HELIORA REHAB

Prime Health Plus Ltd

15 Temple St, Aylesbury, Buckinghamshire, HP20 2RN

๐Ÿ“ž 07403 958436  |  โœ‰ info@heliorarehab.co.uk  |  www.heliorarehab.co.uk

 

 

PRIVACY POLICY & COOKIE NOTICE

Effective Date: 22 April 2026  |  Version 1.0

 

 

Part 1 — Privacy Policy

This Privacy Policy explains how Heliora Rehab (trading name of Prime Health Plus Ltd) collects, uses, stores, and protects your personal data when you use our services or visit our website. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Data Controller: Prime Health Plus Ltd, trading as Heliora Rehab

Registered Address: 15 Temple St, Aylesbury, Buckinghamshire, HP20 2RN

Contact: info@heliorarehab.co.uk | 07403 958436

If you have any questions about how we handle your personal data, please contact us using the details above.

2. What Personal Data We Collect

We may collect the following categories of personal data:

Identity & Contact Data:

  • Full name, date of birth, address, email address, phone number

Health & Clinical Data (Special Category Data):

  • Medical history, diagnosis, treatment notes, referral letters
  • Information about physical condition, injuries, surgical history
  • Physiotherapy, rehabilitation, and acupuncture treatment records

Financial Data:

  • Payment information (processed securely via third-party providers)
  • Invoices and transaction records

Technical Data (Website):

  • IP address, browser type, device information
  • Pages visited, time spent on site, referral source (via cookies)

3. How We Collect Your Data

  • Directly from you when booking an appointment, completing intake forms, or corresponding with us
  • From referring healthcare professionals or GPs (with your consent)
  • Automatically via cookies and analytics tools when you visit our website

4. Legal Basis for Processing

We process your data under the following legal bases under UK GDPR:

  • Contract: To provide physiotherapy and rehabilitation services you have requested
  • Legal Obligation: To comply with HCPC registration requirements and healthcare regulations
  • Legitimate Interests: For practice administration, safety, and improving our services
  • Vital Interests: In emergency situations where disclosure is necessary to protect life
  • Explicit Consent: For special category health data processed for clinical purposes

5. How We Use Your Data

  • To provide, manage, and personalise your physiotherapy and rehabilitation care
  • To schedule and manage appointments
  • To process payments and issue invoices
  • To communicate with you about your treatment, bookings, and clinic updates
  • To comply with HCPC regulatory obligations and record-keeping requirements
  • To improve our services and website (using anonymised analytics data)
  • To follow up on your care where clinically appropriate

6. Sharing Your Data

We do not sell your personal data. We may share it only in the following circumstances:

  • With your GP or other healthcare professionals involved in your care (with your knowledge)
  • With payment processors for secure transaction handling
  • With our website and booking platform providers (under data processing agreements)
  • With regulatory bodies such as the HCPC or ICO if legally required
  • With law enforcement or safeguarding authorities if required by law or to protect safety

7. Data Retention

We retain clinical records for a minimum of 8 years after the last treatment (or until age 25 if the patient was a child), in line with NHS and HCPC guidance. Financial records are retained for 6 years in line with HMRC requirements. Website analytics data is retained for up to 26 months.

8. Your Rights

Under UK GDPR, you have the following rights:

  • Right of Access — request a copy of the personal data we hold about you
  • Right to Rectification — request correction of inaccurate or incomplete data
  • Right to Erasure — request deletion of your data (subject to legal obligations)
  • Right to Restrict Processing — ask us to limit how we use your data
  • Right to Data Portability — receive your data in a structured, electronic format
  • Right to Object — object to processing based on legitimate interests
  • Right to Withdraw Consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at info@heliorarehab.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Clinical records are stored securely and access is restricted to authorised personnel only.

10. Transfers Outside the UK

We do not routinely transfer your personal data outside the UK. If any transfer is necessary (e.g. via a cloud service provider), we ensure appropriate safeguards are in place in accordance with UK GDPR.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website at www.heliorarehab.co.uk. Significant changes will be communicated to you directly.

 

 

Part 2 — Cookie Notice

This Cookie Notice explains how Heliora Rehab uses cookies and similar tracking technologies on our website (www.heliorarehab.co.uk) in accordance with the Privacy and Electronic Communications Regulations (PECR) and UK GDPR.

1. What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help the website function correctly, remember your preferences, and provide us with information about how visitors use our site.

2. Cookies We Use

Strictly Necessary Cookies

These cookies are essential for the website to function and cannot be switched off. They do not require your consent.

  • Session management and navigation
  • Security and form submission functions
  • Booking platform functionality

Analytics & Performance Cookies

These cookies help us understand how visitors interact with our website so we can improve it. We use anonymised data only. These require your consent.

  • Google Analytics — tracks page visits, session duration, traffic sources (anonymised IP)

Functional Cookies

These cookies allow the website to remember your preferences (e.g. region, language). These require your consent.

  • Remembering form fields or appointment preferences

Marketing / Third-Party Cookies

We do not currently run advertising campaigns and do not use marketing or targeting cookies.

3. How to Manage Cookies

When you first visit our website, you will be presented with a cookie consent banner. You can accept or decline non-essential cookies at any time. You can also manage cookies through your browser settings:

  • Google Chrome: Settings > Privacy and Security > Cookies
  • Safari: Preferences > Privacy
  • Firefox: Options > Privacy & Security
  • Microsoft Edge: Settings > Privacy, Search, and Services

Please note that disabling certain cookies may affect the functionality of our website.

4. Third-Party Services

Our website may use third-party services that set their own cookies, including:

  • Google Analytics (analytics.google.com) — for website performance monitoring
  • Online booking platform (if applicable) — for appointment scheduling

These third parties have their own privacy policies, which we encourage you to review.

5. Updates to This Notice

We may update this Cookie Notice as our website or the law changes. Please check this page periodically for the latest information.

 

 

Questions? Contact Us

Heliora Rehab | Prime Health Plus Ltd

15 Temple St, Aylesbury, Buckinghamshire, HP20 2RN

๐Ÿ“ž 07403 958436  |  โœ‰ info@heliorarehab.co.uk

ICO: www.ico.org.uk | 0303 123 1113