Privacy policy.

Effective Date: 23.04.2025

 

Welcome to the Altus Clinic’s Privacy Policy (“Policy”). We care about your privacy and handle your data in accordance with the General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 (“DPA”) and any other laws that apply to your location.

 

This Policy describes the data we collect through our website at https://www.altusclinic.com/ (our “Site”) and electronic health platform on Practice Better (the “Portal”) regarding our integrated healthcare services (our “Services”).

 

You must review and agree to this Policy and other policies and agreements we present to you regarding our Services. This includes our Terms of Service, consent forms and cancellation and refund policy via this Site and the Portal.

 

By interacting with our Services, you confirm your agreement with this Policy. If you do not agree to this Policy, your only recourse is to refrain from using our Services.

 

1.    Data Controller Information

For the purpose of the GDPR and applicable laws, Altus Clinic is your “Data Controller” – we are responsible for the handling and processing of your data. Our role as a Data Controller means we also decide how collaborators and the third parties we use (Data Processors) handle your data. You can find legal information about us below:

 

Altus Clinic Limited

Arbutus, Waterford, X91V6EC

info@altusclinic.com

 

If you have any questions about Altus Clinic and its role as a Data Controller, do not hesitate to contact us.

 

2.    The Data We Collect and How

We may collect data that can identify you (personal data) and de-identified, anonymous data that cannot identify you (non-personal data) when you use our Services. We categorise this data and manner of collection into the following categories:

 

a.     The data you willingly provide to us

You may provide us with your data willingly. This may include the following data:

 

•       Your Name;

 

•       Date of birth;

 

•       Gender;

 

•       Contact information (such as your email address, home address and telephone numbers);

 

•       Details of your GP and NHS/HSE number;

 

•       Details of Services (e.g. your health plan) and/or treatment you have received from us or which have been received from a third party (e.g. NHS/HSE) and referred to us;

 

•       Personal health data such as biometric data, blood test results, lifestyle, nutrition, medical history and other results from intake forms;

 

•       Credit and debit card details (sort code and account number) if paying via instalments;

 

•       Records of correspondence between us. This includes text messages, emails, notes made by the practitioner during consultations and related to your health plan, the result of the treatment and any aftercare instructions;

 

•       The name and contact details (including phone number) of your next of kin. Please note that you are responsible for ensuring the individual is aware of and accepts this Policy;

 

•       Details of referrals, quotes and other contact and correspondence we may have had with you;

 

•       Information obtained from customer surveys, promotions and competitions that you have entered or taken part in; and

 

•       Information about complaints and incidents.

 

Some of the data we request from you may include sensitive personal data. This includes information related to mental or physical health or racial or ethnic origin. By providing us with sensitive personal data, you give us your explicit consent to process this sensitive personal data for the purposes set out in this Policy. We take additional steps to ensure sensitive personal data is secure from unauthorised access.

 

You may provide us with your data when you:

 

•       book a consultation call and engage us;

•       contact us (through our Site, email, phone and Portal);

•       use our email newsletter form;

•       complete your intake form on our Portal;

•       submit your bank details data for our Services;

•       Fill in a form or survey from us or participate in a competition, promotion or other marketing activity; and

•       Use any other forms we present.

 

You are under no obligation to provide us with any data willingly. However, we require this data to attend to you. Therefore, without it, we cannot provide our Services.

 

b.    The data we collect automatically

We collect some data automatically (mostly de-identified and anonymous) when you access and interact with our Site, Portal and newsletters. We use third-party analytics gathering tools like Squarespace Analytics, Google Analytics and Practice Better Analytics to gather this data automatically. These tools use tracking technologies like cookies, beacons, and pixels to gather this data. See the cookie policy and analytics sections for more about cookies and analytics.

 

The data we collect automatically includes the following:

 

•       Your device details, including browser type, version, IP address, operating system, geolocation, etc.;

 

•       Your anonymous activities on our Site and Portal, including pages accessed, duration of access and similar information;

 

•       Details of your transactions, including the plan purchased, date and time, amount paid, and payment method used, etc.; and

 

•       Metrics to track engagement on our Site and newsletter. This might include your IP address, browser type and version, time zone setting, browser plug-in types and versions and operating system.

 

c.     The data we collect from third parties

Third parties may provide us with your data. This may include where:

 

•                Stripe, our third-party payment processor, provides us with information about your transactions;

 

•                We obtain your blood test from Randox Health Dublin or other Medicine laboratories; and

 

•                We obtain sensitive information from healthcare providers based on your consent.

 

3.    How We Use Your Data

In summary, we use your data to provide our Services, secure our Site and comply with applicable laws. Specific uses of your data may include the following:

 

•       Name, Date of Birth and Gender are used to identify you and provide health services or treatments to you, as well as to ensure the best ongoing standards of care in the delivery of our Services.

 

•       Contact information such as email addresses, home address, and telephone numbers is used to contact you, including (i) sending test results or correspondence (related to the Service you have contracted us for) to your home address; (ii) responding to any inquiries, complaints or message you send to us; (iii) sending you marketing messages based on your consent; (iv) providing support services; and (v) notifying you of changes to our Services.

 

•       Details of your GP and NHS/HSE number are used to communicate health information with your GP based on your consent.

 

•       Your device properties, including IP address, web browser type and version, operating system, etc. are used to ensure that content from our Site is presented in the most effective manner for you and for your computer.

 

•       Details of Services and/or treatment you have received from us (e.g. your health plan, your record of appointments) or which have been received from a third party (e.g. NHS/HSE) and referred to us is used to (i) process potential future formal complaints; (ii)  respond to requests where we have a legal or regulatory obligation to do so; (iii) assess the quality and/or type of care you have received (including allowing you to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated; and (iv) support your doctor or other healthcare professionals.

 

•       Personal health information such as biometric data, blood test results, lifestyle, nutrition, medical history and other results from intake forms is used to tailor the provision of our Services or treatments to you, and to ensure ongoing best standards of care in the delivery of our Services.

 

•       Credit and debit card details (sort code and account number) if paying via instalments is used to process payments for the fulfilment of any plan you purchase.

 

•       Records of correspondence between us, including text messages, emails, notes made by the practitioner during consultations and other data related to your health plan are used to provide you with ongoing best standards of care in the delivery of our Services and check the accuracy of information about you and the quality of your treatment or care, including auditing medical and billing information for insurance claims as well as part of any claims or litigation process.

 

•       Your use of our Site and interaction with our newsletters helps us to provide educational and informative material in our newsletters, relevant offers and new Services. It also ensures that you have the best experience when using our Site.

 

4.    Our Lawful Basis for Collecting Your Data

The lawful bases we rely on for processing your data include the following:

 

•       Consent: You have given us explicit consent to process your data. This includes via consent forms and similar practices. You can withdraw your consent at any time. You can do this by contacting us at info@altusclinic.comor using any other communication channel we use.

 

•       Contract performance: We require your data to perform the contract we have entered with you. This includes obtaining your data to provide the Service you paid for.

 

•       Legal obligation: We are legally obligated to collect your data. This means that we are required by applicable laws to collect data such as details of transactions, health information, communication logs and consents.  

 

•       Legitimate interest: We may collect certain data if is necessary for our legitimate interest, provided that the interest does not override your right. This may include collecting data to improve our Services, secure our Site and Portal and prevent fraud or misuse of our Services.

 

•       Vital interest: We may collect your data to protect your vital interest or those of others (for example, to notify your next-of-kin in a medical crisis).

 

5.    Who We Share Your Data With  

We may share the data we collect about you with third parties only under the following circumstances:

 

a.     Other providers: With your consent, we may share your data with other providers in your care. This may include sharing health information with your GP strictly after getting your written consent to do so.

 

b.    Third-party service providers: We utilise the services of certain third parties to perform some of our Services. We may share your data with these third parties to enable them to provide their services. These third parties and the services they perform may include, without limitation:

 

•                Squarespace for hosting our Site, storing your data, gathering analytics and marketing our Services;

•                Stripe for processing your payments;

•                Google for gathering analytics;

•                Practice Better for booking your call, communicating with you, sending invoicing and storing your data shared via the Portal; and

•                Randox Health Dublin for blood testing (if applicable).

 

Please note that these third parties are under an obligation not to use your data for anything other than to perform the services for which we contract them.

 

c.     Compliance with legal obligations: We may disclose your data if the law requires it. This may include complying with legal, regulatory or law enforcement requests such as court orders and legal proceedings (for example, we may be required to report your fitness to drive or fly; abuse or risk to life; or any required insurance claims or billing).

 

d.    Protecting rights and interests: We may disclose personal data if we believe it is necessary to protect and defend our legal rights and property; investigate and prevent potential fraud, unauthorized access, or other illegal activities; or safeguard the health and safety of users, staff, or the public in emergencies.

 

e.     Business transactions: If Altus Clinic is involved in a merger, acquisition, reorganization or sale of assets, your personal data may be transferred to the new business entity. We will ensure that such transfers comply with applicable data protection laws and provide notice before your data is subject to a different privacy policy.

 

f.      Disclosure with your consent: In cases where disclosure is not covered by the above, we will seek your explicit consent before sharing your data.

 

g.     Anonymized or Aggregated Data: We may disclose anonymized or aggregated data, which cannot identify you, to third parties for research, analytics or reporting purposes.

 

Please note that sensitive personal data related to your health will only be disclosed to those involved with your treatment or care in accordance with applicable laws and guidelines of professional bodies or for clinical audits (unless you object).

 

6.    The Cross-Border Transfer Of Your Data

Altus Clinic is based in Ireland and relies on the GDPR, DPA and other applicable laws when handling your data. This means that we process and maintain your data in Ireland and in accordance with what relevant laws require.  

 

However, some third-party service providers we use, including Stripe, Practice Better and Squarespace, are located outside of Ireland, the EEA, the EU, the UK, and locations under the GDPR; therefore, we may transfer your data to these parties in their respective locations.

 

However, when transferring personal data internationally, we ensure appropriate safeguards are in place, such as:

 

  • Transferring to countries recognised by the European Commission as providing an adequate level of data protection (such as Practice Better with headquarters in Canada).

  • Implementing contracts based on the European Commission’s Standard Contractual Clauses (SCCs) with service providers in countries without an adequacy decision.

  • Requiring all service providers to comply with GDPR and other applicable laws to protect your data.

 

By using our Services, you acknowledge that your data may be transferred to and processed in countries outside the EEA, EU, UK, and other countries under the GDPR and similar laws. However, we are committed to safeguarding your personal information and ensuring it remains secure, regardless of where it is processed.

 

7.    How Long We Store Your Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, regulatory or professional obligations.

 

Specifically, we keep your health records, including details of your treatment plan, intake forms and consultation records for 7 years after the date of your final session. After this period, your information will be permanently deleted or securely disposed of. We keep other data collected through our Site or for non-clinical purposes (e.g., email subscriptions or inquiries) only as long as necessary to provide the requested Service or as required by applicable laws. We do not store your payment method data – they are only used by Stripe to process your payments. Read Stripe’s privacy policy here.

 

When we no longer need your data, we will ensure that it is securely destroyed or anonymised in a way that it can no longer identify you.

 

8.    How We Secure Your Data

All the data you provide to us is stored securely using industry best practices. Your data (including treatment plan details, intake forms and consultations) is collected via our Portal, a GDPR-compliant electronic health platform. Records from your sessions, including updated plans or recommendations made to you are stored securely. These health documents are anonymised and stored separately from your personal details (i.e. name, date of birth, and address).

 

Whether you are visiting our Site or Portal, we use reasonable security measures to protect the confidentiality of personal data under our control and appropriately limit access to it. We limit access to your data only to authorised personnel and use various security tools, such as encryption, to protect your data.

 

However, while we try to protect your data, it is important to note that electronic transmissions over the internet are not entirely immune to interception. As a result, we cannot guarantee the security or confidentiality of data transmitted electronically. We recommend you use secure networks and exercise caution when transmitting sensitive data online.

 

9.    Email Marketing

If you subscribe to our email newsletter through the form on our Site, we will use your email address to send updates about our Services, including promotions, plans, bonuses and deals we think may catch your interest. Your email is stored securely and will not be shared with third parties for marketing purposes.

 

If, at any time, you want us to stop sending you marketing emails, you can simply unsubscribe by clicking the "unsubscribe" link in our emails. Once unsubscribed, your email will be removed from our mailing list unless required for legal purposes.

 

10. Interest-Based Advertising

We may engage in interest-based advertising (also known as targeted or behavioural advertising) using Google Ads, Facebook, Instagram and LinkedIn. This means that your interest and activity across our Services, including our Site, the Portal, emails and other networks may be used to serve relevant adverts to you.

 

Platforms like Google Ads, Facebook, Instagram and LinkedIn may use cookies or similar tracking technologies to collect information about your browsing activities and preferences to display ads relevant to your interests. This may involve data collected by cookies or similar technologies on our Site and newsletters, as well as your interactions with ads or content on third-party websites.

 

You have control over the use of your data for interest-based advertising. For example, you can:

 

•       Manage your cookie preferences through our cookie banner or your browser settings.

•       Adjust ad preferences directly on platforms like Google Ads, Facebook, or other platforms.

•       Use tools like the Your Online Choices platform to manage your advertising preferences across multiple services.

 

Please note, however, that opting out of interest-based advertising does not prevents ads from being shown to you. It only prevents us and third parties from serving ads that are based on your online activities and interests.

 

11. Cookies and Similar Technologies

Our Site uses cookies and similar tracking technologies (web beacons, pixels, tags, etc.) to provide a better user experience, analyse website traffic and support essential website functionality.

 

Cookies are small text files stored on your device by your web browser when you visit our Site. They enable us and our third-party service providers (like Squarespace, Practice Better and Stripe) to recognise your device and store data about your preferences or actions.

 

We use the following types of cookies:

 

•       Strictly necessary cookies: These cookies are essential for the Site and Portal to function properly and cannot be turned off. They include cookies that support secure login, session management and accessibility.

 

•       Performance and analytics cookies: These cookies help us understand how visitors interact with our Site by collecting anonymised data. For example, Squarespace Analytics tracks website traffic, visitor behaviour and Site performance; Practice Better uses cookies for secure access to your account and session management; Google Analytics collects information about your visit, including pages viewed, time spent and referral sources.

 

•       Advertising cookies: These cookies may be used by platforms like Google Ads, Facebook and Instagram to deliver personalised advertising based on your browsing activity and preferences.

 

Your Cookie Preferences

You can manage or disable cookies through your browser settings. Most web browsers allow you to:

 

•       View and delete stored cookies.

•       Block cookies from specific websites.

•       Set preferences for first-party and third-party cookies.

 

We will request your consent before using non-essential cookies, such as those for analytics and advertising. You can update your cookie preferences at any time through our cookie banner or browser settings.

 

12. Analytics

We use analytics tools, including Google Analytics, Squarespace Analytics, and Practice Better Analytics, to understand how users interact with our Site, Portal and Services. These tools collect anonymised or aggregated data such as IP address, browser type, pages visited, time spent on the Site, visitor statistics and trends in Site and Portal usage.

 

This information helps us to analyse Site traffic, monitor performance, optimise user experience and improve our offerings. Some tools, like Google Analytics, may use cookies to track this data. You can opt out of Google Analytics tracking by using the Google Analytics Opt-out Browser Add-on.

 

Analytics data is anonymised or aggregated where possible and is not used to personally identify you. For more information on how these tools collect and process data, please refer to their respective privacy policies.

 

13. Your Data Protection Rights

We are committed to ensuring that your personal data is handled in compliance with the GDPR and other applicable data protection laws. Depending on your location, you may have the following rights regarding your personal data:

 

•       Your right of access – You can ask us for copies of your personal data, including information about how we use it and who we share it with.

 

•       Your right to rectification – You can ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete data you think is incomplete.

 

•       Your right to erasure – You can ask us to erase your personal data in certain circumstances, such as if the data is no longer necessary for the purposes it was collected of if you withdraw your consent. The erasure of your data is subject to our data retention policy, as described above.

 

•       Your right to restriction of processing – You can ask us to restrict the processing of your personal data in certain circumstances.

 

•       Your right to object to processing – You can object to the processing of your personal data in certain circumstances.

 

•       Your right to data portability – In certain cases, you may request a copy of your personal data in a structured, commonly used and machine-readable format and transfer it to another data controller where technically feasible.

 

•       Right to withdraw consent If we rely on your consent to process your personal data, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

 

•       Right to lodge a complaint – If you have any complaints regarding how we use your data, you can file a complaint with us at info@altusclinic.com. If you believe we have not adequately addressed your concerns regarding your personal data, you can lodge a complaint with the relevant data protection authority. If you are in Ireland, you can complain to the Data Protection Commission (DPC) (www.dataprotection.ie). If you are located outside Ireland, you may contact the data protection authority in your jurisdiction.

 

•       California Privacy Rights (CCPA/CPRA) – If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal data we collect, sell, or share and the right to opt out of the sale of your personal data.

 

•       Other Global Privacy Rights Depending on your location, you may have additional rights under local privacy laws, such as the Privacy Act (Australia) or the Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada).

 

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

 

Please contact us at info@altusclinic.com or any of our contact channels on the Site and Portal if you wish to make a request. We will respond to your request within the time frame required by applicable laws and at no cost to you unless your request is excessive, repetitive or unfounded, in which case we may charge a reasonable fee or decline the request.

 

14. Do Not Track (DNT) Signals

Some web browsers offer a "Do Not Track" (DNT) setting, which allows you to signal to websites that you do not want your online activity to be tracked. At this time, our Site does not respond to DNT signals.

 

15. Children’s Privacy

Our Services are not intended for use directly by individuals under 16, and we do not knowingly collect or process personal data from individuals below 16. If you are under 16, please do not provide any personal information to us. You may only do so if at least a parent or legal guardian supervises it.

 

If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete the information as soon as possible.

 

16. Third-Party Links and Collaborator Privacy Policy

Our Site may include links to third-party websites, services or collaborators not owned or controlled by Altus Clinic. These links and collaborations are provided for your convenience and do not constitute an endorsement of their privacy practices or content.

 

In addition to these links, Altus Clinic collaborates with external specialists, such as Tom Cowan, our Clinical Exercise Physiologist, who may collect and process additional personal data separately from Altus Clinic. Tom Cowan operates under his own privacy policy, which governs the collection, use and protection of any personal data you provide while engaging with his services.

 

We encourage you to review the privacy policies of any third-party services, including Tom Cowan’s privacy policy, which can be found at https://www.tcowan.co.uk/privacypolicy. By using his services, you consent to the data practices outlined in his privacy policy. For questions regarding his privacy practices, you can contact him directly at tom@tcowan.co.uk.

 

17. Updates to this Policy

We may update this Policy occasionally to reflect changes in our practices, legal requirements or other operational needs. Any updates will be posted on this page with a revised "Last Updated" date at the top of the Policy.

 

If we make significant changes to how we handle your personal data, we will notify you through a prominent notice on our website or via other appropriate means, such as email (if you have provided it).

 

We encourage you to review this Policy periodically to stay informed about how we protect your data. Your continued use of our Services after any updates constitutes your acknowledgement and acceptance of the revised Policy.

 

18. Careers and Job Applications

If you provide your resume/CV in connection with a role, your data will be used solely for recruitment purposes, including accessing your suitability for the role and contacting you regarding your application.

 

We will store your application securely and retain it for as long as necessary to process it or comply with legal requirements. If your application is unsuccessful, we may keep your information on file for up to 12 months to consider you for future opportunities unless you request otherwise.

 

19. Contact Us

If you have any questions, issues, complaints, feedback, or concerns regarding how we handle your data as described in this Policy, please contact us at info@altusclinic.com or use our Practice Better Portal communication channel.