← Back to Home

Privacy Policy

Effective Date: January 1, 2026

Nilus Care ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used, and disclosed by Nilus Care in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

We collect information necessary to provide safe medical services and manage your appointments. This includes:

• Personal Identification: Name, Date of Birth.
• Contact Details: Email address, Phone number, Home address.
• Medical Data (Special Category Data): Medical history regarding ear health, current medications, GP details, and clinical notes from your examination.
• Technical Data: IP address, browser type, and cookies when you visit our website.

2. How We Use Your Information

We use your data for the following specific purposes:

• To schedule and manage your appointments.
• To conduct clinical assessments and maintain accurate medical records (a legal requirement for healthcare providers).
• To communicate with you regarding appointment confirmations, reminders, or cancellations.
• To process payments.
• To comply with legal obligations (e.g., sharing data with the NHS or ENT specialists if a referral is required).

3. Legal Basis for Processing

Under the UK GDPR, we rely on the following lawful bases for processing your data:

• Contract: Processing is necessary to fulfill our service agreement with you (booking the appointment).
• Legal Obligation: We are required by law to keep medical records for a specific period.
• Vital Interests: In emergency situations, we may need to share data to protect your life (e.g., calling an ambulance).
• Provision of Health Care: For processing special category data (medical history).

4. Data Retention

We retain medical records for a minimum period as required by UK law (typically 7-10 years depending on the nature of the record). Personal contact data is retained as long as you are an active patient. You may request your data be archived if you stop using our services.

5. Your Data Rights

You have the following rights under GDPR:

• The right to access: You can request copies of your personal data.
• The right to rectification: You can request that we correct any information you believe is inaccurate.
• The right to erasure: You can request that we erase your personal data, under certain conditions (note: medical records often cannot be erased due to legal retention laws).
• The right to object to processing: You have the right to object to our processing of your personal data.

6. Third-Party Sharing

We do not sell your data. We only share data with:

• Secure Cloud Booking Systems (for calendar management).
• Medical Specialists (e.g., GP or ENT) strictly for referral purposes.
• Law enforcement agencies if required by law.

7. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer at:

Email: hello@niluscare.co.uk
Address: 14 Mackintosh Place, Cardiff, CF24 4RQ