Privacy Policy

Who are we?

We are Telos Treatment + Training, a private practice sole proprietorship based in Cambridge, UK. 

As sole proprietor Kay White is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact her by email at info@telos.org.uk

How do you use my data?

This webpage sets out when and how we use your personal information that you or others provide to us.


When you contact us

When you phone, email or contact us through other means with general queries, we may also handle your personal information (your name, contact details and other brief details which may include health information that you provide to us) in order to provide the customer services you have asked us to. This could be when you ask us to book an appointment, to provide more information about our service offerings or pricing packages, to explain how our booking works and whether an appointment is suitable for you, among other queries related to the business and providing health related services to potential or existing clients.  

We rely on your consent to handle your personal information in this way. If you do not provide us with the personal information we request from you for customer services purposes, we may not be able to fully answer your queries.

Telos values your privacy and encourages you to consider how you transfer information to us when done so outside of our in-person services or our contracted service providers. We recommend limiting your transfer to us of sensitive personal information outside of our in-person sessions. If you choose to provide us with sensitive data outside of our controlled services, you may opt to supply sensitive data in a password-protected/encrypted attachment or preferably, if possible, wait until your appointment with us. 

Any contact you have with us may be kept as case history, noting relevant consents and personal information given to us, care and advice provided and copies of correspondence. Each contact you make with us or we initiate with you is part of your casework. We may save this information about you in our client relationship management software, work devices, cloud services, safes and clinic-related software. For more information about why we retain and how long we retain your information and how it is stored please see the relevant sections below.

Please note we do not provide a separate telephone, text or email advice service, aside from brief conversations needed to book appointments or for aftercare concerns not covered during appointments. If you are an adult seeking our services and have not yet had an initial consultation with us and are interested in becoming a client, we would encourage you to book an initial consultation - these handle most questions. Alternatively, you can join our drop-in Q&A clinic when it’s available. You may also consider subscribing to our news service for information which may be of interest - see Connect.


When you have expressed an interest in receiving news and offers from us

This section applies if you have opted in to receive marketing communications from us, or have previously expressed an interest in receiving news and marketing communications from us and have not opted out. 

We will handle your personal information (such as your name, email address, postal address, telephone number and topical preferences) to provide you with marketing communications in line with any preferences you have told us about.

When we send you marketing emails because you have opted-in to receive them, we rely on your consent to contact you for marketing purposes. 

If you have not opted-in and we send you marketing messages, we do this because of our legitimate interest to promote the success of the business. 

Emails we send to you for marketing purposes will also contain instructions on how to unsubscribe from receiving them. Personal text message conversations, particularly with regards to arranging services and follow ups, would be overburdened with opting out disclaimers so please let us know if your messaging preferences change. Automated marketing text messages will contain instructions on how to unsubscribe from receiving them.

You are not under any obligation to provide us with your personal data for marketing purposes. 

You can tell us that you do not want your personal information to be processed in this way at any time by contacting us at info@telos.org.uk or, where relevant, by following the unsubscribe link shown in marketing communication you receive from us.


When you subscribe

When you subscribe to Telos, we will use your personal information to process your subscription and provide you with your subscription information and benefits. The details we collect from you when you subscribe include your name, email address and may include your phone number if supplied, details of your physical address and interests.

To complete your subscription, we may share your personal information with our subcontractors who are involved in the subscription process, such as client relationship management service providers, payment providers, email marketing service providers as well as credit reference agencies who we use to assess fraud, credit and/or security risks.


When you book aN appointment

When you book an appointment, we will use your personal information to complete your booking. The details we collect from you will include your first and last name, address, email address, home phone number and/or mobile number, gender, age, health reason/aim for booking, information about your booking with us (service purchased, date of service, service description), your ability to climb stairs so we can book a room according to your needs and accessibility, other details such as medical contraindications which may be relevant to determining whether an appointment or medical referral is appropriate, and payment details.

To complete your booking, we share your personal information with our subcontractors who are involved in the booking process, such as practice clinic software, client relationship management software, calendar systems, bookkeeping software, accountants, video conferencing software if you choose online appointments, banking and payment providers, as well as credit reference agencies who we use to assess fraud, credit and/or security risks.

We need to process your personal information in this way to enter into and perform the contract for which you have engaged with us, to issue invoices, to conduct online services, to book a ground floor clinic room for you if necessary, and to send you booking confirmations, reminders and liaise with you for post-appointment follow up and payment (such as providing you with receipts). Our booking terms and conditions can be found on our terms and conditions page.  

We value your data privacy. We seek to have GDPR compliant Data Processing Agreements with our subcontractors however not all companies are able to provide individual DPAs to customers; we perform GDPR due diligence research and/or questions with subcontractors and take measures to mitigate risks and not share information with subcontractors unnecessarily.


When you attend one of our sessions

When you attend one of our sessions (such as an initial consultation), we will collect and/or confirm the following information from you: forename, surname, date of birth, gender, address, home telephone and/or mobile phone, email address, emergency contact name, emergency contact telephone number, occupation, physical activities, health concerns and goals for treatment, medical history and current health factors, prescription information, lifestyle and behavioural factors, payment details and t-shirt size. If you already subscribe to us or are an existing client, we will use the details we already hold on file for you to confirm your appointment and confirm your details are correct and up to date after an appropriate period of time.  

We need to use your personal information in this way to complete the medical screening for contraindications to the services we may provide, to provide you with the services you contract with us when you book and to provide you with sign posting and referrals if some care is best provided by another supplier and/or is outside of the scope of our business.

When our service is not contraindicated for medical reasons and the service is provided, we will collect the following information: further health case history, consents, health-related questionnaires, assessments and reassessments, care and advice provided, additional bookings and copies of correspondence.

When you participate in our appointments or classes, we may share your personal information with our subcontractors or professional associations who are involved in providing or qualifying us to provide exercise program services, managing our clinic notes and booking process, iCloud storage of notes, providing our survey questionnaire tools for managing your treatment/training program, loyalty rewards program, bookkeeping software, accountants, banking and payment providers, video conferencing software as well as credit reference agencies who we use to assess fraud, credit and/or security risks. We also may share your personal information to communicate with other medical practitioners,  healthcare providers, registered charities or other similar supportive providers for whom you have provided your consent for us to contact on your behalf.

We need to process your personal information in this way to enter into and perform the contract for which you have engaged with us and to empower you with resources, health-related collaborators and tools that are aligned with our business aim to improve your health related quality of life.

We also create a community feel in our classes and part of this is through coordinating with your fellow classmates to support one another, for example to celebrate birthdays; please note any personal sensitive information beyond birthdays will be handled with care and permission sought from you before disclosure to Kay’s other students. Birthday cards and messages are shared among those staying active in our services or who are in touch with Kay. We won’t send birthday cards if your Tse membership expires, if you do not want to receive them, if you inform us that you will no longer be attending classes/services and/or if we have not heard from you in awhile; however if you maintain a connection with us by subscribing via a social media site (Meetup or Facebook), we may send a birthday message on these platforms.


To make our site better

We may also share your aggregated, anonymous data with third party analytics and search engine providers that assist us in the improvement and optimisation of our site. 

We will also use your personal information for the purposes of making our site more secure, and to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. 

We process your data for this reason because we have a legitimate interest to provide you with the best experience we can, and to ensure that our site is kept secure.

You can prevent us from using your personal information in this way by using the 'do not track' functionality in your internet browser. If you enable do not track functionality, our site may be less tailored to your needs and preferences.


If our business is sold

We will transfer your personal information to a third party:

  • if we sell or buy any business or assets, we will provide your personal information to the seller or buyer (but only to the extent we need to, and always in accordance with data protection legislation); or

  • if Telos or the majority of its assets are acquired by somebody else, in which case the personal information held by Telos will be transferred to the buyer.

We process your personal information for this purpose because we have a legitimate interest to ensure our business can be continued by a buyer. If you object to our use of your personal information in this way, the relevant seller or buyer of our business may not be able to provide services to you.

In some circumstances we may also need to share your personal information if we are under a duty to disclose or share it to comply with a legal obligation. 

We have no plans to sell the business at the moment and have a long-term outlook for maintaining the business.


Technical information and analytics


Information we collect about you

When you visit our site we may automatically collect the following information:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, screen resolution, operating system and platform; and

  • information about your visit, including the full Uniform Resource Locators, clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.

This helps us to provide you with a good experience when you browse our site and also allows us to improve our site and services to you.


Information we receive from other sources

We may also work with third party advertising networks, analytics providers, hosting providers and search information providers from whom we may also receive general aggregated anonymous information about you.

We will combine the information you provide to us with information we collect about you. 


Cookies

Our site uses cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site and services to you. By continuing to browse the site, you are agreeing to our use of cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. We only use (and store) non-essential cookies on your computer's browser or hard drive if you provide your consent. For example, one cookie enables us to track the website you have come from before you clicked on our page and another cookie enables Google to better serve adverts to you whilst you are on our site. We do not have any control over how this cookie works, as it is placed by Google.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, which we do not have any control over. These cookies are likely to be analytical/performance cookies or targeting cookies.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of a site. 

Except for essential cookies, all cookies should expire after 2 years.


Where is my data stored?

Although we are based in the UK many of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal information will involve a transfer of data outside of the EEA.

Whenever we transfer your personal information outside of the EEA, we ensure it is protected by making sure at least one of the following safeguards is in place:

  • by transferring your personal information to a country that has been deemed to provide an adequate level of protection by the European Commission;

  • by using specific contracts approved by the European Commission which give your personal information the same protection it has

  • by using specific providers white-listed for UK government procurement (e.g. G-cloud 11)

  • where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

To keep this privacy policy as short and easy to understand as possible, we have not set out the specific circumstances when each of these protection measures are used. You can contact us at info@telos.org.uk for the details as to how we protect specific transfer of your data.

All information you provide to us is stored on our secure servers, iCloud and/or encrypted hard drives, secure servers of our third party data storage providers or fire-proof, locked filing cabinets.


For how long do we retain your data?

When you seek our healthcare service and we provide care or advice, we create a case; this may occur whether or not you are a client. We store this data for at least eight years from the date of each person’s last contact with us. Separate rules apply for the records of children; we do not currently treat children and young people. Longer retention periods (greater than 8 years) may apply based on individual medical situations. This requirement is in line with IGA health record requirements, including NHS hospital records. The aim is to provide access to recent health records should you need it and for the practitioners to have written records in the event of complaints and to ensure that we are able to assist you should you have any questions, feedback or issues in connection with your subscription or if any legal issues arise.

Where we have used your personal information to contact you for marketing communications, if you have opted-in:

  • we will contact you at least every calendar year to ensure you are happy to continue receiving electronic communications; or

If you tell us that you no longer wish to receive marketing communications from us, we promise to stop sending them to you. 

In some circumstances we may anonymise your personal data so that it can no longer be associated with you for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.


Your right to object under data protection laws

You have the right to object to us handling your personal information when:

  • we are handling your personal information based on our legitimate interests (as described in the “How do you use my data” section above). If you ask us to stop handling your personal information in this way, we will stop unless we can show you that we have compelling grounds as to why our use of your personal information should continue; or

  • for marketing purposes. If you ask us to stop handling your personal information on this basis, we will stop.


What are my rights under data protection laws?

You have various rights under the data protection laws, which you can exercise by contacting us. The easiest way to do this is by email at info@telos.org.uk.  


Right of access

You are entitled receive confirmation as to whether your personal information is being processed by us, as well as various other information relating to our use of your personal information. 

You also have the right to access your personal information which we are handling.


Right of rectification

You have the right to require us to rectify any inaccurate personal information we hold about you. You also have the right to have incomplete personal information we hold about you completed, by providing a supplementary statement to us.


Right to restriction

You can restrict our processing of your personal information where:

  •     you think we hold inaccurate personal information about you;

  • our handling of your personal information breaks the law, but you do not want us to delete it;

  • we no longer need to process your personal information, but you want us to keep it for legal reasons; or

  • where we are handling your personal information because we have a legitimate interest (as described in the “How We Use Your Data” section above), and are in the process of objecting to this use of your personal information.

Where you exercise your right to restrict us from using your personal information, we will then only process your personal information when you agree, except for storage purposes and to handle legal claims.


Right to data portability

You have the right to receive your personal information in a structured, standard machine readable format and to send this to another organisation controlling your personal information. 

This right only applies to your personal information we are handling because you consented to us using it or because there is a contract in place between us.


Right to erasure

You have the right to require us to erase your personal information which we are handling in the following circumstances:

  •     where we no longer need to use your personal information for the reasons we told you we collected it for;

  • where we needed your consent to use your personal information, you have withdrawn your consent and there is no other lawful way we can continue to use your personal information;

  • when you object to our use of your personal information and we have no compelling reason to carry on handling it;

  • if our handling of your personal information has broken the law; and

  • when we must erase your personal information to comply with a law we are subject to.


Right to complain

You have the right to lodge a complaint with the Information Commissioner's Office, the supervisory authority for data protection issues in England and Wales.


What about websites we link to?

Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates.  

Our site connects you to different websites.  If you follow a link to any of these websites or use our services, please note that you have left our site and these websites have their own privacy policies.  

We do not accept any responsibility or liability for these policies or websites.  Please check their policies before you submit any personal information to these websites.


Will you change your privacy policy?

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail or post.

Please check back frequently to see any updates or changes to our privacy policy.


How do I contact you with feedback?

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to info@telos.org.uk.  


This privacy policy was last updated on 22 May 2020.