Privacy Policy

MB Global Health Limited trading as Medbelle, a company registered in England and Wales with company registration number 10209411 with its registered office is Rookery Court, 80 Ruckholt Road, London, England, E10 5FA (‘Medbelle UK’).

MB Global Health GmbH (registration number: HRB 177305) with its business address at Planufer 93A, 10967 Berlin, Germany (‘Medbelle Global’).

Last Updated: March 2025

Key points

• Medbelle is made up of different legal entities. Medbelle UK is owned by Medbelle Global and we provide our services to you for and on behalf of Medbelle Global.
• This privacy policy is issued on behalf of the Medbelle group so when we say "Medbelle”, "we", "us" or "our" in this privacy policy, we are referring to the relevant Medbelle entity in the Medbelle Group responsible for processing your data.
• For the purposes of the UK and European privacy laws Medbelle Global is the controller and is responsible for our website, and Medbelle UK is the data processor and processes your personal data in its capacity as agent for an on behalf of Medbelle Global.
• Why we use your personal data: There are two reasons we would process and store personal information from you (including special categories of personal data such as your health data)
  • You have contacted us to help you: In this case, we process and store personal information from you to provide safe and effective service to you. This includes providing the right information and safe care and treatment to you.
  • You are a patient of a healthcare provider that uses Medbelle software: In this case, we process and store personal information from you to assist your healthcare provider in the coordination of your care, as well as to provide your healthcare provider with safe and secure storage for your patient record.
• Who else has access to your personal data: In order to provide you and your healthcare provider with the information, care and treatment you need, we may share your personal information with third parties, such as our surgeon consultants and partner hospitals, as well as needed third-party service providers. However, we will only do this to the extent laid out in this privacy policy.
  Security of your personal data: We respect the security of your data to the utmost and treat it in accordance with the law.
• Transferring your data internationally: While handling and storing your data, we may need to transfer this data outside of the EU. In such cases, we will always ensure that the appropriate compliance mechanisms and safeguards are in place.

What is the purpose of this privacy statement?

1. In accordance with the data protection legislation, we explain to our patients why we collect information about you, how we intend to use the information collected, how we will share this information with anyone else, and who is in control of the information that is collected and used.
2. This statement applies to all of our prospective, current and former patients, newsletter subscribers, other customers, as well as (to the limited extent that we process data of them) to website users.
3. We take the privacy of all our customers and website users very seriously. Therefore, it is important that you read this statement so that you know how and why we need to collect and use your personal information. In addition, you must inform us of any changes to your personal information (such as your contact details) we hold about you so that the information which we hold is accurate and current.

Who are we?

1. We are:
   
   - Medbelle UK: MB Global Health Limited (trading as and from now on referred to as ‘Medbelle’), a company registered in England and Wales under registration number 10209411 with our registered office at 80 Ruckholt Road, London, E10 5FA; and
   - Medbelle Global: MB Global Health GmbH (registration number: HRB 177305) with its business address at Planufer 93A, 10967 Berlin, Germany.
   
2. In respect of the information we may hold about you, we may take one of two different roles, depending on which case applies to you:
   
   • You have contacted us directly or indirectly to help you: In this case, Medbelle Global is a "data controller" in respect of the information we hold about you. This means that we are responsible for deciding how we collect and use that personal information about you in order to provide you with the services you requested from us.
   • You are a patient of a healthcare provider that works with Medbelle: In this case, In this case, your healthcare provider, as a "data controller", has entered an agreement with Medbelle to be a "data processor" in respect of the information we hold about you. This means that we can only process the information about in a way your healthcare provider has agreed to, as they remain responsible for deciding how they collect and use that personal information about you.

Our data protection officer

1. Our Data Protection Officer is responsible for overseeing what we do with your information and monitoring our compliance with data protection laws.
2. If you have any concerns or questions about our use of your personal information, you can contact our Data Protection Officer by writing to dataprotectionofficer@medbelle.com.

Types of personal information we use

1. We may ask and store the following information based on your needs, our process, or on medical grounds:
   • personal details and medical relevant details (such as name, date of birth, gender, height, and weight);
   • contact details (such as your address, personal telephone number, and personal email address);
   • information about your family and friends (such as dependants, next of kin and emergency contact numbers);
   • information about your care preferences and medical history (such as which treatment you seek, former treatments, former and current health conditions, selection criteria for the best care providers, etc.));
   • Photographic or medical images of the body area being treated, or medical records (such as face or breast for cosmetic surgery, or such as x-rays, ultrasound images, CT scans, relevant medical reports or clinic letters );
   • information about external healthcare providers (such as your GP and practice details);
   • information you provide in discussions with our advisor or in consultation or therapy sessions with our medical professionals (such as concerns discussed and any decisions made); and
   • information about how you interact with us on our website and the phone (such as your preferred times of calls, your IP address, the dates, times and frequency with which you access our services, your behaviour on our website, call logs and (where lawful and appropriate) call recordings)
2. We ask that you do not provide us with an email address that you share with others as this may compromise your confidentiality.
3. Some of the information which we collect about you may be “special categories of personal data”. Special categories of data require a greater level of protection. Depending on the service you access through us or seek from us, we may need this information, or you share this information in order to ensure the best and fitting service and care. For example, You may share that you want to be only treated by a female doctor due to religious beliefs. Or, due to your skin colour, laser-based procedures need special care. The special categories of personal data about you which we may collect include:
   
   • information about your racial or ethnic origin;
   • information about your religious beliefs;
   • information about your sex life and sexual orientation;
   • healthcare information, including:
   • • any disabilities or special requirements which you may have;
     • medical records such as medication requirements, allergies, and health conditions;
     • your medical history, including information around previous health issues, any medical care you have received, including operations and medications and previous hospital visits;
     • other records such as risk assessments, care plans and records of the care we provide to you; and
     • details of your support and care needs.

Source of your personal information

1. Depending on the service you seek: We only collect the above-mentioned information that you give us access to, too. We do not interact with any third party without your consent, i.e. you told us to ask this person or provider, or you told this person to contact us. The above information we may collect during contact from:
   • you share them directly via any direct access to our healthcare services (in person, on our website, on the phone, text messages and via email);
   • your friends and relatives, which support you, who provide us with information about you on your behalf;
   • anyone who has the authority to act on your behalf such as a power of attorney or deputy;
   • your GP on your behalf;
   • other healthcare professionals and officers in the local authority, social services department and emergency services; and
   • any other (current and/or previous) healthcare and care providers.
2. We may also receive your personal data (particularly contact data and treatment preferences) from other third-party providers. Specifically, you might choose to enter your details on third-party comparison websites, who then securely forward this information to us (with your consent) to provide you with advice and prices. In this case, please also refer to the relevant privacy policies of the relevant third-party provider. Currently, these providers are Marketing VF Ltd. (‘ClinicCompare’, privacy policy link), Global Medical Treatment Ltd. (‘WhatClinic’, privacy policy link), and LaingBuisson International Ltd. (‘PrivateHealth’, privacy policy link).
3. We may also monitor your use of this website through the use of cookies and similar tracking devices. For example, we may monitor how many times you visit, which pages you go to, your behaviour on these pages, traffic data, location data, your browser, and the originating domain name of a user's internet service provider. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. Our use of cookies is based on your consent. Please see further the section on 'Use of cookies below.

How and why we use your personal information

1. We use the types of personal information listed above for several purposes, each of which has a lawful basis. In accordance with the data protection laws, we need a lawful basis for collecting and using information about you. There are a variety of different lawful bases for using personal information, which are set out in the data protection laws.
2. We have set out below the different purposes for which we collect and use your personal information, along with the lawful bases we rely on to do so.

To keep and maintain an accurate record of your medical history:

Also, to help inform decisions that our partner surgeons make about your care, including diagnosis, decisions around medical intervention and prescriptions, and to plan your care and treatment.

You are a Medbelle patient:

Legal obligations: It is necessary to meet legal/regulatory obligations.**

Health: It is necessary for the purposes of medical diagnosis and the provision of health or social care or treatment.*

To provide you with safe and effective care and treatment:

To provide you with safe, appropriate, and personalised care and treatment as one of our service users and ensure that we meet your individual requirements. This will include us using your personal information for the following reasons:

• delivering the healthcare and personal care, you require;
• determining your capacity for decision-making;
• meeting your dietary requirements; and
• reviewing the care provided to ensure it is meeting your needs.

Legal obligations: It is necessary to meet legal/regulatory obligations.**

Health: It is necessary for the purposes of medical diagnosis and the provision of health or social care or treatment.*

To administrate and administer services to you:

This includes analysis in order to match your treatment requirements with one or more surgeon consultant/s, as well as arranging initial consultations and contact with our surgeon consultant/s.

Legal obligations: It is necessary to meet legal/regulatory obligations.**

Health: It is necessary for the purposes of medical diagnosis and the provision of health or social care or treatment.*

To work effectively with other organisations who may be involved in your care:

To send information regarding your health to others, such as our surgeon consultants, our partner hospitals, your GP, and other healthcare and/or social care providers for continuity of care and to ensure that your needs are being met appropriately.

Legal obligations: It is necessary to meet legal/regulatory obligations.**

Health: It is necessary for the purposes of medical diagnosis and the provision of health or social care or treatment.*

To deliver the service you seek to access:

We may offer information and/or updates and/or offers you can receive. In order to deliver information or updates to you, we store your personal / health / other information as far as they are relevant to ensure the correct information/update/offer is delivered to you. We also store your email address to deliver this information/update/offer to you.

Consent: By subscribing to our service in general or specific services on our website, you provide your explicit consent on receiving information/updates/offers through email.

To communicate with you:

We will use your personal information to contact you/anyone who has the authority to act on your behalf regarding your inquiry, health, care, treatment, and/or appointments. If you provide us with your phone number, we will call you in the context of your inquiry unless you ask us not to. If you provide us with your email address, we will communicate with you by email unless you ask us not to. If you provide us with your mobile telephone number, we will send you appointment reminders unless you ask us not to.

Legal obligations: It is necessary to meet legal/regulatory obligations.**

Health: It is necessary for the purposes of medical diagnosis and the provision of health or social care or treatment.*

To provide order fulfilment and billing:

We will use your personal information to fulfil any orders you place with us and provide billing for them.

Legal obligations: It is necessary to meet legal/regulatory obligations.

To improve our services:

You may choose to complete our Survey Programme or contact our Patient Care Advisory Team to help us to improve the services we provide to you and others.

Consent: We will only use your information in this way if you have provided your explicit consent for us to do so.

To improve our website:

We use cookies and other similar technology to conduct statistical and behavioural analysis on our website to improve our website and our communication with you. Please refer to the section ‘use of cookies below for details.

Consent: We will only use your information in this way if you have provided your explicit consent for us to do so.

To investigate concerns or complaints:

To ensure that any concerns or complaints about your healthcare are appropriately investigated and responded to.

Legal obligations: It is necessary to meet legal/regulatory obligations.**

Health: It is necessary for the purposes of medical diagnosis and the provision of health or social care or treatment.*

For fraud prevention and detection:

To protect us, our patients, our partners and the public from fraudulent activities.

Legal obligations: It is necessary to meet legal/regulatory obligations.**

Health: It is necessary for the purposes of medical diagnosis and the provision of health or social care or treatment.*

For safeguarding and regulation:

We use your personal data for safeguarding and regulation of care.

Legal obligations: It is necessary to meet legal/regulatory obligations.**

Health: It is necessary for the purposes of medical diagnosis and the provision of health or social care or treatment.*

To collect data about public health matters:

To protect against serious cross-border threats to health or ensuring high standards of quality and safety of health care, medical products or devices.

Legal obligations: It is necessary to meet legal/regulatory obligations.**

Health: It is necessary for the purposes of medical diagnosis and the provision of health or social care or treatment.*

* This is an additional lawful basis which we need to rely on to use special categories of data such as information about your health.

** If you are not a Medbelle patient (i.e. you are the patient of a healthcare provider that uses Medbelle software to assist his practice), Medbelle may process your personal data on your healthcare provider's behalf. Your healthcare provider will have ensured an appropriate level of your consent or an alternative lawful basis as per Art. 6 GDPR to allow Medbelle to process the Personal Data, including Data Concerning Health.

What may happen if you do not provide your personal information?

Please understand that we request this information to provide the best and safest service to you. We will refuse any service to you if we can not ensure a safe service for you because you refuse to provide certain information when requested. If you do provide incorrect or incomplete information, we can not be held liable for damages from the treatment.

Complying with data protection law

1. We comply with data protection law. At the heart of data protection laws are the "data protection principles", which say that the personal information we hold about you must be:
   • used lawfully, fairly and in a transparent way;
   • collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
   • relevant to the purposes we have told you about and limited only to those purposes;
   • accurate and kept up to date;
   • kept only as long as necessary for the purposes we have told you about; and
   • kept securely.

Sharing your information

1. We may need to share your personal information with third parties (like with our medical consultant), or within the Medbelle group. We ensure that we have a lawful basis for doing so.
2. Some "third parties” are service providers (including contractors and designated agents) carrying out activities on our behalf. Other third parties will be data controllers in their own right. This means that they are not required to act on our instructions, and they are solely responsible for ensuring that they comply with the law when using your personal information. We are not responsible for their use of your data if we are acting lawfully whenever we share your data with them.
3. The types of third parties with whom we share your personal data are as follows:
   • Other companies within our group: as part of our daily operations, they all follow our data protection rules;
   • Third parties authorised by you: You, your friends, family and others: including anyone who has the authority to act on your behalf such as a power of attorney or deputy, where appropriate to do so for the provision of your health or social care, in the vital interests of you or others (or with your consent where applicable);
   • Other healthcare providers and multi-disciplinary teams: for direct care purposes, we will share information about you with other healthcare providers such as our surgeon consultants, our partner hospitals, your GP, hospital staff, emergency services etc.;
   • ** Regulators/safeguarding authorities/commissioners:** we share your personal data with these public bodies where we are required to do so by law or a regulatory obligation;
   • The Police and other law enforcement agencies: in limited circumstances, we may share your personal data with the police if required for the purposes of criminal investigations and law enforcement;
   • Service providers: such as external IT providers, systems maintenance providers, language and sign language interpretation/translation and telephone call recording for monitoring purposes;
   • Professional advisors: such as lawyers, in the exercise or defence of legal claims;

Data of children

Children have special rights when it comes to privacy and consent. We only gather personal information from website users and patients who are under the age of 16 with the explicit and written consent of their parents. If you are under 16, please contact us via under16@medbelle.com about our parental consent form (without submitting any personal information yet).

Before submitting the signed form from your parents, you are not permitted to submit any personal information to us. If we learn that a child under 16 submits personal information to Medbelle without parental consent, we will aim to delete the information as soon as possible. If you believe that we might have any personal information from a child under 16 without parental consent, please contact us swiftly at under16@medbelle.com.

Information about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:

• Enter into contractual preparations (including the processing of his or her personal data) on his/her behalf
• Receive on his/her behalf any data protection notices
• Potentially enter into a contractual obligation on his/her behalf (in case you choose to book a free consultation on his/her behalf)

Monitoring

We may monitor and record communications with you, such as telephone conversations and emails, for the purpose of quality assurance, training, fraud prevention and compliance.

Use of cookies

1. A cookie is a small text file placed on your computer (or another electronic device) when you access our website. We use cookies and other online tracking devices such as action tags, Local Shared Objects, single-pixel gifs on this website to:
   • recognise you whenever you visit this website (this speeds up your access to the site as you do not have to log in each time)
   • obtain information about your preferences, online movements and use of the internet
   • carry out research and statistical analysis to help improve our content, products, and services and to help us better understand our visitor/customer requirements and interests
   • target our marketing and advertising campaigns and those of our partners more effectively by providing interest-based advertisements that are personalised to your interests
   • make your online experience more efficient and enjoyable
2. The information we obtain from our use of cookies will not usually contain your personal data. For example, although we may obtain information about your computer or other electronic devices such as your IP address, browser, and/or other internet log information, this will not usually identify you personally. In certain circumstances, we may collect personal information about you – but only where you voluntarily provide it (e.g. by completing an online form) or where you purchase goods or services from us.
3. In most cases, we will need your active consent to use cookies on this website. The exception is where the cookie is essential for us to provide you with a service you have requested (e.g. to enable you to put items in your shopping basket and use our check-out process).
4. There is a notice on our home page that describes how we use cookies and links to this policy. If you use this website after this notification has been displayed to you, we will assume that you consent to our use of cookies for the purposes described in this Privacy Policy (‘Active Consent’).

Third-party cookies

1. We work with third-party suppliers who may also set cookies on our website, for example, e.g. Facebook, Bing, Pinterest, and Google.
2. We use these Cookies to analyse user activity in order to improve our Website. For example, using Cookies, we can look at aggregate patterns like the average number of pages that users visit. We can use such analysis to gain insights into how
3. The third-party suppliers are responsible for the cookies they set on our site. If you want further information, please go to the website for the relevant third party. You will find additional information in the table below.
4. The table below is designed to provide more information about the third-party cookies we use and why:

Cookies and their Purpose

Google Analytics

This is a web analytics service provided by Google, Inc, which uses cookies to show us how visitors found and explored our site and how we can enhance their experience. In addition, it provides us with information about the behaviour of our visitors (e.g. how long they stayed on the site, the average number of pages viewed) and also tells us how many visitors we have had.)

If you want to object to Google Analytics tracking you, you can use this browser extension provided by Google. You can also find out more about how Google handles your data by its privacy policy or by visiting their relevant support page.

Optimizely

Optimizely offers a range of website analytics services for A/B and multivariate testing purposes. In addition, we use Optimizely as a way to better understand how our website is being used.

If you want to object to Optimizely tracking you, you can find instructions for how to do so under this link. You can also find out more about how Optimizely handles your data by reading their privacy policy.

Mixpanel

Mixpanel offers a range of website analytics services. We use Mixpanel as a way to better understand how our website is being used. If you want to object to Mixpanel tracking you, you can do so under this link.

Bing

Bing allows us to build lists of users who have searched for certain terms and clicked on results using their search engines so that we can target our advertising more effectively. You can opt out of their tracking under this link.

Google Doubleclick

Google Doubleclick provides us to track the effectiveness of different advertising campaigns that are delivered to different audiences and target the advertising we do on third-party websites more effectively. If you want to learn more about this or opt out of it, you can visit this link.

Facebook

This cookie allows us to target the advertising we do on Facebook more effectively by matching data we hold with that held by Facebook. You can manage your preferences or opt-out of it using this link.

Pinterest

This cookie allows us to target the advertising we do on Pinterest more effectively by matching data we hold with that held by Pinterest. You can learn more about how that works and how you can opt out of it by reading Pinterest’s privacy policy under this link.

Google Adwords

This cookie facilitates post-visit messaging to drive return visits. If you want to learn more about this or opt out of it, you can visit this link.

Logrocket

We use LogRocket in order to better understand our users’ needs and to optimize this service and experience. LogRocket is a technology service that helps us better understand our users' experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.), and this enables us to build and maintain our service with user feedback. LogRocket uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular device's IP address (captured and stored only in anonymised form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). If you want to learn more about this, you can visit this link. You can opt out of LogRocket tracking by emailing support@logrocket.com.

1. If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. However, if you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them, please go to: allaboutcookies.org.

Transferring information outside the EEA

1. We will transfer the personal information we collect about you to the following countries outside the UK and the EU in order to perform our contract with you:
   1. United States
2. We have put in place the following appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection:
3. The third-party organisations based in the US are each subject to the US/EU Privacy Framework. This means that both organisations are part of a scheme that is designed to protect your personal information. As a result, we are not required to obtain specific authorisation to transfer your information to the US.
4. If you require further information about these protective measures, you can request it from the Data Protection Officer via dataprotectionofficer@medbelle.com.

Can we use your information for any other purpose?

1. We typically will only use your personal information for the purposes for which we collect it. However, it is possible that we will use your information for other purposes as long as those other purposes are compatible with those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.
2. We may also use your personal information for other purposes where such use is required or permitted by law.

Storing your information and deleting it

1. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are available in our retention policy which is available from our Data Protection Officer by writing to dataprotectionofficer@medbelle.com.
2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
3. In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Security of your information

1. The information that you provide will be stored securely on our systems. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those authorised to access it.
2. We have put in place appropriate technical and organisational procedures to deal with any suspected personal data breach. We will notify you and any applicable regulator of a breach where we are legally required to do so.

Your rights

1. Under certain circumstances, by law, you have the right to:
   • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
   • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
   • Request erasure of your personal information in certain circumstances. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
   • Object to processing of your personal information if we are relying on a legitimate interest (or those of a third party) or public interest/official authority as our lawful basis for processing, and there is something about your particular situation which leads you to object to processing on this ground. You also have the right to object if we are processing your personal information for direct marketing purposes.
   • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
   • Request the transfer of your personal information to another party in certain circumstances. This right is only available where we are processing your information with your consent, and the processing is automated.
2. If you want to review, verify, correct, or request erasure of your personal information, object to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us. To ensure swift processing, we set up a dedicated email address that we ask you to write to datarequest@medbelle.com.

Right to withdraw consent

1. In the limited circumstances where we are relying on your consent as our lawful basis to process your data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer in writing to dataprotectionofficer@medbelle.com.
2. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to unless we have another legitimate basis for doing so in law.

Finance partners and automated decision making

In the context of booking your treatment, we might offer you the option to check your eligibility for a loan from Chrysalis Finance Ltd. ('Chrysalis').

Chrysalis

1. In order to complete this 'soft check', Chrysalis may make confidential inquiries at credit reference agencies. You'll be able to see the inquiry on your file, but it won't show up to any other organisations, which means that there is no impact on your credit rating.
2. This soft check will return a personalised result based on your credit record. You will only be able to apply for a loan as a payment option if your result is sufficiently positive.
3. Chrysalis Finance will use the information that you provide to process your application. This will include searching records relating to you at credit reference agencies (known as “CRAs”). Note that Chrysalis and CRAs will link your records together. Chrysalis has a privacy notice which explains in further detail how and why they use your personal information, including how that information is shared with CRAs and fraud prevention agencies. The notice also explains your rights in relation to your personal information. The privacy notice can be found at https://www.chrysalisfinance.com/gdpr/ssps.html. You can also request a paper copy by calling Chrysalis’s Data Protection Officer on 0333 32 32 230. In addition, the privacy notice contains a link to the CRA’s Information Notice (known as a C-R-A-I-N) which is also published online by CRAs or is available on request. By confirming that you are happy to proceed when going through a soft check with us, you understand that Chrysalis may use your information and that of any joint applicant in accordance with the linked privacy notice.

Email subscription services

If you subscribe to any of our email subscription services, we may record and use:

• Personal data (like your name and email address) needed to fulfill this service.
• Personal data to individualise the information (like location, preferred care provider, NHS service received, time on the waitlist, etc.)
• Medical data (like kind of injury to be treated or kind of treatment sought, time and severeness of the condition/pain, etc.) to provide the correct information to you.
• Behaviour data (like time and frequency of openings, clicks, etc.)

Video consultations

We sometimes offer video consultations with our surgeon consultants. If you decide to use our video consultation, we will provide you with a tool to conduct the video chat. We will never record you or the consultant's video or audio during these consultations. However, we might collect metadata such as the start and end time of the consultation or the browser and operating system you use so that we can improve our software. To provide video chat capabilities, we use Twilio as a third-party service provider to carry out certain data processing functions on our behalf. Twilio is limited to only accessing or using this data to provide services to us and must provide reasonable assurances they will appropriately safeguard the data. Twilio provides additional information about its data practices in its privacy policy.

Right to complain to the ICO

You have the right to complain to the Information Commissioner's Office (the "ICO") if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Changes to this privacy statement

We reserve the right to update this privacy statement at any time, and we will provide you with a new privacy statement when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Terms of use and acceptable use policy

This Privacy Policy governs the ways in which we collect and use information about you through this Site. For the terms and conditions which apply to your use of this Site, please refer to our Terms of Use and our Acceptable Use Policy.