Privacy Policy

1. Introduction

Clinic Naturae is committed to protecting your privacy and handling your personal data securely and lawfully. This Privacy Policy describes how we collect, use, protect, process, and share your personal data when you book appointments with us, use our website, or communicate with us throughout your treatment.

This Privacy Policy does not provide exhaustive detail, but we are happy to provide additional information or clarification upon request. Any requests should be sent to through our contact form.

2. Identity of the Data Controller

The data controller responsible for processing your personal data is:

Clinic Naturae Limited, a company registered in England and Wales (Company No: 5422779).

We are registered with the Information Commissioner’s Office (ICO) under registration number ZB295578.

3. Legal Basis for Processing Your Data

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we must have a lawful basis to process your personal data. The legal bases we rely on are:

3.1. Contractual Obligation

We process personal data when it is necessary to fulfil a contract with you, including:

  • Booking and managing your appointments.
  • Providing health-related services and consultations.
  • Processing payments for services and prescribed products.
  • Communicating with you about your treatment, including follow-ups and reminders.

3.2. Legitimate Interests

We process your personal data to pursue legitimate business interests, including:

  • Maintaining secure and efficient clinic operations.
  • Keeping anonymised case records for professional training, supervision, or internal research.
  • Sending appointment confirmations and relevant service updates.
  • Ensuring compliance with professional and regulatory requirements.

3.3. Vital Interests

If we believe there is a serious risk to your health or safety, we may process your data to protect your vital interests, such as:

  • Contacting your GP or emergency services in cases where urgent intervention is required.

3.4. Legal Obligation

We may process and retain your data to comply with legal or regulatory requirements, such as:

  • Keeping medical records for the required retention period as outlined by professional regulatory bodies.
  • Responding to lawful requests from authorities (e.g., courts, police, or regulatory bodies).

3.5. Consent (Where Required)

Where we do not have another lawful basis, we will ask for your explicit consent before processing your data. This applies to:

  • Sending you marketing emails or newsletters.
  • Sharing case histories for publication in professional journals or training materials (always anonymised).
  • Collecting special category data beyond what is necessary for your treatment.

You can withdraw consent at any time by emailing us at [insert email].

4. Collection of Data

We collect personal data in the following ways:

  • When you book appointments via our website, phone, or in person.
  • When you complete forms (e.g., client intake forms).
  • When you communicate with us via email, phone, or text.
  • When you interact with embedded media, maps, or social commerce features on our website.

4.1. Types of Data Collected

The data we collect may include:

  • Identification Information: Name, date of birth, address.
  • Contact Information: Email, phone number.
  • Medical Information: Health history, doctor details, treatment notes, medical red flags.
  • Emergency Contact Information: Next of kin.
  • Browsing Data: IP address, browser type, device type (if using our website).

5. Cookies, Tracking, and Third-Party Integrations

We use cookies and similar tracking technologies to improve your experience on our website. Some cookies are essential for website functionality, while others help us understand website usage.

5.1. Third-Party Integrations and Their Data Use

Our website includes the following third-party services that may collect data about you:

YouTube Video Embeds

We embed YouTube videos on our website. If you watch a YouTube video, Google may collect your data, including your IP address and viewing behaviour. You can review Google’s privacy policy here: Google Privacy Policy.

Google Maps

We use Google Maps for location services. When you view our embedded Google Map, Google may collect data about your location and browsing activity. You can manage your Google privacy settings here: Google Privacy Controls.

Facebook for WooCommerce Plugin

We use Facebook for WooCommerce to sync products and enable social commerce features, including ads. This means Facebook may track interactions with our online shop and advertisements. You can review Facebook’s data policies here: Meta Privacy Policy.

TikTok for WooCommerce Plugin

We use TikTok WooCommerce Integration to sync our product catalogue and enable targeted ads. This may install a TikTok Pixel, which tracks user interactions for advertising purposes. Learn more about TikTok’s data use here: TikTok Privacy Policy.

5.2. Your Cookie Preferences

You can manage your cookie preferences at any time using our cookie banner or by visiting our Cookie Policy at:

Clinic Naturae Cookie Policy

By continuing to use our website, you agree to our use of necessary cookies. You can opt out of non-essential cookies via our cookie banner.

6. How We Share Your Data

We only share your personal data when necessary and in accordance with UK GDPR.

  • With our booking and payment systems (to manage appointments and transactions).
  • With healthcare professionals (only with your explicit consent or in emergencies).
  • With regulatory bodies (if required by law).
  • With third-party service providers (Facebook, TikTok, and Google Maps for online commerce and advertising).

We will never sell your personal data to third parties.

7. Data Retention Policy

We retain personal data for as long as necessary, in line with professional and legal requirements.

  • Medical records are retained for a minimum of 8 years after the last consultation, or until age 25 for minors, in line with medical record-keeping regulations.
  • We retain customer records, including transaction details, for 6 years plus the current tax year, in accordance with UK tax laws.
  • You have the right to request access, correction, or deletion of your data as per our Privacy Policy, subject to legal retention obligations.

8. Marketing Communications

We only send marketing emails if you have given explicit consent.

  • You can opt out at any time using the unsubscribe link in emails or by emailing [insert email].
  • We do not send marketing messages without prior consent.

9. Your Rights Under UK GDPR

You have the right to:

  • Access your data
  • Request corrections
  • Request deletion (subject to legal obligations)
  • Restrict processing
  • Withdraw consent for marketing

To exercise these rights, contact us through our contact form.

10. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in regulations or business practices. Updates will be posted on our website with a revised date.

Last Updated: 16th February 2025