GDPR Privacy Notice


360 Health Clinic Ltd.

PRIVACY POLICY

 

  1. Introduction

 

At 360 Health Clinic, we take your privacy seriously. 360 Health Clinic is committed to protecting the privacy of our clients and users of our website. This Privacy Policy states our policy and practices regarding the collection and use of information on 360 Health Clinic websites. When we refer to 360 Health Clinic, "we", "us" or "our" we mean our entire company, including our divisions, subsidiaries and affiliates.

 

We want to provide a safe and secure user experience. We will ensure that the information you submit to us, or which we collect, via various channels (including our websites, through written correspondence (including e-mail), or through our office or website), is only used for the purposes set out in this Privacy Policy.

 

Through this Privacy Policy, we aim to inform you about the types of personal data we collect, the purposes for which we use the data and the ways in which the data is handled. We also aim to satisfy the obligation of transparency under the EU General Data Protection Regulation 2016/679 ("GDPR") and national laws implementing GDPR.

 

For the purpose of this Privacy Policy, the controller of personal data is 360 Health ClinicLimited (a UK company with company number 13654527) and our contact details are set out in the Contact section at the end of this Privacy Policy. 

 

 

Right to Object: You have a legal right to object at any time to:

(i) use of your personal information for direct marketing purposes; and

(ii) processing of your personal information which is based on our legitimate interests, unless there are compelling legitimate ground for our continued processing.

 

 

 

 

 

 

 

  1. The information we collect

 

In general, you can visit the 360 Health Clinic website without identifying yourself or revealing any personal information. 

 

However, you may choose to provide us with personally identifiable information. Personally, identifiable information is information that can be used to identify you, such as your name, email address, telephone number, or similar information. 

 

Within the 360 Health website, you can register to receive our newsletter. The types of personal information collected as part of this process are name, email address and contact preferences In this Privacy Policy, we refer to this information as “Marketing Data

 

You can also register to  sign up for our services. This information is collected by a third party processor, Function 365, and includes the following types of personal information:

  • Name
  • Email address
  • Date of birth
  • Gender
  • Phone number
  • Medical history, including details of  your family medical history, symptoms, treatments, consultations, medications and/or procedures

 

 

In this Privacy Policy, we refer to this information as “Health Data”.

 

 

  1. How we use your personal information

 

You can be assured that the information you provide voluntarily will only be used in connection with your relationship with 360 Health Clinic. We will hold, use and disclose your personally identifiable information for our legitimate business purposes including:

 

  • to provide our services to you;
  • to maintain our relationship, where you are a user of our website or a client;
  • to deal with any enquiries and complaints you may have;
  • to administer our website;
  • to keep our website and systems secure and prevent fraud;
  • where relevant, to meet legal, regulatory or compliance needs; and
  • to better understand your needs or improve the level of service we offer. 

 

From time to time, we may also use your information to contact you for market research or, with your consent, to provide you with marketing information we think would be of particular interest. At a minimum, we will always give you the choice to opt-out of receiving such direct marketing or market research contact.

 

We will not use or share any personally identifiable information provided to us online in ways unrelated to the uses described in this Privacy Policy. More information about how we may share your information can be found in section 5.

 

  1. The legal basis for processing your personal information

 

Under GDPR, the main grounds that we rely upon in order to process the personal information of users of our websites and clients are the following:

 

a)         Necessary for the purposes of legitimate interests – either we or a third party, will need to process your personal data for the purposes of our (or a third party's) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected.  Our legitimate interests include providing you with a good level of service, responding to requests and enquiries from you or a third party, optimising our website and client experience, informing you about our services and ensuring that our operations are conducted in an appropriate and efficient manner;

 

(b)        Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your personal data.   We may also be obliged by law to disclose your personal data to a regulatory body or law enforcement agency;

 

(c)        Consent – in some circumstances, we may ask for your consent to process your personal data in a particular way.  In particular, we will ask for your explicit consent before we process any Health Data which constitutes ‘special category data under the GDPR. This includes any data concerning health, genetic data, biometric data, ethnic origin or any data concerning your sex life or sexual orientation, for example.

 

  1. How we share your personal information

 

We may disclose your personally identifiable information with other parties. Details of those parties are set out below along with the reasons for sharing it.

 

 

  1. Third parties

 

Marketing Data:

 

We will share your Marketing Data with trusted third parties where we have retained them to provide services that you or our clients have requested, such as Mailchimp for sending out newsletters and other communications.

 

Health Data:

 

We use a trusted third party, Function.365, to process data on our behalf. In particular, Function 365 host the website into which you are asked to input your Health Data for the purposes of receiving a health score and/or our services. Living Matrix are a processor within the meaning of the GDPR, and we are the controller.

 

We require minimum standards of confidentiality and data protection from such third parties.  To the extent that any personal information is provided to third parties outside the EEA, or who will access the information from outside the EEA, we will ensure that approved safeguards are in place, such as the approved standard contractual clauses or the EU/US Privacy Shield.

 

  1. Regulatory and law enforcement agencies

 

We may disclose your personal information if required by applicable law, regulation or as part of a legal process. If we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information (including Health Data) to such bodies or agencies.

 

  1. New business owners

 

If we or our business merges with or is acquired by another business or company, we will share your personal information with the new owners of the business or company and their advisors.  If this happens, we will notify users of our websites and clients of such event.

 

  1. How long we will hold your information

 

We will retain your personal information for the time necessary to provide the services we perform for you, or stated by the purposes outlined in this Privacy Policy, and you can always request that we stop processing or delete your personal information. The next section sets out more information on your rights.

 

 

  1. Your rights on Information we hold about you

 

You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below.  Please note we will require evidence of your identity before we are able to act on your request.

 

Right of Access

You have the right at any time to ask us for a copy of the personal information about you that we hold.  Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.

 

Right of Correction or Completion

If personal information we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed.  You can let us know by contacting us on contact@360health.clinic

 

Right of Erasure

In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.

 

Right to object to or restrict processing

In certain circumstances, you have the right to object to our processing of your personal information by contacting us on contact@360health.clinic[MOU3] For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests.   You also have the right to object to use of your personal information for direct marketing purposes.

 

You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.

 

Right of Data Portability

In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.  You can ask us to transmit that information to you or directly to a third party organisation.

 

The above right exists only in respect of personal information that:

  • you have provided to us previously; and
  • is processed by us using automated means.

 

While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation's systems. We are also unable to comply with requests that relate to personal information of others without their consent. 

 

You can exercise any of the above rights by contacting us using any of the methods in the Contact section.

 

Most of the above rights are subject to limitations and exceptions.  We will provide reasons if we are unable to comply with any request for the exercise of your rights.

 

To the extent that we are processing your personal information based on your consent, you have the right to withdraw your consent at any time. You can do this by contacting us using the details in the Contact section below.

 

  1. Aggregate Information about 360 Health online visitors

 

We gather information and statistics collectively about all visitors to our website, for example:

  • which area users access most frequently; and/or
  • which services users access the most.

 

We only use such data in the aggregate form. This information could be derived from your personal data but is not considered personal data in law as this information will not directly or indirectly reveal your identity. This information helps us determine what is most beneficial for our users and how we can continually improve our online services to create a better overall experience for our users.

 

  1. Use of Cookies

 

We do automatically track certain information about your behavior while visiting our websites. We use this information in order to measure our website’s performance and to improve its design and functionality. Full details can be found in our Cookie Policy

 

  1. Complaints

 

If you are unhappy about our use of your personal information, you can contact us using the details in the Contact section below [link to this]. You are also entitled to lodge a complaint with the UK Information Commissioner's Office using any of the below contact methods:

 

Telephone: 0303 123 11113


Website: https://ico.org.uk/concerns/


Post:     Information Commissioner's Office
            Wycliffe House
            Water Lane
            Wilmslow
            Cheshire
            SK9 5AF

 

If you live or work outside the UK or you have a complaint concerning our activities outside the UK, you may prefer to lodge a complaint with a different supervisory authority.  A list of relevant authorities in the EEA and the European Free Trade Area can be accessed here.

 

  1. Security

 

We have put in place measures to ensure the security of the information we collect and store about you and will use our reasonable endeavours to protect your personal data from unauthorised disclosure and/or access including through the use of network and database security measures, but these cannot guarantee the security of any data which is collected and stored.

 

We use encryption for any data collected by and/or transferred to our third party partner, Function 365.

 

  1. Other websites

 

Please note that clicking on links and banner advertisements on our websites can result in your browser accessing a third party website, where data privacy practices are different to that of 360 Health.

 

Other than as set out above in respect of our third party partner, Function 365 (who act as a processor on our behalf), we are not responsible for, and have no control over, information that is submitted or collected by these third parties and you should consult their privacy policies.  

 

  1. Internet based transfers

 

Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. Unfortunately the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site via third party networks; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

 

  1. Changes to our Privacy Policy

 

Our Privacy Policy is subject to change from time to time and, if we update it, we will post these changes on this page so that you will be aware of how we use your information.

 

  1. Contact Us

 

If you have any enquiries or if you would like to contact us about our processing of your personal information, including to exercise your rights as outlined above, please contact us by any of the methods below. When you contact us, we will ask you to verify your identity.

 

Contact name: Mateusz Pucek

Email: m.pucek@360health.clinic

Telephone: 07719397244

Post:

2nd Floor 10-12 Bourlet Close
London
London 
W1W 7BR

 

           

 

Our registered office is at:

 

2nd Floor 10-12 Bourlet Close
London
London 
W1W 7BR

 

For the other terms and conditions of the use of our Website, please read our Terms of Use.