Hillser Clinic Privacy Policy

Effective Date: 1st March 2025

Last Reviewed: November 2025

1. Introduction

Hillser Clinic (“we”, “our”, “us”) is committed to protecting your privacy and handling your personal information with care, transparency, and integrity.

This Privacy Policy explains how we collect, use, store, and share your personal information when you visit our website, contact us, or receive medical or wellness services from us.

We comply fully with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

This policy applies to information processed directly by Hillser Clinic. Where you are referred to or engage with a third-party provider, their own privacy policy will apply.

2. Who we are

Hillser Clinic is a trading name of Sleep & Snoring Limited, a company registered in England and Wales (Company No. 15477974).

Registered office: 22 Vickers Mews, London Road, St. Albans, United Kingdom, AL1 1AX

Trading address: 9 Harley Street, London, W1G 9QY

Email: reception@hillserclinic.com

Website: www.hillserclinic.com

For the purposes of data protection law, Sleep & Snoring Limited is the Data Controller responsible for determining how and why your data is processed.

3. What information we collect

We may collect and process the following categories of data:

  • Personal and Contact Details: name, address, date of birth, telephone number, email address & ID.

  • Medical and Health Information: clinical history, test results, diagnoses, treatment plans, and other information shared during consultations or via diagnostic devices.

  • Financial Information: payment details, billing address, and transaction records (processed securely via Stripe, Xero or other systems).

  • Technical and Usage Data: IP address, browser type, device identifiers, and usage analytics collected through cookies (see our Cookie Policy).

  • Communication Data: records of emails, messages, and other correspondence between you and Hillser Clinic.

  • Other Information You Choose to Provide: we may also collect or receive any other information that you choose to share with us, or that is necessary to provide safe and effective care. This may include correspondence, documents, photographs, videos, or other materials you send to us voluntarily or as part of your treatment.

4. How We Collect Your Information

We collect data through the following means:

  • Information you provide directly (e.g. booking forms, medical questionnaires, consent forms, emails).

  • Our patient management system Semble, which stores and manages clinical records.

  • Diagnostic and laboratory partners such as Sefam/Sunrise, Zoll Itamar Medical/WatchPAT, or imaging providers.

  • Website analytics tools (e.g. Google Analytics) using cookies.

  • Referrals or shared care arrangements from other healthcare professionals (with your consent).

5. How We Use Your Information

Your data is used only for legitimate, necessary purposes, including:

  • Delivering safe, effective medical care and aftercare.

  • Managing appointments, diagnostics, prescriptions, and payments.

  • Communicating with you regarding your care or enquiries.

  • Meeting regulatory and legal obligations (e.g. CQC, GMC, HMRC).

  • Improving our website, systems, and services.

  • Sending service or treatment updates (only with your consent).

We do not sell your data or use it for unrelated marketing purposes.

6. Legal Bases for Processing

We process personal and medical data under the following lawful bases:

  • Performance of a contract: providing healthcare and related services.

  • Legal obligation: compliance with healthcare, tax, and record-keeping laws.

  • Legitimate interests: internal administration, quality assurance, and fraud prevention.

  • Consent: optional activities such as newsletters or information sharing with other providers at your request.

7. Sharing Your Information

We share data only where necessary and under strict confidentiality with:

  • Medical professionals or diagnostic providers involved in your care.

  • Service partners such as Semble, Stripe, Xero, or laboratory providers.

  • IT, communication, and hosting providers ensuring secure system operation.

  • Regulatory authorities if required by law.

All third parties are bound to comply with data protection legislation and to process data only for the agreed purpose.

8. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including to provide care, meet legal, regulatory, or business requirements, and resolve any disputes that may arise.

Retention periods may vary depending on the type of information, the nature of our relationship with you, and applicable legal or professional obligations. When data is no longer required, it will be deleted or securely anonymised where practicable.

9. Security

We maintain appropriate technical and organisational measures to protect personal data from loss, misuse, or unauthorised access, including:

  • Encrypted patient databases

  • Role-based access controls

  • Regular backups and security audits

  • Staff training on data protection

10. International Data Transfers

Some of our technology and service providers may store or process data outside the United Kingdom. Where this occurs, we rely on the provider’s own data protection safeguards, such as standard contractual clauses or other approved transfer mechanisms, to ensure that your information remains protected to UK standards.

11. Your Data Rights

Under UK data protection law, you have certain rights in relation to your personal information — including to access, correct, or in some cases request deletion of data.

These rights are subject to legal and professional obligations, and may not apply in all circumstances.

If you have a genuine concern about how your data is being used, you can contact us at reception@hillserclinic.com for assistance.

12. Third-Party Links

Our website may include links to third-party sites. We are not responsible for their privacy practices or content. You should review the privacy policy of any site you visit.

13. Updates to This Policy

We may update this Privacy Policy periodically to reflect operational, legal, or regulatory changes. The latest version will always be available on our website with the effective date shown above.

14. Contact Us

For privacy-related enquiries, data-access requests, or complaints, please contact: