Privacy Policy

Introduction

Welcome to Aurae Healthcare's privacy policy.

We respect your privacy and are committed to protecting your personal data. This privacy policy lets you know how we look after your personal data when you use our service, and gives you information about your privacy rights and how the law protects you.

Important information and who we are

Purpose of this privacy policy

This Privacy Policy explains how Aurae Healthcare Limited ("Aurae", "we", "us" or "our") collects, uses, stores and protects your personal data when you access our website or use our mobile phlebotomy and healthcare services.

This includes any personal data you provide when you:

Request a home blood test appointment
Make an enquiry
Complete a referral
Communicate with our clinical or administrative team
Use our website

Aurae Healthcare Limited is the Data Controller and is responsible for your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact: info@auraehealthcare.com

Address: 6 Veldene Way, Harrow, HA2 9BH

Children

Our website and services are not intended for individuals under the age of 18.
We do not knowingly collect or process personal data relating to children. If we become aware that we have inadvertently collected such data, we will delete it promptly.

You must be 18 years of age or older to use our services.

What Data we collect:

Full name
Date of birth
Gender
Address
Contact details
Requesting clinician/lab details
Appointment notes relevant to sample collection
Payment information

Aurae Healthcare stores only the minimum clinical information necessary to safely provide blood sample collection services.

Storage & Security

All personal data is stored securely on password-protected systems with restricted access.
We implement appropriate technical and organisational safeguards to protect your information.

Records are retained in accordance with professional and legal obligations.

Data Sharing Personal data may be shared only with the designated laboratory or requesting clinician where necessary to facilitate testing.

We may share your personal data with trusted third parties where necessary , including:

Accredited UK Laboratories
GP practices or referring clinicians
Secure postal or courier services (for specimen transport)
IT and cloud service providers
Secure payment processors
Regulatory bodies where legally required

All third parties are contractually required to respect the security and confidentiality of your data and to process it in accordance with UK data protection law.
We do not sell or share personal data for marketing purposes. Transaction Data

Payment details processed securely via third payment providers. Connecting or clicking to third party links may allow them to collect or share data about you. We have no control over these third-party websites and accept no responsibility for their privacy policies.

How We Use Your Personal Data

We will only use your personal data where legally permitted under UK GDPR.

To provide and fulfil the services you have requested from us.
To process payments
To communicate regarding appointments
To comply with medical safety obligations
To process health data
To improve our website

Promotional Offers from us

We may use your contact details to send you information about our services, offers, and updates where you have consented to receive marketing communications.

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

Cookies

We use cookies to ensure our service runs smoothly and to personalise your visit. By continuing, you agree to our use of cookies. You can manage your preferences at any time. Cookies do not collect sensitive health information.

Data Security

We implement appropriate technical and organisational measures to protect your data, including:

Secure digital storage systems
Password-protected devices
Restricted staff access
Encrypted communications where appropriate
Staff confidentiality agreements
DBS-checked clinical staff

We limit access to your personal data to those employees, agents, and contractors who have a legitimate business need to know.

Data Retention

We retain personal and clinical data only for as long as necessary to fulfil the purposes for which it was collected, including:

Clinical records: In accordance with NHS Records Management Code of Practice guidelines.
Financial records: In line with HMRC requirements

When data is no longer required, it is securely deleted or anonymised. For marketing communications, your contact information will be kept until you choose to unsubscribe or request deletion. We take all reasonable measures to ensure that your data is stored securely during this period.

Your Legal Rights

Subject to applicable data protection legislation, you are entitled to certain rights with respect to your personal data, including, but not limited to, the right to:

Request access to your personal data
Request correction of inaccurate data
Request erasure (where legally permissible)
Object to processing
Request restriction of processing
Request transfer of your data (data portability)
Withdraw consent where processing is based on consent

No Fee usually required

Accessing your personal data or exercising any of your rights will not normally incur a fee. We may, however, charge a reasonable fee or decline requests that are manifestly unreasonable, repetitive, or excessive.

Complaints

If you have concerns about how we handle your personal data, please contact us first so we can resolve the matter promptly.

You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)

www.ico.org.uk

Changes to This Privacy Policy

We may update this Privacy Policy periodically. The latest version will always be available on our website.

Updated: 01/03/2026

Privacy Policy

This website uses cookies.