data during international transfers.

If you have questions about how your data is stored, please contact us.

9. Complaints & Contacting the ICO

We aim to resolve all data protection concerns quickly and fairly. If you have a complaint, please contact us first at info@onebodyldn.com.

If you are not satisfied with our response, you have the right to file a complaint with the UK Information Commissioner’s Office (ICO):

📌 Website: https://ico.org.uk/concerns/
📍 Address: Wycliffe House, Water Lane, Wilmslow, SK9 5AF, UK

10. Contact Us

For any GDPR or data protection queries, you can reach us at:

📩 Email: info@onebodyldn.com
📍 Address: One Body LDN LTD, 5A Maltings Place, 169 Tower Bridge Road, London, SE1 3JB, UK