Privacy Policy

This Privacy & Confidentiality Policy explains how Lumi Health  Ltd ("we", "us" or "our") collects, uses and protects your personal data when you use our website, contact us, or receive services from us. It explains your rights and how the law protects you, and should be read alongside our Website Terms & Conditions.

For the purposes of UK data protection law, the data controller is:
Lumi Health  Ltd
Company registered address:  1-3 Manor Road, Chatham, Kent, England, ME4 6AE
Email: enquiries@lumihealthclinic.co.uk

Keeping your information accurate

It is important that the personal data we hold about you is accurate and up to date. Please let us know if your details change during your relationship with us by contacting us at the email address above.

What personal data we collect

We may collect identity and contact details, health and clinical information (special category data), appointment and billing information, communications with us, and basic website usage data. We only collect what is necessary to provide safe, effective care and operate our services.

How we collect your data

We collect data when you contact us, book or receive services, sign up for communications, or use our website.

How we use your data

We use your data to provide care, manage appointments and payments, communicate with you, meet legal and regulatory obligations, improve services, and send marketing where you have opted in.

Legal basis for processing

We rely on contract, legal obligation, legitimate interests and consent as lawful bases. Health data is processed for healthcare provision and management, and in some cases with explicit consent.

Marketing communications

We only send marketing emails to people who have opted in. You can unsubscribe at any time and we do not share your details for third‑party marketing.

Sharing your information

We may share data with healthcare professionals involved in your care, laboratories, your GP with consent, service providers, advisers and regulators. We only share what is necessary and require confidentiality from all third parties.

International transfers

Where data is processed outside the UK or EEA, we ensure appropriate safeguards are in place.

How long we keep your data

We keep data only as long as necessary to provide care and meet legal and professional requirements, in line with healthcare sector guidance.

Security and confidentiality

We use appropriate technical and organisational measures to protect your data. All staff are bound by confidentiality obligations.

Online consultations and digital services

We use secure systems for online services and only record consultations where necessary and with your consent.

Data breaches

We have procedures to manage data breaches and will notify you and the ICO where required.

Your legal rights

You have rights to access, correct, delete or restrict processing of your data, and to withdraw consent. You may complain to the ICO if needed.

Third‑party links

We are not responsible for the privacy practices of third‑party websites linked from our site.

Changes to this policy

We may update this policy from time to time and publish changes on our website.