Privacy Policy
Last Updated: 30 June 2026
1. INTRODUCTION
Aurion London Ltd (“we”, “us”, or “our”) is committed to protecting your privacy and security. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit our website, take our Recovery Debt Test, book a consultation, or take part in our programme.
For the purposes of the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), we are the “Data Controller”.
We are registered with the Information Commissioner’s Office (ICO). Our registration number is: ICO:00013640889.
2. INFORMATION WE COLLECT
2.1 Personal Identification Data:
- Name, email address, phone number, and residential address.
- Payment information (processed securely by our payment providers; we do not store full credit card details).
2.2 Recovery Debt Test Responses:
When you take our online Recovery Debt Test, we collect the email address you provide and the answers you give about your sleep, energy, focus and drive. As these answers relate to your wellbeing, we treat them as health-related data and process them only with your consent.
2.3 Special Category (Health) Data:
Due to the nature of our services, we also collect sensitive health information, including your medical history and current health conditions, which you provide via your intake questionnaire.
3. HOW WE USE YOUR DATA
We use your data for the following specific purposes:
- Recovery Debt Test: To generate your test result and recommend whether our programme is suitable for you.
- Service Delivery: To design your personalised programme and ensure it is safe for you.
- Communication: To manage your bookings, send appointment reminders, and respond to your queries.
- Marketing (with your consent): Where you have given consent, to send you information about Aurion’s programmes and offers, including following up after you take the Recovery Debt Test. You can opt out at any time using the link in any marketing email or by contacting us.
4. LEGAL BASIS FOR PROCESSING
Under UK GDPR, we rely on the following legal bases:
- Contractual Necessity: To fulfil the service agreement when you book a programme with us.
- Explicit Consent: We require your explicit consent to process your health data, including your Recovery Debt Test responses and the information in your Pre-Visit Health Questionnaire (Form A), and to send you marketing communications. You may withdraw your consent at any time. Withdrawing consent to process your health data may prevent us from delivering the programme.
- Legitimate Interests: We process certain operational and safety data, for example to assess whether the programme is appropriate for you, where this is necessary for the safe running of our services and does not override your rights.
5. DATA STORAGE & SECURITY
5.1 Storage:
Your personal and health data is stored on secure, encrypted cloud servers. We utilise industry-standard security protocols to prevent unauthorised access.
5.2 Retention:
We retain your health and personal data for the duration of your programme and for 8 years from the date of your last contact with us. This period reflects standard UK practice for health-adjacent records and our obligations under insurance and limitation law.
If you take the Recovery Debt Test or make an enquiry but do not proceed with a programme, we will minimise or delete your data on request, and we will stop sending you marketing communications if you opt out.
6. DATA SHARING
We strictly do not sell or rent your personal data to third parties.
We may share your data internally within Aurion London Ltd to ensure continuity of care. We may also share strictly necessary data with our trusted software providers (for example, our booking, clinic-management and email systems) who act as data processors under our instruction and are bound by confidentiality.
7. YOUR RIGHTS
Under the UK GDPR, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of any inaccurate data.
- Erasure: Request that we delete your data (the “Right to be Forgotten”), subject to our legal obligations to retain health-adjacent records for safety and liability purposes.
- Restriction: Request that we limit the way we process your data while a query or complaint is being resolved.
- Data Portability: Request a copy of your personal data in a structured, machine-readable format, where technically feasible.
- Object: Object to processing carried out on the basis of our legitimate interests, where you believe your rights and interests override ours.
- Withdraw Consent: Withdraw your consent to the processing of your health data or to marketing at any time. Withdrawal will not affect the lawfulness of processing carried out before you withdrew consent. Note that withdrawal may prevent us from continuing to deliver the programme.
- Lodge a Complaint: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time. The ICO is the UK’s independent supervisory authority for data protection.
ICO contact details: www.ico.org.uk | Telephone: 0303 123 1113
8. CONTACT US
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection lead at:
Aurion London Ltd
128 City Road, London, EC1V 2NX
Email: team@aurion.london
ICO Registration Number: ICO:00013640889