Privacy Policy

Last updated: 01/02/2026

Arcadia Health Clinic (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data lawfully, fairly, and transparently.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, contact us, or receive services from us.

1. Who we are (Data Controller)

Arcadia Health Clinic is the Data Controller for personal data processed via this website and our clinical systems.

Contact details:
Email: info@arcadiahealthclinic.com
Telephone: +447892 894 266
Address: 4.15e 83 Princes Street, Edinburgh, EH2 2ER

If you have questions about this Privacy Policy or how your data is used, you can contact us using the details above.

2. The data we collect

We may collect and process the following categories of personal data:

a) Identity & contact data

  • Name

  • Date of birth

  • Address

  • Email address

  • Telephone number

b) Health and clinical data (special category data)

  • Medical history and health questionnaires

  • Consultation notes

  • Treatment records

  • Prescriptions and medication history

  • Safeguarding information (where relevant)

c) Booking and service data

  • Appointment details

  • Attendance history

  • Payments and invoices

  • Communications with us

d) Technical and website data

  • IP address

  • Browser type and device information

  • Website usage data (via cookies and analytics)

3. How we collect your data

We collect data when you:

  • Complete forms on our website

  • Book appointments online

  • Attend consultations (in person or remotely)

  • Communicate with us by email, phone, or messaging

  • Use our website (via cookies)

4. How we use your data

We use your personal data to:

  • Provide safe and appropriate healthcare services

  • Assess clinical suitability and deliver treatment

  • Book and manage appointments

  • Prescribe or supply medication (where applicable)

  • Communicate with you about your care

  • Process payments and issue invoices

  • Meet legal, regulatory, and professional obligations

  • Improve our services and website

We do not sell your personal data.

5. Lawful basis for processing

Under UK GDPR, we rely on the following lawful bases:

a) General personal data

  • Performance of a contract – to provide booked services

  • Legal obligation – regulatory and record-keeping duties

  • Legitimate interests – service improvement and administration

b) Health data (special category)

We process health data under:

  • Article 9(2)(h) – healthcare provision

  • Article 9(2)(a) – explicit consent (where required)

6. Clinical records and legal obligations

We are legally required to keep accurate clinical records. These records may be retained even if you request deletion, where retention is required by law or professional standards.

7. Who we share your data with

We only share data where necessary and appropriate, including with:

a) Clinical and operational systems

We use the following data processors:

  • Google Workspace – secure email, document storage, internal communication

  • Acuity Scheduling – appointment booking and management

  • SignatureRx – prescribing and pharmacy-related services

These providers process data on our behalf under data-processing agreements and are required to maintain appropriate security standards.

b) Regulators and authorities

Where legally required, we may share data with:

  • Professional regulators

  • Safeguarding authorities

  • Law enforcement or public bodies

8. Data storage and security

We take appropriate technical and organisational measures to protect your data, including:

  • Secure, access-controlled systems

  • Encrypted communications where available

  • Role-based access to clinical records

  • Staff confidentiality and data-protection training

Despite best efforts, no system can be guaranteed 100% secure.

9. How long we keep your data

We retain personal data only for as long as necessary:

  • Clinical records: retained in line with legal and professional requirements

  • Booking and financial records: retained for statutory accounting periods

  • Website enquiries: retained for a reasonable period or until no longer required

10. Your rights

Under UK data protection law, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure (where legally permitted)

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent (where consent is the basis)

To exercise your rights, contact us using the details above. We may need to verify your identity.

11. Complaints

If you are unhappy with how we handle your data, you can complain to us first. You also have the right to complain to the Information Commissioner’s Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113

12. Cookies and analytics

Our website uses cookies to ensure it functions correctly and to understand how visitors use the site.

For more information, please see our Cookie Policy: www.arcadiahealthclinic.com/cookies-policy

13. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be published on our website with the updated date.

14. Contact us

If you have any questions about this Privacy Policy or your personal data, please contact:

Arcadia Health Clinic
Email: info@arcadiahealthclinic.com
Telephone: +447892 894 266