Privacy Policy

Introduction

Kamlani Health Ltd ("we", "us", "our") is committed to safeguarding the privacy and security of your personal information. This Privacy Notice explains how we collect, use, and protect the personal data you provide when engaging with our services via our website, [Insert Website Address Here], or through any other interactions with our practice.

We operate under a strict duty of confidentiality, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the professional standards of the healthcare sector. Our objective is to ensure transparency and empower you with clarity regarding your data.

Controller & Data Protection Officer

Kamlani Health Ltd is the data controller responsible for your personal data.

We have appointed Mehdi Mansoor Ali as our Data Protection Officer (DPO), who oversees our data protection strategy and compliance. For any inquiries related to this privacy notice or your data rights, please contact the DPO directly.

Contact Details:

  • Entity Name: Kamlani Health Ltd

  • Data Protection Officer: Mehdi Mansoor Ali

  • Email Address: info@kamlanihealth.com

You retain the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent regulatory authority for data protection (www.ico.org.uk). We encourage you to contact us first to resolve any concerns.

The Information We Collect About You

Personal data, or personal information, refers to any information from which an individual can be identified. It does not encompass anonymised data where identifiers have been removed.

We may process the following categories of personal data:

  • Identity Data: Forename, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender.

  • Contact Data: Billing address, delivery address, email address, and telephone numbers.

  • Financial Data: Bank account and payment card details.

  • Transaction Data: Details about payments to and from you and other details of services you have purchased from us.

  • Technical Data: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

  • Profile Data: Your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

  • Usage Data: Information about how you use our website, products and services.

  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.

Special Category Data: To deliver effective healthcare services, we must process more sensitive data, known as "Special Category Data" under the UK GDPR. This includes comprehensive details concerning your physical and mental health, medical history, diagnosis, treatment plans, and medication. We process this data under Article 9(2)(h) for the provision of healthcare, supplemented by our professional obligations of confidentiality.

How We Collect Your Personal Data

We utilise different methodologies to gather data from and about you:

  • Direct Interactions: You may provide us with your Identity, Contact, Financial, and Special Category Data by completing forms, corresponding with us via post, email, or other means, or verbally during consultations. This includes data provided when you:

    • Enquire about or engage our services;

    • Create a patient or client account on our portal;

    • Subscribe to our publications;

    • Participate in a survey; or

    • Provide us with feedback.

  • Automated Technologies: As you navigate our site, we automatically collect Technical Data about your equipment, browsing patterns, and actions. This collection occurs via cookies and similar technologies. Please consult our Cookie Policy for comprehensive details.

  • Third Parties or Public Sources: We may receive personal data about you from various third parties, such as:

    • Technical Data from analytics providers such as Google.

    • Contact, Financial and Transaction Data from technical, payment and delivery services providers such as Stripe or PayPal.

    • Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register.

Our Lawful Bases for Processing

We will only process your personal data when the law permits. Our primary lawful bases for processing are:

  • Performance of a Contract: Processing necessary for the execution of a service agreement with you.

  • Legitimate Interests: Processing necessary for our legitimate business interests (or those of a third party), provided your fundamental rights do not override those interests.

  • Legal Obligation: Processing necessary for compliance with a legal or regulatory obligation to which we are subject.

  • Explicit Consent: For specific purposes, such as certain marketing communications, we will request your clear, explicit consent.

For Special Category Data (health information), our processing is necessary for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment, pursuant to Article 9(2)(h) of the UK GDPR.

Purposes of Processing

We will only use your personal data for the purposes for which it was collected. The following outlines our specific processing activities, the categories of data involved, and the lawful basis we rely upon under UK GDPR for each activity.

  • Client Onboarding and Registration

    • Purpose: To formally register you as a client of Kamlani Health Ltd and establish a contractual relationship.

    • Data Categories Processed: Identity Data and Contact Data.

    • Lawful Basis: This processing is necessary for the performance of the contract we are about to enter into with you.

  • Delivery of Healthcare Services and Treatment

    • Purpose: To provide you with safe, effective, and personalised healthcare services, including diagnosis, treatment planning, and ongoing care.

    • Data Categories Processed: Identity Data, Contact Data, and Special Category Data (health information).

    • Lawful Basis: This processing is necessary for the provision of healthcare and is carried out by a health professional subject to a duty of confidentiality. It is also necessary for the performance of our contract with you.

  • Financial Management and Processing Payments

    • Purpose: To manage the financial aspects of our relationship, including processing payments, collecting fees, and pursuing recovery of unpaid debts.

    • Data Categories Processed: Identity Data, Contact Data, Financial Data, and Transaction Data.

    • Lawful Basis: Processing for billing and payments is necessary for the performance of our contract. Efforts to recover outstanding debts are based on our legitimate interests in recovering money owed to us for services rendered.

  • Relationship Management and Communication

    • Purpose: To manage our ongoing relationship with you, which includes notifying you of changes to our terms or privacy policy, responding to your enquiries, and seeking feedback to improve our services.

    • Data Categories Processed: Identity Data, Contact Data, Profile Data, and Marketing and Communications Data.

    • Lawful Basis: Communications essential to your treatment are necessary for the performance of our contract. Certain communications may be a legal obligation (e.g., communicating changes to patient rights). Other communications, such as feedback surveys, are conducted under our legitimate interests in maintaining high client service standards and improving our practice.

  • Business Administration and IT Security

    • Purpose: To administer our business, maintain the security and integrity of our IT systems, website, and data, and to protect against fraud or other malicious activity.

    • Data Categories Processed: Identity Data, Contact Data, and Technical Data.

    • Lawful Basis: This processing is conducted under our legitimate interests in ensuring the robust and secure operation of our business, network security, and fraud prevention. It may also be necessary to comply with a legal obligation related to data security.

  • Marketing and Service Development

    • Purpose: To develop our services, grow our business, and inform our marketing strategy. This includes analysing how our website and services are used to enhance the user experience and to make informed decisions about potential new services.

    • Data Categories Processed: Identity Data, Contact Data, Technical Data, Usage Data, and Profile Data.

    • Lawful Basis: We process this data based on our legitimate interests in developing and growing our business, ensuring our marketing is relevant, and continuously improving our service offerings. You have the right to object to this processing at any time. Where required by law, we will seek your consent before sending direct marketing communications.


Data Security and Retention

We have instituted robust technical and organisational security measures designed to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorised manner. Access is limited to personnel on a strict need-to-know basis, who are subject to a duty of confidentiality.

We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In accordance with UK health regulatory guidelines, medical records are typically retained for specified periods. Upon expiry of the retention period, data will be securely and permanently disposed of.

Your Legal Rights

Under data protection law, you have rights, including:

  • Right of Access: To request copies of your personal information.

  • Right to Rectification: To request correction of inaccurate or incomplete information.

  • Right to Erasure (‘Right to be Forgotten’): To request deletion of your personal information under certain circumstances.

  • Right to Restriction of Processing: To request a pause on processing under specific conditions.

  • Right to Data Portability: To receive your data in a structured, machine-readable format.

  • Right to Object: To object to processing based on legitimate interests or for direct marketing.

  • Right to Withdraw Consent: To withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact our DPO using the details above.

Updates to This Notice

This Privacy Notice is subject to periodic review and may be updated to reflect changes in our practices or for other operational, legal, or regulatory reasons. The current version will always be available on our website, and we will notify you of any material changes.

Quick Links

About us

info@kamlanihealth.com

© Kamlani Health Ltd 2025. All rights reserved.

Therapy

Appointment

Fees

Contact

Assessment

Contact

Privacy Policy

Payment and Cancellation Policy

Terms and Conditions

+447344293699 (Whatsapp)