top of page

My Heart Privacy Policy

Privacy Policy for My Heart by My Heart in Mind Ltd

​

This privacy policy outlines how My Heart in Mind Ltd, operating as My Heart, collects, uses, and safeguards your personal information in accordance with UK data protection laws. It applies to all users of our services. We are committed to transparency and ensuring you are aware of how we handle your information.

​

We’, ‘us’ or ‘our’ means My Heart in Mind Ltd (trading as My Heart) and ‘You’ or ‘your’ means the person using our services.

Data Protection Principles

​

We adhere to data protection laws, ensuring that your personal information is:

  • Used lawfully, fairly, and transparently

  • Collected for legitimate purposes and not used incompatibly

  • Relevant and limited to the purposes we have explained

  • Accurate and kept up to date

  • Retained only as long as necessary for the stated purposes

  • Kept securely

  • ​

Information Collection

We collect personal information through our registration process and during your interaction with our services. This information may come directly from you or from other healthcare providers involved in your care. We may also obtain information from third parties, such as insurance companies.

Any information provided through online forms or email is processed with your consent to ensure accurate responses. If you provide information on behalf of someone else, we assume you have their consent.

​

Types of Information Collected

Personal information includes any data that can identify an individual. We collect and use the following categories of personal information:

  • Basic details (name, date of birth, next of kin, address, etc.)

  • Contact details (phone number, email address, etc.)

  • Payment details (credit/debit card, billing address, etc.)

  • Details of third-party payers (name, address, payment details)

  • GP information

  • Patient feedback

​

We also collect sensitive personal information, such as:

  • Health and medical records (reports, notes, results, etc.)

  • Medical images and diagnostic information (ECG, CT, pathology reports, etc.)

  • Appointment records

​

Purpose of Data Collection

We use your personal information when legally permitted, typically for:

  • Providing healthcare services

  • Complying with legal obligations

  • Legitimate interests, unless your rights override these interests

In rare cases, we may use your information to:

  • Protect your or someone else's interests

  • Fulfill public interest requirements

​

Data Security

We have implemented appropriate security measures to prevent unauthorized access, loss, or misuse of your personal information. Access is limited to employees and third parties who need it for legitimate business purposes. We comply with Cyber Essentials and the National Data Guardian’s Data Security Standards.

Data Retention

We retain your personal information only as long as necessary, in accordance with NHS Records Management Code of Practice and Department of Health guidelines.

Use of Personal Information

​

We process your personal information for the following purposes:

  • Providing healthcare services

  • Collecting payments

  • Meeting healthcare provider obligations

  • Ensuring service safety

  • Maintaining complete medical records

  • Billing for services

  • Regulatory compliance

  • Conducting audits

  • Improving systems and services

  • Supporting marketing activities

  • Ensuring building security

  • Complying with legal obligations (e.g., fraud prevention)

​

Sharing with Third Parties

We may share your data with third parties when legally justified, such as for healthcare provision, compliance, or with your consent. Third parties may include:

  • Service providers (data processors) supporting our services

  • Consultants, GPs, and other healthcare providers

  • Pharmacy concierge services

  • Patient payment solutions companies

  • Regulatory bodies

  • Billing providers

  • Debt collection agencies for outstanding balances

​

All third parties are obligated to maintain confidentiality, security, and compliance with the law.

Transfers Outside the EEA

We do not anticipate transferring your data outside the European Economic Area (EEA). If necessary, we will ensure a similar level of protection as within the UK.

Your Rights

You have the right to:

  • Access your personal information

  • Rectify inaccuracies

  • Request erasure (‘right to be forgotten’)

  • Restrict processing

  • Object to processing

  • Request data portability

  • Withdraw consent

​

To exercise these rights, contact us at info@myheartuk.com. Please note that some rights are not absolute and we will inform you of our response within one month, or 21 days for automated decisions.

For any questions, comments, or complaints about this policy or our data handling practices, contact the Registered Manager at info@myheartuk.com You can also contact our Data Protection Officer at the same address.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority.

bottom of page