Aneira Health

Aneira Health Limited Customer Privacy Statement

Registered name: Aneira Health Limited. Reg number: 15210257
‍
‍Registered Office: 20 Eastbourne Terrace, Paddington, London W2 6LG

This privacy notice tells you what to expect us to do with your personal information.

Who are we and what services do we offer?

Welcome to Aneira Health UK Limited. Our registered office is 20 Eastbourne Terrace, Paddington, London, W2 6LA. Company reg no is 15210257

We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

Our service offers Women’s health assessments, consultations, information and guidance in physical and online locations. We are a research focused organization and will collaborate with internal and external parties to develop globally relevant research which has an impact on women’s health.

What does this policy cover?

This Privacy Policy covers how we treat Personal Data that we collect when you access our app or website to create an account, share data with us, access our Services, take part in research or pay a fee for those Services.
‍
Personal Data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person also constitute personal data.
‍
Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains Personal Data. Personal data that has been rendered anonymous in such a way that the individual is not or cannot be identified is no longer considered personal data. This type of data is called anonymous. This privacy statement will tell you when we are anonymising data.

How we obtain your data

Directly from you i.e., when filling in a contact form on our website, or through using our app.
Directly from you i.e., in a clinical consultation or call with our team.
From your existing healthcare records i.e., which you give permission to share with us.

What kinds of Personal data

Member information

This is information about you which we use to create and manage your account. It can include your name, address, contact details and bank details.

We will use this data to:

Operate the account with secure logins
Contact you about our services
Send information and materials to you, such as test kits
Manage payments and subscriptions
To improve our services

We will keep this data for 8 years after you have ceased to be a member.

Contact details

This is information about you which we use to keep in touch. It can include your name, address, contact details and information you have shared about your contact preferences and availability.
‍
We will use your contact details to:

Confirm and remind you about activities with us such as appointments, calls and tests
Provide you with information about our Services
Keeping in touch and sharing insights which you’ve told us you are interested in
Invite you to relevant events
Invite you to take part in relevant scientific research with us or one of our trusted partners
Tell you about the results of our research
Provide you with information about your account and payments
Provide you with information about updates to the app, our Services and Terms and Conditions.

If you have consented to Marketing communications, we will send you these updates from Aneira Health.

These updates may include information about our products, services, offers, events, company developments, partner information and similar topics. We will not share your contact details with our partners without your explicit informed consent. Depending on the consents you provide to us, we may send these communications to you via email, phone call, SMS, and/or push notification. You can change your marketing communications preferences or withdraw your consent at any time by following the instructions provided within the marketing communications themselves. We will keep this data for 8 years after you have ceased to be a member.

If you become a participant in interventional research at one of our sites, the Sponsor of the research will tell you about how they will manage your Personal Data and how long they are required to hold your Personal Data.

Healthcare Data

Self reported healthcare data (on the Aneira app)

This is the information we will ask you to provide when you sign up such as:

Age; weight; health conditions; health history; interests; GP name and address; healthcare and lifestyle questionnaires

We will use this data to:

Help decide what tests you may need and who is the best person to see you
Understand topics which you might be interested in learning more about

Healthcare data from clinical care and testing

This is the information which you will provide to our health care professionals when you speak with us face-to-face or on video calls or telephone calls.

Health history; health symptoms, medications; other clinical measurements.

We will use this data to provide tailored clinical care to you.

Healthcare data from your existing healthcare records

This is all the coded information which your GP and the hospital systems hold about you. It does not include notes and letters. It will include some or all of the following:

Diagnoses, events such as appointments, procedures such as operations, medications and devices which have been given to you.

Samples

As part of joining Aneira Health and during any clinical care with us, we will take clinical samples to better understand your health status. This includes genotyping using a blood sample. These samples may be blood, urine, or tissue. The processing of these tests is done by our laboratory providers. The laboratory will receive the following information about you:

Patient reference number (we don’t give the laboratory processing your sample your name); age; sex
If you are being sent a home testing kit, our fulfilment provider will have the following information about you: name; address; contact number; and the type of test you are to receive

We will store some of the samples for quality checks and an additional amount for future research. This will be stored anonymously for a minimum of 10 years.

Results of tests

These are the results of laboratory tests. These will be laboratory values linked to your patient identification number which we will match to your record in our electronic health record system. The laboratory cannot identify you from this information.

During your care we may ask you to consent to share data from devices such as smart watches or blood pressure monitors. We will receive the data from the manufacturers’ data management systems which is then transferred to our systems.

We will use this data to help inform our understanding of your health and to enable us to treat you appropriately.

The results of laboratory tests will be held by the laboratory for no more than 3 months and will then be deleted. They may be required to use the anonymous results to audit the quality of their systems.

Any unused blood or tissue samples are destroyed by the laboratory on a routine basis.

Your personal device manufacturers can hold anonymised data and you need to provide your permission on the system to allow this.

Your health care data will be stored for 8 years after you cease to be a member unless we inform you otherwise.

How will we use this healthcare data?

To confirm your eligibility for our clinical Services
To provide clinical Services
To report back to your GP and other health care providers about your care
In anonymised form, we will use the data to generate insights to improve our services
In anonymised form, we will use the data for scientific research
Your clinician may invite you to take part in relevant interventional research

Sharing data

Where the data relates to clinical care, we will ask you to acknowledge that we can share this information with your GP or other care provider. You can opt out. Talk to your care team at Aneira Health about this.

‍

How will we use data for research?

Aneira Health is committed to robust scientific research. All anonymised data we collect about you, your health and the information you give us will become part of our mission to improve health outcomes for women.

‍

We will retain your data in anonymous format to enable us to analyse and improve our Services, to carry out scientific research and develop machine learning and AI models to improve our understanding of women’s health conditions.

‍

Research

We will use your anonymous data including:

Part of your post code; GP site; year and month of birth; age; sex; healthcare data ; survey and questionnaire data.

We will work with trusted partners to carry out research on the anonymised data.

All research projects are overseen by our Research Ethics Advisory Group which includes patients, external experts, scientists, doctors, data scientists and a data protection officer.

We will never sell your anonymised data.

‍

How we will use data to provide a Service?

‍

Payment information

This data is essential to enable our payment provider(s) (see table) to process payments. The Data captured by our payment provider(s) and stored and processed by us may include:

Name; email address; postcode; card information; country of residence

We keep this information for as long as the tax authorities require. Once we no longer need this information, we will delete it.

‍

Communication

Where we communicate with each other via any method – chat, phone calls, texts, email or transcriptions of face-to-face conversations – we will keep that information in identifiable form for as long as you are a member.

Only members of the clinic team, those booking appointments and meeting you at clinic reception will be able to view this information.

We will use this data to provide the Services to you including clinical care.

‍

Employment and hiring

If you apply for a job with Aneira Health – good choice.

We will collect:

Name; contact details; your CV; references

We will retain information about you for 6 months after an unsuccessful application.

Roles, responsibilities and data sharing

Data Controller
‍
Aneira Health UK Limited is the data controller responsible for the collection and processing of personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA18).

Data Processors
The data we collect is processed by the following organisations for the purposes described:

Company

Location

Purpose

Type of Data

Google Cloud Platform

EU
‍Privacy Statement

Hosting the data

All anonymised data

Semble

EU
‍Privacy Statement

Electronic Health Records system

Name; reference number; DOB; contact details; address; healthcare information; card information

The Doctors Laboratory

UK
‍Privacy Statement

Processing samples

Reference number; sex; age;

Cambridge Genetic Services

UK
Privacy Statement

Processing samples

Reference number; sex; age

Validae Health LP

Registered in the US; operating in the UK

Research partner

Anonymised data only

Signature Rx/ Signature Pharmacy

UK
‍Privacy Statement

Supply of medicines against private prescription and medicines advice to patients

DOB, Name, address, medication, allergies, name and address of prescriber

Slack

EU
‍Privacy Statement

Making phone calls to patients via integration with Semble EHR

Name; contact number

UNTIL

Clinical space and reception management

Patient name, DOB, Pt ID, date / time of appt

UNTIL

UK
‍Privacy Statement

Clinical space audit requirements – viewed only by healthcare professional

Patient name, DOB, Pt ID, date of appt, reason for appt, treatment / outcome

Webflow

US
‍Privacy Statement

Website contact form

Name; email address; phone number

Stripe

UK
‍Privacy Statement

Processing payments

Name; card information; email; postcode; country of residence

Apple Pay

Ireland
‍Privacy Statement

Processing payments

Name; email address; card information; address; account activity

Google Pay

Multiple locations Privacy Statement

Processing payments

Name; email address; card information; address; account activity

Hubspot

USA
‍Data Processing Agreement

Customer relationship management

Name; email address; records of engagement with Aneira products and services

PostHog

EU
Privacy Statement

Product and user analytics

Email address; usernames; IP addresses; device information

What’s App For Business

EU
Privacy Statement

Customer service and patient communication

Name; contact details; healthcare information

Typeform

EU
‍Data Privacy & Security Statement

Customer feedback analytics

Name; email address; phone number

Data Security
‍
The security of the data you share with us is important to us. We take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your provided personal data. All data provided to us is stored on our secure (password and firewall protected) servers. All electronic data associated with transactions you make or in relation to our website is encrypted. 

We also allow access to your personal data only to those employees and partners who have a business need to know such data. They must keep it confidential and are under a contractual obligation to do so.  

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.

‍Data Retention
The data we collect from you will be retained only for as long as necessary to fulfil the purposes we collected it for. This will include the purposes of satisfying any legal, accounting, or reporting requirements. 

In some circumstances, we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you. 

Where is Your Data Stored?

Your personal identifiable healthcare data is processed and stored on the information systems listed under Data Processors. Where those systems are outside the UK or EU we ensure that they are compliant with EU legislation and guidance.

‍International transfers of data
We work with research partners and will transfer anonymised data outside of the UK. These data cannot be linked back to you. The data will only be used for healthcare research and to train and develop models.

‍Changes to this policy
We may make changes to this policy from time to time. We will notify you when changes are made via the member portal and by your chosen form of communication.

Legal basis for Processing and Your Rights

We process your personal data based on the following legal grounds:

Consent: When you have given us explicit consent to process your data for those purposes
Healthcare: when you engage with us to provide healthcare services
Contract: When processing is necessary for the performance of a contract with you.
Legal Obligation: When we need to comply with a legal obligation.
Legitimate Interests: When processing is necessary for our legitimate interests, provided your rights and interests do not override those interests.
Scientific & public health interest: where processing is in the interest of scientific research

When we rely on consent, we will use your information on this basis until you withdraw your consent, or it can be reasonably assumed that your consent no longer exists. You may withdraw your consent at any time by instructing us at  hello@aneira.health or by speaking to our clinic team.

Your Legal Rights

Under certain circumstances, by law you have the right to: 

Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. 
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. 
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). 
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.  
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it. 
Request the transfer of your personal information to another party. 
Withdraw consent  for processing in any circumstance where you may have provided it for a specific purpose.

If you want to know more about your rights, please take a look at the ICO website. 

If you want to exercise any of your rights listed above, please email  php@informationgovernanceservices.com.

Before we release any information to you, we may request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).  You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. 

We respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.  

Contacting Us

You can contact us at: php@informationgovernanceservices.com

Version 1.2. Aneira Health Inc. 2024
Last updated 11th April 2025