FREE Standard UK Delivery on orders of £50 or more
Sign up to our newsletter for 10% off your first order
Trusted Pharmacy & Health Products – Clinically Approved
0
0

Privacy Policy

This Privacy Policy explains how House of Kairos trading as KairosHealth.co.uk (we”, “us”, “our”), collects, uses, shares, and protects your personal data when you use our website, purchase medicines, book consultations, complete medical questionnaires, or engage with any of our clinical or advisory services. This policy contains important information regarding who we are and how and why we collect, use and share your personal data. Additionally, it also provides information on your rights and provides guidance on how to contact us or the appropriate authorities should you have any concerns.

We are committed to safeguarding your privacy, handling your data securely by using technology to strengthen security, and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the common law duty of confidentiality.We are committed to protecting your privacy and handling your data lawfully, fairly, and transparently, in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • The common law duty of confidentiality
  • Professional standards set by the General Pharmaceutical Council (GPhC)

Key Terms:

We, Us, Our: House of Kairos trading as https://kairoshealth.co.uk/

Data Protection Contact: Opemiposi Ademola

Personal Data: Data relating to an identified or identifiable individual, directly or indirectly

Special Category Personal Data: Sensitive personal data, including health and clinical information

1. Who We Are

Kairos Health is a UK-based private pharmacy and healthcare provider offering:

  • General Sale List (GSL) medicines via our website
  • Pharmacy (P) medicines supplied following pharmacist assessment
  • Prescription Only Medicines (POMs) supplied following online clinical consultation
  • Structured clinics, including:
  • Weight management
  • Skin health
  • Hair and scalp health
  • Minor illness
  • Men’s health
  • Medication reviews and medicines optimisation
  • A medicines advice and information service

For the purposes of data protection law, we are the Data Controller, meaning we determine how and why your personal data is processed.

2. Information We May Collect About You

We may collect different types of data depending on how you interact with us:

  1. Personal Identification Data: Full name, date of birth, contact details (address, email, telephone).
  2. Health & Clinical Data: When you complete a consultation form or attend a clinic, we may collect:
    • Presenting symptoms and medical history
    • Current and previous medicines
    • Allergies and intolerances
    • Lifestyle factors relevant to treatment safety
    • Relevant clinical measurements (if provided)
    • Consultation notes and prescribing decisions
  3. Account, Booking & Transaction Data: Payment details (processed securely via third-party providers), appointment bookings, order history.
  4. Website & Technical Data: Information on how you utilise our website such as but not limited to site usage data (pages visited, time on site, navigation patterns), communication and other systems.
  5. Communications Data: Emails, messages through our website, newsletter subscriptions, surveys, promotions, offers, telephone enquiries, or portal messages and marketing preferences.

3. How We Collect Your Data

We collect data through:

  1. Direct interactions: When you register, book a consultation, make purchases, complete forms, or communicate with us.
  2. Automated means: Cookies and analytics tools when you use our website.
  3. Third parties: Embedded secure healthcare platforms such as Semble (for clinical and patient data records). Payment processors. Delivery partners (if medicines or supplements are sent to you). For our legitimate interests. 

4. Why We Use Your Data

Under the data protection law, your personal data is only used if we have an appropriate reason for using it. Our reasons for processing your data include but are not limited to the following purposes:

Healthcare Provision:

  1. –   To deliver medicines reviews and related health advice.
  2. –   To create and maintain accurate medical records.
  3. –   To clinically assess suitability for Pharmacy and Prescription Only Medicine.
  4. –   To prevent inappropriate or unsafe supply
  5. –   To maintain accurate and complete clinical records
  6. –   To deliver consultations and clinics
  7. –   To communicate treatment outcomes and follow-ups
  8. –   Responding to enquiries
  9. –   To meet statutory record-keeping obligations
  10. –   To make safe, informed recommendations about your care.
  11. –   Identity Verification & Security
  12. –   To confirm your identity where required.
  13. –   To protect against fraud or misuse of our services.
  14. –   Bookings, Payments & Administration
  15. –   To manage appointments and payments.
  16. –   To send reminders, confirmations, and receipts.
  17. –   Legal & Regulatory Compliance
  18. –   To comply with pharmacy regulations, professional standards, and statutory record-keeping.
  19. –   To cooperate with regulators such as the General Pharmaceutical Council (GPhC) or Information Commissioner’s Office (ICO) if required.

Service Improvement:

  1. –   To monitor website usage and improve functionality.
  2. –   To evaluate and improve our healthcare services.

 Marketing:

–   To send newsletters, updates, or promotions to existing and former customers.

You can withdraw consent at any time by updating your marketing preferences, contacting us, or using the ‘unsubscribe link’ or ‘STOP’ number in the text messaging.

5. Legal Basis for Processing

Under UK GDPR, our lawful bases include:

  1. Article 6(1)(b): Processing is necessary for performance of a contract (e.g., providing your medicines review).
  2. Article 6(1)(c): Processing is necessary for legal obligations (e.g., professional record-keeping).
  3. Article 6(1)(f): Processing is in our legitimate interests (e.g., ensuring site security).
  4. Article 9(2)(h): Processing of health data is necessary for the provision of health or social care.

6. Medical Qestionnaires & Consent

 

All clinical questionnaires include a mandatory confirmation statement:

“I confirm that the information I have provided is accurate and complete and may be used by the pharmacy team to assess the suitability and safe supply of medicines.”

These questionnaires are reviewed only by our authorised pharmacy and clinical team.

6. Sharing Your Information

We only share your information when necessary and lawful:

  1. Healthcare Partners: With your consent, we may share details with your GP, hospital, or other healthcare providers.
  2. Third-Party Processors: We use trusted providers such as Semble (secure health record management) and Stripe (payments).
  3. Legal & Regulatory Authorities: If required by law or regulation (e.g., GPhC, ICO, HMRC, Our Banking Society).
  4. Technical Support Providers: For hosting, IT support, and analytics.

We do not sell or rent your personal data to third parties for marketing purposes.

7. International Transfers

If we transfer your data outside the UK or European Economic Area (EEA), we ensure that adequate safeguards are in place, such as:

  1. Adequacy decisions approved by the UK Government.
  2. Standard Contractual Clauses (SCCs) where adequacy is not available.

8. Data Retention

We retain personal data only as long as necessary:

  1. Clinical records: 8 years (or until age 25 for minors), in line with UK health record standards.
  2. Financial records: 6 years, for tax compliance.
  3. Website analytics: Typically 12–24 months.
  4. Once retention periods expire, data is securely deleted or anonymised.

9. Security of Your Data

We use robust measures to protect your data, including:

  1. Encrypted storage and transmission.
  2. Restricted access to clinical staff only.
  3. Regular security audits of IT systems.
  4. Secure third-party hosting in the UK/EU.

10. Cookies and Tracking Technologies

We use cookies to:

  1.  Enable website functionality.
  2. Improve user experience.
  3. Analyse website performance.
  4. Deliver marketing campaigns.

You can control cookies via your browser. For details, see our Cookies Policy. 

11. Your Rights

You have the following rights under UK GDPR:

  1. Right to access: Request copies of your personal data.
  2. Right to rectification: Request corrections to inaccurate data.
  3. Right to erasure: Request deletion of data (subject to healthcare record obligations).
  4. Right to restrict processing: Limit how your data is used.
  5. Right to object: To processing based on legitimate interests.
  6. Right to portability: Request transfer of your data to another provider.
  7. Right to withdraw consent: At any time for marketing communications.

To exercise your rights, contact us using the details provided at the end of the policy.

12. Complaints

If you have concerns about how your data is used, please contact us first through our Complaints policy.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

13. Children’s Privacy

Our services are generally for adults aged 18 or over. Where services are provided to children, appropriate consent and safeguarding measures apply.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in law or our practices. Updates will be posted on this page, and significant changes will be communicated directly to you. 

15. Contact Us

For questions, concerns, or to exercise your data rights, please contact:

The Department of Health recommends minimum retention periods for health records. The Organisation will follow these at all times.

This policy was published September 2025 and was last reviewed September 2025.

Cart (0 items)
Cart (0 items)