Privacy Policy

Privacy Policy (MedPlus)

Effective date: 5 January 2026
This Privacy Policy explains how we collect, use, store, and share personal data when you use our website, contact us, or receive services from MedPlus.

1) Data Controller

The data controller is: MedPlus (Company No. 16072447)
Registered office: Honeystone Cottage, Oxford Road, Enstone, Chipping Norton, England, OX7 4LP
Email: info@medplusuk.com
Telephone: 01329 722721
Website: www.medplusuk.com

Privacy contact: If you have any questions about this policy or how your data is handled, contact us at info@medplusuk.com.

2) Collected Personal Data

We may collect and process the following categories of personal data:

A) Identity and contact details

Name, date of birth (where relevant), address/postcode

Email address, telephone number

Emergency contact details (where relevant)

B) Appointment and service information

Booking details (date/time/service requested)

Notes relevant to your appointment, medical history relevant to treatment, screening questionnaires, consultation notes, treatment record, consent forms, aftercare advice provided

Communication preferences and correspondence with us (email/SMS/phone)

C) Health information (special category data)

Where appropriate for safe care, we may collect:

Relevant medical history, medications, allergies, symptoms, and treatment outcomes

Any adverse reactions or complications and follow-up notes

D) Images and media (optional)

Clinical photographs (e.g., treatment monitoring) where relevant

Before/after images for marketing only where you have provided explicit consent (you can withdraw this at any time)

E) Payments and transactions

Payment status, invoices/receipts, and transaction references
(We do not normally store full card details—these are handled by our payment provider.)

F) Website and technical data

IP address, device/browser information, pages visited, referral source

Cookie identifiers and analytics data (see Cookie Policy)

3) Purpose of Collecting Data

We collect and use personal data for the following purposes:

Providing safe clinical services

To arrange and deliver ear wax removal and medical aesthetics services

To assess suitability, manage risks, obtain informed consent, and provide aftercare

To maintain accurate clinical records and continuity of care

Communicating with you

Appointment confirmations, reminders, and service updates

Responding to your enquiries and requests

Follow-up messages related to your care (where appropriate)

Payments, administration and business operations

Processing payments, issuing invoices/receipts, accounting and audit

Managing cancellations, refunds (where applicable), and resolving issues

Quality, safety and governance

Handling complaints, feedback, and service improvement

Managing clinical incidents/adverse events and follow-up

Training and supervision (using minimum necessary information)

Legal and regulatory responsibilities

Complying with applicable legal obligations

Responding to lawful requests from regulators, insurers, or authorities where required

Safeguarding: where there is a serious concern about safety, we may share relevant information with appropriate services

Website performance and marketing (where applicable)

Improving website functionality and user experience

Sending marketing communications only where you have opted in (and you can opt out at any time)

4) Lawful Bases for Processing

We process your personal data under UK GDPR lawful bases, including:

Contract: to manage bookings and provide services you request

Legitimate interests: for running and improving our service, responding to enquiries, preventing fraud, and ensuring service quality (balanced against your rights)

Legal obligation: where we must comply with law (e.g., tax/accounting, responding to lawful requests)

Vital interests: where necessary to protect someone’s life (rare)

Consent: for optional activities such as marketing messages and use of images for promotional purposes

Health data (special category)

Where we process health information, we do so because it is necessary for providing healthcare safely and appropriately, and/or with your explicit consent where required.

5) Professional confidentiality

We handle personal information in a way that supports professional duties of confidentiality and safe record-keeping expected of regulated clinicians. Access to your information is restricted to those who need it for your care and for legitimate governance and legal purposes.

6) Who We Share Data With

We only share your information when necessary and with appropriate safeguards. This may include:

Clinicians and staff involved in delivering your care (need-to-know basis)

Booking/CRM systems used to manage appointments and client records

Payment providers for processing transactions

Email/SMS/phone providers used for appointment communications

IT and website hosting providers to operate our website and systems

Professional advisers (e.g., accountant) where necessary

Insurers/indemnity providers in connection with claims or incidents

Regulators or authorities if we are legally required to do so

Safeguarding / emergency services if there is a serious risk of harm

We do not sell your personal data.

7) International Transfers

We aim to keep data within the UK or countries with appropriate safeguards. If any of our service providers process data outside the UK, we ensure appropriate protections are in place (for example, contractual safeguards).

8) How Long We Keep Your Data (Retention)

We keep personal data only as long as necessary for the purposes set out above, including safe clinical care, governance, and legal/accounting requirements.

Retention depends on the type of record. As a general approach:

Clinical records are retained for an appropriate period in line with healthcare record-keeping expectations and our professional/insurance requirements

Enquiry/booking data is retained as needed to manage services and respond to queries

Accounting records are retained as required by law

Marketing data is retained until you unsubscribe or withdraw consent

You can ask for more detail about our retention periods by emailing info@medplusuk.com.

9) Security

We use reasonable technical and organisational measures to protect your information, including access controls, secure systems, and confidentiality practices. No system is 100% secure, but we work to minimise risk and will act promptly if an incident occurs.

10) Your Rights

You have rights under data protection law, including:

Access to your personal data

Rectification (correct inaccurate data)

Erasure in certain circumstances

Restriction of processing in certain circumstances

Data portability for certain data you provided to us

Object to processing based on legitimate interests

Withdraw consent at any time where we rely on consent (this won’t affect processing already carried out)

To exercise your rights, email info@medplusuk.com.

11) Complaints

If you have concerns, please contact us first at info@medplusuk.com.
You also have the right to complain to the Information Commissioner’s Office (ICO), the UK data protection regulator.

12) Cookies and Analytics

We use cookies and similar technologies to help our website function and to understand how it is used. For details, see our Cookie Policy: please see cookie page on website.

13) Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.