Privacy policy

Privacy Policy

Last updated: 24/06/2026

1. Who we are

My Health Assistant Limited, trading as My Health Assistant or MYHA, is a company registered in England and Wales.

Our registered office is:

Strawberry Fields Digital Hub, Euxton Lane, Chorley, PR7 1PS

In this privacy policy, we, us and our mean My Health Assistant Limited.

This privacy policy explains how we collect, use, store and share personal information when you use our website, mobile application, booking platform, calendar tools or related services.

It also explains your rights under UK data protection law.

2. Our role

MYHA provides a technology platform that helps patients and prospective patients find healthcare professionals, send enquiries, book appointments and manage related communications.

MYHA also provides tools that allow healthcare professionals to create profiles, manage bookings, connect calendars and receive enquiries.

Depending on the circumstances, we may act as:

  • an independent data controller for personal information we use to operate, manage, secure and improve the MYHA platform;
  • an independent data controller for account registration, customer support, payment administration, service communications, analytics and marketing;
  • a data processor where we process personal information only on behalf of, and on the instructions of, a healthcare professional or clinic; or
  • a separate controller alongside a healthcare professional where both MYHA and the professional have their own purposes for using the information.

Healthcare professionals who use MYHA may also be separate data controllers for the personal information they collect or receive in order to provide healthcare services. This includes clinical records, treatment notes, professional advice and decisions about your care.

You should read the privacy notice of the relevant healthcare professional as well as this privacy policy.

3. Who this policy applies to

This policy applies to:

  • people who visit our website or use our app;
  • patients and prospective patients;
  • people who send enquiries or book appointments through MYHA;
  • healthcare professionals who use MYHA;
  • clinic, practice or business users;
  • people who contact us by email, telephone, post, web form, app message or other communication channel.

4. Personal information we collect

We may collect and use the following types of personal information.

4.1 Account and contact information

This may include:

  • name;
  • email address;
  • telephone number;
  • postal address;
  • date of birth, where required;
  • username, password and login details;
  • account settings and preferences;
  • communication preferences.

4.2 Patient enquiry and booking information

This may include:

  • the healthcare service or professional you search for;
  • enquiry details;
  • appointment booking details;
  • appointment date, time and location;
  • appointment status;
  • messages or forms submitted through MYHA;
  • information you choose to provide about your health, symptoms, requirements or reason for booking.

4.3 Health information

Health information may include:

  • symptoms or conditions you describe;
  • information about treatment needs;
  • documents or forms you upload;
  • information included in messages to healthcare professionals;
  • referral or booking information connected with healthcare services.

Health information is special category data under UK GDPR and receives additional protection.

4.4 Healthcare professional information

If you are a healthcare professional, we may collect:

  • name;
  • business contact details;
  • practice address;
  • professional profile information;
  • qualifications;
  • services offered;
  • professional registration details;
  • insurance or verification information, where required;
  • appointment availability;
  • calendar availability data where you connect a calendar integration.

4.5 Payment and transaction information

This may include:

  • payment amount;
  • payment status;
  • transaction reference;
  • billing information;
  • refund information;
  • limited payment information provided by our payment processor.

We do not usually store full payment card details ourselves.

4.6 Technical and usage information

This may include:

  • IP address;
  • device type;
  • browser type;
  • operating system;
  • app version;
  • device identifiers;
  • login information;
  • pages or screens viewed;
  • links clicked;
  • error logs;
  • access times;
  • cookie and similar technology data.

4.7 Location information

We may process location information where you provide it, for example by entering a postcode or town to search for healthcare professionals.

If we collect precise location data from your device, we will only do so where your device or app settings allow it.

4.8 Communications information

This may include:

  • emails, app messages, forms and letters you send to us;
  • customer support records;
  • complaint information;
  • feedback, reviews or survey responses;
  • call notes or call recordings, where applicable and where notified to you.

5. How we collect personal information

We may collect personal information:

  • directly from you;
  • from healthcare professionals using MYHA;
  • from clinics or practices using MYHA;
  • from payment providers;
  • from calendar integrations you choose to connect;
  • automatically through cookies, analytics tools, logs and similar technologies;
  • from service providers who help us operate the platform.

6. How we use personal information

We use personal information for the following purposes.

6.1 To provide and manage the MYHA platform

We use personal information to:

  • create and manage accounts;
  • allow users to search for healthcare professionals;
  • enable enquiries and bookings;
  • manage appointment information;
  • provide account features;
  • support calendar and availability tools;
  • send service messages;
  • process payments and refunds;
  • provide customer support.

6.2 To connect patients and healthcare professionals

If you send an enquiry or make a booking through MYHA, we may share relevant information with the healthcare professional or clinic you choose so they can respond, manage the booking or provide healthcare services.

This may include your name, contact details, appointment details, enquiry information and any health information you choose to provide.

6.3 To support healthcare professional profiles and booking tools

If you are a healthcare professional, we use your information to:

  • create and manage your profile;
  • display your services and availability;
  • verify professional or business information where required;
  • manage enquiries and bookings;
  • provide calendar and booking integrations;
  • provide support and account administration.

6.4 Calendar integrations

Where a healthcare professional connects a calendar integration, such as Google Calendar, we use calendar availability information to calculate available appointment times and help prevent double bookings.

Unless expressly stated otherwise:

  • we do not display the content of calendar entries to patients;
  • we do not use calendar entry content for marketing;
  • we do not sell calendar data;
  • we use calendar integration data only to provide booking and availability functionality.

Healthcare professionals can disconnect calendar integrations through their account settings or by contacting us.

6.5 Payments

We use payment and transaction information to:

  • process payments;
  • manage refunds;
  • issue receipts;
  • prevent fraud;
  • maintain accounting records;
  • comply with tax and financial obligations.

6.6 Service communications

We may send service communications, including:

  • account notifications;
  • booking confirmations;
  • appointment reminders;
  • payment confirmations;
  • security alerts;
  • changes to services, terms or policies;
  • customer support messages.

Service communications are not marketing communications.

6.7 Safety, security and fraud prevention

We use personal information to:

  • protect accounts;
  • secure the platform;
  • detect and prevent fraud or misuse;
  • investigate suspicious activity;
  • maintain audit logs;
  • troubleshoot errors;
  • protect our legal rights and the rights of users, professionals and others.

6.8 Platform improvement and analytics

We use information to understand how the website, app and platform are used, fix issues, improve performance and develop features.

Where possible, we use aggregated or anonymised information.

Where analytics tools use cookies or similar technologies, we will ask for consent where required by law.

6.9 Marketing

We may send marketing communications where permitted by law.

We will not use health information to target marketing unless we have clearly explained this to you and obtained any consent required by law.

You can opt out of marketing at any time.

6.10 Research, statistics and reporting

We may use anonymised or aggregated information for research, statistics, service development, internal reporting and commercial analysis.

Where information has been properly anonymised, it no longer identifies you and is not personal information.

We will not use identifiable health information for medical research with third parties unless we have a lawful basis, appropriate safeguards and, where required, your explicit consent.

6.11 Legal, regulatory and business purposes

We may use personal information to:

  • comply with legal obligations;
  • respond to lawful requests from courts, regulators, public authorities or law enforcement;
  • manage complaints or disputes;
  • establish, exercise or defend legal claims;
  • meet accounting, audit, insurance and reporting requirements;
  • support a business sale, investment, merger, restructuring or transfer, where appropriate safeguards are in place.

7. Lawful bases for processing personal information

We only use personal information where we have a lawful basis under UK GDPR.

The lawful bases we rely on may include:

  • contract, where processing is needed to provide the MYHA platform or services requested by you;
  • legitimate interests, where processing is needed for our business interests and your rights do not override those interests;
  • consent, where we ask for and rely on your consent;
  • legal obligation, where processing is needed to comply with the law;
  • vital interests, where processing is needed to protect someone’s life.

8. Special category health data

Health information is special category data and requires additional protection.

Where we process health information, we must have both:

  • a lawful basis under Article 6 UK GDPR; and
  • a separate special category condition under Article 9 UK GDPR.

Depending on the circumstances, we may rely on one or more of the following Article 9 conditions:

  • your explicit consent;
  • processing necessary for healthcare or treatment purposes by or under the responsibility of a healthcare professional;
  • processing necessary to establish, exercise or defend legal claims;
  • processing necessary to protect vital interests where someone is unable to give consent;
  • processing necessary for reasons of substantial public interest, where applicable;
  • processing necessary for scientific or statistical purposes, with appropriate safeguards, where applicable.

Where we rely on explicit consent, you can withdraw it at any time. This will not affect processing carried out before consent was withdrawn. It may mean that we can no longer provide certain services or features.

9. Lawful basis table

PurposePersonal information usedLawful basisSpecial category condition, where relevant
Creating and managing user accountsAccount and contact informationContract; legitimate interestsNot usually applicable
Providing the MYHA platformAccount, booking, technical and usage informationContract; legitimate interestsExplicit consent or healthcare condition where health data is used
Sending enquiries to professionalsContact, enquiry and booking informationContract; legitimate interests; consent where requiredExplicit consent or healthcare condition where health data is used
Appointment booking and remindersContact and booking informationContract; legitimate interestsExplicit consent or healthcare condition where health data is used
Professional profilesProfessional and business informationContract; legitimate interestsNot usually applicable
Calendar integrationsCalendar availability dataContract; legitimate interestsNot usually applicable unless health information appears in calendar entries
Payments and refundsPayment and transaction informationContract; legal obligation; legitimate interestsNot usually applicable
Customer supportAccount, contact, communication and booking informationContract; legitimate interestsExplicit consent or legal claims condition where health data is included
Security and fraud preventionTechnical, usage, account and transaction informationLegitimate interests; legal obligationLegal claims or substantial public interest where applicable
MarketingContact details and marketing preferencesConsent or legitimate interests, depending on the contextHealth data will not be used for marketing unless specifically explained and lawfully permitted
Analytics and improvementTechnical and usage informationLegitimate interests; consent where cookies require itNot usually applicable
Research and statisticsAnonymised, aggregated or limited personal informationLegitimate interests; consent where requiredResearch/statistical condition or explicit consent where identifiable health data is used
Legal claims and complianceRelevant account, booking, communication and transaction informationLegal obligation; legitimate interestsLegal claims condition where health data is relevant

10. Marketing communications

We may send marketing communications by email, text message, app notification or similar method where permitted by law.

For individual users, we will usually rely on consent unless the “soft opt-in” applies. The soft opt-in may apply where:

  • you gave us your contact details in the course of using or enquiring about our services;
  • we are marketing our own similar services;
  • you were given a clear opportunity to opt out when your details were collected; and
  • you are given a clear opportunity to opt out in every marketing message.

You can opt out of marketing at any time by:

  • clicking the unsubscribe link in a marketing message;
  • changing your account preferences, where available;
  • contacting us at info@myha.co.uk.

Opting out of marketing does not stop us sending service communications.

11. Cookies and similar technologies

We use cookies and similar technologies to operate the website and app, keep them secure, understand usage and improve performance.

Some cookies are strictly necessary. Others, such as analytics or advertising cookies, will only be used where permitted by law and, where required, with your consent.

For more information, please see our Cookie Policy: [insert link].

12. Sharing personal information

We may share personal information with the following categories of recipients where appropriate and lawful:

  • healthcare professionals or clinics you choose to contact or book through MYHA;
  • payment processors;
  • IT, hosting, software and platform support providers;
  • calendar integration providers, where you choose to connect a calendar;
  • communication providers, such as email or SMS providers;
  • analytics providers, where permitted by law;
  • customer support providers;
  • professional advisers, including lawyers, accountants, auditors and insurers;
  • regulators, courts, law enforcement agencies or public authorities where required or permitted by law;
  • third parties involved in a business sale, merger, investment, restructuring or transfer.

We do not sell personal information.

We do not share identifiable health information with advertisers.

We require service providers acting as processors to protect personal information, process it only for specified purposes and follow our instructions.

13. Sharing information with healthcare professionals

If you contact or book a healthcare professional through MYHA, we may share relevant information with that professional or their clinic.

This may include:

  • your name;
  • contact details;
  • booking details;
  • enquiry details;
  • messages or forms you submit;
  • health information you choose to provide;
  • payment or booking status.

Healthcare professionals may use this information to respond to you, manage your booking or provide healthcare services.

Healthcare professionals are responsible for their own use of personal information when they provide healthcare services. You should read their privacy notice.

14. International transfers

We primarily store personal information in the UK and/or EEA.

Some providers who support our platform may process personal information outside the UK or EEA. Where this happens, we will ensure appropriate safeguards are in place, such as:

  • a UK adequacy regulation;
  • the UK International Data Transfer Agreement;
  • the UK Addendum to the EU Standard Contractual Clauses;
  • another lawful transfer mechanism under UK GDPR.

You can contact us for more information about international transfers.

15. Data security

We use appropriate technical and organisational measures to protect personal information against accidental or unlawful loss, misuse, unauthorised access, disclosure, alteration or destruction.

These measures may include:

  • access controls;
  • encryption where appropriate;
  • secure hosting;
  • staff confidentiality obligations;
  • supplier due diligence;
  • audit logs;
  • security monitoring;
  • incident response procedures.

We limit access to personal information to those who need it for their role.

If a personal data breach occurs, we will assess it and notify affected individuals and the Information Commissioner’s Office where legally required.

16. How long we keep personal information

We keep personal information only for as long as necessary for the purposes for which it was collected, including legal, regulatory, accounting, reporting, insurance, security and dispute-resolution purposes.

Our typical retention periods are:

Type of informationTypical retention period
Account informationFor as long as your account is active, then up to 6 years after closure where needed for legal, audit or dispute purposes
Enquiry and booking informationUp to 6 years after the relevant enquiry or booking, unless a longer period is required
Payment and transaction recordsUp to 6 years for tax, accounting and legal purposes
Customer support and complaint recordsUp to 6 years after the matter is closed
Marketing preferencesFor as long as needed to respect your preferences
Technical logsUsually up to 12 months, unless needed for security, fraud prevention or legal purposes
Professional profile informationFor as long as the profile is active, then up to 6 years after closure where needed
Calendar availability dataFor as long as needed to provide the integration, then deleted or overwritten in accordance with our technical processes
Health information processed by MYHAFor as long as needed for the relevant platform purpose, then up to 6 years where needed for legal, audit, complaint or claim purposes

Where a healthcare professional controls clinical records, their own retention periods may apply.

We may keep anonymised information for longer.

17. Your rights

Under UK data protection law, you may have the right to:

  • access your personal information;
  • correct inaccurate or incomplete information;
  • request deletion of your information;
  • restrict how we use your information;
  • object to certain uses of your information;
  • receive certain information in a portable format;
  • withdraw consent where processing is based on consent;
  • complain to the Information Commissioner’s Office.

These rights do not always apply. We may need to verify your identity before responding.

If your request relates to information controlled by a healthcare professional, we may need to refer your request to that professional.

To exercise your rights, contact us at info@myha.co.uk.

18. Automated decision-making

We do not make decisions that have legal or similarly significant effects on you based solely on automated processing.

If this changes, we will update this policy and provide the information required by law.

19. If you do not provide information

You do not have to provide personal information. However, if you do not provide information needed to create an account, send an enquiry, make a booking, process a payment, verify a professional profile or provide platform functionality, we may be unable to provide the relevant service.

20. Contact us

If you have questions about this privacy policy or how we use personal information, please contact us:

 

Post: My Health Assistant Limited, Strawberry Fields Digital Hub, Euxton Lane, Chorley, PR7 1PS

Data protection contact:  info@myha.co.uk

 

21. Complaints

Please contact us first if you have a concern about how we use your personal information.

You also have the right to complain to the Information Commissioner’s Office.

ICO website: https://ico.org.uk/concerns/
ICO address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

22. Changes to this policy

We may update this privacy policy from time to time.

If we make significant changes, we will take appropriate steps to bring them to your attention, such as by notifying you through the website, app or email.

The latest version will be available on our website or app.