Introduction

Health and Longevity Optimisation Limited (referred to as “Hooke”, “Hooke London”, “Hooke Fitness”, “we” and “our” in this policy) is committed to ensuring the privacy of our clients. This Privacy Policy explains how we collect and process Personal Data (as defined below).  Hooke London provides an integrative, personalised, preventative, high-end health service, including comprehensive screening, ongoing assessments by clinicians and health experts, advanced analytics, personal training, physiotherapy and osteotherapy all enabling the optimisation of clinical and lifestyle interventions (the ‘Services’).

IMPORTANT INFORMATION AND WHO WE ARE

The data controller is Health and Longevity Optimisation Limited t/a Hooke a company registered in England and Wales under number 11928940 and operates from its premises at 86 Brook Street, London W1K 5AY. This Privacy Policy explains how we collect and use your Personal Data (as defined below) and is provided in accordance with our obligations under applicable privacy and data protection law in the UK including in the Data Protection Act 2018, the UK GDPR (which retains  the Regulation (EU) 2016/679) and the Privacy and Electronic Communications Regulations 2003 (“Applicable Data Protection Law”).

Information we collect and how

For the purposes of this Privacy Policy, the term “Personal Data” means any information which identifies you or which allows you to be identified when combined with other information.

“Special Category Data” means any data that requires more protection because it is sensitive.  This includes health information and medical data.

Personal Data and Special Category Data does not include data where your identity has been removed (“Anonymised Data”).

Information we collect from you 

Basic Identifiers and Contact Information:
We collect some information from you when you provide it to us directly, such as via an email or an online form.  This information may include your name, email, and phone number as well as other information. 

Health and other Special Category Data: You may provide us with health and medical information directly. We will also receive such information from our third party providers in the course of providing the Services to you, as described below.   

Information we obtain from third party providers 

In the course of providing the Services, we will receive Personal Data from third parties with whom we have agreements in place.  These include: 

- Third party service providers such as genomic sequencing and pathology laboratories, and reporting providers;
- Wearable device services, where you choose to share such device data with us.

Aggregated Anonymised Data

We may use anonymised aggregated data to improve our Services or otherwise in connection with our business.   Such data is not considered to be Personal Data.  

However, if we combine or connect any anonymised aggregated data with any of your Personal Data that enables you to be directly or indirectly identified, we will treat such data as Personal Data to be used in accordance with this Privacy Policy. 

CCTV Monitoring

We operate CCTV cameras to help maintain the security of our premises, our staff and our clients, and for the prevention of crime.  Physical notices of CCTV camera use are posted at our premises.

Purposes for which we will use your Personal Data

We will collect and use your Personal Data in order to provide the Services you have requested.

The legal bases we rely upon to use your Personal Data include the contract we have with you, where we need to comply with a legal or regulatory obligation or when you have given your consent.  

The legal bases upon which we will process health and other Special Category Data in delivering the Services to you are: the provision of preventative medicine; medical diagnosis; and the provision of health care and treatment.  CCTV images may be used to identify an individual, in which case processing will be necessary for the establishment, exercise or defence of legal claims, or carried out on the basis of substantial public interest for the purposes of detecting and preventing crime.

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.   If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We may use your Personal Data in line with our legitimate interests, including:

- To administer, protect and improve our Services and website (including troubleshooting, data analysis, testing, support, fraud, reporting and hosting of data).
- To inform you of products or services that we provide. 

In the case of CCTV cameras on our premises, to prevent crime, to protect against damage or theft, and to protect the safety of staff and clients.

Purposes for which we will share your Personal Data

In order to provide Services to you, we will use third parties as set out below.

Sharing with our service providers

We may share your Personal Data with our third party business service providers who perform functions on our behalf in order to provide the Services.  These may include:

- Providers of Hooke Fitness physiotherapy, osteopathy, and personal training services.  
- IT service providers and system administrators;
- Data hosts and providers of programming or technical support;
- Professional advisers including lawyers, accountants, bankers, auditors, regulators.

We may share Special Category Data in order to provide the Services, with:

- Third party service providers such as genomic sequencing, pathology and reporting providers, and Hooke Fitness trainers, physiotherapists and osteopaths;
- Chemists, and any other health care practitioners with whom you may consent for data to be shared.

When required by law

We may also share Personal Data if we are also under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to protect the rights, property, or safety of our business, our customers or others.

To enforce legal rights

We may also share Personal Data: (i) If disclosure is required in legal proceedings; (ii) as necessary to protect legal rights; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.

Cross-border data transfers

Sharing of Personal Data sometimes involves cross-border data transfers, including transfers outside of the EEA in accordance with the law. We only transfer Personal Data to entities in third countries that have been held to provide an adequate level of protection for Personal Data, or where contractual terms have been adopted to meet the legal requirements for such transfers.

Data security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  We use encryption in order to store your Personal Data and your Special Category Data as well as to share your data with the MDT. 

We limit access to your Personal Data to those employees, agents, contractors, healthcare providers and other third parties who have a business need to know.  We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention

We will retain your Personal Data for as long as necessary to comply with a contract we have with you, or to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, comply with insurance obligations and enforce our legal agreements and policies.  As a regulated independent healthcare provider, we are required by law to retain health and medical records for prescribed periods.  For medical records, this will typically be for a period of 8 years following the end of treatment, and where mental health care is provided, for 20 years following treatment.  

CCTV recordings will be retained only for as long as necessary for any incidents such as unauthorised access to the premises or theft to come to light and to be investigated and for no longer than 1 year.  Recordings will thereafter be permanently deleted.

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us. 

Cookie Policy

Cookies are small files of letters and numbers which are downloaded onto your device when you visit a website. Usually, they contain two pieces of information: a site name and unique user ID. Cookies can be used to remember your preferences when visiting a site.

We do our utmost to respect users’ privacy and our use of cookies is explained below.

Essential Cookies: these are cookies that are required for the operation of our site. 

Performance Cookies: they allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily; and,

Functionality Cookies: these are used, for example, to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of region)

Within your browser you can also choose whether you wish to accept cookies or not. If you block cookies on our website, you may be unable to access certain areas of our website and certain functions and pages may not work in the usual way.

Your rights

Your right to withdraw consent at any time

Whenever we rely on your consent to process your Personal Data, you have the right to withdraw your consent at any time. If you wish to withdraw your consent, please contact Hooke London using the contact details provided at the end of this Privacy Policy. This will not affect the lawfulness of any processing carried out before you withdraw, nor ongoing contractual or other obligations requiring us to process data for example due to a court ordered law enforcement request.

Your right to access the Personal Data we hold about you

You have the right to make a Data Subject Access Request (“SAR”) to access any Personal Data that we have collected. We aim to respond electronically to all SARs within one month.

Other rights

In addition to the rights set out above, you also have the following rights:Right to be informed – you have the right to be informed about the collection and use of your Personal Data;

- Right of rectification - you have the right to correct any Personal Data we hold that is inaccurate or incomplete;

- Right to erasure – in certain circumstances you can ask for the Personal Data we hold about you to be erased from our records;

- Right to object – you have the right to object to certain types of processing of your Personal Data, such as for direct marketing;

- Right to restrict processing - you have the right to restrict processing of your Personal Data in certain circumstances; and

- Right to data portability – you have the right to request that we transfer the Personal Data we have collected to another organisation, or directly to you, under certain circumstances. 

If we refuse your request to exercise your rights we will provide you with a reason why. You have the right to complain to the UK Information Commissioner’s Office (ICO): 

Information Commissioner's Office
Wycliffe House
Water Lane
WilmslowCheshire
SK9 5AF

Telephone: 0303 123 1113
Fax: 01625 524510

Changes to this Privacy Policy and Notice

This Privacy Policy may be updated to reflect changes to the ways in which we process Personal Data, and will be updated from time to time on our website.

Changes to this Privacy Policy and Notice

Our Data Protection Officer can be contacted at:

Hooke
86 Brook Street
London
W1K 5AY
+44 (0)20 3746 6070
enquiries@hooke.london