1. Introduction

The Healthify (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, and protect your personal data when you use our website https://herhealthcare.uk and our services.

2. Information We Collect

We may collect and process the following data:

• Personal Identification Information: Name, email address, phone number, and postal address.
• Health Information: Details related to your health status, medical history, and any other information necessary for providing our services.
• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
• Usage Data: Information about how you use our website, products, and services.
• Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

3. How We Use Your Information

We use your personal data to:

• Provide and manage our services, including medical consultations and certificate issuance.
• Process payments and manage transactions.
• Communicate with you regarding appointments, services, and updates.
• Comply with legal and regulatory obligations.
• Improve our website and services through analysis and research.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
• Contractual Necessity: Processing is necessary for a contract we have with you or because you have asked us to take specific steps before entering into a contract.
• Legal Obligation: Processing is necessary for us to comply with the law.
• Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided your rights and interests do not override those interests.

5. Data Sharing and Disclosure

We may share your personal data with:

• Service Providers: Third parties who provide services on our behalf, such as payment processing and IT support.
• Regulatory Bodies: When required to comply with legal obligations or regulations.
• Professional Advisors: Such as lawyers, bankers, auditors, and insurers.

We ensure that all third parties respect the security of your personal data and treat it in accordance with the law.

6. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. These measures include:

• Secure servers and encryption.
• Access controls and authentication.
• Regular security assessments and updates.

7. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.

8. Your Rights

Under data protection laws, you have rights including:

• Access: You can request copies of your personal data.
• Rectification: You can request correction of inaccurate or incomplete data.
• Erasure: You can request deletion of your personal data.
• Restriction: You can request restriction of processing.
• Objection: You can object to processing.
• Data Portability: You can request transfer of your data to another organization.

To exercise any of these rights, please contact us using the details below.

INTERNAL MARKETING & ADVERTISING COMPLIANCE POLICY

(Internal document – not necessarily published on website)

Marketing & Digital Advertising Compliance Policy

1. Purpose

This policy sets out how [CLINIC NAME] conducts marketing, advertising, analytics and remarketing activities in a manner consistent with:

• UK GDPR

• Data Protection Act 2018

• PECR (Privacy & Electronic Communications Regulations)

• Equality Act 2010

• CAP Code (UK Advertising Standards Authority)

• CQC fundamental standards

• GMC guidance on advertising and professional conduct

As a women-focused GP service, we recognise that much of the health information associated with our services constitutes special category data. We therefore adopt a higher compliance threshold than standard commercial businesses.

2. General Principles

Marketing activities must:

• Be lawful, fair and transparent

• Avoid misleading medical claims

• Avoid creating unrealistic expectations of treatment outcomes

• Avoid exploiting patient vulnerability

• Avoid using identifiable patient data for advertising

• Avoid inferring health conditions for targeting purposes

We do not use patient clinical records to build advertising audiences.

3. Website Tracking & Pixels

Where we use technologies such as:

• Meta Pixel

• Google Ads Conversion Tracking

• LinkedIn Insight Tag

• Analytics software

We ensure:

• No clinical consultation data is transmitted

• No medical record data is uploaded to advertising platforms

• No custom audiences are built from medical diagnoses

• Tracking scripts are not embedded on secure patient portal pages

• Cookie consent is obtained before non-essential cookies activate

Condition-specific landing pages are reviewed to ensure tracking tools do not create unlawful inference risks.

4. Remarketing Restrictions

We do not:

• Target ads based on specific diagnosed health conditions

• Retarget users with condition-specific ads based on portal activity

• Upload patient lists to advertising platforms without explicit lawful basis

• Use sensitive reproductive or hormonal health data for marketing profiling

Remarketing is limited to general service awareness (e.g. “Private GP for Women in London”) and not condition-specific medical advertising.

5. Email & Direct Marketing

We send marketing communications only where:

• The individual has opted in; or

• Soft opt-in applies under PECR (existing patient relationship), where legally permitted

All marketing emails include a clear unsubscribe mechanism.

We do not include sensitive health information in marketing emails.

6. Social Media Conduct

Social media communications:

• Must not provide personalised medical advice

• Must not discuss identifiable patient cases

• Must avoid testimonials that could be considered misleading

• Must comply with professional standards

Clinical staff must not use personal social media accounts for clinical communication.

7. Review & Governance

Marketing campaigns are reviewed before publication to ensure compliance with healthcare regulations.

Data Governance & Information Security Statement

At Her Heathcare, protecting patient confidentiality is fundamental to our service. As a provider of women-focused private GP care, we recognise that much of the information entrusted to us is highly sensitive.

We operate in accordance with:

• UK GDPR

• Data Protection Act 2018

• CQC Fundamental Standards

• Professional confidentiality obligations

• GMC guidance

Confidentiality

All clinical and administrative staff are bound by confidentiality obligations. Access to patient records is restricted to authorised personnel only.

Secure Systems

We use secure clinical systems with:

• Role-based access controls

• Encrypted data storage

• Secure hosting infrastructure

• Audit trails of record access

• Password protection and authentication controls

We regularly review system access permissions.

Data Minimisation

We collect only information necessary for safe and effective care.

We do not use clinical data for commercial exploitation.

Third-Party Providers

Where we engage third-party service providers, we ensure:

• Written data processing agreements are in place

• Providers implement appropriate security safeguards

• Data transfers comply with UK legal requirements

Breach Management

In the unlikely event of a data breach, we follow a formal incident response procedure, including risk assessment, mitigation steps, and regulatory notification where required.

Patient Rights

Patients may request access to their records or exercise other data rights by contacting us at:

[privacy email]

We aim to respond within statutory timeframes.

For a women-only private GP clinic, this level of documentation:

• Reduces ICO risk

• Protects against ASA complaints

• Demonstrates CQC governance maturity

• Protects against Meta Pixel regulatory scrutiny

• Strengthens patient trust

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

• Email: contact@herhealthcare.uk
• Phone: 07597 630941
• Address: 20-22 Wenlock Road, N17GU