Privacy Policy

Last Updated: 26 January 2026

Prime Care Wellness Ltd ("we", "us", "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to all personal data processed by Prime Care Wellness Ltd in connection with our website, services, and business operations. By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller Information

Prime Care Wellness Ltd is the data controller responsible for your personal data. Our contact details are:

If you have questions about this Privacy Policy or how we process your personal data, please contact us using the details above.

2. Types of Personal Data We Collect

We may collect and process the following categories of personal data:

2.1 Identity and Contact Information

• Full name
• Date of birth
• Gender
• Postal address
• Email address
• Telephone number(s)

2.2 Health Information

As a provider of holistic therapy services, we necessarily collect health-related information which constitutes "special category data" under UK GDPR. This may include:

• Medical history and current health conditions
• Current medications and supplements
• Previous surgeries or significant injuries
• Allergies and sensitivities
• Lifestyle factors affecting health (stress levels, sleep patterns, physical activity)
• Areas of pain, discomfort, or concern
• Previous experience with holistic therapies
• Treatment objectives and wellness goals
• Practitioner observations and treatment notes
• Progress assessments and outcomes

2.3 Financial Information

• Payment method preferences
• Transaction records
• Invoice and receipt information

We do not store complete credit or debit card details. Card payments are processed through secure payment processors who handle card information in accordance with Payment Card Industry Data Security Standards (PCI DSS).

2.4 Website Usage Data

• IP address
• Browser type and version
• Operating system
• Pages visited and time spent on pages
• Referring website
• Date and time of visits

Further information about cookies and similar technologies is provided in our Cookie Policy.

2.5 Communication Records

• Correspondence via email, telephone, or contact forms
• Appointment booking communications
• Feedback, complaints, or enquiries

3. How We Collect Personal Data

We collect personal data through the following methods:

3.1 Directly From You

• Consultation forms and health questionnaires completed when booking services
• Information provided during telephone or email communications
• Contact form submissions via our website
• Information shared verbally during consultations and treatment sessions
• Feedback forms and surveys
• Payment and billing processes

3.2 Automatically

• Website usage data collected through cookies and similar technologies
• Server logs recording website visits and technical information

3.3 From Third Parties

In some circumstances, we may receive information from third parties, such as:

• Medical professionals (with your explicit consent) when they refer you to our services or provide relevant medical information
• Emergency contacts if we need to reach someone on your behalf during a medical emergency

4. Legal Basis for Processing Personal Data

We process personal data only when we have a lawful basis to do so under UK GDPR. The legal bases we rely on include:

4.1 Contractual Necessity

Processing is necessary to perform our contract with you when you book and receive our services. This includes collecting contact details for appointment scheduling, health information for safe treatment delivery, and payment information for billing purposes.

4.2 Legal Obligations

We process personal data to comply with legal obligations, including:

• Health and safety legislation requiring maintenance of treatment records
• Accounting and tax obligations requiring financial record retention
• Professional liability and insurance requirements

4.3 Legitimate Interests

We process certain personal data based on legitimate interests, provided these interests are not overridden by your rights and freedoms. Legitimate interests include:

• Operating and improving our website
• Managing business operations efficiently
• Detecting and preventing fraud
• Ensuring network and information security
• Responding to enquiries and complaints

4.4 Explicit Consent

For special category health data, we rely on your explicit consent obtained through our consultation forms and treatment agreements. You have the right to withdraw this consent at any time, although this may affect our ability to provide services safely.

For marketing communications, we rely on your opt-in consent. You can withdraw consent at any time by using the unsubscribe mechanism in marketing emails or contacting us directly.

5. How We Use Personal Data

We use personal data for the following purposes:

5.1 Service Delivery

• Conducting initial consultations and health assessments
• Developing individualised treatment plans
• Delivering therapeutic services safely and effectively
• Maintaining treatment records and progress notes
• Providing aftercare advice and ongoing support
• Conducting progress reviews and treatment evaluation

5.2 Communication

• Responding to enquiries and correspondence
• Sending appointment confirmations and reminders
• Providing service-related information and updates
• Handling complaints and feedback

5.3 Business Operations

• Processing payments and issuing receipts
• Maintaining accounting records
• Managing appointment schedules
• Quality assurance and service improvement
• Professional indemnity insurance requirements
• Health and safety compliance

5.4 Legal and Regulatory Compliance

• Complying with legal and regulatory obligations
• Establishing, exercising, or defending legal claims
• Cooperating with regulatory authorities when required

5.5 Marketing (with consent)

• Sending newsletters and service updates
• Informing you about new services or special offers
• Providing wellness tips and educational content

You can opt out of marketing communications at any time.

6. Data Sharing and Disclosure

Prime Care Wellness Ltd respects the confidentiality of client information. We do not sell, rent, or trade personal data to third parties. However, we may share personal data in the following limited circumstances:

6.1 Service Providers

We engage trusted third-party service providers who process personal data on our behalf, including:

• IT service providers (website hosting, email services, data storage)
• Payment processors for secure transaction handling
• Accounting and bookkeeping services

All service providers are carefully selected and are required to protect personal data in accordance with UK GDPR through contractual data processing agreements.

6.2 Professional and Legal Requirements

• Professional indemnity insurers when required for insurance purposes
• Legal advisors when necessary for legal advice or proceedings
• Regulatory bodies or law enforcement when legally required
• Healthcare professionals (with your explicit consent) for coordinated care

6.3 Emergency Situations

In the event of a medical emergency during treatment, we may disclose relevant health information to emergency services and emergency contacts to ensure your safety and appropriate medical care.

6.4 Business Transfers

If Prime Care Wellness Ltd is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. You would be notified of any such change in ownership or control of personal data.

7. International Data Transfers

We primarily store and process personal data within the United Kingdom. If personal data is transferred outside the UK (for example, to service providers with servers in other jurisdictions), we ensure appropriate safeguards are in place, such as:

• Adequacy decisions recognising equivalent data protection standards
• Standard contractual clauses approved by the UK Information Commissioner's Office
• Other legally approved transfer mechanisms

8. Data Security

Prime Care Wellness Ltd implements appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or damage. Security measures include:

8.1 Technical Measures

• Secure password-protected systems
• Encrypted data transmission (SSL/TLS) for website communications
• Regular software updates and security patches
• Firewall protection and antivirus software
• Secure backup procedures
• Access controls limiting data access to authorised personnel only

8.2 Organisational Measures

• Staff training on data protection obligations
• Confidentiality agreements with staff and contractors
• Clear data protection policies and procedures
• Physical security of premises and paper records
• Secure disposal of data when no longer required

Whilst we take all reasonable precautions to protect personal data, no method of transmission or storage is completely secure. We cannot guarantee absolute security but will notify you and the Information Commissioner's Office of any data breaches where legally required to do so.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and protect our legitimate interests.

9.1 Client Records

Client health records and treatment notes are retained for a minimum of 7 years from the date of last treatment, in accordance with professional guidelines and legal requirements. This retention period allows for continuity of care, professional insurance requirements, and potential legal claims.

9.2 Financial Records

Financial records including invoices and payment information are retained for 6 years in accordance with UK tax and accounting regulations.

9.3 Communication Records

General correspondence and enquiries are retained for up to 2 years unless they form part of client treatment records.

9.4 Website Usage Data

Website analytics and usage data are typically retained for up to 2 years.

After retention periods expire, personal data is securely deleted or anonymised. You may request earlier deletion of your data, subject to any legal or contractual retention obligations.

10. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

10.1 Right of Access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will provide this information free of charge within one month of your request, unless the request is complex or repetitive.

10.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. We encourage you to keep your information up to date and inform us of any changes.

10.3 Right to Erasure

In certain circumstances, you have the right to request deletion of your personal data. This right is not absolute and may be limited by legal retention requirements or legitimate interests. For example, we must retain treatment records for professional insurance and legal purposes even if you request deletion.

10.4 Right to Restrict Processing

You have the right to request that we restrict how we process your personal data in certain circumstances, such as when you contest the accuracy of data or object to processing.

10.5 Right to Data Portability

Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

10.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will cease such processing immediately.

10.7 Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects. All treatment decisions are made by qualified practitioners based on individual assessment.

10.8 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing prior to withdrawal. Note that withdrawal of consent to process health information may affect our ability to provide services safely.

11. Exercising Your Rights

To exercise any of your data protection rights, please contact us using the details provided at the beginning of this policy. We may need to verify your identity before fulfilling your request to ensure personal data is not disclosed to unauthorised individuals.

We aim to respond to all requests within one month. If your request is complex or we receive multiple requests, we may extend this period by up to two months, in which case we will inform you and explain the reason for the delay.

12. Complaints and Concerns

If you have concerns about how we process your personal data, please contact us first so we can attempt to resolve the matter. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

13. Children's Privacy

Our services are intended for adults. We do not knowingly collect personal data from individuals under 18 years of age without parental consent. If you are under 18, please ensure you have parental or guardian permission before providing any personal information to us.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. The "Last Updated" date at the top of this policy indicates when it was most recently revised. We encourage you to review this policy regularly to stay informed about how we protect your personal data.

Significant changes will be communicated via our website or directly to clients where appropriate. Continued use of our services after changes indicates acceptance of the updated Privacy Policy.

15. Contact and Questions

If you have questions about this Privacy Policy, how we process your personal data, or wish to exercise your data protection rights, please contact us:

We are committed to protecting your privacy and handling your personal data responsibly and transparently in accordance with UK data protection law.