Privacy Policy

Last Updated: April 2026

1. INTRODUCTION

Aurion London Ltd (“we”, “us”, or “our”) is committed to protecting your privacy and security. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit our website, book a consultation, or undergo our programme.

For the purposes of the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), we are the “Data Controller”.

We are registered with the Information Commissioner’s Office (ICO). Our registration number is: ICO:00013640889.

2. INFORMATION WE COLLECT

We collect two types of data from you:

2.1 Personal Identification Data:

  • Name, email address, phone number, and residential address.
  • Payment information (processed securely by our payment providers; we do not store full credit card details).

2.2 Special Category (Health) Data:

Due to the nature of our services, we also collect sensitive health information, including:

  • Medical history and current health conditions (via your intake questionnaire).
  • Physiological metrics, including Pulse Wave Velocity (PWV) scores, vascular age data, and other performance biometrics recorded during your sessions.

3. HOW WE USE YOUR DATA

We use your data for the following specific purposes:

  • Service Delivery: To design your personalised protocol and ensure our programme is safe for you.
  • Performance Tracking: To compare your baseline metrics with your results across your programme, enabling us to monitor progress and personalise your experience.
  • Communication: To manage your bookings, send appointment reminders, and respond to your queries.

4. LEGAL BASIS FOR PROCESSING

Under UK GDPR, we rely on the following legal bases:

  • Contractual Necessity: To fulfil the service agreement when you book a programme with us.
  • Explicit Consent: We require your explicit consent to process your health data. You will be asked to provide explicit consent via the Aurion Pre-Visit Health Questionnaire (Form A) before your first visit. You may withdraw this consent at any time, but this may prevent us from delivering the programme.
  • Legitimate Interests: We process certain operational and safety data, for example, to assess whether the programme is appropriate for you, where this is necessary for the safe running of our services and does not override your rights.

5. DATA STORAGE & SECURITY

5.1 Storage:

Your personal and health data is stored on secure, encrypted cloud servers. We utilise industry-standard security protocols to prevent unauthorised access.

5.2 Retention:

We retain your health and personal data for the duration of your programme and for 8 years from the date of your last contact with us. This period reflects standard UK practice for health-adjacent records and our obligations under insurance and limitation law.

If you do not proceed with a programme after an initial enquiry, your data will be minimised or deleted upon request.

6. DATA SHARING

We strictly do not sell or rent your personal data to third parties.

We may share your data internally within Aurion London Ltd to ensure continuity of care. We may also share strictly necessary data with our trusted software providers (e.g. booking systems) who act as data processors under our instruction and are bound by confidentiality.

7. YOUR RIGHTS

Under the UK GDPR, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of any inaccurate data.
  • Erasure: Request that we delete your data (the “Right to be Forgotten”), subject to our legal obligations to retain health-adjacent records for safety and liability purposes.
  • Restriction: Request that we limit the way we process your data while a query or complaint is being resolved.
  • Data Portability: Request a copy of your personal data in a structured, machine-readable format, where technically feasible.
  • Object: Object to processing carried out on the basis of our legitimate interests, where you believe your rights and interests override ours.
  • Withdraw Consent: Withdraw your consent to the processing of your health data at any time. Withdrawal will not affect the lawfulness of processing carried out before you withdrew consent. Note that withdrawal may prevent us from continuing to deliver the programme.
  • Lodge a Complaint: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time. The ICO is the UK’s independent supervisory authority for data protection.

ICO contact details: www.ico.org.uk | Telephone: 0303 123 1113

8. CONTACT US

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection lead at:

Aurion London Ltd
128 City Road, London, EC1V 2NX
Email: team@aurion.london

ICO Registration Number: ICO:00013640889

Scroll to Top