.png)
Privacy Policy
A legal disclaimer
Last updated: 6th March 2026
1. Introduction
North Star Health Ltd is committed to protecting the privacy and security of your personal information. This privacy policy explains how we collect, use, store, and protect personal data when you visit our website, contact us, or use our healthcare services.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a healthcare provider, we recognise the importance of maintaining the confidentiality and security of your information.
This policy applies to:
Visitors to our website
Individuals making enquiries
Patients receiving healthcare services
Individuals interacting with our marketing communications
2. Data Controller
The Data Controller responsible for your personal information is:
North Star Health Ltd
13 Farringdon Road
Cullercoats
NE30 3ER
United Kingdom
Email: info@nshealth.co.uk
Telephone: 07564888114
The company director acts as the Data Protection Lead responsible for overseeing compliance with data protection regulations.
3. Information We Collect
We may collect and process the following types of personal information.
Personal Information
Name
Address
Date of birth
Email address
Phone number
Appointment information
Health Information
As a healthcare provider we may collect sensitive medical information including:
Medical history
Symptoms and clinical information
Consultation notes
Medication and prescription information
Treatment records
Test results where applicable
This type of data is classified as special category data under UK GDPR and is handled with additional protections.
Website Usage Information
When you visit our website we may collect information such as:
IP address
Browser type
Device type
Pages visited
Date and time of website visits
This information helps us improve website performance and user experience.
4. How We Collect Your Information
We collect information through several methods, including:
Contact forms submitted via our website
Online appointment bookings
Phone or email enquiries
During consultations and clinical assessments
Through our website analytics tools
Cookies and tracking technologies
Third-party booking systems such as Semble
5. Legal Basis for Processing
Under UK GDPR we rely on several lawful bases for processing personal data.
Provision of Healthcare
Health information is processed under the lawful basis of:
Provision of health or social care and medical diagnosis.
This allows healthcare professionals to provide appropriate clinical services.
Contractual Necessity
Processing is necessary in order to:
Manage bookings
Deliver services requested by patients
Process payments
Legal Obligation
Certain information must be processed to comply with healthcare regulations, professional standards, and record-keeping obligations.
Legitimate Interests
We may process certain information to:
Manage and operate our clinic
Improve our services
maintain website functionality
Consent
Where appropriate, we may rely on your consent for:
Marketing communications
Certain data sharing activities
You may withdraw consent at any time.
6. Clinical Records
As a healthcare provider we maintain confidential clinical records.
These records may include:
Consultation notes
Treatment details
Prescriptions issued
Relevant medical history
Clinical records are stored securely within our clinical management system Semble, which is a secure cloud-based healthcare platform.
Access to medical records is restricted to authorised personnel involved in providing care.
7. Prescriptions
Where appropriate, prescriptions may be issued following a clinical consultation.
Prescriptions may be provided through:
Printed prescriptions
Electronic prescriptions via SignatureRx
Relevant information may be shared with pharmacies as required for the provision of prescribed medicines.
8. Payments
Payments for services may be processed through the following methods:
Online payment systems
Card reader devices
Bank transfer
Cash
Online payments processed through our website are handled via Stripe, which acts as an independent payment processor and processes payment data in accordance with its own privacy policies.
9. Sharing Your Information
We may share your personal information with trusted third parties where necessary to provide healthcare services or operate the clinic.
This may include:
Pharmacies
Medical laboratories
GP practices
Referral specialists
Insurance providers
Payment processors
IT and clinical software providers
Regulatory or legal authorities where required
Where appropriate, we will seek explicit consent before sharing your information unless sharing is necessary for the provision of healthcare or required by law.
10. Data Security
We take appropriate measures to protect your personal information.
Security measures may include:
Secure clinical record systems
Encrypted data storage
Restricted access controls
Password-protected systems
Secure cloud-based healthcare platforms
Staff confidentiality obligations
Despite these safeguards, no online system can be guaranteed completely secure, but we take reasonable steps to protect your information.
11. Data Retention
Healthcare records are retained in accordance with recognised healthcare record retention guidelines.
Typical retention periods include:
Adult medical records: retained for 8 years after last treatment
Children’s records: retained until the patient reaches age 25
After these periods records may be securely deleted or destroyed.
12. Children and Young People
We may provide services to individuals under the age of 18.
Where a patient is under 18:
A parent or legal guardian must normally attend the appointment and provide consent.
Patients aged 16 or over may be treated independently if they are assessed as competent to make decisions about their care.
Additional care is taken when handling data relating to children.
13. Marketing Communications
We may occasionally send information about services, updates, or promotions.
Marketing communications may be sent via:
Other digital communications
Individuals will be given the opportunity to opt-in to marketing communications, and may unsubscribe at any time.
14. Cookies and Website Tracking
Our website uses cookies and similar technologies to improve functionality and understand how visitors use our website.
Cookies may be used for:
Website functionality
Analytics and performance monitoring
Advertising and marketing tracking
We use Wix Analytics and may use tracking technologies associated with advertising platforms such as Meta (Facebook/Instagram) and Google Ads.
Users are presented with a cookie consent banner when visiting the website and can manage their preferences.
15. CCTV
CCTV is used within the clinic premises for purposes including:
Safety and security
Crime prevention
Protection of staff and patients
CCTV footage may be retained for a limited period and may be shared with law enforcement authorities where required.
16. Your Data Protection Rights
Under UK GDPR you have the right to:
Request access to your personal data (Subject Access Request)
Request correction of inaccurate information
Request deletion of data where applicable
Request restriction of processing
Object to certain types of data processing
Request transfer of your data to another organisation
Requests should be submitted to:
We will respond within the timeframes required by data protection law.
17. Complaints
If you have concerns about how your personal information is handled, please contact us first so we can attempt to resolve the issue.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
Information Commissioner’s Office
Website: https://ico.org.uk
18. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in legal requirements or operational practices.
The most recent version will always be available on our website.