privacy policy

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the
following conditions. The following definitions shall have the same meaning regardless of
whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access our Service or parts of our Service.
Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to One Body LDN LTD, 109, Maltings Place.
For the purpose of the GDPR, the Company is the Data Controller.
Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
Country refers to: United Kingdom
Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
Device means any device that can access the Service such as a computer, a  ellphone or a digital tablet.
Personal Data is any information that relates to an identified or identifiable individual.
For the purposes of GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, hysiological, genetic, mental, economic, cultural or social identity.
Service refers to the Website.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the
Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Website refers to One Body LDN, accessible from www.onebodyldn.com
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:
Email address
First name and last name
Phone number
Address, State, Province, ZIP/Postal code, City
Bank account information in order to pay for products and/or services within the Service
Usage Data
When You pay for a product and/or a service via bank transfer, We may ask You to provide information to facilitate this transaction and to verify Your identity. Such information may include, without limitation:

Usage Data

Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Information from Third-Party Social Media Services

The Company allows You to create an account and log in to use the Service through the following Third-party Social Media Services:

If You decide to register through or otherwise grant us access to a Third-Party Social Media Service, We may collect Personal data that is already associated with Your Third-Party Social Media Service’s account, such as Your name, Your email address, Your activities or Your contact list associated with that account.
You may also have the option of sharing additional information with the Company through Your Third-Party Social Media Service’s account. If You choose to provide such information and Personal Data, during registration or otherwise, You are giving the Company permission to use, share, and store it in a manner consistent with this Privacy Policy.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking  echnologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. You can learn more about cookies here: Cookies by TermsFeed Generator.
We use both Session and Persistent Cookies for the purposes set out below:
Necessary / Essential Cookies
Type: Session Cookies
Administered by: Us
Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
Functionality Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
Tracking and Performance Cookies
Type: Persistent Cookies
Administered by: Third-Parties
Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated
with the device you use to access the Website. We may also use these Cookies to test new pages, features or new functionality of the Website to see how our users react to them.
For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

We may share Your personal information in the following situations:

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.
Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.
The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Detailed Information on the Processing of Your Personal Data

The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their Privacy Policies.

Analytics

We may use third-party Service providers to monitor and analyze the use of our Service.
Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google
Privacy & Terms web page: https://policies.google.com/privacy

Email Marketing

We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.
We may use Email Marketing Service Providers to manage and send emails to You.
Active Campaign
Their Privacy Policy can be viewed at https://www.activecampaign.com/legal/
privacy-policy

Payments

We may provide paid products and/or services within the Service. In that case, we may use third-party services for payment processing (e.g. payment processors).
We will not store or collect Your payment card details. That information is provided directly to Our third-party payment processors whose use of Your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
Stripe
Their Privacy Policy can be viewed at https://stripe.com/us/privacy
PayPal
Their Privacy Policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full
Elavon
Their Privacy Policy can be viewed at https://www.elavon.com/privacy-pledge.html
When You use Our Service to pay a product and/or service via bank transfer, We may ask You to provide information to facilitate this transaction and to verify Your identity.

Behavioral Remarketing

The Company uses remarketing services to advertise to You after You accessed or visited our Service. We and Our third-party vendors use cookies and non-cookie technologies to help Us recognize Your Device and understand how You use our Service so that We can improve our Service to reflect Your interests and serve You advertisements that are likely to be of more interest to You.
These third-party vendors collect, store, use, process and transfer information about Your
activity on Our Service in accordance with their Privacy Policies and to enable Us to:

Some of these third-party vendors may use non-cookie technologies that may not be impacted by browser settings that block cookies. Your browser may not permit You to block such technologies. You can use the following third-party tools to decline the collection and use of information for the purpose of serving You interest-based advertising:

You may opt-out of all personalized advertising by enabling privacy features on Your mobile device such as Limit Ad Tracking (iOS) and Opt Out of Ads Personalization (Android). See Your mobile device Help system for more information.
We may share information, such as hashed email addresses (if available) or other online identifiers collected on Our Service with these third-party vendors. This allows Our thirdparty vendors to recognize and deliver You ads across devices and browsers. To read more about the technologies used by these third-party vendors and their cross-device capabilities please refer to the Privacy Policy of each vendor listed below.
The third-party vendors We use are:
Google Ads (AdWords)
Google Ads (AdWords) remarketing service is provided by Google Inc.
You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads
Google also recommends installing the Google Analytics Opt-out Browser Add-on –
https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy
Facebook
Facebook remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/516147308587266
To opt-out from Facebook’s interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using
your mobile device settings.
For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation

Apollo.io Email Policy

In our efforts to promote our services and reach out to potential clients or partners, we might utilize Apollo.io, a third-party service provider, to send out cold emails.

  1. Data Collection and Usage: Apollo.io uses publicly available data. The information collected usually includes the full name, professional title, professional email address, company name, and LinkedIn profile. We use this data solely for the purpose of sending helpful or informative emails.
  2. Recipient’s Rights: If you have received an email from us and you are not interested in our services, you have the right to opt-out. Each email sent via Apollo.io includes an ‘unsubscribe’ link at the bottom. Clicking this link will remove your email address from our engagement list, and you will no longer receive emails.
  3. Data Protection: We respect the confidentiality and integrity of your personal data. Apollo.io implements high standard security measures to protect your data from unauthorized access, disclosure, alteration, or destruction.
  4. Third-Party Services: Apollo.io may use various third-party services to provide its functionality. These third parties have their own privacy policies, and we do not accept any responsibility or liability for their policies or processing of your personal information.
  5. Updates: We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you understand any changes to this policy.

GDPR Privacy

Legal Basis for Processing Personal Data under GDPR

We may process Personal Data under the following conditions:

In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Your Rights under the GDPR

The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.
You have the right under this Privacy Policy, and by law if You are within the EU, to:

Exercising of Your GDPR Data Protection Rights

You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, We will try our best to respond to You as soon as possible.
You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.

About our Privacy Notice

One Body LDN LTD is committed to protecting your privacy and legal rights when dealing with your personal information. This Privacy Notice intends to provide clear and understandable details about the information we collect about you (or anyone you have provided us with information about, e.g. your child), how we use and protect it. It also provides information about your rights that relate to the data we process.

If you have any queries about this Privacy Notice, if you are not sure what something means, or if you wish to contact us about personal information we hold, please email us at: info@onebodyldn.com

The right to object

You have the right to object to processing of your data, if processing of your data is based on legitimate interests, or if processing is being used for direct marketing. The definition of ‘legitimate interests’ is discussed within this Privacy Notice. Please contact us in the first instance if you wish to object.

Definitions of terms within this Privacy Notice

‘we’, our’, ‘us’, ‘Company’ is a direct reference to One Body LDN LTD

‘services’ means health care related services provided by us, as defined in ‘Scope of healthcare services’

GDPR means EU General Data Protection Regulations that come into force on May 25th 2018.

ICO means the Information Commissioner’s Office and will also refer to any successor to it as the UK data protection authority.

Data Protection Laws means the Act, GDPR, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection Directive (2002/58/EC), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) and all applicable laws and regulations relating to the processing of personal data and privacy, including where applicable the guidance and codes of practice issued by the ICO or any other supervisory authority, and the equivalent of any of the foregoing in any relevant jurisdiction.

Data Controller, Data Processor, Data Subject and Personal Data all have the meaning given

to them in the Act and GDPR.

Website or site means the Company’s website at https://www.onebodyldn.com

‘patient’ or ‘patients’ means people who attend our clinic or intend to use our services

‘patient or patient’s data’ means either Personal Data or Special Category data, as defined by the GDPR.

‘personal information’ means either Personal Data or Special Category data, as defined by the GDPR.

Privacy Notice scope

This Privacy Notice will apply to any person (also known as a ‘data subject’) who enquires about, uses or purchases our services. Please see the section ‘Scope of Health Care Services’ for more information.

It also applies if you communicate with us in any manner, for the purpose of discussing current or past use of our services.

You may be reading a printed version of our Privacy Notice, which may not be the latest version. Please view the current Privacy Notice on our website, or contact us using the contact details at the beginning of this Privacy Notice to request a copy of the Privacy Notice via email.

Scope of Health Care Services

One Body LDN LTD provides the following health care services.

  • Physiotherapy
  • Sports Massage
  • Acupuncture
  • Osteopathy

Securing your personal information

Data protection laws require us to take appropriate technical and organisational measures to prevent unlawful access or processing of personal information, that the Data Controller for One Body LDN LTD, are responsible for implementing.

The level of technical safeguarding of data should be appropriate to the nature of information in question, and the harm that might result from its improper use, or from its accidental deletion or destruction.

The following list shows some of the technical and organisational measures we put in place to ensure the safety and integrity of your data.

  • Our clinicians and administrative staff are trained in the appropriate handing of personal information and how to respond to a data breach
  • We practice common sense cybersecurity requirements, such as locking screens when away from them, ensuring Windows / Mac OS updates are installed on release
  • Where possible, we use two factor authentication for key systems
  • We ensure passwords are changed regularly on our systems
  • We don’t use systems aimed purely at consumers, such as Gmail personal, Dropbox personal and Hotmail
  • Where we consider appropriate, we ensure we encrypt our hardware that will store personal information, using industry standard encryption methods
  • This technology enables us to manage any potential data breaches in a fast and efficient manner
  • Our third party providers of systems used to process your personal data are compliant with data protection laws and requirements, and also have effective data restore capabilities to ensure your data can be recovered

How we collect personal information from you

We collect personal information from you or any third parties that are acting on your behalf.

If you provide us with personal information about other people, please ensure that they have seen this Privacy Notice and understand it, before you provide this information to us.

  • We will collect Standard and Special Category personal information from you, or other third parties. We will collect the information from the following sources:
    • Your parent or guardian, if you are under 18 years of age
    • A family member, or someone else acting on your behalf
    • Your interpreter, acting on your behalf
    • From yourself, either in face to face consultations, or via electronic communications such as email, via the telephone, or via postal communications
    • When you have given explicit consent to subscribe to educational or marketing email correspondence
    • Manually, when you fill in referral, assessment, registration and other forms
    • Via postal communications, via electronic or postal communications, or records completed by clinicians involved in your care, and their administrators
    • When given directly by social services, carers, relatives and friends – over the phone or in person
    • From providers of medical imaging and diagnostic testing involved in your care
    • From your private medical insurance provider or referring Embassy
    • In emergency situations by the social services, police or ambulance service staff

Categories of personal information that we process

Standard personal information which can include (but not limited to)

  • name
  • address(es)
  • email address(es)
  • telephone number(s)
  • occupation
  • date of birth
  • next of kin or similar contact details
  • details of any complaints or grievances raised that relate to the provision of our services
  • financial details that relate to payments for our services (note we do not store card details)
  • account details relating to your private medical insurance provider

Special Category personal information This is personal information specifically relating to your:

  • health, both physical and mental
  • sex life

Special Category personal information relating to health can include (but is not limited to) clinical notes, examination findings, medical imaging data related to your care, diagnostic test results, correspondence and communications from other clinical professionals which relates to your current or past clinical care.

What we use your personal information for

We will process your personal information for reasons set out in this Privacy Notice. By law, we need to have a lawful basis or bases for processing your Standard personal information and a lawful basis or bases for processing your Special Category personal information. Additionally, for Special Category personal information, we are required to identify a condition or conditions for processing this data (as well as a lawful basis or bases).

These two types of personal information are discussed above in the section “Categories of personal information that we process”

For ‘’Standard’ personal information

We process Standard personal information about you if it is determined:

  • It is in our Legitimate Interests. Details of what constitutes Legitimate Interests are detailed below.
  • It is our Legal Obligation – this means we are required to process your Standard personal information in order for us to comply with the law. Details of the Legal Obligation are detailed below.
  • We have your Explicit Consent – this only applies when you’ve subscribed and opted in to receive our email newsletters, blogs and marketing offers, or you’ve provided consent to receive email newsletters, blog and marketing offers via our marketing consent form via an opt in checkbox.

Standard personal information – Legitimate Interests

The law requires us to our balance the processing of your Standard personal information against your interests, rights and freedoms. We conduct a legitimate interests assessment to ensure we ensure the Standard personal information we process does not override your interests, rights or freedom that relate to your information.

The Legitimate Interests we have identified that allow us to process your Standard personal information are:

  • To enable us to take sufficient information in order to record who you are when booking appointments
  • To ensure we can email you with basic information about your appointments
  • To manage our personal relationship with you, with respect to discussing invoices, requesting insurer authorisation codes
  • To communicate with you if we need to cancel or rearrange appointments

If you book into our clinic as a potential patient and we hold no previous clinical records that relate to your direct care, and then you cancel the booking, we will no longer have a legitimate interest in processing your data. In most instances, we would delete any personal information that was used to make the booking.

Please note, that if you are a patient currently undergoing treatment or have appointments booked, we will use your email address to inform you of any changes that relate to our clinic. Examples include changes to fees and change of clinic address. Even if you ask us to not send you marketing or educational emails, we will still use your email address to communicate with you regarding this clinic related information.

Standard personal information – Legal Obligation

We process Standard personal information to fulfil our Legal Obligation, which requires us to maintain complete records relating to the health care services we supply to you. The records that we maintain require that we process a subset of your Standard personal information, with the lawful basis being a Legal Obligation. The Standard personal information we will then process under a Legal Obligation is your:

Full name;

address;

date of birth;

gender;

contact details (such as an email address or telephone number);

your parent(s) or legal guardian details if you are a minor;

Please note, that whilst we initially use Legitimate Interests as a lawful basis for processing your data, once you attend clinic and we take any notes relating to your clinical care, we will then process your Standard personal information on the lawful basis of our Legal Obligation.

For ‘Special Category’ personal information

As we are a provider of health care services to you, we have several reasons for processing your Special Category personal information. We would not be able to provide health care services to you unless we can process this information.

We undertake to process this information in line with Data Protection Laws as defined in the section “Definitions of terms within this Privacy Notice” within this document.

We process Special Category personal information about you if it is determined:

  • It is our Legal Obligation – this means we are required to process your Standard personal information in order for us to comply with the law. Details of the Legal Obligation are detailed below. We also are required to define an additional condition or conditions to process your Special Category personal information.

The conditions under which we need to process your Special Category personal information are:

  • Processing is necessary for the purposes of preventive or occupational medicine, for medical diagnosis or the provision of health care or treatment, including for the purposes of preventive or occupational medicine, on the basis of Union or Member State law or pursuant to contract with a health professional
  • Processing is necessary for the establishment, exercise or defence of legal claims (for example, to process a legal claim against us, including your personal information provided to our regulatory body if lawfully requested)

Special Category information – provision of health care or treatment on the basis of UK law (lawful basis is Legal Obligation)

People directly involved in your healthcare that are designated as being regulated by the regulatory bodies as listed in the Medical Act 1983 or the Health Professionals Order 2001 are legally required to record information about you, that relate to preventive or occupational medicine, for medical diagnosis or the provision of health care or treatment.

We are required to demonstrate we follow the legal requirements as listed in:

The Health and Social Care Act 2008 (Regulated Activities) Regulations 2014

Which includes:

PART 3, Section 2, Regulation 17 (c)

Which state:

(c) maintain securely an accurate, complete and contemporaneous record in respect of each service user, including a record of the care and treatment provided to the service user and of decisions taken in relation to the care and treatment provided;

Note, you as the patient are the “service user”.

We are also required by our Regulatory body, the Health & Care Professions Council (the HCPC) to take and process medical records, which are required to support safe and effective care. As our regulatory body is covered by UK law, this also demonstrates a legal requirement to record and maintain clinical records that relate to your clinical care.

Sharing your personal information

We sometimes need to share your information with other people or organisations for the purposes set out in this Privacy Notice. We will, where required, share the minimal amount of your personal data as appropriate with the other people or organisations we are communicating with:

  • Doctors, surgeons, clinicians and other health-care professionals, hospitals, clinics and other health-care providers;
  • Their administrative staff such as secretaries;
  • People or organisations that we are required by law or our regulatory body to share your personal information with;
  • The police or other law enforcement agencies, where we are either required by law or a court order;
  • A parent or legal guardian if you are a minor;
  • Any person that you have authorised us to share information with

Transferring information outside the boundaries of the EEA (European Economic Area)

Generally, we store your personal information on secure systems that reside within the EEA. Where we store systems that are outside of the EEA, we will ensure that there are suitable contractual or other safeguards in place to protect your data.

These measures may include data controller (us) to data processor contracts who we have checked have the required data protection law compliance, or ensuring your data is transmitted from the EEA to other global areas in a highly encrypted format, that is then stored on secure systems using “zero knowledge” encryption. This means your data cannot be decrypted by a data processor.

How long do we keep your personal information for

As we are processing your personal data for provision of health care services using a lawful basis of Legal Obligation, we also have a legal obligation to retain this data.

There are also industry standard guidelines for retention of records (set by the UK National Health Service) that we follow, in accordance with our regulatory body requirement.

Normally we will process or store your personal information for eight (8) years for adults and until their 25th or 26th birthday if a child, but this can increase if there are specific circumstances. If you have any queries about how long we are processing your data for, please contact us.

We will also store information to ensure we can deal with any legal claims that arise from you using our services, and the data will be stored for as long as is required and advised by our legal counsel.

Your rights on us processing your personal information versus us storing your personal information are discussed in the section ‘Your rights’, below.

Any personal information that is used for marketing purposes, that has been provided using explicit consent, will be erased in accordance with your rights if requested.

Your rights

You have the following rights, however please note, that the rights are not absolute. The only absolute right you have is to request that we do not use your personal information for direct marketing.

Please do contact us if you are unsure about your rights as detailed below. We will always endeavour to help explain how your rights apply to the personal information we process, for our specified lawful reasons.

The right to be informed

We need to inform you the name and contact details of our organisation, which is at the top of this document.

You have the right to be informed about how we collect and use your personal data. We are obliged to provide this right to be informed in a clear and concise manner.

This Privacy Notice you are reading is designed to inform you how we collect and use your personal data.

The right of access

You have the right to confirmation that your data is being processed and to view this information. This is known as a Subject Access Request or ‘SAR’ , but you do not have to specify this term when requesting your personal information from us. You also have the right to request a copy of your personal data that we process.

We will need to identify you using reasonable means before we will start the process of collating your personal information.

Once we have identified you, we will reply to any requests for your personal information (SARs) within 30 days, unless we deem the request to be complex, or repetitive, where we will notify you that we may take an additional two months to provide your personal information.

We will not charge you to request information from us. However, we will charge a reasonable fee if the request for information is repetitive. If we’ve provided information to you and you wish to request it again, we ask that you contact us beforehand to discuss what our reasonable fee is.

If the request is manifestly unfounded or excessive, particular because if the request becomes repetitive, we might decide to:

  • charge a reasonable fee taking into account the administrative costs of providing the information; or
  • refuse to respond.

Where we refuse to respond to a request, we will explain why to you, informing you of your right to complain to the ICO without undue delay and at the latest within one month of our refusal.

The right to rectification

You have the right to request rectification of your personal information. However, we only consider requests to correct factual information. Any clinical opinions will remain valid as they were the opinion at the time of being recorded. If it is later determined that a clinical opinion or diagnosis was then found to have changed, we will update your personal information to reflect this, but we will not change or remove the original clinical opinion.

The right to erasure

You have the right to request erasure of personal information.

If you have subscribed to any of our email educational or marketing correspondence, you have the right to request erasure from our email list, or you can click on the ‘unsubscribe’ link that appears in all emails we send. We will only use your personal information to send you marketing or educational material if you have given us your explicit permission.

We will consider all requests in conjunction with our legal obligation to retain information relating to your health care provided by us, as well as data protection law which clearly states when the right to erasure does not apply. Normally, this means we will not erase any information, unless it was not required for legal reasons.

If we determine we cannot delete data, you still have the right to ask us to restrict processing of your personal data.

The right to restrict processing

You can request that we restrict processing of personal information. This means that we will stop actively processing it, and it will just be stored. Stopping processing will mean that we will not add any additional information to your existing information.

The right to data portability

As we do not process personal information using a lawful basis of either a) consent or b) for the performance of a contract, the right to data portability is not applicable. You still have to right to request this, however.

The right to object

You have the right to object if processing is based on legitimate interests, or if processing is being used for direct marketing.

Rights in relation to automated decision making and profiling

We do not make any kinds of automated decisions or perform any profiling with your personal information.

The right to lodge a complaint with a supervisory authority

We ask that you first contact us if you feel you wish to make a complaint. Please see the template letter and guidelines listed on the ICO website.

https://ico.org.uk/for-the-public/raising-concerns/

You can also contact the ICO directly:

https://ico.org.uk/concerns/

They can also be contacted at the following address:

Wycliffe House

Water Lane

Wilmslow

SK9 5AF

Copyright notice

One Body LDN LTD has the right to edit the text contained within this notice as they require, as long as it remains solely for the use of One Body LDN LTD

Any redistribution or reproduction of part or all of the contents in any form is prohibited, including by One Body LDN LTD, who limited use of this Privacy Notice is licenced to.

One Body LDN LTD may however publish a copy on their website which currently is https://www.onebodyldn.com

You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.

Children's Privacy

The Service may contain content appropriate for children under the age of 13. As a parent, you should know that through the Service children under the age of 13 may participate in activities that involve the collection or use of personal information. We use reasonable efforts to ensure that before we collect any personal information from a child, the child’s parent receives notice of and consents to our personal information practices.
We also may limit how We collect, use, and store some of the information of Users between 13 and 18 years old. In some cases, this means We will be unable to provide certain functionality of the Service to these Users. If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent’s consent before We collect and use that information.
We may ask a User to verify its date of birth before collecting any personal information from them. If the User is under the age of 13, the Service will be either blocked or redirected to a parental consent process.

Information Collected from Children Under the Age of 13

The Company may collect and store persistent identifiers such as cookies or IP addresses from Children without parental consent for the purpose of supporting the internal operation of the Service.
We may collect and store other personal information about children if this information is submitted by a child with prior parent consent or by the parent or guardian of the child.
The Company may collect and store the following types of personal information about a child when submitted by a child with prior parental consent or by the parent or guardian of the child:

For further details on the information We might collect, You can refer to the “Types of Data Collected” section of this Privacy Policy. We follow our standard Privacy Policy for the disclosure of personal information collected from and about children.

Parental Access

A parent who has already given the Company permission to collect and use his child personal information can, at any time:

To make such a request, You can write to Us using the contact information provided in this Privacy Policy.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.
We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, You can contact us: