Before you use Healir
Healir provides an online healthcare service. This means we may process personal information about your identity, contact details, account activity, orders, payments and health. Some of this information is sensitive and receives additional protection under data protection law.
Important: please replace all bracketed placeholders before publishing, including company details, support contacts, data protection contacts, pharmacy details, clinical provider details and cookie/analytics provider details.
1About this Privacy Policy
This Privacy Policy explains how Healir collects, uses, shares, stores and protects your personal information when you visit our website, create an account, complete an online consultation, order treatment, subscribe to a treatment plan, contact us, or otherwise use our services.
This policy should be read alongside our Terms and Conditions, Cookie Policy, Refund Policy and any treatment-specific information shown during your consultation or checkout.
By using Healir, you acknowledge that we will process your personal information as described in this Privacy Policy.
2Who controls your personal information
Healir is operated by:
- Legal company name: [Insert company legal name]
- Trading name: Healir
- Company number: [Insert company number]
- Registered office: [Insert registered office address]
- Email: [Insert privacy/support email]
- Website: [Insert website URL]
For some activities, Healir will be the data controller of your personal information. This means we decide why and how your personal information is used.
In some cases, independent healthcare professionals, prescribing clinicians, dispensing pharmacies, laboratory providers, identity verification providers, payment providers or delivery partners may also act as separate data controllers for the information they process. Where this applies, their own privacy notices may also apply.
Data protection contact: [Insert privacy contact or Data Protection Officer details, if applicable].
3Information we collect
The information we collect depends on how you use Healir. It may include:
Identity and contact details
- name;
- date of birth;
- email address;
- phone number;
- billing address and delivery address;
- identity verification information, where required.
Account information
- login details;
- account preferences;
- order history;
- subscription details;
- customer support messages;
- communication preferences.
Consultation and health information
- answers to online consultation questions;
- medical history;
- symptoms and treatment goals;
- current and previous medicines;
- allergies, side effects and contraindications;
- relevant lifestyle information;
- photos or documents you choose or are asked to upload;
- clinician notes, prescribing decisions and treatment suitability outcomes.
Order, payment and delivery information
- products or treatment plans selected;
- prescription, dispensing and fulfilment status;
- payment status and transaction references;
- delivery method, tracking details and delivery updates;
- refund, cancellation and support records.
Website and technical information
- IP address;
- device and browser type;
- pages viewed and interactions with our website;
- cookie identifiers and analytics information;
- approximate location derived from technical data;
- security logs, error logs and fraud prevention signals.
4Health information and special category data
Some information we collect is health information. Health information is sensitive and is treated as special category data under UK data protection law.
We only process health information where we have a lawful basis under UK GDPR and a special category condition. This may include processing that is necessary for healthcare purposes, clinical assessment, prescribing, pharmacy fulfilment, patient safety, regulatory obligations, legal claims, or where you have given explicit consent for a specific activity.
We use additional safeguards for health information, including access controls, confidentiality obligations, secure systems and limiting access to people or providers who need the information to deliver or support the service.
5How we collect information
We may collect personal information:
- directly from you when you use our website, create an account, complete a consultation, place an order, subscribe, contact us or update your details;
- from clinicians, prescribers, pharmacies or healthcare partners involved in reviewing, prescribing, dispensing or supporting your treatment;
- from payment providers, identity verification providers, fraud prevention providers and delivery partners;
- automatically through cookies, analytics tools, server logs and similar technologies when you use our website;
- from public, regulatory or compliance sources where needed for legal, safety, fraud prevention or regulatory reasons.
6How we use your information
We use your personal information to provide, manage, protect and improve Healir. This may include using your information to:
- create and manage your Healir account;
- confirm your eligibility to use our service;
- carry out identity, age, address, payment, fraud and safety checks;
- process online consultations and suitability assessments;
- support clinical review, prescribing decisions and treatment monitoring;
- send prescriptions to a dispensing pharmacy, where clinically appropriate;
- process orders, payments, subscriptions, refunds and cancellations;
- arrange dispensing, delivery, tracking and customer support;
- send service messages about your account, consultation, order, subscription or treatment plan;
- respond to questions, complaints and support requests;
- manage safety issues, side effect reports, recalls, adverse events or clinical concerns;
- meet legal, regulatory, professional, tax, accounting and record-keeping duties;
- detect, prevent and investigate fraud, misuse, security issues and unauthorised access;
- analyse and improve our website, services, user experience, safety processes and internal operations;
- send marketing communications where permitted by law and your preferences.
7Our lawful bases for using personal information
We must have a lawful basis to use your personal information. Depending on the activity, we may rely on one or more of the following lawful bases:
| Purpose | Personal data lawful basis | Special category condition, where health data is involved |
|---|---|---|
| Creating your account, processing orders, managing subscriptions and delivering services you request. | Contract, or steps taken before entering into a contract. | Healthcare purposes, where clinical assessment or treatment is involved. |
| Clinical review, prescribing, pharmacy fulfilment, patient safety and treatment support. | Contract, legitimate interests, legal obligation or vital interests depending on the context. | Healthcare purposes, public health, legal claims, vital interests, or explicit consent where appropriate. |
| Identity, age, fraud, security and misuse checks. | Legal obligation or legitimate interests. | Healthcare purposes, substantial public interest, legal claims or explicit consent where appropriate. |
| Customer support, complaints, refunds and service communications. | Contract, legitimate interests or legal obligation. | Healthcare purposes or legal claims where health data is involved. |
| Legal, regulatory, tax, accounting and professional record-keeping obligations. | Legal obligation or legitimate interests. | Healthcare purposes, legal claims, public interest or substantial public interest where applicable. |
| Analytics, service improvement and website performance. | Legitimate interests or consent, depending on the technology used. | We do not intentionally use identifiable health data for general analytics unless there is a lawful basis and appropriate safeguards. |
| Marketing communications. | Consent or legitimate interests where legally permitted. | We do not use health information for marketing unless legally permitted and appropriate consent or another valid basis applies. |
Where we rely on legitimate interests, we consider whether our interests are overridden by your rights, freedoms and interests. You may have the right to object to processing based on legitimate interests.
8Online consultations, prescribing and clinical safety
When you complete an online consultation, the information you provide may be reviewed by Healir, a clinician, a prescriber, a pharmacist or another healthcare partner involved in assessing your suitability for treatment.
We may use your information to decide whether a treatment is appropriate, request further information, issue or decline a prescription, recommend that you contact your GP, manage repeat treatment reviews, monitor safety, investigate concerns or respond to side effect reports.
You must provide accurate and complete information during consultations. Clinical decisions may be based on the information you provide, and incomplete or inaccurate information may affect the safety or suitability of treatment.
9Clinicians, pharmacies and healthcare partners
We may share relevant personal information with clinicians, prescribing providers, pharmacies and healthcare partners where necessary to provide the service.
This may include sharing consultation answers, identity details, contact details, prescription details, delivery details, clinical notes, treatment suitability outcomes, side effect reports and information needed to dispense and deliver your medicine.
These providers may have their own legal and professional duties, including duties of confidentiality, record-keeping and patient safety. They may also act as independent data controllers for the information they process.
Healthcare partner details: [Insert prescribing provider, pharmacy partner, GPhC number, superintendent pharmacist or other relevant details before publishing].
10Payments, identity checks and fraud prevention
We may use trusted third-party providers to process payments, verify identity, confirm eligibility, prevent fraud, protect accounts and reduce misuse of our service.
Payment providers may process payment card details, billing information, transaction references, payment status, refund information and fraud prevention signals. Healir does not usually store full card numbers.
Identity or fraud prevention providers may process information such as your name, date of birth, address, email address, phone number, identity documents, selfie checks, device data, IP address or fraud indicators where required.
If checks cannot be completed, or if we identify a safety, fraud, misuse or regulatory concern, we may pause, reject or cancel an order, consultation or subscription.
11Cookies and similar technologies
We may use cookies, pixels, tags, local storage, device identifiers and similar technologies on our website.
These technologies may be used to:
- make the website work properly;
- keep your account secure;
- remember preferences;
- understand how visitors use our website;
- measure website performance;
- improve our content, design and user experience;
- support advertising, retargeting, affiliate tracking or marketing measurement, where enabled.
Some cookies are strictly necessary and do not require consent. Non-essential cookies, such as analytics, advertising or retargeting cookies, should only be used where you have given consent through our cookie banner or preference centre.
Before publishing: add a separate Cookie Policy or cookie table listing the cookies and tools you actually use, such as Google Analytics, Meta Pixel, TikTok Pixel, affiliate tracking, Stripe, Webflow, customer support tools or other services.
12Marketing communications
We may send you marketing communications about Healir products, services, offers, educational content or updates where permitted by law and your communication preferences.
You can opt out of marketing emails at any time by using the unsubscribe link in our emails or by contacting us.
Even if you opt out of marketing, we may still send you important service messages about your account, consultation, order, subscription, prescription, delivery, payment, safety issue, legal notice or policy update.
We do not intend to use identifiable health information for marketing unless we have a valid lawful basis and, where required, your consent.
13Who we share information with
We may share personal information with:
- clinicians, prescribers, pharmacists, pharmacies and healthcare partners involved in your care or treatment;
- payment processors and billing providers;
- identity verification, age verification and fraud prevention providers;
- delivery companies, postal providers and fulfilment partners;
- technology providers, hosting providers, analytics providers and website service providers;
- customer support, communications and email service providers;
- professional advisers, including lawyers, accountants, auditors, insurers and consultants;
- regulators, public authorities, law enforcement or courts where required or permitted by law;
- another organisation if we restructure, merge, sell, transfer or reorganise part of our business.
We only share information where necessary and appropriate for the relevant purpose, and we expect service providers to protect personal information and use it only as instructed or permitted.
14International transfers
Some of our service providers may process personal information outside the United Kingdom.
Where personal information is transferred internationally, we will take steps designed to protect it in line with applicable data protection law. This may include using adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or another lawful transfer mechanism.
You can contact us for more information about international transfers relevant to your personal information.
15How long we keep your information
We keep personal information only for as long as needed for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law, regulation, professional guidance, tax rules, accounting rules, clinical safety requirements, dispute resolution, fraud prevention or legal claims.
Retention periods may differ depending on the type of information and why we hold it. For example:
- account information may be kept while your account is active and for a reasonable period afterwards;
- order, payment and invoice records may be kept for tax, accounting and legal reasons;
- consultation, prescription, pharmacy and clinical records may need to be kept for healthcare, regulatory, professional, patient safety and legal reasons;
- customer support and complaint records may be kept to resolve issues and evidence how we responded;
- marketing preference records may be kept so we know not to contact you where you have opted out;
- technical logs may be kept for security, fraud prevention and troubleshooting for a shorter period unless needed for investigation.
Before publishing: set your exact retention schedule with your solicitor, pharmacy partner and clinical provider. Healthcare records may need to be retained for specific professional and regulatory periods.
16How we protect your information
We use technical and organisational measures designed to protect personal information against unauthorised access, loss, misuse, alteration or disclosure.
These measures may include access controls, authentication, encryption where appropriate, secure hosting, confidentiality obligations, staff training, audit logs, supplier due diligence and procedures for responding to incidents.
No website, app, database or transmission method is completely secure. You are responsible for keeping your account login details safe and telling us immediately if you believe your account has been accessed without permission.
17Your data protection rights
Depending on the circumstances, you may have the right to:
- ask for access to your personal information;
- ask us to correct inaccurate or incomplete information;
- ask us to delete personal information in certain circumstances;
- ask us to restrict how we use your information;
- object to certain uses of your information;
- ask for a copy of certain information in a portable format;
- withdraw consent where we rely on consent;
- complain to the Information Commissioner’s Office.
These rights are not absolute. For example, we may need to keep certain clinical, prescription, payment, tax, legal, fraud prevention or safety records even if you ask us to delete them.
To exercise your rights, contact us using the details at the end of this policy. We may need to verify your identity before responding.
18Consent, preferences and opt-outs
Where we rely on consent, you can withdraw that consent at any time. Withdrawing consent will not affect processing that happened before consent was withdrawn.
You can manage marketing preferences by using unsubscribe links in emails or contacting us. You can manage non-essential cookies through our cookie banner or cookie preference centre, where available.
Some processing is necessary to provide the service, comply with legal or regulatory obligations, maintain clinical records, process payments, prevent fraud, or protect patient safety. If you ask us to stop processing information that is necessary for the service, we may not be able to continue providing that service to you.
19Automated decision-making and profiling
We may use technology to support parts of our service, such as routing consultations, flagging incomplete answers, checking eligibility, detecting fraud, identifying safety risks, managing subscriptions, or improving website experience.
We do not intend to make solely automated decisions that produce legal or similarly significant effects on you without appropriate human involvement, unless permitted by law and with appropriate safeguards.
Clinical decisions about whether a prescription treatment is suitable should involve appropriate clinical review.
20Children
Healir is intended for adults aged 18 and over.
We do not knowingly provide consultations, prescriptions or treatment plans to children. If we become aware that a child has created an account or provided personal information, we may delete the account and associated information unless we need to keep certain information for legal, safety, fraud prevention or regulatory reasons.
21Complaints
If you have a concern about how we use your personal information, please contact us first so we can try to resolve it.
- Email: [Insert privacy/support email]
- Address: [Insert company address]
You also have the right to complain to the Information Commissioner’s Office, the UK data protection regulator.
ICO details to add: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Website: ico.org.uk.
22Changes to this Privacy Policy
We may update this Privacy Policy from time to time.
The latest version will be posted on our website with the “Last updated” date. If we make significant changes, we may notify you by email, account message, website notice or another appropriate method.
You should check this Privacy Policy regularly so you understand how we use your personal information.
Contact us
You can contact Healir about this Privacy Policy or your personal information using the details below.
Privacy email
[Insert privacy/support email]
Website
[Insert website URL]
Company
[Insert company legal name]
Address
[Insert company address]
Data protection contact
[Insert DPO/privacy lead if applicable]
Complaints
[Insert complaints email]
Before publishing: ask your solicitor, prescribing provider and pharmacy partner to review this page. You should also add your actual processors, cookie tools, healthcare partners, retention schedule and data controller arrangements.