top of page

Privacy Policy

Set Points Health Privacy Policy (UK GDPR)

 

Our contact details
Name: Set Points Health Ltd (trading as Set Points Health)
Contact: Dr Mark Martin
Address: Set Points Health, The Glasshouse, Alderley Park, SK10 4TG
E-mail: help@wetrackhealth.com

Last updated: [07/12/2025]

 

1. Who we are

Set Points Health is a private GP and preventative health clinic providing general medical care, advanced diagnostics and longevity-focused services. Our work includes:

  • Private GP consultations (in person and remote)

  • Preventative and longevity health assessments

  • Blood tests and other laboratory investigations

  • Bone density, body composition and VOâ‚‚max testing

  • Minor surgical procedures

  • Weight-loss and metabolic treatments, including injectable therapies (e.g. GLP-1 medicines where clinically appropriate)

  • Pharmacogenetic / pharmacogenomic testing

  • Corporate health offerings

  • Corporate health days and workplace screening

  • Hotel and retreat-based health programmes

We are the “controller” of your personal data for the purposes of UK data protection law.

 

2. The type of personal information we collect

We collect and process the following categories of data where necessary and appropriate:

  • Identity and contact details – name, date of birth, address, email, phone number, emergency contact details.

  • Demographic information – sex/gender, age, occasionally ethnicity where clinically relevant.

  • Medical information – symptoms, diagnoses, past medical and surgical history, allergies, current and past medications, vaccination history, pregnancy-related information, NHS number where relevant.

  • Test and diagnostic data – results of blood tests, urine and stool tests, imaging, ECG, bone density measurements, body composition scans, VOâ‚‚max tests and similar investigations.

  • Genetic / pharmacogenetic data – where you choose to undertake pharmacogenomic testing, we may receive and store genetic test reports relating to drug metabolism and treatment choices.

  • Family history – family illnesses, cardiovascular risk, cancer history and similar information you choose to share.

  • Lifestyle and behavioural data – information you provide on exercise, sleep, diet, alcohol and tobacco use, substance use, stress, occupation and work patterns.

  • Professional and workplace data – job title, employer and organisational details when services are provided through your organisation (e.g. corporate health days).

  • Minor surgery and procedure records – consent forms, procedure notes, images where clinically appropriate.

  • Retreat / event information – booking details, programme attendance and any health information you choose to share for retreat or event participation.

  • Financial and transaction data – services purchased, invoices, payment method information (we do not store full card details – these are handled by our payment providers).

  • Technical data – IP address, device identifiers, browser type, and website usage data from cookies and similar technologies where used.

Because we are a healthcare provider, much of the information we hold about you is special category data (health data and, where relevant, genetic data).

 

3. How we get your personal information

We collect information in several ways, including:

  • Directly from you:

    • when you complete online or paper forms

    • when you book appointments or programmes

    • during consultations, minor procedures and follow-up contacts

    • via email, secure messaging, SMS, WhatsApp or similar communication tools

  • From third parties involved in your care, with your consent or where otherwise lawful:

    • your NHS GP or hospital consultants

    • other clinicians, therapists or health professionals involved in your care

    • partner health clubs, gyms or corporate wellness providers

    • laboratories and diagnostic providers supplying results

  • From corporate clients or retreat partners:

    • where your employer, organisation or hotel/resort provides limited identification and booking information so we can deliver the agreed services.

We will always seek to obtain information directly from you wherever possible.

 

4. Why we use your personal information (purposes and lawful bases)

We use your information to provide safe, effective healthcare and to run our clinic.

Under UK GDPR, the main lawful bases we rely on are:

Article 6 bases (all personal data):

  • Contract – to provide the services you have requested (e.g. GP consultation, longevity assessment, minor procedure, pharmacogenetic test, corporate health day or retreat).

  • Legal obligation – to meet legal, regulatory and professional requirements (e.g. CQC, GMC, clinical governance, medical record retention).

  • Legitimate interests – to manage and improve our services (e.g. quality improvement, audit, business planning), where this does not override your rights.

  • Consent – for specific activities such as some marketing communications or where not covered by the grounds above.

Article 9 bases (special category / health data):
Most of our processing of health and genetic data is based on:

  • Provision of health or social care – medical diagnosis, provision of health care and treatment, and management of health systems and services (Article 9(2)(h)).

  • Public interest in public health and quality / safety of healthcare – including clinical audit and quality improvement (Article 9(2)(i)).

  • Explicit consent – for certain optional tests (e.g. pharmacogenetic testing) or for sharing information with third parties not directly involved in your care, where required.

We use your data in particular to:

  • Assess your health, diagnose and manage medical conditions.

  • Arrange and interpret laboratory tests, imaging and other diagnostics.

  • Provide and document minor surgical procedures and injectable treatments (including weight-loss injections).

  • Create personalised reports, risk profiles and treatment or lifestyle plans.

  • Deliver corporate health days, workplace screening and education.

  • Run retreat and hotel-based programmes safely and appropriately.

  • Monitor your progress over time and adapt your care plan.

  • Communicate with you about appointments, results and follow-up.

  • Maintain appropriate business records, accounting and compliance.

We do not use your data for automated decision-making producing legal or similarly significant effects.

 

5. Sharing your information

We share information only when necessary, with appropriate safeguards, and usually on a need-to-know basis.

We may share your data with:

  • Laboratories and diagnostic providers – UK and, where necessary, overseas laboratories or diagnostic centres analysing your samples or scans.

  • Other healthcare professionals – such as your NHS GP, hospital specialists, osteopaths, physiotherapists or other clinicians involved in your care.

  • Corporate clients – where your employer commissions services, we may share high-level aggregated or anonymised results to support organisational health reporting. We do not normally share your named medical details with your employer unless required by law or with your explicit consent.

  • Retreat and hotel partners – limited data necessary to administer bookings and ensure your safety on retreats (e.g. relevant allergies, emergency contact details).

  • Service providers – including practice management software, secure email and messaging platforms, IT support and payment processors, who act as data processors under contract.

  • Regulators and insurers – such as CQC, ICO, professional bodies or indemnity providers where required for inspection, regulatory or legal purposes.

  • Research and quality improvement – we may use anonymised or pseudonymised data for audit, service improvement or research. You will not be identifiable in these outputs.

We do not sell your personal data to third parties.

 

6. International transfers

Some laboratories, technology providers or partners may be located outside the UK (and sometimes outside the EEA). Where your data is transferred internationally, we ensure appropriate safeguards are in place, such as:

  • an adequacy decision; or

  • standard contractual clauses; or

  • other recognised safeguards in line with UK data protection law.

Details of relevant safeguards can be provided on request.

 

7. How we store your personal information and how long we keep it

Your information is stored securely on encrypted, password-protected systems with multi-factor authentication wherever possible. Access is restricted to authorised staff and clinicians who need it to perform their roles.

We keep your medical records, including test results and reports, for the periods recommended for healthcare providers under UK guidance – typically at least 10 years from the date of last contact, and longer in the case of children or certain procedures. Non-clinical information (e.g. enquiries, marketing consent) is kept only as long as necessary for that purpose or until consent is withdrawn where relevant.

At the end of the retention period, we securely delete or destroy your data (for example, by secure electronic deletion or shredding). Biological samples are destroyed by the processing laboratory after the relevant retention period, generally by incineration in line with clinical waste regulations.

 

8. Your data protection rights

You have a number of rights under data protection law. These include:

  • Right of access – to ask for copies of your personal information.

  • Right to rectification – to ask us to correct inaccurate or incomplete information.

  • Right to erasure – to ask us to delete your information in certain circumstances (this may be limited for medical records where we have legal obligations to retain data).

  • Right to restriction of processing – to ask us to restrict how we use your data in certain circumstances.

  • Right to object – to object to certain types of processing, including some forms of direct marketing or processing based on legitimate interests.

  • Right to data portability – to ask us to transfer your data to you or another organisation in a structured, commonly used format in certain circumstances.

You are not required to pay a fee to exercise your rights. If you make a request, we will respond within one month unless the request is particularly complex.

To exercise any of these rights, please contact: help@wetrackhealth.com

 

9. How to complain

If you have concerns about how we use your personal information, please contact us in the first instance at help@wetrackhealth.com so we can try to resolve your concern.

You also have the right to complain to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: https://www.ico.org.uk

bottom of page