Privacy Policy and Data Processing Agreement
Effective Date: 11 September 2025
Last Updated: 11 September 2025
(URLs referenced: https://epionehealth.solutions)
1. Introduction
Epione Health Solutions Limited (“we,” “our,” “us”) is a UK-registered company (Company No. 14825966, registered office: 5th Floor, 22 Eastcheap, London, EC3M 1EU) providing an informational and coordination platform connecting patients with international healthcare providers (“Medical Providers”).
This Privacy Policy explains how we collect, use, store, and share personal data in line with the UK GDPR, the Data Protection Act 2018, and other applicable laws. By using our services, you agree to the practices described herein.
We are the data controller for the personal information you provide to us. For specific services, we may act as a data processor on behalf of hospitals, clinics, or insurers.
2. Data We Collect
We may collect the following categories of personal data:
3. Lawful Bases for Processing
We process personal data under the following legal bases:
4. Purposes of Processing
Your data may be used for:
5. Data Sharing and International Transfers
We may share personal data with:
6. Data Retention
7. Cookies and Tracking
Our website uses cookies and similar technologies for analytics, functionality, and security. You can manage or disable cookies via your browser settings. See our separate Cookie Policy for details.
8. Your Rights
Under the UK GDPR, you have the following rights:
9. Children’s Data
Our services are primarily aimed at adults. If we process data of children (under 18), parental or guardian consent is required.
10. Data Security
We implement appropriate technical and organisational measures, including encryption, access controls, and secure data transfer protocols, to protect your information. However, no system is fully secure, and we cannot guarantee absolute protection against unauthorised access.
11. Complaints
If you have concerns about how we process your data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk.
12. Updates to This Policy
We may update this Privacy Policy periodically to reflect legal, technical, or business changes. Updates will be published on our website with the effective date.
Last Updated: 11 September 2025
(URLs referenced: https://epionehealth.solutions)
1. Introduction
Epione Health Solutions Limited (“we,” “our,” “us”) is a UK-registered company (Company No. 14825966, registered office: 5th Floor, 22 Eastcheap, London, EC3M 1EU) providing an informational and coordination platform connecting patients with international healthcare providers (“Medical Providers”).
This Privacy Policy explains how we collect, use, store, and share personal data in line with the UK GDPR, the Data Protection Act 2018, and other applicable laws. By using our services, you agree to the practices described herein.
We are the data controller for the personal information you provide to us. For specific services, we may act as a data processor on behalf of hospitals, clinics, or insurers.
2. Data We Collect
We may collect the following categories of personal data:
- Basic information: name, date of birth, nationality, contact details (phone, email, address).
- Special category data: health and medical information, medical history, test results, lifestyle details, where required for arranging consultations, treatment, or travel.
- Technical data: IP address, device identifiers, browser type, usage data (for analytics and security).
- Financial data: only where needed for invoicing or payments.
3. Lawful Bases for Processing
We process personal data under the following legal bases:
- Consent – e.g., where you agree to share health data for a treatment plan.
- Contract performance – where processing is required to deliver services you request.
- Legal obligation – to comply with tax, regulatory, and accounting duties.
- Legitimate interests – to ensure the security of our platform, prevent fraud, and improve services (balanced against your rights).
4. Purposes of Processing
Your data may be used for:
- Arranging consultations, diagnostics, and treatments with Medical Providers.
- Communicating with you about your case and care pathway.
- Sharing data with selected partners (e.g., hospitals, labs, translators, travel agencies) when necessary.
- Providing personalised treatment plans and cost estimates.
- Sending relevant updates or informational material (if you opt in).
- Ensuring compliance with legal and regulatory requirements.
5. Data Sharing and International Transfers
We may share personal data with:
- Hospitals, clinics, laboratories, and healthcare professionals.
- Third-party service providers (interpreters, travel agents, payment processors).
- Regulatory and tax authorities where required by law.
- Adequacy decisions by the UK/European Commission.
- Standard Contractual Clauses (SCCs) approved for international transfers.
- Additional safeguards to protect your privacy rights.
6. Data Retention
- Medical data and consent forms are retained only as long as necessary for the purpose of care coordination and in line with legal requirements.
- Business correspondence and invoices are retained for 6 years for compliance with tax laws.
- After the retention period, data is securely deleted or anonymised.
7. Cookies and Tracking
Our website uses cookies and similar technologies for analytics, functionality, and security. You can manage or disable cookies via your browser settings. See our separate Cookie Policy for details.
8. Your Rights
Under the UK GDPR, you have the following rights:
- Right to access – obtain a copy of your personal data.
- Right to rectification – correct inaccuracies.
- Right to erasure – request deletion (“right to be forgotten”).
- Right to restriction – limit how we process your data.
- Right to portability – receive your data in a portable format.
- Right to object – to processing based on legitimate interests or direct marketing.
- Right to withdraw consent – where consent is the legal basis.
9. Children’s Data
Our services are primarily aimed at adults. If we process data of children (under 18), parental or guardian consent is required.
10. Data Security
We implement appropriate technical and organisational measures, including encryption, access controls, and secure data transfer protocols, to protect your information. However, no system is fully secure, and we cannot guarantee absolute protection against unauthorised access.
11. Complaints
If you have concerns about how we process your data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk.
12. Updates to This Policy
We may update this Privacy Policy periodically to reflect legal, technical, or business changes. Updates will be published on our website with the effective date.
Get Your Personalised Treatment Plan
Tell us about your health needs and receive a tailored treatment plan within 48 hours.
By submitting this form, you agree to our Terms of Use and Privacy Policy.
Get Your Personalised Treatment Plan
Share a few details and our team will contact you within 24 hours to discuss your case and prepare your tailored plan with Memorial Hospitals.
By submitting this form, you consent to the processing of your personal data and agree to our Terms of Use and Privacy Policy.