Privacy policy

At www.drrebeccahiscutt.com, we respect your privacy and are committed to protecting your personal data. This privacy policy outlines how we collect, use, store, and protect your information in accordance with the UK Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR).

1. Data controller

The data controller is www.drrebeccahiscutt.com.

2. Information we collect

We may collect and process the following categories of personal data:

• Personal identification information: Name, email address, phone number, and similar contact details.
• Health data metrics: Heart rate, heart rate variability (HRV), pulse oximetry, respiration rate, sleep score/quality, daily activity levels, and other health-related information you provide.
• Device information: IP address, browser type, and device information when you access our services.
• Usage data: Information on how you interact with our website and services.

3. Purpose and legal basis for processing your data

Under GDPR, we must have a lawful basis to process your data. We rely on the following legal grounds:

• Consent: We obtain your explicit consent before processing your health data. You have the right to withdraw your consent at any time.
• Contractual obligation: Processing is necessary to fulfil our contract with you, such as providing services and support.
• Legitimate interests: We process data to improve our services, enhance user experience, and ensure the security of our systems. We ensure this processing does not override your rights and freedoms.
• Legal compliance: We may process your data to comply with legal obligations or respond to legal proceedings.

4. How we use your data

We use your personal data to:

• Provide personalised health insights and recommendations based on your health metrics.
• Monitor, analyse, and improve the effectiveness and security of our services.
• Communicate with you, including sending updates, support, and marketing communications (with your consent).

5. Data sharing and transfers

We do not sell your data. However, we may share your information with:

• Service providers: We use third-party service providers to help us deliver our services (e.g., cloud storage, analytics). These providers are GDPR-compliant and have contractual obligations to protect your data.
• Legal authorities: We may disclose your data when legally required, such as for compliance with court orders, government regulations, or to protect our rights.

If we transfer your data outside of the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses) to protect your rights and freedoms.

6. Data retention

We retain your personal data only as long as necessary for the purposes for which it was collected or as required by law. After this period, your data will be securely deleted.

7. Your rights under GDPR

Under the GDPR, you have several rights regarding your personal data:

• Right to access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can ask us to correct inaccurate or incomplete data.
• Right to erasure (right to be forgotten): You can request the deletion of your personal data under certain circumstances.
• Right to restrict processing: You can request to limit the processing of your data in certain cases.
• Right to data portability: You can request that we transfer your data to another service provider in a structured, commonly used, and machine-readable format.
• Right to object: You can object to the processing of your data for marketing purposes or based on our legitimate interests.
• Right to withdraw consent: If we process your data based on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing before the withdrawal.
• Right to lodge a complaint: If you believe your rights have been violated, you can lodge a complaint with the Information Commissioner’s Office (ICO) or your local supervisory authority.

8. Security measures

We implement technical and organisational measures to protect your data from unauthorised access, alteration, disclosure, or destruction. Despite these measures, no transmission over the internet is entirely secure. We recommend taking additional steps to protect your personal data when online.

9. Cookies and similar technologies

We use cookies and similar tracking technologies to collect information about your interaction with our website. You have the option to manage your cookie preferences through your browser settings.

10. Changes to this privacy policy

We may update this privacy policy periodically. If there are significant changes, we will notify you via email or a prominent notice on our website.

11. Contact us

If you have any questions about this privacy policy or wish to exercise your rights, please contact us or email hello@drrebeccahiscutt.com.