Privacy Policy
Heart Health Hub
Effective Date: [01.05.2025]
Last Updated: [04.05.2025]
​
1. Introduction
At Heart Health Hub Ltd. (“we”, “our”, or “us”), your privacy is important to us. We are committed to protecting the personal data of our patients, customers, and visitors in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains how we collect, use, store, and protect your personal and health-related data when you use our cardiac diagnostic services, website, mobile applications, or interact with us in any way.
2. Who We Are
Heart Health Hub is a provider of cardiac diagnostic and rehabilitation services registered in Northern Ireland. We act as a Data Controller for the personal information we process and are responsible for ensuring that your data is handled in compliance with UK data protection law.
-
Company Name: Heart Health Hub LTD.
-
Company Registration Number: NI726607
-
Registered Office: 10 High Trees Green, Donaghadee, BT21 0GP (mobile service)
-
Data Protection Officer (DPO): Mrs Charlotte J Currie
-
Contact Email: info@hearthealthhub.org
-
Phone: 07708 689 022
3. What Information We Collect
We may collect and process the following types of data:
a) Personal Data
-
Full name
-
Date of birth
-
Contact information (email, phone number, address)
-
NHS number (if applicable)
-
Insurance and payment information
b) Special Category Data (Health Information)
-
Medical history
-
Symptoms and diagnostic test results (e.g. ECG, Holter data, BP, Echo and cardiovascular rehabilitation data)
-
Referral letters or clinical notes
-
Any other health-related data relevant to our services
c) Technical and Usage Data
-
IP address and browser information
-
Device and app usage statistics
-
Location data (only with your explicit consent)
4. Legal Basis for Processing Your Data
We process your personal and health data under the following lawful bases:
-
Consent – when you provide clear consent for specific processing (e.g. email communication).
-
Contract – when processing is necessary for the delivery of a service you have requested.
-
Legal Obligation – to comply with UK healthcare regulations and medical record-keeping laws.
-
Vital Interests – where processing is necessary to protect your life or health.
-
Public Interest in Healthcare – especially where processing health data is necessary for medical diagnosis or the provision of health care services.
We only process special category data (e.g. medical records) under the additional conditions laid out in Article 9(2)(h) of the UK GDPR.
5. How We Use Your Data
We use your data to:
-
Provide diagnostic and clinical services
-
Maintain accurate and up-to-date medical records
-
Communicate with you and your healthcare provider
-
Comply with regulatory and legal requirements
-
Manage appointments, billing, and administration
-
Conduct quality assurance and service improvement
-
Develop anonymised insights for clinical research (only with appropriate safeguards)
6. Sharing Your Information
We may share your personal data with:
-
Your GP or referring physician
-
NHS bodies, where applicable
-
Laboratories and diagnostic service providers
-
Our technology partners and data processors (under strict data processing agreements)
-
Regulatory authorities, if required by law
-
Law enforcement or courts, in response to legal orders
We do not sell or rent your data to third parties for marketing purposes.
7. International Data Transfers
Your personal data is generally processed within the UK and the European Economic Area (EEA). Where data may be transferred outside the UK/EEA (e.g. cloud storage services), we ensure appropriate safeguards are in place, such as UK-approved Standard Contractual Clauses (SCCs).
8. How We Protect Your Data
We implement a range of organisational and technical security measures, including:
-
End-to-end encryption
-
Role-based access controls
-
Secure servers and backups
-
Regular vulnerability assessments
-
Staff training in data protection and confidentiality
9. Your Rights Under UK GDPR
You have the following rights with respect to your personal data:
-
Right to access – to obtain a copy of the personal data we hold about you
-
Right to rectification – to request correction of inaccurate or incomplete data
-
Right to erasure – to request deletion of your data, subject to legal obligations
-
Right to restrict processing – in certain circumstances
-
Right to data portability – where applicable, to request transfer of your data to another provider
-
Right to object – to certain types of processing, including direct marketing
-
Right to withdraw consent – at any time, where processing is based on consent
-
Right to lodge a complaint – with the Information Commissioner’s Office (ICO)
ICO Contact Information:
Website: https://ico.org.uk
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
10. Data Retention
We retain personal and medical data for as long as necessary to fulfil our service obligations and comply with applicable healthcare and legal requirements. After this period, data is securely deleted or anonymised.
11. Cookies and Website Use
Our website may use cookies or similar technologies to enhance your experience and track usage statistics. You can manage cookie preferences through your browser settings.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact:
Data Protection Officer
Heart Health Hub
10 High Trees Green, Donaghadee, BT21 0GP
Email: info@hearthealthhub.org
Phone: 07708 689 022
13. Updates to This Policy
We may update this Privacy Policy to reflect changes in legislation or our data practices. The most recent version will always be available on our website, with the “Last Updated” date clearly indicated.