Privacy policy

1. About this Privacy Policy

‍

Clean Slate Clinic Ltd ("we", "our", "us") is committed to protecting the privacy and security of personal data. We are registered as a Data Controller with the UK Information Commissioner’s Office (ICO) and comply with the UK General Data Protection Regulation (UKGDPR), the Data Protection Act 2018, the NHS Records Management Code of Practice, the Common Law Duty of Confidentiality, and Care Quality Commission (CQC) standards.

‍

This Privacy Policy explains how we handle personal data in relation to our services, including:

‍

●      What personal data we collect and hold.

●      How and why we use your data.

●      Who we share your data with.

●      How we store and secure your data.

●      Your rights under data protection law.

●      How to complain if you are dissatisfied.

‍

This policy applies to all personal data we process in delivering care and related business operations.

‍

‍

2. Who we are

‍

Clean Slate Clinic Ltd provides home-based and telehealth-enabled withdrawal and recovery services for individuals experiencing alcohol and substance dependence. Our registered office and contact details are provided at the end of this document.

‍

‍

3. Our legal obligations under UKGDPR and Data Protection Act 2018

‍

We process personal data in line with the following principles:

‍

●      Lawfulness, fairness, transparency.

●      Purpose limitation.

●      Data minimisation.

●      Accuracy.

●      Storage limitation.

●      Integrity and confidentiality.

●      Accountability.

We also comply with health-specific legislation and professional standards applicable to doctors, nurses, and pharmacists.

‍

‍

4. What is personal and special category data

‍

Personal data: any information relating to an identified or identifiable individual (e.g.name, date of birth, address, contact details, financial information).

Special categorydata: a subset of personal data requiring extra protection, including:

‍

●      Health information and medical history.

●      Genetic and biometric data.

●      Racial or ethnic origin.

●      Sexual orientation and gender identity.

●      Religious or philosophical beliefs.
‍

‍

5. Collection of your personal data

‍

We collect personal data that is necessary to provide safe and effective care. Sources include:

‍

●      Information you provide (via forms, telehealth, emails, phone calls, apps).

●      Information from other healthcare providers (GP, NHSservices, pharmacies) with your consent or as permitted by law.

●      Support persons or family members where authorised.

‍

Unsolicited data: If we receive information not required for our services, we will assess whether we may lawfully retain it. If not, it will be securely deleted.

‍

Children & vulnerable persons: We only collect and process data of children and vulnerable individuals where lawful, with appropriate safeguards and consent.

‍

6. Remaining anonymous or pseudonymous

‍

You may request to interact with us anonymously or under a pseudonym where practical (e.g. general enquiries). This may not be possible where identification is necessary for safe care, prescribing, safeguarding, or legal reasons.

‍

‍

7. Purposes and lawful bases for processing

‍

We process data only where a lawful basis under UK GDPR applies. Examples:

‍

●      Consent –for specific optional services, research, or communications

●      Contract –to deliver services you have signed up for

●      Legal obligation– compliance with CQC, safeguarding, tax, or NHS reporting

●      Vital interests– where necessary to protect life or health

●      Public task– providing healthcare services in the public interest

●      Legitimate interests – for administrative or quality improvement purposes, balanced against your rights
‍

‍

8. How we use and disclose your data

‍

We may use your data for:

‍

●      Clinical care and safe prescribing.

●      Service monitoring, quality assurance, and audits.

●      Safeguarding children and vulnerable adults.

●      Meeting regulatory requirements (CQC, NHS,GMC/NMC/GPhC).

●      Research and statistical analysis (usually de-identified).

●      Financial management (billing, payment processing).

‍

We will not use your data for marketing without explicit consent.

‍

‍

9. Data linkage and integration

‍

We may link anonymised datasets to evaluate outcomes, improve services, or conduct research. Data linking projects are subject to privacy impact assessments and robust governance.

‍

‍

10. Sharing your data with third parties

‍

We share data only where necessary and lawful, for example:

‍

●      GPs and other NHS services.

●      Pharmacies for dispensing medication.

●      Regulators such as the CQC or GMC.

●      Technology providers (e.g. Semble electronic health record platform, cloud storage providers).

●      Insurers, commissioners, or funders where relevant.

‍

All third parties are required by contract to maintain data protection standards equivalent to UK GDPR.

11. International transfers

‍

Where data is transferred outside the UK (e.g. cloud providers), we ensure safeguards are in place, including:

‍

●      UK adequacy regulations (where a country is recognised as having equivalent protections).

●      International Data Transfer Agreements (IDTAs).

‍

‍

12. Storage, retention, and destruction

‍

Records are kept in line with the NHS Records Management Code of Practice. Examples:

‍

●      Adult health records: minimum 8 years.

●      Children’s records: until 25th birthday (or 26th if aged 17 at conclusion of treatment).

When records are no longer required, they are securely destroyed or anonymised.

‍

‍

13. Data security

‍

We protect data using:

‍

●      Encryption in transit and at rest.

●      Multi-factor authentication.

●      Role-based access controls.

●      Staff training and confidentiality agreements.

●      Regular security testing and audits.

●      Incident response procedures.

‍

‍

14. Your rights

‍

You have the following rights under UK GDPR:

‍

●      Access to your data

●      Rectification of inaccuracies

●      Erasure (where applicable)

●      Restriction of processing

●      Data portability

●      Objection to processing (including for direct marketing).

●      Not to be subject to solely automated decisions with significant effects.

Requests should be submitted to our Data Protection Officer. We will respond within one month.

‍

‍

15. Notifiable Data Breaches

‍

If a data breach poses a risk to your rights and freedoms, we will:

‍

●      Notify the ICO within 72 hours.

●      Inform affected individuals without undue delay where high risk exists.

●      Document breaches and remedial actions.

‍

17. Cookie Policy

‍

17.1  What are cookies?

‍

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work, work more efficiently, and to provide information to site operators. In addition to cookies, we may use similar technologies such as web beacons, pixels, and local storage, which function in a comparable way. References to 'cookies' in this policy include these similar technologies unless stated otherwise.

‍

17.2  How we use cookies

‍

We use cookies to:

• ensure the website functions correctly and securely;
• remember your cookie consent preferences;
• understand how visitors use the website so we can improve it;
• conduct A/B tests to optimise page content and design;
• monitor technical errors to maintain site reliability;
• measure the effectiveness of our advertising campaigns; and
• enable embedded third-party content, including video.

‍

17.3  Categories of cookies we use

‍

We use the following categories of cookies. You can manage your preferences for non-essential cookies at any time via ‘Cookie preferences’ which can be found in the footer of all website pages. 

‍
Essential cookies (always active)

These cookies are essential for the website to work. They cannot be switched off, and no consent is required to set them. They do not store any information that could identify you personally.

‍

‍

Analytics cookies (require consent)

These cookies help us understand how visitors use the website so we can improve it. They collect information anonymously and are not used to identify you personally. We only set these cookies with your consent.

‍

‍

Marketing cookies (require consent)

These cookies are used to show relevant advertising and to measure how well our campaigns are performing. Some are set by third-party advertising partners. We only set these cookies with your consent.

‍

‍

Personalisation cookies (require consent)

This category is reserved for cookies that remember your preferences and enable enhanced or personalised features. We do not currently use any personalisation cookies. This section will be updated if that changes.

‍

17.4  Third-party cookies

‍

Some cookies on our website are set by third parties rather than by us. We do not control these cookies. The third parties listed in the tables above are responsible for their own cookies. We recommend you review the privacy and cookie policies of each provider for full details of the data they collect and how they use it:

‍

• Google Analytics & Google Ads: https://policies.google.com/privacy
• YouTube: https://policies.google.com/privacy
• Microsoft Ads / bing.net: https://privacy.microsoft.com/en-gb/privacystatement
• Stripe: https://stripe.com/gb/privacy
• Sentry: https://sentry.io/privacy/
• Optibase: https://www.optibase.io/privacy

‍

Where third-party cookies are classified as Marketing, they will only be set after you have given your consent via our cookie banner.

‍

17.5  Managing your cookie preferences

‍

When you first visit this website, you will be shown a cookie banner that allows you to accept, reject, or customise your cookie preferences by category.

‍

You can change your preferences at any time by clicking the Cookie preferences link in the footer of every page on this website — it’s always there when you need it. This reopens the consent panel where you can update your choices.

‍

Please note that if you decline or withdraw consent for certain categories of cookie, some parts of the website may not function as intended. Essential cookies cannot be disabled.

‍

You can also control cookies at the browser level. Most browsers allow you to refuse or delete cookies. The methods vary by browser; please refer to your browser's help documentation for guidance:

‍

• Google Chrome: Settings > Privacy and security > Cookies and other site data
• Mozilla Firefox: Settings > Privacy & Security > Cookies and Site Data
• Apple Safari: Preferences > Privacy > Manage Website Data
• Microsoft Edge: Settings > Cookies and site permissions

‍

Opting out of cookies via your browser will apply globally and may affect your experience on other websites. It is separate from the preferences you set via our cookie banner.

‍

17.6  Cookies and sensitive personal data

‍

We understand that visiting a health and addiction service website is a private matter. We take extra care with how cookies are used on this site:

‍

• Analytics and marketing cookies are only activated following your explicit consent.
• We regularly review our third-party tools to ensure they are not used in ways that could be harmful or intrusive to visitors.

‍

If you have any concerns about how your data is handled, please get in touch using the contact details in Section 19.

‍

17.7  Changes to this Cookie Policy

‍

We keep this Cookie Policy under review and update it when needed. If we make significant changes — such as adding new cookies or changing what they are used for — we will let you know via the cookie banner on your next visit.

18. Artificial Intelligence (AI) and your privacy

‍

We may use AI tools to support analysis and improve service delivery. AI is never used to make autonomous clinical decisions. Safeguards include:

‍

●      De-identification of data where possible

●      Oversight by Clinical Governance Committee

●      Regular accuracy and bias testing

●      Privacy impact assessments

●      Opt-out rights where appropriate

‍

19. Updates to this Policy

‍

We review this policy annually and update it where required by law or practice changes. Significant updates will be communicated via our website and direct notices.

‍

This policy was last updated 24th April, 2026.

‍

20. Contact Us

‍

Data Protection Officer

‍
Clean Slate Clinic Ltd
Market House, 10 Market Walk, Saffron Walden CB10 1JZ

Email: DPO-UK@cleanslateclinic.com
Phone: 0203 835 4705
ICO Registration Number: ZB866300