REMEDLY - PRIVACY POLICY

This Privacy Policy explains how SLOANE43 HEALTH TECH LTD, trading as Remedly (“Remedly”, “we”, “us”, “our”), collects, uses, and protects your personal information when you use our website remedly.co.uk, submit forms, contact us, or use our services. We respect your privacy and are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable laws.

By using this website, contacting us by email, or submitting any online form, you acknowledge that your information will be collected and used in line with this Privacy Policy.

1. Who We Are

SLOANE43 HEALTH TECH LTD (trading as Remedly) is the controller of your personal data.
Registered in England and Wales: 16632557
Registered office: 71–75 Shelton Street, London WC2H 9JQ
Contact email: hello@remedly.co.uk
Contact phone: 0330 133 5996
We operate a paperless office and do not accept postal correspondence at our registered address. Please use hello@remedly.co.uk for all enquiries.

2. What Personal Data We Collect

We may collect and process the following categories of personal data.
2.1 Information you provide directly: This includes your name, email address, phone number, postal address, date of birth, payment details, and any information you provide when you: submit an enquiry form, request a call-back, make a booking, complete a medical questionnaire, join a waiting list, sign up to receive updates, or otherwise contact us.
2.2 Health and clinical information: When you use our physiotherapy or related services, we collect health information such as medical history, symptoms, diagnoses, treatment notes, exercise programmes, consent forms, and related clinical correspondence necessary for your care.
2.3 Information from website use: When you visit our website, we collect technical and usage data such as IP address, browser type, device type, operating system, referral source, pages viewed, time spent on pages, and clickstream data (“Device Information”). This is collected via cookies and similar technologies.
2.4 Information from third parties: We may receive information from third-party providers, for example if you make a payment via our payment processor (currently Stripe), book or manage appointments via our clinical management system (currently Zanda), are referred by another healthcare provider, or interact with us via social media platforms.

3. Website Forms, Emails and Online Contact

When you use our website, email us, or complete any online forms (for example a contact form, booking form, enquiry form, or newsletter sign-up), you provide us with personal information so we can respond, manage your request, or provide services. By submitting these details, you acknowledge that we will collect, store, and use the information you provide for the purposes described at the point of collection and in this Privacy Policy. We will not use your details for unrelated marketing unless you have given us permission to do so, and you can withdraw such permission at any time.

4. How and Why We Use Your Data (Lawful Bases)

We only process your personal data where we have a lawful basis under UK GDPR. Depending on the context, we rely on one or more of the following lawful bases.
4.1 To provide and manage our services (Contract): We use your personal and health information to register you as a patient, assess your needs, deliver physiotherapy and related services, manage bookings, take payment, send appointment reminders, and respond to queries. This processing is necessary to perform our contract with you or to take steps at your request before entering into a contract.
4.2 To provide safe and effective healthcare (Legal obligation and health purposes): Health information is processed to provide healthcare and treatment, maintain accurate clinical records, comply with professional standards, and support clinical governance. This may be justified under legal obligations, obligations in the field of health and social care, and for the provision of health or social care treatment.
4.3 To communicate with you (Contract and Legitimate Interests): We use your contact details to respond to messages, provide service updates, send appointment confirmations or changes, handle feedback or complaints, and manage your relationship with us. This is necessary for our contract with you and for our legitimate interest in running an effective service.
4.4 To improve our website and services (Legitimate Interests): We analyse website usage data and service interactions to understand how our services are used, improve user experience, troubleshoot issues, and refine our offerings. This processing is based on our legitimate interests in operating and developing our business.
4.5 Marketing communications (Consent or Legitimate Interests): We may use your contact details to send you information about services, updates, or news that may be relevant to you. Where required by law, we will obtain your consent before sending marketing communications. You can opt out at any time by using the unsubscribe link in emails or by contacting us. In some cases, we may rely on legitimate interests to send communications to existing patients about similar services, provided your rights are respected.
4.6 Legal, regulatory, and safeguarding obligations (Legal obligation and Vital Interests): We may process and share personal data where necessary to comply with legal or regulatory requirements, respond to lawful requests, defend legal claims, or protect you or others from serious harm.

5. Sharing Your Personal Data

We do not sell your personal data. We share it only when necessary, and only with trusted parties who are bound by confidentiality and data protection obligations.
5.1 Service providers (processors): We may share data with external providers who help us deliver our services, such as: our clinical management system provider (currently Zanda); our payment processor (currently Stripe); our email or communication platforms; website hosting and IT support providers; analytics and cookie management tools; secure document storage or backup providers. These organisations act as processors on our behalf and are only permitted to use your data in line with our instructions and this Policy.
5.2 Other healthcare professionals: With your consent, or where justified for your care or safety, we may share relevant information with your GP, consultant, or other healthcare providers involved in your treatment.
5.3 Professional advisers and legal bodies: We may share information with our insurers, legal advisers, accountants, or regulators where necessary for legal, regulatory, or insurance purposes.
5.4 Safeguarding and legal requirements: In rare cases, we may be required to share information with public authorities, regulators, or law enforcement where there is a legal obligation or vital interest, for example where there is a serious risk of harm to you or others.

6. International Data Transfers

Some of our service providers are located outside the UK and European Economic Area (EEA), which means your personal data may be transferred internationally. When this happens, we take steps to ensure an equivalent level of protection for your information, including using mechanisms such as: the UK International Data Transfer Agreement (IDTA); Standard Contractual Clauses (SCCs) approved for international transfers; and, where applicable, transfers to countries that have been assessed as providing an adequate level of protection.

7. How Long We Keep Your Data (Retention)

We keep your personal data only for as long as necessary for the purposes it was collected, including to meet legal, accounting, or reporting requirements.
7.1 Clinical and patient records: We generally retain clinical records in line with professional and legal guidance. For adults, this is usually up to 8 years after the last contact. For children, records are usually kept until 8 years after their 18th birthday or until the age of 25, whichever is longer. Certain records may need to be kept longer where required by law or for clinical or safeguarding reasons.
7.2 Financial and transaction records: Payment and invoice data may be stored for at least 6 years in line with tax and accounting requirements.
7.3 Marketing and communication preferences: We keep records of consents and communication preferences until you unsubscribe or object, or until we no longer need the data.
7.4 Website analytics data: Usage data and analytics may be retained for up to 26 months before anonymisation or deletion, or as configured via our analytics tools.

8. Children’s Data

Our services are generally aimed at adults but may also be used by young people where appropriate. Where we provide services to someone under 18, we may need consent or involvement from a parent or legal guardian, depending on the circumstances and the child’s capacity to consent. We do not knowingly collect personal data from children without appropriate consent. If you believe we have collected personal data from a minor without appropriate permissions, please contact us immediately at hello@remedly.co.uk.

9. Your Rights Under UK GDPR

You have a number of rights in relation to your personal data. Subject to certain conditions and exemptions, you may have the right to: be informed about how your data is used; request access to your personal data; request correction of inaccurate or incomplete data; request deletion of your data where there is no lawful reason for us to keep it; request restriction of processing in certain circumstances; object to processing based on legitimate interests or direct marketing; request the transfer of your data to you or another provider (data portability); not be subject to decisions based solely on automated processing which have legal or similarly significant effects. To exercise any of these rights, please contact hello@remedly.co.uk. We may need to verify your identity before responding. We aim to respond to valid requests within one month. For complex or multiple requests, this may be extended by up to two further months, and we will notify you if this is the case.

10. Cookies and Tracking Technologies

We use cookies and similar technologies on our website to operate essential functions, enhance user experience, and analyse performance. Non-essential cookies will only be used where you have given consent through our cookie banner or settings. You can manage your cookie preferences at any time via your browser or our cookie management tool. For more detail on the types of cookies we use and how to control them, please refer to our separate Cookie Policy.

11. Data Security

We use appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures may include encryption, access controls, secure storage, and staff training. While we take reasonable steps to safeguard your data, no internet transmission or system can be guaranteed to be completely secure, and you share information at your own risk.

12. Complaints and Your Right to Contact the ICO

If you have any concerns about how we handle your personal data, we encourage you to contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO), which is the supervisory authority for data protection in the UK. Further information is available at ico.org.uk.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our services, technology, or legal requirements. The most recent version will always be published on this page with an updated “Last updated” date. If we make significant changes, we may notify you by email or through our website.

14. Contact Us

If you have any questions about this Privacy Policy, your data, or your rights, please contact us at: Email: hello@remedly.co.uk Phone: 0330 133 5996