Privacy Policy

Privacy Policy

Learn how we collect, use, and protect your personal data in compliance with UK GDPR and data protection laws.

Last updated: 30 August 2025

Data Controller

Company Legal Name: Rincewind Ltd. (trading as HealMinded)

Registered Address: 349C High Road, London, England, N22 8JA, United Kingdom

Company Number (UK): 13748045

Telephone: +44 (0)7467 568145

Email: info@healminded.co.uk

Website: https://www.healminded.co.uk

Supervisory Authority (UK): Information Commissioner's Office (ICO)

1. Definition

As a result of using the website healminded.co.uk (the "Website"), HealMinded may require certain personal data so you can use services provided via the Website. "Personal data" means any information relating to an identified or identifiable natural person and may include:

  • • Name, surname, email address, telephone number(s)
  • • Sensitive/special category data (including health data)
  • • Transaction data relating to your use of the Website
  • • Any other information you choose to share with HealMinded ("Personal Data")

Special category data (e.g., health data) will only be processed where a valid lawful basis and a UK GDPR Article 9 condition apply (e.g., explicit consent or vital interests), and with appropriate safeguards.

2. Purpose & Legal Bases

This Privacy Policy explains how HealMinded collects and processes Personal Data in a manner that respects your rights.

HealMinded primarily complies with UK GDPR and the Data Protection Act 2018 (together "UK Data Protection Law"), and where applicable, the EU GDPR, the Digital Markets Act (DMA), the CCPA, the VCDPA, and the IAB Transparency and Consent Framework (IAB TCF). For electronic marketing/cookies in the UK, HealMinded also complies with PECR.

Lawful bases may include:

  • • Legitimate interests (UK GDPR Art. 6(1)(f)) for responding to your voluntary enquiries about the Services and improving Website functionality—balanced against your rights and freedoms
  • • Consent (Art. 6(1)(a)) for analytics/advertising cookies and for specific communications (see Cookies and Marketing/WhatsApp sections)
  • • Contract (Art. 6(1)(b)) where processing is necessary for the performance of a contract (e.g., handling your booking/quote, account, or support requests)
  • • Legal obligation (Art. 6(1)(c)) where retention/disclosure is required by law
  • • Special category data: explicit consent (Art. 9(2)(a)) or other applicable Art. 9 conditions (e.g., vital interests, establishment/exercise/defence of legal claims)

Processing purposes may include:

  • • Managing access to and use of the Services on the Website
  • • Customer administration (contracts, orders, invoices, loyalty programmes, relationship management)
  • • Maintaining records of registered members/users/customers/prospects
  • • Sending newsletters or promotional communications (subject to your consent and opt-out rights)
  • • Generating service usage statistics and performance analytics
  • • Collecting and managing customer opinions/feedback regarding products/services/content
  • • Managing unpaid invoices and disputes relating to the Services
  • • Tailoring responses to information requests and improving user experience
  • • Complying with legal and regulatory obligations (including medical tourism regulations where applicable)

Mandatory/optional fields will be identified at collection. Failure to provide mandatory data may prevent provision of the relevant Service.

3. Controller Identity

The data controller is Rincewind Ltd. (trading as HealMinded), registered in England and Wales (No. 13748045), with its registered office at 349C High Road, London, England, N22 8JA, United Kingdom ("HealMinded", "we", "us").

4. Recipients & Disclosures

Access to Personal Data is restricted to authorised HealMinded personnel, audit/control services (including external auditors), and sub-processors/service providers engaged under appropriate contracts (UK GDPR Art. 28).

HealMinded may disclose Personal Data:

  • • To public authorities where required by law (e.g., HMRC, law enforcement)
  • • To legal representatives/courts to establish/exercise/defend legal claims
  • • Within clinical coordination scenarios: where you have engaged a clinic, certain data (including images/health information) may be exchanged securely between the clinic's staff and HealMinded staff (including, where you opt-in, over channels such as WhatsApp) exclusively for triage/assessment/treatment coordination, under confidentiality and data minimisation principles

Operational tools used by HealMinded may include:

  • • HubSpot (CRM / quote & coordination management)
  • • Semrush, Ahrefs (SEO/marketing analytics)
  • • Hotjar (behaviour analytics—heatmaps/session insights)
  • • Winston AI (analytics to enhance data processing capabilities)
  • • CapCut, Canva (content production)
  • • ElevenLabs (voice generation/editing where applicable)
  • • Cookiebot (consent management)
  • • Google Analytics (audience measurement—consent-based in the UK/EEA)

A current list of processors and transfer locations is available upon request at info@healminded.co.uk.

5. International Transfers

Where Personal Data is transferred outside the UK (and, where applicable, the EEA), HealMinded implements appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, and performs risk assessments where required. Copies of relevant transfer safeguards can be requested at info@healminded.co.uk (subject to redactions).

6. Retention Periods

Personal Data is retained no longer than necessary for the purposes collected, subject to legal/defensible retention needs.

Indicative periods:

  • • Customer & prospect management: retained for the duration of the relationship and then for up to 10 years for legal/accounting or service history purposes where justified
  • • Marketing opt-out records: retained for at least 10 years to respect your objection preferences
  • • Cookies/analytics identifiers: per Cookies section (e.g., analytics cookies typically up to 12 months, subject to your consent)
  • • Contracts/claims evidence: retained per statutory limitation requirements

HealMinded reviews retention periodically and securely deletes/anonymises data when no longer needed.

7. Security

HealMinded applies appropriate technical and organisational measures to preserve confidentiality, integrity and availability of Personal Data, including access controls, encryption in transit (TLS), and least-privilege principles. No internet transmission is entirely secure; residual risks are managed per industry standards.

8. Cookies & Similar Technologies

Cookies are small text files stored in your browser. HealMinded uses:

  • • Strictly Necessary/Technical Cookies – to enable core functionality and remember choices (language, session)
  • • Analytics Cookies (e.g., Google Analytics) – only with your consent in the UK/EEA; used to measure visits, page views, and on-site activity. IP address may be processed to infer approximate location (city-level)
  • • Consent Management (Cookiebot) – to record/manage your preferences

HealMinded does not place social media or advertising/retargeting cookies without your prior consent. You can change preferences at any time via the Cookiebot banner/settings, or block cookies in your browser (which may impact functionality).

For detailed information, see our Cookie Policy.

9. Your Rights (UK & where applicable EU)

Subject to conditions/exemptions under UK GDPR/EU GDPR, you have rights to:

  • • Access your Personal Data (Art. 15)
  • • Rectification (Art. 16)
  • • Erasure ("right to be forgotten", Art. 17)
  • • Restriction (Art. 18)
  • • Portability (Art. 20) for data you provided to us under consent/contract, in a structured, commonly used, machine-readable format
  • • Object (Art. 21) to processing based on legitimate interests or direct marketing (including profiling)
  • • Not to be subject to decisions based solely on automated processing where it produces legal or similarly significant effects (Art. 22), unless lawful exceptions apply

To exercise rights, contact info@healminded.co.uk or write to the Registered Address above. HealMinded may need to verify identity and may refuse manifestly unfounded/excessive requests in accordance with law.

Complaints: You can complain to the ICO (www.ico.org.uk). We encourage you to contact us first to resolve any concerns.

10. Access & Contact Details

Requests can be sent to:

Email: info@healminded.co.uk

Postal: Rincewind Ltd. (HealMinded), 349C High Road, London, England, N22 8JA, United Kingdom

11. WhatsApp Use Terms (Opt-In)

If you opt-in to communicate via WhatsApp:

  • • Use must be lawful; you are responsible for content you share
  • • Processing will be limited to coordination/assessment/aftercare purposes on the basis of consent and/or contract
  • • WhatsApp (Meta Platforms) may process your phone number/device data per its own terms/policies as an independent controller. Review WhatsApp's privacy policy separately
  • • HealMinded will not send WhatsApp marketing without your prior consent (PECR/UK GDPR). You can withdraw consent at any time by contacting info@healminded.co.uk or changing your preferences

12. Social Media Pages

HealMinded maintains profiles on platforms such as Facebook, Instagram, LinkedIn, X (Twitter), Google/YouTube, Pinterest, Trustpilot. These platforms may process data outside the UK/EEA for analytics/advertising and create usage profiles (cookies or similar may apply, particularly when logged in). HealMinded only links to profiles; clicking a link may cause your browser to send data to that platform.

Where HealMinded processes Personal Data via its social pages (e.g., messages, comments), your rights under this Policy apply. Platform-specific rights/opt-outs are governed by each platform's privacy policy.

13. Marketing Communications

Electronic direct marketing (email/SMS/WhatsApp) is sent only where permitted by law (consent or soft opt-in under PECR, as applicable). You may opt-out at any time via unsubscribe links or by emailing info@healminded.co.uk.

14. Modifications

HealMinded may amend this Privacy Policy from time to time. Material changes will be notified via the Website and/or email where appropriate. Continued use of the Website after changes take effect constitutes acceptance of the updated Policy. If you do not agree, please discontinue use of the Services.

15. Additional Notes on US/EEA Frameworks

Where the CCPA/VCDPA or EU GDPR/DMA applies (e.g., due to user location or service targeting), HealMinded will honour corresponding rights/obligations, including notice, access, deletion, and opt-out rights as required by those regimes, in addition to UK rights above.

16. Children

The Services are intended for users 18+. Where lawful authority exists to act on behalf of a minor, the authorised representative must ensure appropriate consents are in place.

17. Data Minimisation & Necessity

HealMinded will collect only the Personal Data necessary for the stated purposes and will apply data minimisation, purpose limitation, and storage limitation principles.

18. Open Standards for Portability

Where you exercise portability, HealMinded will provide data in an open, machine-readable format commonly used and aligned with current technical standards.

Effective date: This Privacy Policy originally came into force in 2019 and was last updated in 2024.

Quick Reference (How to Exercise Your Rights)

  • • Access/Erase/Portability/Objection: info@healminded.co.uk
  • • Change Cookie Preferences: Cookie banner/settings (Cookiebot) on healminded.co.uk
  • • Complaints (UK): Information Commissioner's Office (ICO) – www.ico.org.uk

Important Forms:

Download Privacy Policy Consent Form