Health and Longevity Optimisation Limited (referred to as “Hooke”, “Hooke London”, “Hooke Fitness”, “we” and “our” in this policy) is committed to ensuring the privacy of our clients. This Privacy Policy explains how we collect and process Personal Data (as defined below).
Hooke London provides an integrative, personalised, preventative, high-end health service, including comprehensive screening, ongoing assessments by clinicians and health experts, advanced analytics, personal training, physiotherapy and osteotherapy all enabling the optimisation of clinical and lifestyle interventions (the ‘Services’).
The data controller is Health and Longevity Optimisation Limited t/a Hooke a company registered in England and Wales under number 11928940 and operates from its premises at 86 Brook Street, London W1K 5AY.
This Privacy Policy explains how we collect and use your Personal Data (as defined below) and is provided in accordance with our obligations under applicable privacy and data protection law in the UK including in the Data Protection Act 2018, the UK GDPR (which retains the Regulation (EU) 2016/679) and the Privacy and Electronic Communications Regulations 2003 (“Applicable Data Protection Law”).
For the purposes of this Privacy Policy, the term “Personal Data” means any information which identifies you or which allows you to be identified when combined with other information.
“Special Category Data” means any data that requires more protection because it is sensitive. This includes health information and medical data.
Personal Data and Special Category Data does not include data where your identity has been removed (“Anonymised Data”).
Information we collect from you
Basic Identifiers and Contact Information: We collect some information from you when you provide it to us directly, such as via an email or an online form. This information may include your name, email, and phone number as well as other information.
Health and other Special Category Data: You may provide us with health and medical information directly. We will also receive such information from our third party providers in the course of providing the Services to you, as described below.
Information we obtain from third party providers
In the course of providing the Services, we will receive Personal Data from third parties with whom we have agreements in place. These include:
Aggregated Anonymised Data
We may use anonymised aggregated data to improve our Services or otherwise in connection with our business. Such data is not considered to be Personal Data.
However, if we combine or connect any anonymised aggregated data with any of your Personal Data that enables you to be directly or indirectly identified, we will treat such data as Personal Data to be used in accordance with this Privacy Policy.
CCTV Monitoring
We operate CCTV cameras to help maintain the security of our premises, our staff and our clients, and for the prevention of crime. Physical notices of CCTV camera use are posted at our premises.
We will collect and use your Personal Data in order to provide the Services you have requested.
The legal bases we rely upon to use your Personal Data include the contract we have with you, where we need to comply with a legal or regulatory obligation or when you have given your consent.
The legal bases upon which we will process health and other Special Category Data in delivering the Services to you are: the provision of preventative medicine; medical diagnosis; and the provision of health care and treatment. CCTV images may be used to identify an individual, in which case processing will be necessary for the establishment, exercise or defence of legal claims, or carried out on the basis of substantial public interest for the purposes of detecting and preventing crime
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may use your Personal Data in line with our legitimate interests, including:
In order to provide Services to you, we will use third parties as set out below.
Sharing with our service providers
We may share your Personal Data with our third party business service providers who perform functions on our behalf in order to provide the Services. These may include:
We may share Special Category Data in order to provide the Services, with:
When required by law
We may also share Personal Data if we are also under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to protect the rights, property, or safety of our business, our customers or others.
To enforce legal rights
We may also share Personal Data: (i) If disclosure is required in legal proceedings; (ii) as necessary to protect legal rights; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
Cross-border data transfers
Sharing of Personal Data sometimes involves cross-border data transfers, including transfers outside of the EEA in accordance with the law. We only transfer Personal Data to entities in third countries that have been held to provide an adequate level of protection for Personal Data, or where contractual terms have been adopted to meet the legal requirements for such transfers.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We use encryption in order to store your Personal Data and your Special Category Data as well as to share your data with the MDT.
We limit access to your Personal Data to those employees, agents, contractors, healthcare providers and other third parties who have a business need to know. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will retain your Personal Data for as long as necessary to comply with a contract we have with you, or to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, comply with insurance obligations and enforce our legal agreements and policies. As a regulated independent healthcare provider, we are required by law to retain health and medical records for prescribed periods. For medical records, this will typically be for a period of 8 years following the end of treatment, and where mental health care is provided, for 20 years following treatment.
CCTV recordings will be retained only for as long as necessary for any incidents such as unauthorised access to the premises or theft to come to light and to be investigated and for no longer than 1 year. Recordings will thereafter be permanently deleted.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Cookies are small files of letters and numbers which are downloaded onto your device when you visit a website. Usually, they contain two pieces of information: a site name and unique user ID. Cookies can be used to remember your preferences when visiting a site.
We do our utmost to respect users’ privacy and our use of cookies is explained below.
Within your browser you can also choose whether you wish to accept cookies or not. If you block cookies on our website, you may be unable to access certain areas of our website and certain functions and pages may not work in the usual way.
Your right to withdraw consent at any time
Whenever we rely on your consent to process your Personal Data, you have the right to withdraw your consent at any time. If you wish to withdraw your consent, please contact Hooke London using the contact details provided at the end of this Privacy Policy. This will not affect the lawfulness of any processing carried out before you withdraw, nor ongoing contractual or other obligations requiring us to process data for example due to a court ordered law enforcement request.
Your right to access the Personal Data we hold about you
You have the right to make a Data Subject Access Request (“SAR”) to access any Personal Data that we have collected. We aim to respond electronically to all SARs within one month.
Other rights
In addition to the rights set out above, you also have the following rights:
If we refuse your request to exercise your rights we will provide you with a reason why. You have the right to complain to the UK Information Commissioner’s Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Fax: 01625 524510
This Privacy Policy may be updated to reflect changes to the ways in which we process Personal Data, and will be updated from time to time on our website.
Our Data Protection Officer can be contacted at:
Hooke
86 Brook Street
London
W1K 5AY
+44 (0)20 3746 6070
enquiries@hooke.london