Privacy policy

Sanctum Healthcare is committed to ensuring the privacy of our patients and website visitors. This policy explains what personal data we may collect about you when you interact with us and how we use it.


Service: We will only use your data to improve your experience of our services
Patient Safety: We will only use your sensitive personal data to ensure your care and safety
Keep in touch: We will only contact you about things you have told us you’re interested in

Your personal and sensitive personal data

Under data protection legislation, the data that organisations hold about you can be categorised as follows:

Personal Data: This is data related to an identifiable person or data that can be used to identify a distinct individual. Examples of personal data we collect and process include names, email addresses, location, telephone numbers, ID numbers and online identifiers. Where this policy states “your data/your personal data” we are referring to Personal Data unless otherwise stated.

Sensitive Personal Data: Sometimes referred to as “Special Category Data”, this is data that is deemed to be more sensitive than the above personal data. For example, medical records, genetics, biometric data, details of ethnicity, sexual orientation. We only use this data for the purposes of your treatment and to ensure you care and safety as a patient. We will usually ask for your consent to collect or process this data, though there may be instances where we are required or permitted to do so by applicable law (eg. To comply with public health requirements). We never use your sensitive personal data for marketing purposes.

The legal bases we rely on

Under data protection legislation, organisations must have a reason for processing your personal data:

Consent: In some situations, we ask for your consent to process your data for the purpose we have identified. For example, we ask you to tick a box on our enquiry form to receive our special offer and discount emails. As a patient you may be asked for consent to allow us to collect sensitive personal data about you to ensure your safe treatment and care.

Contractual obligations: Sometimes we may need your data to fulfil our obligations. For example, if you wish to book an appointment we may need your payment details, address and contact details to process payment and secure your booking.

Legal compliance: There may be some situations where we are required by law or regulatory bodies to process your data. For example, we may require you to provide proof of ID and age where the law requires. Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests.

Legitimate Interests: In some situations we require your data to pursue our interests in a way which might reasonably be expected as part of running our business and which does not significantly impact your rights or freedom.

When do we collect your personal data?

– When you visit our website
– When you communicate with us by phone or email or instant messaging systems
– When you engage with us on social media
– When you interact (open/click) with our emails
– When you request further information from us
– When you arrange appointments with clinic staff
– When you attend appointments and as part of the consultation process
– When you make payments to us or require a refund
– When you fill in any forms online or in clinic
– When you’ve given a third party permission to share with us the information they hold about you (eg. Facebook/Instagram).
– When you complete any surveys we send you
– When you review our services
– When you refer a friend
– When you visit our clinics we may operate CCTV systems for security purposes

What personal data do we collect?

– Whilst using our website you may submit information to us via an enquiry form. This may include your name, email address, phone number and postcode. We require this information to contact you regarding your enquiry and to better understand demand for our services.
– Details of your interactions with us through our call centre, in clinics or online. For example, we may record calls or make note of conversations and maintain phone call logs.
– Copies of documents you provide to prove your age or ID where the law or company policy requires.
– Payment details.
– Details of your visits to our websites, including how you arrived, which pages you visited, time spent, links clicked and technical information about your device and internet connection.
– Personal details which help us make suggestions. For example, you may indicate that you have a particular skin condition or concern, which we will use to recommend treatments.
– Information gathered by the use of cookies. Learn more about how we use cookies.
– Your reviews, survey responses and comments.

How and why do we use your personal data?

We want to give you the best possible experience from your very first interaction with us. One way to achieve this is to better understand who you are by collecting data about you. We use this to make improvements to our service and to communicate information that you are likely to be interested in. There are many cases where we are required to collect and process data about you either to fulfil our contractual obligations to you or to comply with the law. We use your personal data for the following purposes:

– To contact you regarding your enquiry – we have to collect and process your data in order to fulfil your request for further information or to book an appointment.

– To provide you with further information about the subject of your enquiry so you understand your options and can make an informed decision.

– To remind you by email to book subsequent appointments if and when required.

– With your consent, we will send you special offers and news via email – to keep you up to date with our promotions.

– To tailor the content of our communications – to make it more relevant to you.

– To contact you regarding your appointments and treatments – we want to make sure you don’t miss your appointments.

– For business performance analysis – to ensure we continue to provide the best service.

– To make sure we’re speaking to the right person – to help prevent and detect fraud.

– To take payment and process refunds

– To provide customer service and support

How we protect your data

We take the security of your data seriously and take all appropriate steps to protect it from unauthorised access, loss and misuse. We never sell any of your personal data for any purpose. Any sensitive personal data we may collect (such as medical records) is never used for marketing purposes and access to such data is further restricted.

How long do we keep your data?

We only keep your data for as long as is necessary to fulfil the purpose for which it was collected. At the end of the period, your data will either be deleted or anonymised so that it can be used in a non-identifiable way for statistical analysis which helps us make improvements to our service and business.

Cookies & similar technologies

To help us give you the best possible experience, our websites and emails contain cookies, web beacons and similar technologies. Cookies are small, harmless text files that are downloaded to your computer/device when you visit websites. They serve a range of purposes such as helping us understand our website usage, activity and user behaviour.

Who do we share your personal data with?

We never sell or share your personally sensitive data with any third parties. We want to maintain your trust in us as a reputable company and believe this is essential to ensure this.

However, we do use third parties to support, manage or deliver some of our day to day business services. As a result, we may share non-sensitive personal data (such as phone numbers, email address and IP address) with the following type of companies we work with:

– Companies that help us deliver our emails and electronic communications to you.
– Companies that support our website, phone handling and other IT/business systems.
– Companies that provide online communication services between you and us such as instant messaging and video conferencing platforms. By using these services you accept their terms of usage and understand that all data including messages, photos, videos, files and transcripts will be managed in accordance with the policies of those third parties.
– Companies that provide analytics services, such as Google Analytics and Hotjar.
– Facebook and Instagram to show you our services that might interest you whilst you’re browsing the internet or on social media platforms. This is based on your acceptance of cookies on our websites.

What are your rights?

You have a number of rights relating to your personal data including:

– The right to access the personal data we hold about you.
– The right to request the correction of inaccurate data about you. If we hold inaccurate or out of date information about you, you can request that we change or update it.
– The right to request that we delete your data or stop processing it – in some instances such as where we no longer need it, we can delete your personal data.
– The right to stop direct marketing – You have the absolute right to stop our use of your personal data for direct marketing purposes. In this instance we must always comply with your request.
– The right to withdraw your consent – Whenever you have given us your consent to use your personal data, you have the right to change your mind and tell us.
– Please note there may be instances where we refuse your request for any of the above (unless otherwise stated) where we have a strong overriding reason or are legally obliged to.

If you wish to exercise any of your rights, have a complaint or questions about this policy, please see our contact details below.


We do not knowingly collect personal data relating to children under the age of 16. If you are a parent or guardian of a child under the age of 16 and think that we may have information relating to that child, please contact us. We will ask you to prove your relationship to the child but if you do so you may (subject to applicable law) request access to and deletion of that child’s personal data.

Changes to this privacy policy

We may update this privacy policy from time to time to reflect how we use your personal data. We will notify you by email (if we hold your email details) of any significant changes but we encourage you to review this policy regularly to stay informed of how we use your data.


If you have concerns about aspects of the way your data has been handled or used by us and are not satisfied with our response, you can report your concerns to the UK Information Commissioner Office (ICO). Details of how to do this are on the ICO website (https://ico.org.uk).

Any Questions?

We hope this privacy policy has been helpful in setting out the way we handle your personal data and your rights. If you have any questions that haven’t been covered, please contact:

Sanctum Healthcare
3 the Beeches
Beech Lane

This policy was last updated on the 24th November 2021

Get your first free online consultation