Privacy Policy
How we protect, process, and secure your personal biological data under the UK General Data Protection Regulation (UK GDPR).
End-to-End Encryption
Secure SSL/TLS layers and database encryption.
GDPR Compliant
Strict user-access logs and privacy governance.
Anonymised Analytics
Corporate data is entirely stripped of identifiers.
1. Information We Collect
To deliver our health checks, phlebotomy dispatches, and Health Intelligence Hub updates, we collect:
- Personal Details: Name, contact details, birth date, delivery postcode.
- Clinical Consent Records: Signed digital consent checkboxes.
- Biological Metrics: Vitals (blood pressure, BMI) and processed laboratory blood values (e.g., cholesterol, thyroid).
2. How We Share Biological Data
We coordinate sample logistics and laboratory pathology with our UKAS-accredited partner laboratory. Biological tubes are marked with random barcodes, meaning the lab is provided with zero name details. Only the Aven Health clinician panel maps these barcodes back to your profile.
3. Data Controller
Aven Health Limited (registered in England & Wales) is the data controller responsible for your personal data. Once registered, our ICO data protection registration number and registered office address will be published here. Data protection enquiries: privacy@avenhealth.co.uk.
4. Lawful Basis for Processing
We process your personal data under the following UK GDPR lawful bases: performance of a contract (to deliver the screening you book), legitimate interests (to operate and improve our service), and consent (for optional communications and non-essential cookies). Because health data is special-category data, we additionally rely on your explicit consent and, where applicable, Article 9(2)(h) (provision of health care by a health professional under a duty of confidentiality).
5. Data Retention
We retain clinical records in line with UK clinical record-keeping guidance (adult health records are generally retained for a minimum of eight years after the last interaction). Account and billing records are retained as required by law. You may request deletion of non-clinical data at any time; clinical records are retained for the minimum period required by our clinical governance and legal obligations.
6. Who We Share Data With (Sub-Processors)
We use carefully selected processors under written data-processing agreements: our secure database and hosting provider, our email delivery provider, our payment processor, our UKAS-accredited partner laboratory, and our medical courier. Each processes data only on our instructions. Data is hosted within the UK/EEA; where any transfer outside the UK/EEA occurs, it is protected by appropriate safeguards.
7. Cookies
We use essential cookies to run the site and, only with your consent, analytics cookies to improve it. You can set your preference via our cookie banner and change it at any time by clearing the aven_cookie_consent cookie.
8. Your Rights & Complaints
Under UK GDPR you have the right to access, rectify, erase, restrict, or object to the processing of your data, and to data portability. To exercise these rights, contact privacy@avenhealth.co.uk. If you are unhappy with how we handle your data, you may complain to the Information Commissioner's Office (ICO) at ico.org.uk.
This policy is a working draft and should be reviewed and finalised by a qualified data-protection/healthcare solicitor before go-live.