1. Introduction

Ear Rescue (‘we’, ‘us’, ‘our’) is committed to protecting and respecting your privacy. This privacy policy explains how we collect, use, store, and share your personal information when you use our website at earrescue.uk, contact us, or receive our services.

Please read this policy carefully. By using our website or services, you acknowledge that you have read and understood how we handle your personal data. If you do not agree with this policy, please do not use our website or services.

We may update this policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

2. Who We Are

Ear Rescue is a specialist ear care clinic providing professional ear wax removal, ear health checks, endoscopic ear examination, and related services. We are based in Boston, Lincolnshire and serve patients across the local area, including via home visits.

Data Controller

The data controller responsible for your personal information is:

Business name: Ear Rescue

Proprietor: Jo England, Registered Nurse

Address: Boston, Lincolnshire

Phone: 07943 716490

Email: info@earrescue.uk

Website: earrescue.uk

If you have any questions about this privacy policy or how we handle your personal data, please contact us using the details above.

3. What Personal Data We Collect

We collect different types of personal data depending on how you interact with us. This includes both data you provide directly and data we collect automatically.

3.1 Data you provide to us

Contact and enquiry data

When you contact us through our website, by phone, or by email, we may collect:

• Your full name
• Your telephone number
• Your email address
• Your postal address (for home visit appointments)
• The content of your message or enquiry

Appointment and booking data

When you book an appointment with us, we collect:

• Your full name and contact details
• Your preferred appointment date, time and location
• Details of the service you are booking

Health and clinical data (special category data)

As a healthcare provider, we collect and process health information as part of providing clinical services. This is classified as ‘special category data’ under UK GDPR and receives the highest level of protection. We collect:

• Details of your symptoms and the reason for your appointment
• Your relevant medical history, including previous ear conditions, surgeries, grommets, or perforated eardrums
• Information about any hearing aids or other devices you use
• Clinical findings from your assessment and examination, including findings from endoscopic ear examination
• Details of the treatment provided and any advice given
• Any clinical notes, images, or records made during or following your appointment
• Information about medications or allergies relevant to your care

3.2 Data we collect automatically

When you visit our website, we automatically collect certain technical information, including:

• Your IP address
• Browser type and version
• Operating system
• Pages visited on our website and time spent on each page
• The website that referred you to ours (referral source)
• Date and time of your visit

This information is collected through cookies and similar tracking technologies. Please see Section 10 (Cookies) for more information.

3.3 Data from third parties

We may receive information about you from third parties in limited circumstances, for example if a family member or carer contacts us on your behalf to arrange a home visit or care home appointment. In such cases, we will handle that information in accordance with this policy.

4. How We Use Your Personal Data

We use your personal data only for the purposes set out in this policy. We will never use your data in ways that are incompatible with these purposes without first obtaining your consent.

4.1 To provide our services

We use your personal and health data to:

• Respond to your enquiries and answer your questions
• Book and manage your appointments
• Carry out clinical assessments and provide ear care treatment
• Make and maintain clinical records of your care
• Provide advice and aftercare guidance following treatment
• Contact you about your appointments, including reminders and follow-up
• Carry out home visit and care home appointments safely

4.2 To operate and improve our business

We use non-clinical personal data to:

• Respond to feedback, complaints, and compliments
• Improve our website and services
• Maintain the security and operation of our systems
• Comply with legal and regulatory obligations
• Keep financial and administrative records

4.3 Marketing communications

We will only send you marketing communications — such as newsletters, health advice emails, or promotional offers — if you have explicitly consented to receive them. You can withdraw this consent at any time by contacting us at info@earrescue.uk or clicking the unsubscribe link in any marketing email.

We do not sell your data to third parties for marketing purposes.

5. Our Legal Basis for Processing Your Data

Under UK GDPR, we are required to have a lawful basis for processing your personal data. The legal basis we rely on depends on the type of data and the purpose for which it is used.

5.1 General personal data

Contract performance: Processing your contact details and appointment information is necessary to fulfil our contract with you (or to take steps at your request before entering into a contract).

Legitimate interests: We process certain data on the basis of our legitimate interests as a business — for example, to improve our services, maintain the security of our systems, and respond to enquiries. We always balance these interests against your rights and will not process data in ways that are disproportionate or harmful to you.

Consent: Where we rely on your consent — for example, for marketing communications — you may withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

Legal obligation: We may be required to process certain data to comply with legal obligations, for example in relation to tax records or in response to a lawful request from a public authority.

5.2 Special category data (health information)

Health information is special category data and requires an additional legal basis under UK GDPR. We rely on the following:

Article 9(2)(h) — Healthcare provision: Processing is necessary for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems.

Explicit consent: Where required, we will seek your explicit consent before processing health data. You will always be informed of what data we collect and why.

As a registered nurse and healthcare provider, Jo England is subject to professional duties of confidentiality that exist alongside and reinforce these legal requirements. Your health information will never be shared without your consent except where permitted or required by law.

6. Who We Share Your Data With

We treat your personal data with discretion and do not share it with third parties except in the following limited circumstances.

6.1 Service providers

We may share your data with trusted third-party service providers who help us operate our business and website. These may include:

• Our website hosting provider
• Our booking and appointment management system provider
• Our email service provider
• Payment processing providers (for billing purposes — we do not store payment card details ourselves)
• IT support providers

All third-party service providers are required to handle your data in accordance with UK GDPR, and we enter into appropriate data processing agreements with them. They are only permitted to use your data for the specific purpose for which it was shared.

6.2 Healthcare and referral

With your knowledge and consent, we may share relevant clinical information with your GP or another healthcare provider where this is in your clinical interest — for example, if our assessment identifies something that requires further investigation or referral.

We will always tell you if we believe you need to seek further medical advice and, where appropriate, we will help you understand how to do so.

6.3 Legal and regulatory requirements

We may disclose your personal data to law enforcement agencies, regulatory bodies, or other authorities if we are required to do so by law, court order, or other legal process. We may also disclose data where necessary to protect the vital interests of a patient or third party.

6.4 What we do not do

We do not:

• Sell your personal data to any third party
• Share your health data with insurers, employers, or commercial organisations without your explicit consent
• Transfer your data outside the UK without ensuring appropriate safeguards are in place
• Use your data for automated decision-making that has a significant legal or similar effect on you

7. How Long We Keep Your Data

We retain your personal data only for as long as is necessary for the purposes for which it was collected, taking into account legal and professional obligations.

Clinical records

Clinical records are retained for a minimum of eight years from the date of last treatment, in line with standard NHS records management guidance for private healthcare providers. For children, records are retained until the patient’s 25th birthday, or for eight years after the last treatment if that is longer.

Contact and enquiry data

If you contact us with an enquiry but do not proceed to book an appointment, we will retain your contact data for up to 12 months in case you wish to follow up, after which it will be securely deleted.

Appointment data

Booking and appointment records are retained for the same period as clinical records where health information is associated with the booking. Administrative booking data with no associated health information is retained for three years.

Marketing consents

Records of your marketing consent are retained for as long as you remain on our marketing list, plus a further three years after you unsubscribe, as evidence of the consent you gave.

Financial records

Financial and accounting records, including invoices and payment records, are retained for seven years in line with HMRC requirements.

Website analytics data

Anonymised website analytics data may be retained for up to 26 months, as per standard analytics platform settings.

8. Your Rights Under UK GDPR

Under UK GDPR, you have a number of rights in relation to your personal data. We are committed to upholding these rights and will respond to any request within one calendar month (or three months for complex requests, with notification to you).

8.1 Summary of your rights

Right to be informed

You have the right to be informed about how we collect and use your personal data. This privacy policy fulfils that obligation.

Right of access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will provide a copy of your data free of charge within one month of receiving your request.

Right to rectification

If you believe that any information we hold about you is inaccurate or incomplete, you have the right to ask us to correct it. Please contact us as soon as possible if you believe your records are incorrect.

Right to erasure (‘right to be forgotten’)

In certain circumstances, you have the right to ask us to delete your personal data. This right is not absolute — where we are required to retain data for clinical, legal, or regulatory reasons, we may be unable to fulfil this request in full. We will always explain our reasoning if we are unable to delete data.

Right to restrict processing

You have the right to ask us to restrict the processing of your data in certain circumstances — for example, while you contest its accuracy or while a complaint is being investigated.

Right to data portability

Where we process your data by automated means on the basis of your consent or a contract, you have the right to receive that data in a structured, commonly used, machine-readable format.

Right to object

You have the right to object to processing carried out on the basis of our legitimate interests. We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests. You have an absolute right to object to processing for direct marketing purposes.

Rights related to automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects. If this changes, we will update this policy and provide you with appropriate rights and information.

8.2 How to exercise your rights

To exercise any of your rights, please contact us:

By email: info@earrescue.uk

By phone: 07943 716490

By post: Ear Rescue, Boston, Lincolnshire

We may need to verify your identity before processing your request. We will not charge a fee for reasonable requests but reserve the right to charge a reasonable fee for requests that are manifestly unfounded or excessive.

8.3 Right to complain

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection.

ICO website: ico.org.uk

ICO helpline: 0303 123 1113

We would, however, appreciate the opportunity to address your concerns directly before you contact the ICO. Please get in touch with us first and we will do our best to resolve any issues promptly.

9. How We Keep Your Data Secure

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, disclosure, alteration, or destruction.

Our security measures include:

• Password protection and access controls on all systems holding personal data
• Use of encrypted communication channels where appropriate
• Secure storage of physical clinical records with restricted access
• Regular review of our data security practices
• Ensuring that any third-party service providers we use meet appropriate security standards

Despite these measures, no method of data transmission or storage is completely secure. If you have reason to believe that your data has been compromised, please contact us immediately at info@earrescue.uk.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, and we will notify you directly if the breach is likely to result in a high risk to you.

10. Cookies

Our website uses cookies and similar technologies to improve your browsing experience, analyse website traffic, and understand how visitors use our site.

10.1 What are cookies?

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website owners.

10.2 The cookies we use

Strictly necessary cookies

These cookies are essential for the website to function correctly. They enable core features such as security, session management, and accessibility. These cookies cannot be disabled.

Analytics cookies

We use analytics tools — such as Google Analytics — to understand how visitors use our website. These cookies collect information about pages visited, time spent on the site, and how visitors arrived at the site. This information is aggregated and anonymised; it does not identify individual visitors. Analytics cookies are only set with your consent.

Functional cookies

These cookies allow the website to remember preferences you have set (such as your cookie consent choice) to provide a more personalised experience.

Third-party cookies

Some pages on our website may include content or tools from third parties — such as embedded maps, booking widgets, or social media buttons — which may set their own cookies. We do not control these cookies. Please refer to the relevant third party’s privacy policy for more information.

10.3 Managing cookies

When you first visit our website, you will be presented with a cookie consent banner. You can choose to accept or decline non-essential cookies at that point. You can also change your cookie preferences at any time by clearing your browser cookies and revisiting the site.

You can also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For more information about managing cookies, visit allaboutcookies.org.

11. Links to Third-Party Websites

Our website may contain links to third-party websites, including social media platforms such as Facebook and Instagram. These links are provided for your convenience. We do not control these websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of any website you visit via a link from our site.

12. Children’s Privacy

We provide ear care services for children, and parental or guardian consent is obtained before treating any patient under the age of 16. For patients aged 16 and over, we treat them as we would an adult patient for the purposes of consent and data rights.

For children under 16, parents or guardians may exercise data rights on their behalf. As children grow and reach adulthood, they may take over the exercise of their own data rights.

Our website is not directed at children, and we do not knowingly collect personal data from children through the website without parental consent.

13. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will update the ‘last updated’ date at the top of this page.

If we make significant changes that materially affect how we handle your personal data, we will take reasonable steps to notify you — for example by email if we hold your contact details, or by posting a notice on our website.

We encourage you to review this policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have any questions, concerns, or requests relating to this privacy policy or the way we handle your personal data, please do not hesitate to contact us:

Ear Rescue

Jo England, Registered Nurse

Boston, Lincolnshire

Phone: 07943 716490

Email: info@earrescue.uk

Website: earrescue.uk

We aim to respond to all privacy-related enquiries within five working days.