Privacy Policy

This Privacy Policy explains how House of Kairos trading as KairosHealth.co.uk (we”, “us”, “our”), collects, uses, shares, and protects your personal data when you use our website, book services, or otherwise engage with our medicines review and clinical services. This policy contains important information regarding who we are and how and why we collect, use and share your personal data. Additionally, it also provides information on your rights and provides guidance on how to contact us or the appropriate authorities should you have any concerns.

We are committed to safeguarding your privacy, handling your data securely by using technology to strengthen security, and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the common law duty of confidentiality.

Key Terms:

We, Us, Our: House of Kairos trading as https://kairoshealth.co.uk/

Data Protection Contact: Opemiposi Ademola

Personal Data: Data relating to an identified or identifiable individual

Special Category Personal Data: Sensitive personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, sex life or sexual orientation or health data.

 

1. Who We Are

We are a UK-registered private healthcare provider offering medicines review and related advisory services. For the purposes of data protection law, we are the Data Controller, which means we decide how your personal data is used.

2. Information We May Collect About You

We may collect different types of data depending on how you interact with us:

  1. Personal Identification Data: Full name, date of birth, contact details (address, email, telephone).
  2. Health & Clinical Data: Medical history, current medication, allergies, consultation notes, test results (if provided), and information you share during appointments.
  3. Account & Transaction Data: Payment details (processed securely via third-party providers), booking history, receipts.
  4. Technical Data: Information on how you utilise our website such as but not limited to site usage data (pages visited, time on site, navigation patterns), communication and other systems.
  5. Communications Data: Emails, messages through our website, surveys, promotions, offers, telephone enquiries, or portal messages.
  6. Marketing Preferences: If you opt in to newsletters, updates, offers or campaigns.

3. How We Collect Your Data

We collect data through:

  1. Direct interactions: When you register, book a consultation, complete forms, or communicate with us.
  2. Automated means: Cookies and analytics tools when you use our website.
  3. Third parties: Embedded secure healthcare platforms such as Semble (for clinical and patient data records). Payment processors. Delivery partners (if medicines or supplements are sent to you). For our legitimate interests. NHS systems, where required by law or where you consent.

 

4. Why We Use Your Data

Under the data protection law, your personal data is only used if we have an appropriate reason for using it. Our reasons for processing your data include but are not limited to the following purposes:

Healthcare Provision:

  1. -       To deliver medicines reviews and related health advice.
  2. -       To create and maintain accurate medical records.
  3. -       To make safe, informed recommendations about your care.
  4. -       Identity Verification & Security
  5. -       To confirm your identity where required.
  6. -       To protect against fraud or misuse of our services.
  7. -       Bookings, Payments & Administration
  8. -       To manage appointments and payments.
  9. -       To send reminders, confirmations, and receipts.
  10. -       Legal & Regulatory Compliance
  11. -       To comply with pharmacy regulations, professional standards, and statutory record-keeping.
  12. -       To cooperate with regulators such as the General Pharmaceutical Council (GPhC) or Information Commissioner’s Office (ICO) if required.

Service Improvement:

  1. -       To monitor website usage and improve functionality.
  2. -       To evaluate and improve our healthcare services.

 Marketing:

-       To send newsletters, updates, or promotions to existing and former customers.

You can withdraw consent at any time by updating your marketing preferences, contacting us, or using the ‘unsubscribe link’ or ‘STOP’ number in the text messaging.

5. Legal Basis for Processing

Under UK GDPR, our lawful bases include:

  1. Article 6(1)(b): Processing is necessary for performance of a contract (e.g., providing your medicines review).
  2. Article 6(1)(c): Processing is necessary for legal obligations (e.g., professional record-keeping).
  3. Article 6(1)(f): Processing is in our legitimate interests (e.g., ensuring site security).
  4. Article 9(2)(h): Processing of health data is necessary for the provision of health or social care.

6. Sharing Your Information

We only share your information when necessary and lawful:

  1. Healthcare Partners: With your consent, we may share details with your GP, hospital, or other healthcare providers.
  2. Third-Party Processors: We use trusted providers such as Semble (secure health record management) and Stripe (payments).
  3. Legal & Regulatory Authorities: If required by law or regulation (e.g., GPhC, ICO, HMRC, Our Banking Society).
  4. Technical Support Providers: For hosting, IT support, and analytics.

We do not sell or rent your personal data to third parties for marketing purposes.

7. International Transfers

If we transfer your data outside the UK or European Economic Area (EEA), we ensure that adequate safeguards are in place, such as:

  1. Adequacy decisions approved by the UK Government.
  2. Standard Contractual Clauses (SCCs) where adequacy is not available.

8. Data Retention

We retain personal data only as long as necessary:

  1. Clinical records: 8 years (or until age 25 for minors), in line with UK health record standards.
  2. Financial records: 6 years, for tax compliance.
  3. Website analytics: Typically 12–24 months.
  4. Once retention periods expire, data is securely deleted or anonymised.

9. Security of Your Data

We use robust measures to protect your data, including:

  1. Encrypted storage and transmission.
  2. Restricted access to clinical staff only.
  3. Regular security audits of IT systems.
  4. Secure third-party hosting in the UK/EU.

10. Cookies and Tracking Technologies

We use cookies to:

  1.  Enable website functionality.
  2. Improve user experience.
  3. Analyse website performance.
  4. Deliver marketing campaigns.

You can control cookies via your browser. For details, see our Cookies Policy. 

11. Your Rights

You have the following rights under UK GDPR:

  1. Right to access: Request copies of your personal data.
  2. Right to rectification: Request corrections to inaccurate data.
  3. Right to erasure: Request deletion of data (subject to healthcare record obligations).
  4. Right to restrict processing: Limit how your data is used.
  5. Right to object: To processing based on legitimate interests.
  6. Right to portability: Request transfer of your data to another provider.
  7. Right to withdraw consent: At any time for marketing communications.

To exercise your rights, contact us using the details provided at the end of the policy.

12. Complaints

If you have concerns about how your data is used, please contact us first at contact@kairoshealth.co.uk

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

 

13. Children’s Privacy

Our services are generally for adults aged 18 or over. If a service is provided to a child or young person, data is collected and stored with appropriate consent and safeguards. 

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in law or our practices. Updates will be posted on this page, and significant changes will be communicated directly to you. 

15. Contact Us

For questions, concerns, or to exercise your data rights, please contact:

  • Email: [contact@kairoshealth.co.uk]
  • Data Protection Contact: [Opemiposi Ademola/opeademola@kairoshealth.co.uk]

 

The Department of Health recommends minimum retention periods for health records. The Organisation will follow these at all times.

 

 

This policy was published September 2025 and was last reviewed September 2025.