land1
land1

Register your Clinic

    Privacy Policy

    INTRODUCTION

    At GoWello, we value your privacy and are committed to safeguarding your personal data. This notice explains how we collect, use, store, and protect your information when you visit our website — regardless of where you access it from. It also outlines your privacy rights and how the law protects you.

    This notice is designed in a clear, layered format, allowing you to navigate easily through the sections that matter most to you. You can also refer to the Glossary at the end to understand specific terms used in this document.

    1. IMPORTANT INFORMATION AND WHO WE ARE

    Purpose of this Privacy Notice

    This Privacy Notice aims to provide clear information on how GoWello collects and processes your personal data when you use our website. This includes any information you provide when you:

    • Subscribe to our newsletter
    • Purchase a product or service
    • Participate in a survey, competition, or promotional activity

    Controller

    GoWello Technology Limited is the data controller responsible for your personal information. In this Privacy Notice, references to "GoWello," "we," "us," or "our" refer to GoWello.

    Contact Details

    GoWello is a trading name of Excelsior Health Ltd (Company Registration No. 10257312), registered at:

    Unit 4, 40–40 Link, 30–34 Mill End Road, High Wycombe, HP12 4AX, United Kingdom.

    Our registered Data Protection Officer (DPO) is Rosemary Fallows.

    You can contact us regarding any data protection queries at:
    info@gowello.co.uk

    If you wish to raise a complaint, you have the right to contact the Information Commissioner's Office (ICO) — the UK's supervisory authority for data protection (www.ico.org.uk). However, we would appreciate the opportunity to resolve your concerns directly before you contact the ICO.

    Changes to this Privacy Notice

    This version was last updated in January 2025. Previous versions are available upon request.

    Please ensure that the personal data we hold about you is accurate and up to date. Notify us promptly if any of your details change during your relationship with us.

    Third-Party Links

    Our website may contain links to third-party websites, plug-ins, or applications. By following these links or enabling such connections, third parties may collect or share information about you. We are not responsible for the privacy practices or content of these external websites and encourage you to review their privacy notices before sharing any personal information.

    2. THE DATA WE COLLECT ABOUT YOU

    Personal data (or personal information) refers to any information that can identify an individual. It does not include anonymous data where identity has been removed.

    We may collect, use, and store different categories of personal data, including:

    • Identity Data: first name, last name, title, and username or similar identifier
    • Contact Data: billing address, delivery address, email address, and phone numbers
    • Transaction Data: details of payments to and from you, and details of products or services purchased
    • Technical Data: IP address, browser type and version, time zone setting, location, operating system, and platform
    • Profile Data: your account details, preferences, and feedback
    • Usage Data: how you use our website, products, and services
    • Marketing and Communications Data: your preferences for receiving marketing material from us or third parties

    We may also collect and share Aggregated Data such as statistical or demographic information. Although derived from personal data, Aggregated Data does not identify you directly or indirectly. For example, we might aggregate website usage data to understand user trends. If such data can be linked to you, we will treat it as personal data under this notice.

    Sensitive Data

    We do not collect any Special Categories of Personal Data (e.g., information about race, health, religion, or sexual orientation), nor do we process data about criminal convictions or offences.

    Failure to Provide Personal Data

    If we need to collect personal data by law or under a contract with you and you fail to provide it, we may be unable to perform the contract (for example, to deliver a product or service). In such cases, we will inform you at the time if this affects your service.

    PATIENT DATA

    If you are a healthcare professional or clinic using GoWello systems, you may input patient data to access GoWello's services under your agreement with us. In this context:

    • You remain the Data Controller, and
    • GoWello acts as your Data Processor.

    All international transfers of patient data will comply with UK GDPR and the Data Protection Act 2018, including the use of the ICO's International Data Transfer Agreement (IDTA) and Addendum (effective from 21 March 2022), where applicable.

    Patient data will be retained only for the duration of your contract with us and will be securely deleted in accordance with the contractual terms upon termination, for any reason.

    3. HOW WE COLLECT YOUR PERSONAL DATA

    We collect personal data about you through different methods, including:

    • Direct interactions

    You may provide us with your identity and contact details by filling in forms or communicating with us by post, phone, email, or other means. This includes personal data you share when you:

    • apply for our products or services;
    • create an account on our website;
    • subscribe to our services or newsletters;
    • request marketing materials;
    • enter a competition, promotion, or survey; or
    • provide feedback.

    • Automated technologies or interactions

    When you use our website, we may automatically collect technical information about your device, browsing activities, and usage patterns. This data is gathered through cookies, server logs, and similar technologies. For more details, please refer to our Cookie Policy.

    • Third parties and public sources

    We may also receive personal data about you from third parties or publicly available sources, including:

    • Technical Data from analytics providers such as Google (based outside the EU);
    • Identity and Contact Data from data aggregators or brokers, such as Lusha Systems Inc. (based outside the EU);
    • Public records such as Companies House and the Electoral Register;
    • Other public sources such as Bupa Finder, the Private Healthcare Information Network, and clinic websites.

    4. HOW WE USE YOUR PERSONAL DATA

    We will only use your personal data where permitted by law. Most commonly, we use it in the following situations:

    • to perform a contract we are about to enter into or have entered into with you;
    • where it is necessary for our legitimate interests (or those of a third party) and your rights do not override those interests;
    • to comply with legal or regulatory obligations.

    We generally do not rely on consent as the legal basis for processing your data, except when sending marketing communications from third parties via email or text. You can withdraw your consent for marketing at any time by contacting us at info@gowello.co.uk.

    Purposes for Using Your Personal Data

    Below are examples of how we may use your personal data and the legal bases on which we rely. In some cases, we may process your data under more than one lawful ground, depending on the purpose.

    Marketing

    We aim to provide you with relevant choices and control over how your personal data is used for marketing and advertising.

    Promotional Offers

    We may use your identity, contact, technical, usage, and profile data to determine which products, services, or offers may be of interest to you. This helps us tailor our communications and recommendations (we call this marketing).

    You may receive marketing communications from us if you have:

    • requested information or purchased services from us; or
    • provided your details during a competition, promotion, or registration— and in each case, have not opted out of receiving marketing messages.

    THIRD-PARTY MARKETING

    We will obtain your explicit consent before sharing your personal data with any organisation outside GoWello for marketing purposes.

    OPTING OUT

    You can ask us or any third parties to stop sending you marketing communications at any time by using the unsubscribe links provided in our messages or by contacting us directly. Please note that opting out of marketing messages does not affect personal data provided to us in connection with a service purchase, registration, or other transaction.

    COOKIES

    You can configure your browser to refuse all or some cookies, or to alert you when websites set or access cookies. However, if you disable or refuse cookies, certain parts of our website may not function properly. For more details about the cookies we use, please refer to our Cookie Policy.

    CHANGE OF PURPOSE

    We will only use your personal data for the purposes for which it was collected, unless we reasonably determine that another use is compatible with the original purpose. If you would like an explanation of how the new use is compatible with the original purpose, please contact us.

    If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so. Please note that we may process your personal data without your knowledge or consent where required or permitted by law.

    5. DISCLOSURE OF YOUR PERSONAL DATA

    We may share your personal data with the following parties for the purposes outlined in paragraph 4 above:

    • External Third Parties as described in the Glossary.
    • Business Partners or Successors — in the event that we sell, transfer, or merge parts of our business or assets. Should a change in ownership occur, the new owner may use your personal data in the same manner as set out in this privacy notice.

    We require all third parties to protect your personal data and handle it lawfully. We do not permit third-party service providers to use your personal data for their own purposes and only allow them to process it for specified purposes in accordance with our instructions.

    6. INTERNATIONAL TRANSFERS

    Some of our external third parties are located outside the UK, meaning your personal data may be transferred internationally. Whenever we transfer your personal data outside the UK, we ensure it receives a similar level of protection by implementing one or more of the following safeguards:

    • Transferring data only to countries deemed by the UK to provide an adequate level of data protection.
    • Using UK-approved contractual clauses that ensure your personal data receives equivalent protection to that under UK law.

    All international data transfers are conducted in compliance with the UK GDPR and Data Protection Act 2018, including the ICO's International Data Transfer Agreement and Addendum (effective 21 March 2022).

    For more details about international transfers, please contact us.

    7. DATA SECURITY

    We have implemented appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised manner, altered, or disclosed. Access to your personal data is limited to employees, agents, contractors, and other third parties who have a legitimate business need to know. They are required to process your data only on our instructions and are bound by confidentiality obligations.

    We also have procedures in place to manage any suspected data breaches. Where legally required, we will notify you and any applicable regulator of a breach.

    8. DATA RETENTION

    How long will we keep your personal data?

    We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including satisfying any legal, accounting, or reporting requirements.

    When determining the appropriate retention period, we consider:

    • The amount, nature, and sensitivity of the personal data;
    • The potential risk of harm from unauthorised use or disclosure;
    • The purposes for which we process the data and whether those purposes can be achieved through other means; and
    • Applicable legal obligations.

    By law, we must keep certain basic information about our customers (such as contact, identity, financial, and transaction data) for six years after they cease being customers, for tax and legal purposes.

    Details of specific retention periods for various types of personal data are outlined in the table in Section 4 above.

    You may also request the deletion of your data in certain circumstances — see "Request erasure" below for details.

    In some cases, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes. In such cases, we may use this information indefinitely without further notice to you.

    9. YOUR LEGAL RIGHTS

    Under data protection laws, you have certain rights in relation to your personal data. You may:

    • Request access to your personal data.
    • Request correction of inaccurate or incomplete data.
    • Request erasure of your personal data.
    • Object to the processing of your personal data.
    • Request restriction of processing.
    • Request the transfer of your data to you or a third party.
    • Withdraw your consent at any time (where consent is the legal basis for processing).

    To exercise any of these rights, please contact us with details of your request.

    No fee usually required

    You will not be charged for exercising your data rights. However, we may apply a reasonable fee if your request is clearly unfounded, repetitive, or excessive. In such cases, we may also refuse to comply with your request.

    What we may need from you

    We may request specific information to verify your identity and your right to access your personal data (or exercise any of your rights). This is a security measure to ensure data is not disclosed to anyone who has no right to receive it. We may also contact you for additional information to speed up our response.

    Timeframe for response

    We aim to respond to all legitimate requests within one month. If your request is complex or you have made several requests, it may take longer. In such cases, we will inform you and keep you updated on progress.

    10. GLOSSARY

    Lawful Basis

    • Legitimate Interest: Our business interest in operating effectively to provide you with the best and most secure service. We carefully balance our interests against any potential impact on your rights and freedoms before processing your data.
    • Performance of Contract: When processing your data is necessary to perform a contract with you or to take steps at your request before entering into a contract.
    • Legal or Regulatory Obligation: When processing your data is required for us to comply with applicable laws or regulations.

    Third Parties

    External third parties may include:

    • Service providers acting as processors who offer IT, hosting, and system administration services.
    • Professional advisers (lawyers, auditors, bankers, insurers) who provide consultancy, legal, accounting, or insurance services.
    • Government bodies and regulators (such as HM Revenue & Customs and other authorities in the United Kingdom) who act as processors or joint controllers.

    Your Legal Rights (Detailed Explanation)

    You have the right to:

    • Access your data: Receive a copy of your personal data and confirm we are processing it lawfully.
    • Correct your data: Request updates to incomplete or inaccurate information.
    • Erase your data: Ask us to delete your personal data where there's no legitimate reason for us to continue processing it.
    • Object to processing: Where we rely on legitimate interests or use your data for direct marketing.
    • Restrict processing: Ask us to suspend the processing of your data in specific circumstances (for example, while we verify its accuracy).
    • Transfer your data: Request that we transfer your data to you or another party in a structured, commonly used, machine-readable format.
    • Withdraw consent: Withdraw consent at any time where processing is based on consent. This will not affect prior lawful processing but may limit the services we can provide.

    Last updated: January 2025

    For any questions or concerns, please contact us at info@gowello.co.uk