Privacy Policy.

Last updated: May 2026

At House of Recovery, we are committed to maintaining the trust and confidence of our clients. This Privacy Policy details how we collect, store, and process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

House of Recovery (referred to as “we”, “us”, or “our” in this policy) is the data controller responsible for your personal data. If you have any questions about this privacy policy or our data practices, please email clare@houseofrecovery.co.uk.

2. Information We Collect

We may collect and process the following categories of personal data:

• Identity Data: First name, last name, and title.
• Contact Data: Email address and telephone number.
• Clinical & Health Data: Information relevant to your treatment protocols (such as medical history, contraindications, and recovery goals) collected during consultations to ensure safe clinical practice.
• Transaction Data: Booking histories and payment transaction summaries.

3. Third-Party Booking Services

Our appointment bookings and payment processing are handled securely by SumUp. When you book a session through our SumUp booking links, your data is processed directly on their platform. We encourage you to review the SumUp Privacy Policy for details on how they secure your transaction information. We receive booking details from SumUp to manage scheduling and customize your protocols.

4. How We Use Your Data

We process your personal data only when we have a lawful basis to do so, specifically:

• To perform the contract we are about to enter into or have entered into with you (such as managing your appointments).
• To comply with legal or insurance obligations, particularly concerning health records for clinical treatments.
• For our legitimate interests (such as improving our treatments, responding to inquiries, and maintaining clinic security).

5. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, insurance, or reporting requirements. Due to legal requirements surrounding clinical and therapeutic records, certain health and treatment histories must be securely retained for up to 7 years following your last session.

6. Your Legal Rights

Under UK data protection laws, you have rights in relation to your personal data, including the right to request access, correction, erasure, restriction, transfer, or to object to processing. To exercise any of these rights, please email us at the contact address provided above.

7. Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. Access to clinical data is strictly restricted to authorized staff administering your treatment protocols.