PRIVACY POLICY
Last Updated: 09.05.2025
1. Introduction
At PAAR London, we are committed to safeguarding your privacy and ensuring the protection of your personal data. This Privacy Policy explains how we collect, process, store, and share your information in compliance with the UK General Data Protection Regulation
(UK GDPR), the Data Protection Act 2018 (DPA 2018), the EU General Data Protection Regulation (EU GDPR) and where applicable, the U.S. Health Insurance Portability and Accountability Act (HIPAA). By using our services, you consent to the processing of your personal data as outlined in this policy.
2. Who We Are
PAAR London provides personalized wellness services through scientific analysis and tailored recommendations. We act as a Data Controller under UK GDPR/EU GDPR when processing personal data. Where services involve individuals in the United States or collaboration with U.S.-based healthcare entities, we may also act as a Covered Entity or Business Associate under the U.S. Health Insurance Portability and Accountability Act (HIPAA), and handle Protected Health Information (PHI) in accordance with HIPAA requirements.
- Company Name: PAAR London
- Registered Address: 239-241 Kennington Lane, London, United Kingdom, SE11 5QU
- Email: info@paar.london
- Phone: +44 7340 693671
3. What Personal Data We Collect
We may collect and process the following categories of personal data:
A. Personal Identifiable Information (PII)
• Name
• Date of Birth
• Contact Information (email, phone, address)
B. Special Category Data (Health & Biological Data)
• Biological samples (e.g., saliva, blood)
• Laboratory test results
• Health history and wellness preferences
C. Technical & Usage Data
• IP address
• Cookies and website analytics data
• Device and browser information
4. How We Collect Your Data
We collect data through the following methods:
- Direct Collection: When you provide information via our website, emails, phone, or wellness assessments.
- Biological Sample Submission: When you submit samples for laboratory analysis.
- Automated Collection: Through cookies, analytics tools, and tracking technologies.
5. How We Use Your Data
We process your personal data for the following lawful purposes:
- Providing Services – Conducting health analyses and offering personalized wellness recommendations.
- Compliance with Legal Obligations – Ensuring adherence to healthcare regulations.
- Customer Support – Responding to inquiries and service-related requests.
- Marketing & Communication (Only with Consent) – Sending wellness updates, promotions, and research insights.
- Service Improvement – Enhancing our wellness programs based on anonymized customer insights.
- Wellness Programme Continuity – Based on your signed consent, we use your wellness and health data for consultations, assessments, and insights development.
6. Legal Basis and Consent for Processing Personal Data
6.1 Consent for Processing (UK GDPR, EU GDPR & HIPAA)
We rely on your informed and explicit consent to collect and process your wellness and health-related information. This is formalised through the signed Declaration Form you complete before starting our services.
UK & EU GDPR Consent
By signing the Declaration Form, you agree that we may:
- Collect and use the health and wellness information you provide.
- Update your records to ensure continuity and relevance of care.
- Share relevant data with trusted third parties (e.g., diagnostic labs or wellness specialists) under strict confidentiality.
- Use anonymised (non-identifiable) data for service improvement and internal analytics. You may opt out at any time.
Your rights under UK GDPR and EU GDPR include:
- Access, correction, restriction, or deletion of your data.
- Withdrawal of consent at any time by contacting info@paar.london. HIPAA Authorization (for U.S. Clients or Partners) If you are located in the United States or if your care involves U.S.-based providers, we also comply with HIPAA. By signing our HIPAA consent form, you authorise us to:
- Use and share your Protected Health Information (PHI) to support your wellness
programme.
- Work with authorised healthcare providers, labs, and specialists under confidentiality
safeguards.
- Store PHI securely and restrict access to authorised personnel only.
- Use de-identified PHI for internal quality improvement purposes only.
You may revoke this authorization at any time by contacting us at info@paar.london, except where already relied upon.
6.2 Legal Bases for Processing (UK GDPR, EU GDPR)
We process personal data based on the following lawful grounds:
- Consent (Article 6(1)(a)) – Especially for sensitive health data.
- Contractual Necessity (Article 6(1)(b)) – To deliver services you request.
- Legal Obligation (Article 6(1)(c)) – To meet regulatory and compliance duties.
- Legitimate Interests (Article 6(1)(f)) – To enhance service quality without infringing your rights.
For Special Category Data (e.g., health data), we rely on:
- Explicit Consent (Article 9(2)(a))
- Healthcare Provision (Article 9(2)(h))
We ensure that all data processing, especially of sensitive information, is done with explicit written consent and in accordance with UK GDPR, EU GDPR, and HIPAA, where applicable.
7. Data Sharing & Third Parties
We do not sell your personal data. However, we may share data with:
Accredited Laboratories – For sample analysis and test results.
Regulatory Authorities – If legally required under healthcare or public safety regulations.
Service Providers – IT services, cloud storage, and analytics providers (under strict contractual agreements).
International Data Transfers
If we transfer data outside the UK or EEA, we ensure legal safeguards such as:
Standard Contractual Clauses (SCCs) under UK GDPR/EU GDPR.
UK International Data Transfer Agreement (IDTA).
Adequacy Decisions (if the recipient country is deemed adequate by the UK or EU).
8. How We Protect Your Data
We implement appropriate technical and organizational security measures to ensure data confidentiality and integrity, including:
Encryption – Secure storage and transmission of personal data.
Access Controls – Restricted access to authorized personnel only.
Data Minimization – Collecting and retaining only necessary data.
Regular Security Audits – Periodic risk assessments to identify and mitigate vulnerabilities.
9. Data Retention Policy
We retain personal data only for as long as necessary, in accordance with legal requirements:
Health & Personal Data: Stored for 7 years (or as required by law).
Marketing Data: Retained until consent is withdrawn.
Technical Data: Retained for 24 months for website analytics.
Once the retention period expires, we securely delete or anonymize the data.
10. Your Rights Under UK GDPR & EU GDPR
You have the following rights regarding your personal data:
✔ Right to Access: Request a copy of the personal data we hold.
✔ Right to Rectification: Correct inaccurate or incomplete information.
✔ Right to Erasure (Right to be Forgotten): Request deletion of your data.
✔ Right to Restrict Processing: Limit the ways we use your data.
✔ Right to Data Portability: Receive a structured, machine-readable copy of your data.
✔ Right to Object: Opt-out of certain types of data processing (e.g., direct marketing).
✔ Right to Withdraw Consent: Revoke consent for processing special category data.
✔ Right to Lodge a Complaint: File a complaint with the UK Information Commissioner’s
Office (ICO) or an EU Data Protection Authority (DPA).
You may also withdraw your consent at any time (UK GDPR Article 7(3); HIPAA
§164.508), by contacting us at info@paar.london
How to Exercise Your Rights
To request access, correction, or deletion of your data, please contact:
+44 7340 693671
11. Cookies & Tracking Technologies
Our website uses cookies and tracking tools to improve user experience.
Essential Cookies – Required for website functionality.
Analytics Cookies – Used for performance tracking (requires user consent).
Marketing Cookies – Used for advertising (requires user consent).
You can manage or disable cookies via your browser settings.
12. Updates to This Privacy Policy
We may update this Privacy Policy from time to time. Any significant changes will be communicated on our website with the revised date.
Last Updated: 09.05.2025
13. Contact Information
For privacy-related concerns or data subject requests, contact:
PAAR London Ltd.
Address: 239-241 Kennington Lane, London, United Kingdom, SE11 5QU
� Email: info@paar.london
� Phone: +44 7340 693671