Privacy Policy.

1. Who we are

CheckPoint Health (“Checkpoint”, “we”, “us”, “our”) is a private health screening clinic operating at 17 Harley Street, London W1G 9QH. We are the “controller” of the personal data we hold about you and are responsible for it under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

• Registered company name: [CLIENT TO INSERT REGISTERED COMPANY NAME]
• Company registration number: [CLIENT TO INSERT COMPANY NUMBER]
• Registered office: [CLIENT TO INSERT REGISTERED OFFICE ADDRESS]
• ICO registration number: [CLIENT TO INSERT ICO REGISTRATION NUMBER]
• Data Protection Officer: [CLIENT TO INSERT DPO NAME / CONTACT EMAIL]

2. The information we collect

We may collect and process the following categories of personal data:

• Identity and contact data — name, date of birth, postal address, email address and telephone number.
• Special category (health) data — medical history, symptoms, scan and test results, and clinical correspondence. This is given enhanced protection under UK GDPR.
• Appointment and payment data — bookings, the services you purchase and transaction records (we do not store full card details).
• Technical data — IP address, browser type and usage data collected through our website and cookies. See our Cookies Policy.

3. How and why we use your data

Under UK GDPR we must have a lawful basis for processing your personal data. We rely on the following:

• Contract — to provide the screening, assessment and clinical services you have booked.
• Legal obligation — to meet our regulatory, clinical record-keeping and tax obligations.
• Legitimate interests — to run, improve and secure our clinic and website, where your rights do not override those interests.
• Consent — for marketing communications and non-essential cookies, which you may withdraw at any time.

For special category health data, we additionally rely on Article 9(2)(h) UK GDPR (provision of health care) and the conditions in Schedule 1 of the Data Protection Act 2018. Our clinicians work under a duty of confidentiality.

4. Sharing your data

We never sell your data. We may share it with: our consultants and clinical partners involved in your care; accredited laboratories and imaging providers; your GP or referring clinician where you have asked us to; and trusted service providers (such as IT, payment and communications suppliers) acting under contract on our behalf. Where required, we may disclose data to regulators or law enforcement.

5. International transfers

Where any of our service providers process data outside the UK, we ensure an adequate level of protection through UK adequacy regulations or the International Data Transfer Agreement / appropriate safeguards approved by the ICO. [CLIENT TO CONFIRM WHETHER ANY DATA LEAVES THE UK.]

6. How long we keep your data

We retain medical records in line with the relevant NHS and professional retention schedules (generally a minimum of eight years for adult records, and longer for certain records). Non-clinical data is kept only as long as necessary for the purposes set out above. [CLIENT TO CONFIRM RETENTION SCHEDULE.]

7. Your rights

Under UK GDPR you have the right to: be informed; access a copy of your data; have inaccurate data corrected; request erasure; restrict or object to processing; data portability; and rights relating to automated decision-making. To exercise any of these, contact us using the details below. We will respond within one month.

8. How to contact us or complain

For any privacy query, or to exercise your rights, contact us at hello@check-point.health or 020 3697 0247.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection: ico.org.uk — helpline 0303 123 1113. We would ask that you contact us first so we can try to resolve the matter.

9. Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with a revised “last updated” date.