Privacy

OXYplus Privacy Policy

Data Protection & Confidentiality Policy
Last Updated: April 2024
Next Review: April 2026
Contact: info@oxyplus.co.uk

1. Introduction

1.1 OXYplus is committed to safeguarding personal and clinical information while ensuring full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.2 This policy outlines how we collect, use, and protect personal data in accordance with our legal obligations.

2. Aims and Objectives

2.1 This policy is designed to:

• Ensure the lawful, fair, and transparent processing of personal data.
• Maintain confidentiality and protect sensitive information.
• Comply with all legal and regulatory requirements governing data protection.

3. Definitions

3.1 Personal Data – Any information relating to an identifiable individual.

3.2 Special Category Data – Sensitive data, including health-related information.

3.3 Data Controller – OXYplus, responsible for determining how personal data is processed.

3.4 Data Processor – A third party processing data on behalf of OXYplus.

4. Policy Statement

4.1 OXYplus processes personal data responsibly, in line with legal and ethical standards.

4.2 We prioritise patient confidentiality, data security, and respect for individual rights.

5. Scope of the Policy

5.1 This policy applies to all employees, contractors, and third parties handling personal data on behalf of OXYplus.

6. Who We Are

6.1 OXYplus is a private clinic operated by POLLY-OX LTD (“we,” “us,” or “our”), specialising in Hyperbaric Oxygen Therapy.

6.2 Our clinic is located at: The Exchange, Front St, Benton, Newcastle upon Tyne, NE7 7XE.

6.3 OXYplus is the data controller responsible for processing personal data and is registered with the UK Information Commissioner’s Office (ICO) under registration number ZB878264.

6.4 For any privacy-related inquiries, you may contact us at:

• Email: info@oxyplus.co.uk
• Telephone: +44 (0)1917 166369

7. Collection and Use of Personal Data

7.1 When We Collect Personal Data
We collect personal data when you:

• Contact us or book an appointment.
• Visit our clinic and receive treatment.
• Interact with our website or digital services.

7.2 Types of Personal Data We Collect

• Basic Information – Name, contact details, date of birth, and address.
• Medical & Clinical Data – Health history, treatment records.
• Payment & Billing Data – If applicable for paid services.
• Website & Online Data – IP address, browsing behaviour (via cookies and analytics).

7.3 How We Use Your Data

• Providing medical treatment and services.
• Communicating appointment details and clinic updates.
• Processing payments and insurance claims.
• Improving our website and services (via Google Analytics).
• Conducting targeted advertising (via Google Ads).

7.4 Lawful Basis for Processing Data
We process your data based on:

• Performance of a contract – Providing treatment and services.
• Legal obligations – Medical record retention.
• Legitimate interest – Marketing and service improvements.
• Consent – Where required for marketing or tracking cookies.

8. Data Sharing and Transfers

8.1 Third Parties We May Share Data With
We may share your personal data with:

• Healthcare providers – If referred by another professional or as part of your treatment plan.
• Medical insurance companies – When required for policy claims.
• Regulatory authorities – If legally mandated (e.g., public health reporting).
• Analytics & advertising partners – Google Analytics, Google Ads (see Section 13).
• IT service providers – For secure data storage and website management.
• Business successors – If OXYplus is acquired or merged.

8.2 Data Transfer Safeguards
All data transfers are conducted securely, and third parties must adhere to UK GDPR and data protection laws.

9. Your Rights Under Data Protection Laws

9.1 You have the right to:

• Access – Request a copy of the personal data we hold about you.
• Rectification – Correct inaccurate or incomplete information.
• Erasure – Request data deletion, subject to legal obligations.
• Restriction – Limit how we use your data in certain cases.
• Objection – Object to processing for marketing or legitimate interests.
• Data Portability – Transfer your data to another provider.

9.2 To exercise these rights, please contact us at info@oxyplus.co.uk.

10. Complaints & ICO Contact Information

10.1 If you are dissatisfied with how we handle your data, you can:

1. Contact us directly (we aim to resolve concerns promptly).
2. File a complaint with the ICO:
   • Address: Wycliffe House, Water Lane, Wilmslow, SK9 5AF
   • Phone: +44 (0)303 123 1113
   • Website: https://ico.org.uk/concerns/

11. Data Storage & International Transfers

11.1 Secure Storage – Personal data is stored securely within the UK and EEA.

11.2 International Processing – If data is processed outside the UK/EEA, we implement Standard Contractual Clauses (SCCs) and conduct risk assessments to ensure data security.

12. Data Security Measures

12.1 We implement industry-standard measures, including:

• Encryption.
• Secure servers.
• Access controls.

12.2 Email & Internet Security – While we take precautions, email transmissions are not fully secure. Exercise caution when sharing sensitive data electronically.

13. Cookies & Digital Tracking

13.1 We use cookies to enhance functionality, personalise content, and analyse website traffic.

13.2 Managing Cookie Preferences – You can adjust your cookie settings through your browser.

13.3 For full details, refer to our Cookie Policy.

14. Third-Party Websites

14.1 Our website may contain links to third-party sites.

14.2 We are not responsible for their privacy policies. Always review their terms before providing personal data.

15. Data Retention

15.1 We retain personal data as follows:

• Medical records – 8 years (or until age 21 for minors).
• Marketing preferences – Until you opt out.
• Other records – In accordance with NHS retention schedules.

16. Policy Updates

16.1 We periodically review this policy and update it as needed.

16.2 The latest version is always available on our website.