top of page
Couple Cooking Together

ROE Wellness

Privacy

 Plain UK English | Last updated: 19 December 2025 

 Who we are 

  • We are a holistic health and wellness company providing adult (18+) services directly to individuals and via corporate wellness programmes. 

  • We use frequency-based scanning technologies to create a baseline of physiological biomarkers and deliver person-centred wellness roadmaps. 

 

How we act (controller/processor) 

  • For services delivered to individuals and employees, we act as an **independent controller** for the personal data we collect to deliver wellness services. 

  • Employers only receive **anonymised or aggregated** reports. No identifiable employee data is shared with employers. 

  • Where we process employer-provided scheduling/eligibility data strictly under their instructions, we act as a **processor** for that limited purpose. 

 

Personal data we collect 

  • Identity and contact details (e.g., name, date of birth, address, email, phone). 

  • Booking and account information (e.g., appointments, consents, preferences). 

  • Wellness service data: practitioner observations and session notes. 

  • Physiological biomarkers from our scanning technologies: vertebral load, stress & fatigue indicators, cardiovascular indicators, and body composition. 

  • Technical data (from our website and apps): cookie choices, strictly necessary cookies; analytics only with consent. 

 

Lawful bases for processing 

  • **Contract (Art. 6(1)(b))** – to book sessions, perform scans, provide wellness roadmaps, and deliver support. 

  • **Explicit consent (Art. 6(1)(a) + Art. 9(2)(a))** – for health-related information from scans, session notes, and practitioner observations. Consent is separate, specific, recorded, and can be withdrawn at any time. 

  • **Legitimate interests (Art. 6(1)(f))** – for low-impact operational needs such as IT and site security, fraud prevention, CRM hygiene, and improvement using aggregated/anonymised insights; and for strictly necessary cookies (balanced via an LIA). 

  • **Legal obligation (Art. 6(1)(c))** – to comply with laws (e.g., tax and accounting, responding to lawful requests). 

  • **Vital interests (Art. 6(1)(d) + Art. 9(2)(c))** – in rare emergencies to protect life, sharing minimal necessary information with emergency services. 

Third-party processors and hosting 

  • We use trusted service providers to deliver our services, including **Practice Better** for booking, client content delivery, and secure record storage. 

  • Practice Better processes personal data on our behalf under strict contractual terms and in compliance with UK data protection law. Your data remains under our control. 

  • We host and process data using providers located in the **United Kingdom**. We do not transfer personal data outside the UK. 

 

How we use your data 

  • Deliver and manage wellness services (bookings, scans, personalised plans, follow-ups). 

  • Provide secure client portals and content delivery. 

  • Produce anonymised/aggregated corporate programme reports (non-identifiable). 

  • Keep our systems secure, prevent fraud, and improve services using aggregated/anonymised insights. 

 

Retention 

  • Client information is retained for a **minimum of 7 years** (name and brief details, dates of sessions/appointments, condition or session topic, relevant observations). 

  • Financial records are retained for legal/tax purposes (typically **6 years**). 

  • Anonymised corporate reports are retained as needed for contractual reporting and service improvement; they cannot be used to identify individuals. 

 

Children 

  • Our services are for adults aged **18 and over**. We do not knowingly collect children’s data. 

 

Emergency protocol 

  • If we believe an individual is at risk of serious harm or needs urgent medical attention, we may share the **minimum necessary** information (e.g., name, date of birth, home address) with emergency services to ensure appropriate help. 

 

Your rights 

  • Access your data, request correction, erasure, restriction, or portability. 

  • Object to processing carried out on the basis of legitimate interests. 

  • Withdraw consent for health-related processing at any time (this does not affect processing already carried out). 

  • Complain to the UK Information Commissioner’s Office (ICO). 

Security 

  • Encryption in transit and at rest, role-based access controls, least privilege, audit logging, and regular reviews. 

  • Documented anonymisation standards for corporate reports to reduce re-identification risks. 

 

Contact 

  • For privacy queries, data rights, or consent withdrawal, please contact our team via the details published on our website. 

bottom of page