Last updated: February 2025

MAKEWELL PRIVACY NOTICE

Makewell ensures that all client details and records are kept in the strictest confidence. We collect information about you to:

• Make sure your care is safe and effective
• Work effectively with other professionals involved in your care
• Comply with legal obligations

 

This Privacy Notice explains how Makewell may use any personal information we collect about you when you use our website, use any Makewell products and services or communicate with Makewell. This Notice covers the following areas:

 

1. Who is responsible for your data
2. Personal data we collect about you
3. Categories of data we collect
4. Sensitive personal data
5. How and why we use your personal data
6. Requesting access to your personal data
7. Sharing your personal data
8. Financial Data sharing and Third parties
9. Security of your personal data
10. Disclosure of your personal data
11. Cookies
12. Updates to our Privacy Notice
13. How to contact us
14. References

 

1. Who is responsible for your data

 

Our Data Controllers work as a team, jointly determining the purposes of how the data is managed. This team is:

 

Chief Operating Officer

Director of Nursing and Quality

Director of Operations

Director of Services

 

You can contact them via

 

Phone                   0845 4238993

 

Email                     bookings@ecgtraining.co.uk

 

Post                       ECG The Gatehouse, Bradwell Abbey, Alston Drive, Milton Keynes, MK13 9AP

 

 

2. Personal data we collect about you

 

When using the term “personal data” in our Privacy Notice, we mean information that

relates to you and allows us to identify you, either directly or in combination with other

information that we may hold.

 

We collect some personal data from you, for example when you use our website, use our services or contact us.

Your personal data may include your name, your contact details, information on how you use our website or you interact with us.

 

3. Categories of data we collect

 

We may collect and process the following information about you:

• Your name,

• Your contact details (email address, telephone number(s), postal address)
• Information about your transaction, including your payment card details
• When you purchase Makewell products or services
• When you create an account.
• When you register on our website, when you take part in our competitions, or when you choose an offer that we make available on our website
• Information about your bookings, if you require special assistance or other requirements
• Information about your health, if you have a medical condition that may affect your treatment (please see section “Sensitive personal data” below for more information)
• The communications you exchange with us (for example, your emails, letters or telephone calls)
• When you contact Makewell or you are contacted by Makewell
  • Your feedback
  • When you reply to our requests for feedback or participate in our customer surveys

 

4. Sensitive personal data

 

In the course of providing services to you, we may collect information about your

racial or ethnic origin, physical or mental health, or religious beliefs. Such information is considered “sensitive personal data” under the General Data Protection Regulation. We only collect this information where you have given your explicit consent, if it is necessary, or if you have previously deliberately made it public.

 

For example, we may collect this information in the following circumstances:

• To assess your health, provide advice and supply appropriate treatment

• By providing any sensitive personal data you explicitly agree that we may collect and use it in order to provide our services and in accordance with this Privacy Notice. If you do not allow us to process any sensitive personal data, this may mean we are unable to provide all or parts of the services you have requested from us.

 

Sensitive, personal data is always kept confidential with access restricted to health care professionals and members of our clinical team.  The data is stored to meet the highest standards of data security.

 

5. How and why we use your personal data

 

Data will be processed by in accordance with the type of product or service

required. We use your personal data for the following purposes:

• Processing of orders for products and services
• For contractual purposes to provide the product or service ordered.
• To communicate with you and manage our relationship with you
• To improve our services and experiences for customers.
• The business purposes for which we will use your information include accounting, billing and audit, credit or other payment card verification along with anonymised statistical and marketing analysis.
• To comply with our legal obligations.

 

Telephone Conversations

 

We may record telephone conversations for quality assurance, training purposes, and to comply with regulatory requirements. When recording calls, we will always inform you at the start of the call that the conversation is being recorded and obtain your consent to do so, unless the recording is necessary to fulfil a legal obligation or is in the legitimate interests of our business, in which case we will provide you with clear notice of this practice in our privacy policy.

We will cease recording when taking payment details.

 

6. Requesting access and correction to your data

 

You have a right to request access to the data that we hold about you. If you would like to

request a copy of some or all of the data that Makewell holds about you, please email bookings@Makewell.co.uk. You will then be sent a copy of our Subject Access

Request Policy which sets out what we require to deal with your request.

 

7. Sharing your personal data

 

• All client details and records are kept in the strictest of confidence.
• Makewell will share information with other medical service providers who are involved directly in your care such as laboratory providers who deliver our testing services. All such providers are fully compliant with GDPR and other relevant data protection legislation, ensuring your information is handled securely and confidentially.
• Makewell will not share your information with any other third party, including other health services without your explicit permission. However, there are rare exceptions to this principle. These exceptions include situations where we are legally required to share information, such as when mandated by a court order, or if there is a serious risk to your safety or the safety of others.
• Makewell will not share your information for marketing purposes with any companies outside Makewell.
• Through our website we may provide links to third party websites. When you link to other websites you should read their own privacy policies/notices. Please be aware that this Privacy Notice does not apply to such websites and Makewell Is not responsible for your information that third parties may collect through these websites.

 

8. Financial Data sharing and Third parties

 

Worldpay: Your payment details are transmitted securely to Worldpay for verification and payment processing. Worldpay adheres to strict data protection regulations and uses advanced encryption to safeguard your information. For more details on how Worldpay handles your data, you can review their Privacy Notice.

 

Stripe: If you opt to pay through Stripe (for example, via online payment links), your payment data is sent directly to Stripe. Stripe complies with leading security standards, including PCI-DSS (Payment Card Industry Data Security Standard), ensuring that your financial information is protected. More information about Stripe’s data protection practices is available in their Privacy Policy.

 

We do not store your full credit or debit card details on our systems. Instead, these details are securely handled by Worldpay or Stripe, depending on your payment method.

 

We only share financial information necessary to process payments and issue refunds. These providers are contractually obligated to handle your data in compliance with applicable data protection laws and to never use your information for any purpose other than processing payments on our behalf.

 

9. Security of your personal data

 

We are committed to taking appropriate measures to protect your personal data against

unauthorised or unlawful processing and against accidental loss, destruction or damage to

that personal data. When you provide your personal data through our website this

information is transmitted across the internet securely using high-grade encryption. The information that you provide to us will be held in secure systems, which are located on our

premises or those of an appointed third party.

 

Clinical Information: Clinical records are stored on a secure system in accordance with ISO 27001 information and security management.

 

Financial Information: We take the security of your payment information seriously and implement strict measures to ensure it is protected against unauthorised access, disclosure, or misuse. Our security practices for payment data include the following:

• Encrypted Transactions: All payment transactions made through our website or in-person systems are encrypted using industry-standard SSL (Secure Socket Layer) technology to protect your financial information during transmission.
• Secure Payment Providers: We use trusted third-party payment processors, such as Worldpay and Stripe, which comply with the Payment Card Industry Data Security Standard (PCI-DSS). This ensures that your card information is handled securely and never stored in an unprotected format.
• No Local Card Storage: We do not store your full credit or debit card information on our systems. Instead, payments are processed directly by Worldpay or Stripe, and they handle the secure storage of card information as required by their security standards.
• Access Control: Access to payment-related records, such as billing information and receipts, is restricted to authorised personnel who require it to perform their duties (e.g., issuing refunds or resolving payment queries).

 

10. Disclosure of your personal data.

 

As described in this Privacy Notice, there are some instances where we need to disclose

your personal data to third parties. Where Makewell discloses your personal data to a third party, we require that third party to have appropriate measures in place to protect your

personal data; however, in some instances we may be compelled by law to disclose your personal data to a third party and have limited control over how it is protected by that party.

 

We will retain your personal data for as long as we need it in order to fulfil our purposes set

out in this Privacy Notice or in order to comply with the law.

Clinical Records will be retained in accordance with statutory guidance and best practice.

 

11. Cookies

 

In order to improve our services, to provide you with more relevant content and to analyse

how visitors use our website, we use technologies, such as cookies. We will not be able to

identify you from the information we collect using these technologies.

You can delete cookies if you wish; while certain cookies are necessary for viewing and

navigating on our website, most of the features will still be accessible without cookies.

For more information on how we use cookies and how you can remove them, please read

our Cookie Policy on the website.

 

12. Updates to our Privacy Notice

 

We review this Privacy Notice on a regular basis and will publish any new version on the

website. This Notice was last reviewed and/or updated in January 2025.

 

13. How to contact us:

 

Please contact us if you have any questions about our Privacy Notice addressed to

Bookings@Makewell.co.uk

 

14. References:

 

Records Management Code of Practice 2021 https://transform.england.nhs.uk/media/documents/NHSX_Records_Management_CoP_V7.pdf