01223 657444
01223 657444
Call back
E-mail
hello@oxydise.co.uk
Address
Rosalind Franklin House, Fordham Rd, Newmarket CB8 7XN
Working hours
MO - FR
09:00-18:00
SA - SU
10:00-17:00
Book now
Home
Privacy policy

Privacy Policy

Last Updated: April 5, 2025

Introduction:

Oxydise Wellness Lab (“we,” “us,” “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website (oxydisewellness.co.uk) or engage our wellness services (such as consultations, IV drips, cryotherapy, hyperbaric oxygen therapy, red light therapy, and sensory deprivation sessions). It also outlines your rights under the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws, and how you can exercise those rights.

We understand that some of the information you provide to us is highly sensitive – especially health-related information. We want you to know that we handle all personal data, and particularly this special category data, with the utmost care and confidentiality, in line with our professional obligations and legal requirements. By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you have any questions about how we handle your information, please contact us using the details provided at the end of this Policy.

Data Controller: For the purposes of data protection law, Oxydise Wellness Lab (located in Cambridge, United Kingdom) is the “data controller” of your personal information. This means we determine the purposes and means of processing your personal data. If we ever act as a data processor on behalf of another entity, we will inform you and ensure compliance with relevant laws. We are registered in England, and if applicable, we are registered with the Information Commissioner’s Office (ICO) as a data controller.

What Information We Collect

We may collect and process the following categories of personal data about you:

  • Identity and Contact Information: This includes data such as your name, date of birth, postal address, email address, phone number, and emergency contact details. We collect this information when you fill out forms on our site (such as a contact or booking form), when you register or book an appointment with us (whether online, by phone, or in person), or when you otherwise communicate with us.
  • Health and Medical Information: As a wellness service provider, we collect health-related information to ensure our treatments are safe and suitable for you. This may include your medical history, details of any medical conditions or diagnoses, medications you are taking, allergies, injuries, surgeries or procedures you’ve had, and other health data that you or your healthcare providers supply to us. We might also record notes from consultations (e.g., symptoms you describe, lifestyle factors, or goals you have). If you undergo treatments with us, we document the treatments given and any observed outcomes or side effects. This category of data is considered “special category” personal data under the GDPR, which means it is subject to higher protection.
  • Service Usage Information: When you visit our website, we automatically collect certain technical information, such as your IP address, browser type and version, device type, operating system, and browsing actions on our site (e.g., pages viewed, time spent, navigation paths). We collect this through cookies and similar tracking technologies. (See the “Cookies and Website Data” section below for more details.) While this information does not directly identify you by name, it may be linked to your identity if you submit forms or if it’s associated with your user profile in our systems.
  • Appointment and Transaction Information: Details of appointments you have booked or attended, such as the date, time, and type of service, as well as any payments or deposits made (amount, date of payment, method). If you purchase a package or gift card, we record the purchase and usage. We do not collect or store full payment card details on our servers; if electronic payments are made, they are handled via our payment processor, though we may retain transaction references.
  • Communication Records: Copies of correspondence with you may be kept, whether via email, text/SMS, contact forms on the website, or notes of phone conversations. This helps us keep track of inquiries, bookings, complaints, or any support you need.
  • Photographs or Media (with consent): In some cases, and only with your explicit consent, we might take photographs (for example, before-and-after images related to a series of treatments, or images for testimonial purposes). We will explain the purpose and get your permission for any photography or recordings. You can refuse or withdraw consent for this without affecting your treatment. Any such media are treated as personal data and protected accordingly.
  • User Accounts (if applicable in future): If our website introduces user accounts, we would collect information needed for that, such as username, password (stored in encrypted form), and any profile information you provide within your account. We would also log activities related to your account (e.g., last login, appointment history).

We aim to collect only the minimum amount of personal data necessary for the purposes explained in this Policy. You have the option not to provide certain information, but please be aware that this may limit our ability to offer you some services. For instance, if you choose not to disclose pertinent health information, we may not be able to safely go forward with a treatment.

How We Use Your Information

Oxydise Wellness Lab uses your personal data for specific purposes, and we always ensure we have a valid legal reason to do so. This section explains what we do with the information and why.

Providing and Managing Services:

  • We use your Identity and Contact Information to schedule and manage your appointments, send you confirmations or reminders, and identify you when you visit our clinic.
  • We use your Health and Medical Information to tailor our services to your needs, to assess your suitability for particular treatments, and to ensure your safety. For example, our practitioners review your medical history and current health status before recommending or administering a therapy.
  • During and after treatments, we record relevant health data (such as your feedback or any reactions) as part of providing ongoing care and maintaining proper treatment records.
  • We may also use your information to provide follow-up support or advice, such as post-treatment care instructions or answering questions about your reaction to a service.

Communication and Customer Support:

  • We use your contact details to communicate with you regarding your appointments and our services. This can include sending service-related announcements (e.g., changes to our hours or protocols), responding to your inquiries, and handling any requests or complaints you have.
  • If you contact us via email, contact form, or phone, we will use the information you give us (which might include health details) to address your questions or issues. For example, if you email us about whether a certain therapy is suitable given a health condition, our response will involve processing the information you provided about that condition.

Marketing and Service Updates:

  • With your consent (or where otherwise permitted by law under “legitimate interests”), we may use your email address or phone number to send you marketing communications. These might include newsletters, promotions, new service announcements, or wellness tips. We will give you a clear option to opt-in to such communications, and you can opt out at any time. For instance, if you provided your email when booking, we might ask if you want to join our mailing list; you will only be added if you agree.
  • Even if you opt out of marketing messages, we may still send you non-promotional messages related to your use of our services (such as appointment reminders or important notices about your treatment or this Privacy Policy).

Website Functionality and Analytics:

  • We use Service Usage Information (like cookies and logs) to operate and improve our website. This data helps us understand how users navigate our site, which pages or services draw interest, and if any parts of the site are not working properly. For example, we might analyze what percentage of visitors look at the “Cryotherapy” page versus the “HBOT” page, or if users drop off at a certain step in the booking form.
  • Some cookies are essential for the site to function (for example, if we implement a booking widget, it might use cookies to remember your selections as you move through the steps). Other cookies (with your consent where required) might be used for analytics (like Google Analytics) to collect information about website usage. We use aggregated analytical data to make our website more user-friendly and to optimize our content.
  • We do not currently use invasive tracking or targeted advertising cookies on our site. We also do not profile individual site visitors for advertising purposes. If this changes, we will update our cookie notice and obtain any necessary consents.

Compliance and Legal Obligations:

  • We may use and retain your personal data as necessary to comply with our legal obligations. For example, as a provider of health-related services, we may be required by law to keep certain records of treatments for a minimum period. We also have obligations to ensure health and safety, and to cooperate with regulatory bodies like the Care Quality Commission (CQC).
  • If you exercise your data protection rights (for example, making a subject access request or a request to delete data), we will use your information to address those requests and to keep records of our compliance.
  • We maintain records of transactions (payments received, etc.) for accounting and tax purposes as required by law.
  • In the unlikely event of a legal dispute or if we need to enforce our Terms and Conditions, we might use relevant data as evidence (for instance, records of what consent you gave, or communications we had).

Legitimate Business Interests:

  • We may process some of your information for our legitimate interests, so long as those interests are not overridden by your rights and interests. These legitimate interests can include: ensuring our services are delivered efficiently, improving the quality of our services, training our staff (we might review case notes to discuss best practices internally, without identifying clients in training materials unless necessary), and ensuring the security of our systems (for example, we might monitor network traffic to detect malicious access attempts).
  • If we use your data for a purpose based on legitimate interests, we will have conducted a balancing test to ensure this use is fair and not unduly intrusive. You have the right to object to processing that is based on our legitimate interests (see “Your Rights” below).

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for a related compatible purpose and that reason is lawful. If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so, or seek your consent if required.

Lawful Bases for Processing

Under the UK GDPR and Data Protection Act 2018, we must have a valid lawful basis for each use of your personal data. This section outlines the lawful bases we rely on for different processing activities. (Some types of data may fall under multiple bases, depending on context.)

  • Performance of a Contract (Article 6(1)(b) UK GDPR): When you book and use our services, a contract (even if not formally written) is formed between you and Oxydise Wellness Lab for those services. We process your personal data to fulfill our obligations under that contract – for example, using your information to actually provide the therapy or consultation you’ve requested. This covers basics like taking your booking and payment, as well as delivering the service and any related customer support. Without this data, we wouldn’t be able to perform the services you expect.
  • Consent (Article 6(1)(a) and Article 9(2)(a) UK GDPR): We will ask for your consent in certain situations: for example, to send you marketing emails or SMS messages, to take and use your photograph for a testimonial, or to collect any health information via our website forms. Also, health-related data is classified as special category data, which often requires explicit consent for processing. When you fill out our health questionnaire or sign a consent form for treatment, we obtain your explicit consent to process your health data for the purposes of providing you with safe care. You have the right to withdraw consent at any time (for future processing), by contacting us – though note that if you withdraw consent for us to use your health data, we may have to cancel future services if we cannot ensure safety without that information. (Also, withdrawing consent will not affect the lawfulness of processing we already carried out while we had your permission.)
  • Legal Obligation (Article 6(1)(c) UK GDPR): Some processing is necessary for us to comply with our legal obligations. This includes things like retaining financial transaction records for tax regulations, providing information to regulatory authorities like the CQC or health professional regulators if they lawfully request it, or keeping health and safety records. For special category (health) data, UK law may obligate us to retain certain medical records for a defined period; in such cases, the lawful basis under Article 9 might be that the processing is necessary for reasons of substantial public interest on the basis of UK law, or for establishing, exercising, or defending legal claims, etc., as relevant.
  • Vital Interests (Article 6(1)(d)) (unlikely but possible): In a rare emergency situation where vital interests are at stake – for example, if you have a medical emergency during a session and are unable to consent – we might share information with emergency medical personnel. This is to protect your life or health. Article 9(2)(c) also allows use of health data in life-or-death emergencies where you cannot consent.
  • Legitimate Interests (Article 6(1)(f) UK GDPR): We process certain data as necessary for our legitimate interests, which include running and improving our business, communicating with clients, and ensuring satisfaction and safety. For instance, sending a follow-up email to check on your well-being after a treatment could be considered our legitimate interest in customer care. Using CCTV at the premises (if we do so for security) would also be a legitimate interest in protecting our property and safety – signs would be posted if CCTV is in operation. When we rely on legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative) and your rights. We do not use your data for activities where our interests are overridden by the impact on you, for example, we won’t use health details for any purpose unrelated to your care or our internal service improvement.
  • Provision of Health or Social Care (Article 9(2)(h) GDPR & Schedule 1 of DPA 2018): This is a crucial condition that applies specifically to special category data like health information. Because Oxydise Wellness Lab provides wellness treatments that can be considered part of healthcare or preventative care, and these services are carried out by or under the supervision of professionals who have a duty of confidentiality (e.g., a registered nurse, doctor, or therapist), we are permitted to process health data as necessary for the provision of health care or treatment. In UK law, this is often the primary basis used by clinics and healthcare providers instead of consent, since it allows them to maintain records and continue care even if, say, a patient forgets to explicitly consent each time. We ensure any staff handling your health data are either healthcare professionals or are bound by equivalent confidentiality obligations.

To summarize: we will always ensure we have a lawful basis for using your data. Often it will be because you asked us to do something (provide a service) or gave consent. In other cases, the law requires or allows it because of healthcare purposes or other obligations. If you have questions about the specific legal basis for a particular piece of data or situation, please ask us and we’ll explain our rationale.

How We Share Your Information

We treat your personal data with care and do not sell it to third parties. However, in order to run our operations and provide services, we sometimes need to share information with others. This section outlines who we might share data with and why. Whenever we share data, we do so in line with confidentiality and data protection laws, and only to the extent necessary.

  • Clinic Staff and Practitioners: Within Oxydise Wellness Lab, your information is shared only with personnel who need to know it to perform their jobs. For example, the practitioner (nurse/doctor/therapist) who conducts your consultation will see your medical history, the technician operating the HBOT chamber will know relevant health details (like if you have sinus issues that day), and our administrative staff will have access to your contact and appointment details to manage scheduling. All staff members are trained in confidentiality and are bound by either professional ethics or contractual confidentiality clauses.
  • Service Providers (Processors): We use trusted third-party companies to help us run our business. These include:
    - Appointment Scheduling/CRM Software: If we use an electronic booking system or customer database (for example, a secure clinic management software or cloud-based scheduling app), your data will be stored on that platform. We choose providers that comply with GDPR, and we have agreements in place to ensure they only use your data on our instructions.
    - IT and Cloud Services: This includes web hosting providers, email service providers, cloud storage or backup services, and IT support. For instance, our website host will inevitably process any data that you input on the website as it goes through their servers. We ensure that these providers implement strong security.
    - Payment Processors: If you make a card payment via a card machine in clinic or an online payment link, the payment is processed by a third-party payment gateway (e.g., a bank or payment processor). They handle your card details directly. We receive from them a confirmation of payment and possibly limited details like the last four digits of your card or the transaction ID, but not your full card number or security code. Payment processors are regulated entities and have their own privacy and security standards.
    - Email and Marketing Platforms: If you subscribe to our newsletter or opt in to marketing, your name and email may be stored in a secure email marketing service (for example, MailChimp or similar), which we use to design and send our communications. Such platforms also are bound by GDPR terms to not misuse your data.
  • Healthcare Providers and External Specialists: With your consent or at your request, we might share information with your GP or another healthcare provider. For example, if you inform us that you would like your GP to be updated about the IV therapy you received, we can send them a brief report (with your permission). In an emergency or if we believe it’s in your vital interest, we might also share relevant information with emergency medical services (e.g., if paramedics are called, we’d tell them what treatment you were undergoing and any known medical history). We may also, at your request, refer you to or consult with external specialists or laboratories (for example, if we partner with a lab for blood tests or if we suggest consulting a physiotherapist for an issue). In doing so, with your permission, we’d share the necessary data with them to facilitate care.
  • Regulatory and Legal Requirements: We may disclose personal data when required to do so by law or when that disclosure is necessary to comply with a legal process. For example:
    - The Care Quality Commission (CQC) has the right to access certain information in the course of their regulatory inspections or investigations. They might review client records to ensure we are delivering care properly. Such reviews are done under strict legal safeguards, and the CQC and its officers are bound to confidentiality.
    - If a court of law, regulatory body, or law enforcement agency lawfully requires us to provide information (through a court order or similar mandate), we will comply to the extent we are required to. This could include providing records as evidence in a legal case.
    - If necessary to enforce our Terms and Conditions or to establish or defend legal claims, we might share data with our legal advisors or courts.
  • Business Transfers: If in the future Oxydise Wellness Lab is involved in a merger, acquisition, asset sale, or other business transition, personal data might be transferred to the successor or new owner as part of that deal. If that situation arises, we will ensure that the new entity continues to honor your privacy rights in line with this Policy, or we will provide you with notice and an opportunity to exercise your rights (for example, to have your data deleted if you wish) before the transfer occurs.
  • Others with Your Consent: Apart from the scenarios above, we will only share your personal data with third parties if you have given us explicit consent to do so. For instance, if you want us to share your testimonial on our website or social media, including perhaps your first name or photo, we will ask for your consent. You can always revoke such consent later, and we will cease further sharing as feasible (though we cannot undo what’s already been published, but we can stop further use and take down where possible).

Whenever we share data with any third party, we adhere to the principle of data minimization – only the information that is necessary for the specific purpose will be shared, not more. We also ensure that any third parties that receive personal data from us are obligated to keep it secure and confidential (through contracts or legal duty).

Importantly, we do not sell or rent your personal information to any third-party for their own marketing use. We also do not share your health information with any third-party for purposes other than your care, compliance with the law, or as directed by you.

Data Security

We take the security of your personal data seriously. Oxydise Wellness Lab has implemented a variety of technical and organizational measures to protect your information from unauthorized access, alteration, disclosure, or destruction. While no system can be 100% secure, we follow industry best practices and continually update our security protocols. Here are some of the measures in place:

  • Access Control: Internally, we restrict access to personal data. Only staff members who need information to perform a specific job (for example, the practitioner providing your treatment, or administrative staff handling scheduling) are granted access to personally identifiable information. All staff are trained on the importance of confidentiality and data protection.
  • Physical Security: Our physical premises and records are kept secure. Paper records (if any, such as signed consent forms or notes) are stored in locked cabinets in areas with controlled access. Our clinic has appropriate security measures for entry. If we use any portable devices (like a laptop or tablet for intake forms), they are kept under supervision or in locked storage when not in use.
  • Electronic Security: We use secure computer systems with measures such as firewalls, antivirus/anti-malware software, and encryption where appropriate. For instance, our booking and patient management software (if cloud-based) is accessed via secure, encrypted connections (HTTPS). Any personal data transmitted between the website and our server is encrypted in transit using SSL/TLS. We keep software and plugins updated to protect against vulnerabilities.
  • Password Protection: Any systems or devices containing personal data are password-protected, and where possible, use multi-factor authentication. Staff are required to use strong passwords and to change them periodically. We do not share account credentials among staff beyond what’s necessary. If you create an account on our website in the future, your password will be stored in a hashed form (meaning we do not know it, and it’s protected from exposure in plain text).
  • Encryption & Pseudonymization: For sensitive data, we use encryption both in transit and at rest when feasible. For example, if we digitally store health records, the database is encrypted. We may also pseudonymize data for internal analysis, meaning we remove direct identifiers so that the information cannot easily be tied to a specific individual without a reference key.
  • Regular Backups: We keep backups of critical data to prevent accidental loss or damage. These backups are also stored securely. In the event of a data loss incident, we have procedures to restore information from backups, ensuring continuity of care and service.
  • Monitoring and Testing: We monitor our systems for potential security breaches and have an incident response plan. We also periodically review our security measures and may engage external experts to test our defenses (penetration testing or vulnerability assessments) to proactively identify and fix weaknesses.
  • Third-Party Security: When using third-party service providers (like cloud services, payment processors, etc.), we choose reputable firms that have robust security practices. We review their security measures (through their documentation and certifications) and ensure our contracts with them require the protection of your data. For example, many of our providers will have ISO 27001 certification or similar, or comply with frameworks like PCI-DSS for payment data.

Despite all these precautions, it’s important to note that no method of transmission over the Internet or method of electronic storage is completely secure. However, we work hard to protect your information and have not only preventative measures but also detection and mitigation procedures in place. In the unfortunate event of a data breach that is likely to result in a risk to your rights and freedoms (such as privacy or confidentiality), we will follow legal requirements which may include notifying you and the ICO (Information Commissioner’s Office) without undue delay. We encourage you also to play a role in keeping your data secure: for example, if you use a personal account with us in the future, keep your password confidential and be cautious about what information you send to us via email (we can provide secure channels for sensitive info if needed).

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements. The exact length of time we keep information can vary depending on the type of data and the context of its provision. Here are some general guidelines we follow:

  • Health and Treatment Records: Given the nature of our services, we are likely required by healthcare regulations and professional guidelines to keep treatment records for a certain minimum period. In the UK, standard practice for private healthcare providers is to retain adult medical records for at least 8 years from the date of the last entry. For minors, records are often kept until the patient’s 25th birthday or 8 years after the last treatment (whichever is later). We will adhere to such guidelines to ensure continuity of care and to comply with any CQC or legal expectations. This means if you receive a service from us, the record of that service and relevant health information may be kept for up to several years, even if you stop being an active client. We keep these records secure and restrict access, and we will dispose of them securely once the retention period is over.
  • Contact Information and Communications: If you have inquired about our services but not actually become a client, we may keep your contact details and inquiry correspondence for a shorter period (e.g., 1-2 years) in case you decide to proceed or have follow-up questions. If you ask us to delete this information sooner, we will do so, provided we have no other legal obligation to retain it. For clients, your contact information is part of your record and will be kept as long as the health record is kept (since we would need it to contact you regarding past treatments if necessary).
  • Financial Records: We retain records of payments, invoices, and related transaction details for at least the period required by tax law (typically 6 years in the UK, as per HMRC requirements) plus the current year. These records may include your name, contact, the service provided, and payment amount, but not sensitive health details beyond maybe a general descriptor of service (e.g., “wellness consultation” or “IV therapy session”).
  • Marketing Preferences: If you have opted in to receive marketing communications, we will keep the necessary details to continue providing that (like your email address) until you opt out or until we determine that our communications are inactive (for instance, if emails bounce or there is prolonged non-engagement, we may remove your details). If you opt out, we may still retain a record of your opt-out request to ensure we honor it going forward (i.e., to avoid accidentally sending you marketing).
  • Website Usage Data: Information collected via cookies and analytics is typically retained in aggregate form. Raw logs of website visitors (IP addresses, etc.) are usually kept only for a short period (a few weeks or months) unless used for security analysis. Analytics data in tools like Google Analytics is often retained for a set time (we might configure it to 26 months or so) to allow year-on-year comparison, but this data is not personal in isolation. If you’ve interacted with our site while logged in or identified (if accounts exist), that usage data might be linked to your profile and thus kept as long as the profile is active.
  • CCTV Footage: (If our premises use CCTV for security – this is an example as many clinics do.) CCTV recordings, if any, are typically overwritten on a rolling basis unless reviewed for an incident. For example, footage might be kept for 30 days unless needed longer for a specific investigation.

Once the retention period expires or the data is no longer needed, we will ensure it is securely deleted or destroyed. This may involve shredding paper records, securely erasing electronic files, or anonymizing data so it can no longer be associated with you. We also periodically review the data we hold and delete or anonymize information that is no longer required.

If you have specific questions about our retention practices for a particular type of record, please contact us. And if you feel we are keeping something about you longer than necessary, you have the right to request erasure (as described in the “Your Rights” section below) – we will then assess whether we can honor that request (we will do so if the data isn’t required to be kept by law or legitimate business purposes).

Cookies and Website Data

Our website uses cookies and similar technologies to distinguish you from other users, provide certain functionality, and to improve user experience. Cookies are small text files that are placed on your computer or device when you visit a website. They allow the website to recognize your device and store some information about your preferences or past actions. Here is how we use cookies on oxydisewellness.co.uk:

  • Essential Cookies: These are necessary for the basic operation of our website. For instance, if our site has a booking system or form that spans multiple pages, a cookie might be used to remember your inputs as you navigate through steps (so you don’t lose information if you go back or forward). Essential cookies might also be used for security purposes (e.g., to keep you logged in during your session if login exists, or to prevent cross-site request forgery on forms). Without these cookies, certain services or features may not function properly. These do not require consent, as they are needed for service you request (like navigating the site or making a booking).
  • Analytics Cookies: We use analytics tools (such as Google Analytics) to collect information about how visitors use our site. These cookies collect information such as what pages are visited, how long is spent on the site, what links are clicked, and if any errors occurred. The data obtained is aggregated and anonymous; we do not use it to identify you personally. Analytics cookies help us understand user behavior and improve our website content and layout. We will ask for your consent before placing non-essential analytics cookies, in line with UK Privacy and Electronic Communications Regulations (PECR). You may see a cookie banner or settings option when you first visit our site, allowing you to accept or reject analytics cookies.
  • Functional Cookies: These cookies remember choices you make to personalize your experience. For instance, if our site offers a preferred clinic location or remembers your login details for convenience on return visits (not advisable for sensitive accounts, but for general site preferences), a functional cookie would handle that. We use these to make the site more convenient (e.g., remembering your cookie settings or that you already saw a notification so it doesn’t show again). These may or may not be considered “strictly necessary” depending on their function, but we will treat them with appropriate transparency.
  • No Third-Party Advertising Cookies: We do not use third-party advertising networks or target advertising cookies on our site at this time. That means we are not tracking you across other sites or showing you third-party ads based on your browsing here. If in the future we include any third-party embeds that might set cookies (like a YouTube video or a social media “like” button), we will update our cookie notice to reflect that and obtain necessary consents.

Cookie Consent and Control: On your first visit to our site (and periodically as required), you will be informed about our use of cookies. You can choose to accept or reject non-essential cookies. Even after accepting, you can clear cookies or adjust your browser settings to refuse some or all cookies. However, please note that disabling cookies might impact your ability to use certain parts of our site effectively (for example, you might not be able to book online if cookies are disabled, due to session handling). Our Cookie Notice (accessible via the site footer or settings banner) provides more detail on what cookies are used and how you can manage them.

Beyond cookies, we also log technical information as mentioned (IP address, user agent, etc.). This is typically for security and debugging — for instance, if an error occurs, the logs help us trace what happened. IP addresses in our web server logs or security logs are kept only for a short time and for purposes of maintaining the integrity of our service. We do not link IP addresses to named individuals except in cases of misuse or security incidents where we might need to correlate logs with user data to investigate.

For more information on cookies and how to manage them, you can visit AboutCookies.org or the support pages for your specific web browser.

Your Rights

Under data protection law, you have certain rights regarding your personal data. Oxydise Wellness Lab is committed to honoring these rights. Below, we outline your rights and briefly explain how you can exercise them. Keep in mind that these rights are not absolute – in some cases, legal exceptions may apply. If you wish to exercise any of these rights, please contact us (see “Contact Us” at the end of this Policy). We may need to verify your identity before fulfilling your request, to ensure we don’t disclose data to the wrong person. We will respond to requests within one month, unless the request is complex (in which case we might inform you of an extension).

  • Right to Be Informed: You have the right to be informed about the collection and use of your personal data. This Privacy Policy is one of the ways we provide you with that information. We aim to be transparent in how we handle your data. If anything is unclear in this Policy or you have questions, please let us know.
  • Right of Access (Subject Access Request): You have the right to access the personal data we hold about you and to obtain information about how we process it. This means you can ask us to confirm if we’re processing your data and request a copy of that data. For example, you can ask to see the records of your treatments or the contact details we have on file. We will provide this information free of charge (except in rare cases of excessive or unfounded requests, where we might charge a reasonable fee or refuse). The information will typically be provided in writing, or electronically if you make the request electronically (unless you prefer otherwise).
  • Right to Rectification: If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request correction or completion of that data. For instance, if we have an old address or a misspelled name, you can ask us to update it. We rely on you to provide accurate information, and we will gladly correct mistakes. In certain cases, we may ask for verification of the new information (like proof of a name change).
  • Right to Erasure (”Right to be Forgotten”): You have the right to request the deletion of your personal data in certain circumstances. This right is not absolute, but applies, for example, if the data is no longer necessary for the purposes it was collected, if you withdraw consent (where consent was the basis and no other basis exists), or if you object to processing and we have no overriding legitimate grounds to continue. You may also request erasure if you believe we processed your data unlawfully or if there’s a legal requirement for erasure. However, the right to erasure has exceptions – especially relevant for us: we might need to retain certain records to comply with legal obligations (e.g., medical records retention laws, or financial records for auditing). Also, if deletion of data would seriously impair the ability to provide care (as is often the case with health records), we may decline deletion but possibly anonymize data instead. We will inform you of the reason if we cannot fulfill an erasure request.
  • Right to Restrict Processing: You have the right to request that we limit the processing of your data in certain situations. This might apply if you contest the accuracy of the data (we would restrict use until verified), or if you have objected to processing (and we’re considering that objection), or if processing is unlawful and you prefer restriction over deletion, or if we no longer need the data but you need us to keep it for a legal claim. When processing is restricted, we can still store the data but not use it for other purposes without your consent (except for legal claims or public interest reasons). If a restriction is lifted later, we will inform you.
  • Right to Data Portability: This right allows you, in some cases, to obtain and reuse your personal data across different services. It applies to data you have provided to us, which we process by automated means, under the lawful basis of consent or contract. For example, if you gave us certain health info and you want to transfer to another wellness provider, you could request a copy in a machine-readable format. In practice, much of our processing might not squarely fall under portability rights (because health records might not be fully by consent/contract or might involve notes we add), but we will do our best to accommodate reasonable requests. Typically, we can provide things like your appointment history or intake form data in a structured format (like CSV or PDF). You may request that we transmit the data directly to another controller if technically feasible.
  • Right to Object: You have the right to object to our processing of your personal data in certain circumstances. You can object to processing based on legitimate interests or public task, if you feel it impacts your rights. If you object, we must stop that processing unless we have compelling legitimate grounds that override your interests, or the processing is for legal claims. You can also object to any direct marketing at any time – and as soon as you object, we will cease using your data for that purpose. This includes profiling related to direct marketing. For example, if you no longer want newsletters, you can unsubscribe (object) and we’ll stop. Another example: you might object to us using some of your data for internal analysis under legitimate interest; we would then either stop or give you a justification as to why we need to continue (and you could challenge that with the ICO if unsatisfied).
  • Rights Related to Automated Decision-Making and Profiling: We do not currently make any decisions about you that are solely by automated means with legal or similarly significant effects (no automated decision-making), nor do we engage in profiling that has such effects. In plain terms, there’s no computer-only decision that determines something like your ability to receive a service or a price – all decisions (like what treatment you can get, or any discounts, etc.) involve human consideration. If this ever changes, you would have rights to not be subject to such decisions without human intervention and to contest them.
  • Right to Withdraw Consent: Where we rely on your consent to process data (e.g., for marketing, or processing health data when no other lawful basis applies), you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing done before withdrawal, but it will mean we stop the particular processing going forward. For example, if you consented to receive SMS reminders and then withdraw that consent, we will stop sending SMS reminders (though we might use other means to reach you if needed, like email or call, unless you also withdraw consent for those; note that appointment reminders might be considered part of service communications under contract basis in some cases). To withdraw consent, you can contact us or use provided mechanisms (like an “unsubscribe” link for emails).

When you exercise any of these rights, we will respond as soon as possible. If we cannot fulfill your request fully, we will explain the reasoning. For instance, if you request complete deletion of your records, we might have to retain some parts due to legal requirements, but we could perhaps anonymize or heavily restrict them, and we would explain what we’ve done.

No Fee Usually Required: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive, or excessive, we may either charge a reasonable fee (based on the administrative cost of providing the information or taking action) or refuse to comply. We will of course inform you if that situation arises and why.

Right to Complain: In addition to the above rights, if you have concerns about how we are handling your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues. We would appreciate the chance to deal with your concerns before you approach the ICO, so please consider reaching out to us first. However, if you wish to contact the ICO, you can do so via their website (ico.org.uk) or by phone at 0303 123 1113.

Children’s Privacy

Our services and website are not generally directed at children under 18 years of age. As noted in our Terms, individuals under 18 typically require parental consent and involvement to use our services. We do not knowingly collect personal data from anyone under 13 without parental consent, and we aim to avoid any unnecessary collection from minors in general. If you are a parent or guardian and believe we might have any information from or about a child under 18 without appropriate consent, please contact us. We will take prompt steps to investigate and address the issue, including deleting the data if we cannot lawfully keep it.

In cases where we do provide a service to a minor (for example, if a 16- or 17-year-old receives a service with parental permission, or a younger child uses the hyperbaric chamber for a health reason under doctor’s referral, hypothetically), we will ensure the parent/guardian is fully informed and consents to the data collection. The child’s information will be kept confidential as with any client, and the parent/guardian may generally exercise the child’s data rights on their behalf. We also take extra care with children’s data given its sensitivity.

Our website is intended for a general audience about wellness services. We do not feature content that is harmful to children, but nevertheless, if someone under the age of 18 is browsing our site, we encourage them to do so with a guardian’s guidance, especially if filling any forms. We do not use any profiling or marketing that targets children.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will post the updated Policy on our website and change the “Last Updated” date at the bottom. If changes are significant, we may also notify you directly by email or by placing a prominent notice on our site (especially if we have your contact details on file).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Continued use of our website or services after any modifications to the Privacy Policy will be deemed as acceptance of the updated terms, to the extent permitted by law. If you do not agree with any updates, you should notify us and/or discontinue use of our services before the changes take effect. We will not reduce your rights under this Privacy Policy without your explicit consent. Any changes we make will comply with applicable privacy laws.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or any aspect of our handling of your personal data, please do not hesitate to contact us. We are here to help and value communication with our clients and website users about their privacy. You can reach us using the following contact information:

  • Oxydise Wellness Lab – Privacy Officer/Data Protection Contact
  • Address: Rosalind Franklin House, Fordham Rd, Newmarket CB8 7XN
  • Phone: 01223 657444
  • Email: hello@oxydise.co.uk

When you contact us, please provide as much detail as possible about your query or request, to help us address it effectively. For security and confidentiality, we might need to verify your identity especially for requests concerning personal data (such as access or deletion requests).

We thank you for trusting Oxydise Wellness Lab with your wellness journey and your personal information. We are dedicated to safeguarding that information and using it to serve you in the best way possible. Your privacy and satisfaction are important to us, and we will do our utmost to ensure both.

logo
Oxydise Wellness Lab does not provide medical advice, diagnosis, or treatment. All therapies are non-invasive and intended to support wellness. Please consult your healthcare provider before starting any treatment.
Home Services FAQ Contact
01223 657444
Rosalind Franklin House, Fordham Rd, Newmarket CB8 7XN
Directions
Copyright © 2025 Oxydise All Right Reserved
Privacy Policy Terms & Conditions
Request call-back
I agree to the processing of personal data.
Book online
The administrator will be happy to answer your questions.
I agree to the processing of personal data.
You can also use messengers to book