Privacy Policy

Longeva Wellness is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under UK data protection law.

1. What personal data we collect

General personal data

      Full name, date of birth, and contact details (telephone number, email address, postal address)

      Appointment booking details , service type, date, time, and booking reference

      Payment information , processed securely by our payment provider; we do not store full card details on our systems

      Communications you send us by email, telephone, online form, or social media

      Website usage data including IP address, browser type, device type, and pages visited (via cookies , see our Cookie Policy)

 

Special category (health) data

Because we provide clinical and healthcare services, we process special category data as defined by Article 9 of the UK GDPR. This includes:

      Medical history, current medications, allergies, and contraindications

      Clinical consultation notes and treatment records

      Vaccination records and travel health assessments

      Weight, BMI, and health conditions relevant to your treatment

      Sexual health information where relevant to the services you access

      Information provided in pre-appointment intake forms and questionnaires

2. How we collect your data

      Directly from you when you book an appointment, complete an intake form, or contact us

      During your clinical consultation and treatment

      Through our website via cookies and analytics tools

      From third-party booking platforms where you have booked via a partner service

3. Why we use your data and our legal basis

We must have a lawful basis to process your personal data under UK GDPR. For special category health data, we must also satisfy an additional condition under Article 9.

 

Purpose

Article 6 basis

Article 9 condition

Providing clinical treatment

Contract (6(1)(b))

Health/social care (9(2)(h))

Maintaining clinical records

Legal obligation (6(1)(c))

Health/social care (9(2)(h))

Appointment management

Contract (6(1)(b))

N/A

Processing payments

Contract (6(1)(b))

N/A

Responding to enquiries

Legitimate interests (6(1)(f))

N/A

Marketing (with consent)

Consent (6(1)(a))

N/A

Regulatory compliance

Legal obligation (6(1)(c))

Health/social care (9(2)(h))

Safeguarding and patient safety

Vital interests / Legal obligation

Vital interests (9(2)(c))

 

4. How long we keep your data

Data type

Retention period

Clinical records , adults

8 years from last treatment

Clinical records , children

Until age 25, or 8 years if longer

Appointment and booking data

3 years from appointment date

Payment records

7 years (HMRC requirement)

Marketing consent records

Until consent withdrawn + 1 year

Website enquiry data

2 years from enquiry date

 

5. Who we share your data with

We do not sell your personal data. We may share it with:

      Prescribing partners , where a prescription is required, your clinical information will be shared with the prescribing clinician

      Laboratory services , where samples are sent for testing (e.g. STI screening, blood tests)

      Our booking system provider (Sesami) , appointment details only

      Our payment processor , payment data only, processed under PCI-DSS standards

      Our email marketing platform (Mailchimp / Klaviyo) , name and email where consent has been given

      Google Analytics , anonymised website usage data

      Regulatory bodies , the GPhC, ICO, or other regulators where legally required

      Law enforcement or emergency services , where there is an immediate risk to life or a legal duty to disclose

6. Your rights under UK GDPR

      Right to be informed , to know how your data is used (this policy fulfils that obligation)

      Right of access , to request a copy of the data we hold about you

      Right to rectification , to correct inaccurate or incomplete data

      Right to erasure , to request deletion of your data (note: clinical records may be retained for regulatory reasons)

      Right to restrict processing , to ask us to pause processing in certain circumstances

      Right to data portability , to receive your data in a portable format in certain circumstances

      Right to object , to object to processing based on legitimate interests, or to direct marketing at any time

      Right to withdraw consent , where processing is based on your consent, you may withdraw it at any time without affecting previous processing

 

To exercise any of these rights, contact us at hello@longevaclinic.co.uk. We will respond within one calendar month.

7. Data security

We use appropriate technical and organisational measures to protect your personal data, including encrypted data transmission (SSL/TLS), secure access controls, and data processing agreements with all third-party providers. In the event of a data breach likely to affect your rights and freedoms, we will notify the ICO within 72 hours and inform you without undue delay.

8. Transfers outside the UK

Some third-party providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place , such as UK International Data Transfer Agreements (IDTAs) or adequacy regulations , to protect your data to the same standard required under UK GDPR.

9. Changes to this policy

We may update this policy from time to time. The current version will always be available on our website. We will notify you of material changes by email where we hold your contact details. This policy was last updated March 2026.