HealthMatters Group Limited – Privacy Policy

Last updated: 7th September 2025

Our Privacy Principles

At HealthMatters Group Ltd (“we”, “our”, “us”), we are committed to protecting your privacy and handling your personal data responsibly. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

We collect only the personal data necessary to provide our services, keep it secure, and use it only for purposes that are fair, lawful, and transparent.

If you have any questions, please contact our Data Controller, James Lamper, at:
help@healthmattersgroup.co.uk | 020 7622 7727

WHO WE ARE

This privacy policy applies to HealthMatters Group Ltd, which operates the following websites:

Registered office:
c/o Wilson Partners, Arena Court, Crown Lane, Maidenhead SL6 8QZ

Company number: 05654323

Other Websites

This policy applies only to our websites and services. If you follow links to other websites, their own privacy policies will apply.

How do we collect your personal information?

We collect personal data in the following ways:

  • Website forms – enquiries, bookings, assessments, and downloadable resources
  • Phone, SMS, and WhatsApp – including recorded calls on our secure system
  • Email communication – including enquiries, booking confirmations, and follow-ups
  • Therapy, nutrition, health coaching, and medical sessions – information you provide directly to your practitioner or coach
  • Cookies & analytics – see our Cookie Policy for details

Secure third-party integrations – including platforms used for bookings, billing, communication, and video consultations

What information do we collect?

We may collect the following types of information:

Personal Information

  • Name, address, email, and telephone number
  • Payment and billing details
  • Communication preferences
  • IP address and device information

Special Category (Sensitive) Data

  • Health-related information, including medical history, diagnoses, treatment plans, coaching goals, and lifestyle details
  • We process this data under Article 9(2)(h) UK GDPR (health or social care purposes) and Schedule 1, Para 2 of the Data Protection Act 2018.

We maintain an appropriate policy document as required by law to explain how we handle sensitive data securely.

How do we use personal information?

We process your data for the following purposes:

  • To respond to your enquiries and provide requested information
  • To deliver therapy, nutrition, health coaching, and related healthcare services
  • To manage appointments, billing, and secure payments
  • To maintain clinical records in line with professional and legal obligations
  • To send service updates and administrative notices
  • To deliver relevant marketing communications (with consent or under soft opt-in rules)
  • To improve our websites, services, and communications
  • To ensure security and prevent fraud

OUR LAWFUL BASES FOR PROCESSING

PurposeLawful Basis (UK GDPR)
Responding to enquiriesLegitimate interests / steps before entering a contract (Art. 6(1)(f) / 6(1)(b))
Providing therapy, nutrition, medical, and health coaching servicesPerformance of contract (Art. 6(1)(b)) and health care purposes (Art. 9(2)(h))
Managing billing & complianceLegal obligation (Art. 6(1)(c))
Sending marketing emails, SMS, WhatsApp, or callsConsent (Art. 6(1)(a)) or soft opt-in legitimate interest (Art. 6(1)(f))
Call recordingsLegitimate interests (Art. 6(1)(f)) – for quality, accuracy, and enquiry follow-up

DIRECT MARKETING

We may contact you about our services by email, SMS, phone, or WhatsApp:

Soft Opt-In (12 Months)

If you provide your details during an enquiry or booking, we may contact you about similar HealthMatters services for up to 12 months, unless you opt out.

Explicit Consent (24 Months)

If you explicitly subscribe to updates, we may contact you for up to 24 months or until you withdraw consent.

Your Rights

  • You can unsubscribe at any time by clicking the link in emails or replying “STOP” to texts.
  • We maintain a suppression list to ensure we never contact you if you opt out.
  • We never sell your data or share it with third parties for marketing purposes.

When do we share personal data?

We only share your data when necessary to deliver our services:

  • With your assigned therapists, nutritionists, health coaches, or medical professionals
  • With secure third-party platforms for bookings, communications, and billing
  • With healthcare professionals (e.g., your GP) only with your consent, unless legally required

All partners must meet UK GDPR security and confidentiality standards.

CALL RECORDINGS

We use a secure phone platform to record calls for:

  • Ensuring accuracy of information
  • Service quality monitoring
  • Resolving disputes if needed

Retention:

  • For enquiries who do not become clients → call recordings are retained for 12 months under our soft opt-in policy.
  • For enquiries who become clients → call recordings are linked to their client record and retained for 7 years from the end of treatment.

Recordings are encrypted and accessible only to authorised staff.

SMS & WHATSAPP DATA

  • Enquiry messages: Retained for up to 12 months from the last contact, in line with soft opt-in rules.
  • Client-related messages: If used to discuss treatment, coaching goals, or appointments, we treat these as part of your clinical records and keep them for 7 years.
  • If you unsubscribe from marketing, your contact details are added to our suppression list to ensure no further outreach.

WHERE WE STORE AND PROCESS DATA

We store personal data on secure, encrypted systems. Where data is processed outside the UK, we use approved safeguards such as the UK International Data Transfer Agreement or equivalent protections.

HOW WE SECURE YOUR DATA

We take multiple measures to protect your data, including:

  • Regular security audits of third-party vendors
  • Role-based access controls
  • Encrypted communications and secure storage
  • Two-factor authentication on critical systems
  • Staff training on data protection and confidentiality

HOW LONG WE KEEP YOUR DATA

Data TypeRetention PeriodRationale
Enquiry leads (soft opt-in)12 months from last contactTo follow up on your initial enquiry
Call recordings12 months for enquiries only; 7 years if linked to client recordsTraining, quality monitoring, and continuity of client care
Marketing subscribers (explicit opt-in)24 months or until withdrawalConsent-based engagement
Suppression listIndefiniteEnsures no further marketing contact
Therapy, nutrition, medical & health coaching records7 years from the end of treatmentRequired by UK healthcare regulations
Client admin data (emails, bookings, account history)7 years from the end of treatmentLinked to client record retention
SMS & WhatsApp messages12 months for enquiries; 7 years if linked to client recordsAligns with soft opt-in + healthcare obligations
Financial records7 yearsRequired by HMRC

After these periods, we securely delete or anonymise your data.

YOUR DATA RIGHTS

After these periods, we securely delete or anonymise your data.

Under UK GDPR, you have the right to:

  • Access the data we hold about you
  • Request correction of inaccurate information
  • Request deletion of data (unless legal obligations prevent it)
  • Restrict processing in certain circumstances
  • Object to marketing at any time
  • Withdraw consent where we rely on it
  • Complain to the ICO if you believe your data is misused

For more details, visit: https://ico.org.uk/concerns/

CHANGES TO THIS POLICY

We review this policy regularly and update it as needed. Please check back periodically to stay informed.