Aneira Health Limited Customer Privacy Statement

Registered name: Aneira Health Limited. Reg number: 15210257

Registered Office: 20 Eastbourne Terrace, Paddington, London W2 6LG

This privacy notice tells you what to expect us to do with your personal information.

Who are we and what services do we offer?

Welcome to Aneira Health UK Limited. Our registered office is 20 Eastbourne Terrace, Paddington, London, W2 6LA. Company reg no is 15210257

We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

Our service offers Women’s health assessments, consultations, information and guidance in physical and online locations. We are a research focused organization and will collaborate with internal and external parties to develop globally relevant research which has an impact on women’s health.

What does this policy cover?

This Privacy Policy covers how we treat Personal Data that we collect when you access our app or website to create an account, share data with us, access our Services, take part in research or pay a fee for those Services.

Personal Data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person also constitute personal data.

Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains Personal Data. Personal data that has been rendered anonymous in such a way that the individual is not or cannot be identified is no longer considered personal data. This type of data is called anonymous. This privacy statement will tell you when we are anonymising data.  

How we obtain your data

  • Directly from you i.e., when filling in a contact form on our website, or through using our app.
  • Directly from you i.e., in a clinical consultation or call with our team.
  • From your existing healthcare records i.e., which you give permission to share with us.
What kinds of Personal data
Member information

This is information about you which we use to create and manage your account. It can include your name, address, contact details and bank details.

We will use this data to:

  • Operate the account with secure logins
  • Contact you about our services
  • Send information and materials to you, such as test kits
  • Manage payments and subscriptions
  • To improve our services

We will keep this data for 8 years after you have ceased to be a member.

Contact details

This is information about you which we use to keep in touch. It can include your name, address, contact details and information you have shared about your contact preferences and availability.

We will use your contact details to:

  • Confirm and remind you about activities with us such as appointments, calls and tests
  • Provide you with information about our Services
  • Keeping in touch and sharing insights which you’ve told us you are interested in
  • Invite you to relevant events
  • Invite you to take part in relevant scientific research with us or one of our trusted partners
  • Tell you about the results of our research
  • Provide you with information about your account and payments
  • Provide you with information about updates to the app, our Services and Terms and Conditions.

If you have consented to Marketing communications, we will send you these updates from Aneira Health.

  • These updates may include information about our products, services, offers, events, company developments, partner information and similar topics. We will not share your contact details with our partners without your explicit informed consent. Depending on the consents you provide to us, we may send these communications to you via email, phone call, SMS, and/or push notification. You can change your marketing communications preferences or withdraw your consent at any time by following the instructions provided within the marketing communications themselves.  We will keep this data for 8 years after you have ceased to be a member.

If you become a participant in interventional research at one of our sites, the Sponsor of the research will tell you about how they will manage your Personal Data and how long they are required to hold your Personal Data.

Healthcare Data

Self reported healthcare data (on the Aneira app)

This is the information we will ask you to provide when you sign up such as:

  • Age; weight; health conditions; health history; interests; GP name and address; healthcare and lifestyle questionnaires

We will use this data to:

  • Help decide what tests you may need and who is the best person to see you
  • Understand topics which you might be interested in learning more about

Healthcare data from clinical care and testing

This is the information which you will provide to our health care professionals when you speak with us face-to-face or on video calls or telephone calls.

  • Health history; health symptoms, medications; other clinical measurements.

We will use this data to provide tailored clinical care to you.

Healthcare data from your existing healthcare records

This is all the coded information which your GP and the hospital systems hold about you. It does not include notes and letters. It will include some or all of the following:

  • Diagnoses, events such as appointments, procedures such as operations, medications and devices which have been given to you.

Samples

As part of joining Aneira Health and during any clinical care with us, we will take clinical samples to better understand your health status.  This includes genotyping using a blood sample. These samples may be blood, urine, or tissue. The processing of these tests is done by our laboratory providers. The laboratory will receive the following information about you:

  • Patient reference number (we don’t give the laboratory processing your sample your name); age; sex
  • If you are being sent a home testing kit, our fulfilment provider will have the following information about you: name; address; contact number; and the type of test you are to receive

We will store some of the samples for quality checks and an additional amount for future research. This will be stored anonymously for a minimum of 10 years.

Results of tests

These are the results of laboratory tests. These will be laboratory values linked to your patient identification number which we will match to your record in our electronic health record system. The laboratory cannot identify you from this information.

During your care we may ask you to consent to share data from devices such as smart watches or blood pressure monitors. We will receive the data from the manufacturers’ data management systems which is then transferred to our systems.

We will use this data to help inform our understanding of your health and to enable us to treat you appropriately.

The results of laboratory tests will be held by the laboratory for no more than 3 months and will then be deleted. They may be required to use the anonymous results to audit the quality of their systems.

Any unused blood or tissue samples are destroyed by the laboratory on a routine basis.

Your personal device manufacturers can hold anonymised data and you need to provide your permission on the system to allow this.

Your health care data will be stored for 8 years after you cease to be a member unless we inform you otherwise.

How will we use this healthcare data?

  • To confirm your eligibility for our clinical  Services
  • To provide clinical Services
  • To report back to your GP and other health care providers about your care
  • In anonymised form, we will use the data to generate insights to improve our services
  • In anonymised form, we will use the data for scientific research
  • Your clinician may invite you to take part in relevant interventional research

Sharing data

Where the data relates to clinical care, we will ask you to acknowledge that we can share this information with your GP or other care provider. You can opt out. Talk to your care team at Aneira Health about this.

How will we use data for research?

Aneira Health is committed to robust scientific research. All anonymised data we collect about you, your health and the information you give us will become part of our mission to improve health outcomes for women.

We will retain your data in anonymous format to enable us to analyse and improve our Services, to carry out scientific  research and develop machine learning and AI models to improve our understanding of women’s health conditions.

Research

We will use your anonymous data including:  

Part of your post code; GP site; year and month of birth; age; sex;  healthcare data ;  survey and questionnaire data.  

We will work with trusted partners to carry out research on the anonymised data.  

All research projects are overseen by our Research Ethics Advisory Group which includes patients, external experts, scientists, doctors, data scientists and a data protection officer.  

We will never sell your anonymised data.  

How we will use data to provide a Service?

Payment information

This data is essential to enable our payment provider(s) (see table) to process payments. The Data  captured by our payment provider(s) and stored and processed by us may include:  

Name; email address; postcode; card information; country of residence

We keep this information for as long as the tax authorities require. Once we no longer need this information, we will delete it.  

Communication

Where we communicate with each other via any method – chat, phone calls, texts, email or transcriptions of face-to-face conversations – we will keep that information in identifiable form for as long as you are a member.  

Only members of the clinic team, those booking appointments and meeting you at clinic reception will be able to view this information.  

We will use this data to provide the Services to you including clinical care.

Employment and hiring

If you apply for a job with Aneira Health – good choice.  

We will collect:

Name; contact details; your CV; references

We will retain information about you for 6 months after an unsuccessful application.  

Roles, responsibilities and data sharing

Data Controller

Aneira Health UK Limited is the data controller responsible for the collection and processing of personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA18).

Data Processors
The data we collect is processed by the following organisations for the purposes described:

Company
Location
Purpose
Type of Data
Google Cloud Platform
Hosting the data
All anonymised data
Semble
Electronic Health Records system
Name; reference number; DOB; contact details; address; healthcare information; card information
The Doctors Laboratory
Processing samples
Reference number; sex; age;
Cambridge Genetic Services
Processing samples
Reference number; sex; age
Validae Health LP
Registered in the US; operating in the UK
Research partner
Anonymised data only
Signature Rx/ Signature Pharmacy
Supply of medicines against private prescription and medicines advice to patients
DOB, Name, address, medication, allergies, name and address of prescriber
Slack
Making phone calls to patients via integration with Semble EHR
Name; contact number
UNTIL
UK
Clinical space and reception management
Patient name, DOB, Pt ID, date / time of appt
UNTIL
Clinical space  audit requirements – viewed only by healthcare professional
Patient name, DOB, Pt ID, date of appt, reason for appt, treatment / outcome
Webflow
Website contact form
Name; email address; phone number
Stripe
Processing payments
Name; card information; email; postcode; country of residence
Apple Pay
Ireland
Privacy Statement
Processing payments
Name; email address; card information; address; account activity
Google Pay
Multiple locations Privacy Statement
Processing payments
Name; email address; card information; address; account activity
Hubspot
Customer relationship management
Name; email address; records of engagement with Aneira products and services
PostHog
Product and user analytics
Email address; usernames; IP addresses;  device information
What’s App For Business
Customer service and patient communication
Name; contact details; healthcare information
Typeform
Customer feedback analytics
Name; email address; phone number

Data Security

The security of the data you share with us is important to us. We take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your provided personal data. All data provided to us is stored on our secure (password and firewall protected) servers. All electronic data associated with transactions you make or in relation to our website is encrypted. 

We also allow access to your personal data only to those employees and partners who have a business need to know such data. They must keep it confidential and are under a contractual obligation to do so.  

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.

Data Retention
The data we collect from you will be retained only for as long as necessary to fulfil the purposes we collected it for. This will include the purposes of satisfying any legal, accounting, or reporting requirements. 

In some circumstances, we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you. 

Where is Your Data Stored?

Your personal identifiable healthcare data is processed and stored on the information systems listed under Data Processors. Where those systems are outside the UK or EU we ensure that they are compliant with EU legislation and guidance.

International transfers of data
We work with research partners and will transfer anonymised data outside of the UK. These data cannot be linked back to you. The data will only be used for healthcare research and to train and develop models.

Changes to this policy
We may make changes to this policy from time to time. We will notify you when changes are made via the member portal and by your chosen form of communication.

Legal basis for Processing and Your Rights

We process your personal data based on the following legal grounds:

  • Consent: When you have given us explicit consent to process your data for those purposes
  • Healthcare: when you engage with us to provide healthcare services
  • Contract: When processing is necessary for the performance of a contract with you.
  • Legal Obligation: When we need to comply with a legal obligation.
  • Legitimate Interests: When processing is necessary for our legitimate interests, provided your rights and interests do not override those interests.
  • Scientific & public health interest: where processing is in the interest of scientific research

When we rely on consent, we will use your information on this basis until you withdraw your consent, or it can be reasonably assumed that your consent no longer exists. You may withdraw your consent at any time by instructing us at  hello@aneira.health or by speaking to our clinic team.

Your Legal Rights

Under certain circumstances, by law you have the right to: 

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. 
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. 
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). 
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.  
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party. 
  • Withdraw consent  for processing in any circumstance where you may have provided it for a specific purpose.

If you want to know more about your rights, please take a look at the ICO website. 

If you want to exercise any of your rights listed above, please email  php@informationgovernanceservices.com.

Before we release any information to you, we may request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).  You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. 

We respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.  
 

Contacting Us

You can contact us at: php@informationgovernanceservices.com

Version 1.2. Aneira Health Inc. 2024
Last updated 11th April 2025