top of page

Privacy Policy — Ear Wax Solution

Last updated: 5 November 2025

This Privacy Policy explains how Ear Wax Solution (“we”, “us”, “our”) collects, uses, shares, and protects your personal data when you book, receive, or enquire about our ear care services at our clinics or during home visits, and when you use our website at earwaxsolution.co.uk.

We act as the data controller for the personal data described here.
Contact details:
Email: info@earwaxsolution.co.uk
Telephone: +44 1293 365124
Website: https://www.earwaxsolution.co.uk
Trading/registered address: [insert address]

If you prefer to contact a dedicated data contact, write to our Data Protection Lead at the email above.

The data we collect

We collect and process the minimum data needed to deliver safe ear care and run our business.

Identity and contact data

  • Full name, date of birth, address, phone number, email

  • Emergency contact details

Clinical data (special category data)

  • Medical history relevant to ear care (e.g., ear conditions, surgeries, medications, allergies)

  • Clinical notes, assessment findings, treatment plans, consent records, outcomes, adverse events

  • GP or specialist details where relevant

  • Safeguarding information where it is necessary to keep you safe

Appointment and payment data

  • Booking history, attendance, reminders, cancellations, invoices, payments, refunds

  • Home-visit logistics (e.g., service address, access notes where provided by you)

Device, website and communications data

  • IP address, device/browser type, cookie identifiers, analytics events (see Cookies)

  • Emails, forms, phone/SMS correspondence, call-back requests

  • Marketing preferences and opt-out records

Referrals and third-party information

  • Information from your GP, audiologist, insurer, or a family member with lawful authority to share

We do not needlessly collect national identifiers (e.g., NHS number) or recordings unless clearly necessary for your care or where you ask us to do so.

Why we use your data and our lawful bases

We only use your data where a lawful basis under UK GDPR and the Data Protection Act 2018 applies. For clinical data, an additional Article 9 condition also applies. Here is a plain-English matrix.

PurposeExamples of what we doArticle 6 lawful basisArticle 9 condition (for health data)

Book and deliver careAssess ears, provide microsuction/irrigation/manual extraction, document findings, make referrals with your agreementContract (art. 6(1)(b))Health/healthcare management (art. 9(2)(h))

Clinical safety and qualityRecord keeping, incident management, audit, infection preventionLegal obligation (art. 6(1)(c)) and/or Legitimate interests (art. 6(1)(f))Health/healthcare management (art. 9(2)(h))

Communicate about appointmentsConfirmations, reminders, updates, follow-up adviceContract (art. 6(1)(b)) and/or Legitimate interests (art. 6(1)(f))Health/healthcare management (art. 9(2)(h)) where content is clinical

Share with your GP/clinicianSend a summary when you ask us or where needed for your careLegitimate interests (art. 6(1)(f)) or Consent (art. 6(1)(a))Health/healthcare management (art. 9(2)(h))

Take payment and run our accountsProcess card payments, issue invoices, prevent fraudContract (art. 6(1)(b)) and Legal obligation (art. 6(1)(c))Not usually applicable (non-clinical)

Safeguarding or vital interestsProtect a child or vulnerable adult, act in an emergencyVital interests (art. 6(1)(d)) or Legal obligation (art. 6(1)(c))Vital interests (art. 9(2)(c)) or Substantial public interest (art. 9(2)(g))

Improve services and train staffService analytics, de-identified case review, feedbackLegitimate interests (art. 6(1)(f))Health/healthcare management (art. 9(2)(h)) when clinical

Marketing with your say-soClinic news, tips, offersConsent (art. 6(1)(a))Not applicable; we avoid health details in marketing

You can withdraw marketing consent at any time. We never bundle marketing consent with care.

Children and people with reduced capacity

We treat children and young people. We record the person with parental responsibility and, where appropriate, we accept consent directly from a Gillick-competent child. For adults who lack capacity, we work with a legally authorised representative and record best-interest decisions.

Where your data comes from

  • You, when you enquire, book, attend a clinic, or receive a home visit

  • Your GP, audiologist, insurer, or family member where lawful

  • Device/browser when you visit our website and accept cookies

Who we share data with

We share only what is necessary and proportionate.

  • Healthcare recipients and referrers: your GP, audiologists, or other providers where you ask us to or where needed for continuity of care

  • Technology and communications providers: clinical record systems, secure email/SMS providers, website and analytics vendors, call or booking systems

  • Payment providers and accountants: to process payments and meet tax rules

  • Regulators, insurers, and advisors: where the law permits or requires, or for insurance and legal advice

  • Safeguarding partners or emergency services: where needed to keep you or others safe

We do not sell your data.

International transfers

Some suppliers store data outside the UK. When this happens, we use an appropriate safeguard such as the UK Addendum/International Data Transfer Agreement or an adequacy decision, and we assess the risk to your rights. Copies of relevant safeguards are available on request.

How long we keep your data

We keep data only as long as needed for the purposes above and to meet legal and clinical standards.

  • Adult clinical records: typically 8 years after the last entry

  • Children’s records: until the 25th birthday (or 26 if aged 17 at last entry)

  • Serious incidents/claims: as needed for the lifecycle of the matter

  • Invoices and financial records: 6 years from the end of the financial year

  • Marketing preferences: until you unsubscribe or ask us to delete

  • CCTV (if used in a clinic): short period, usually 30 days, unless footage is needed for an investigation

If the law or professional guidance specifies a longer period, we follow that requirement.

How we keep your data safe

  • Role-based access, staff confidentiality agreements, and training

  • Encrypted devices and secure networks

  • Strong authentication and audit trails within clinical and booking systems

  • Regular patching and vendor due-diligence

  • Data protection impact assessments for higher-risk processing

  • Background checks for clinical staff in line with their roles

Your rights

You control how your data is used. You can:

  • Ask for a copy of your data (right of access)

  • Ask us to correct inaccurate data (rectification)

  • Ask us to delete data in specific circumstances (erasure)

  • Ask us to limit how we use it (restriction)

  • Object to uses based on legitimate interests or to direct marketing (objection)

  • Ask for certain data to be sent to you or another provider (portability)

  • Challenge automated decisions that have legal or similar significant effects (we do not use such decisions)

To exercise a right, contact us using the details at the top. We respond within one month. We will confirm your identity before acting on a request.

Cookies, analytics, and online identifiers

Our website uses necessary cookies for security and core functionality. With your permission, we also use performance/analytics cookies to understand visit patterns and improve pages. You can change your preferences at any time through our cookie banner or your browser settings. Analytics data is aggregated and does not include clinical information.

Appointments, reminders, and messaging

We send confirmations, reminders, and clinically relevant follow-ups by email or SMS. If you prefer a specific channel, tell us and we will update your record. Messaging may be unencrypted outside our clinical systems; we keep messages brief and avoid sensitive detail unless you ask us to use a secure method.

Home visits

For home appointments, we process your service address, access notes you provide, and contact details for coordination and safety. If you book on behalf of someone else, only share information you are authorised to provide.

Complaints and contact details

If you have questions about this policy or how we handle your data, contact our Data Protection Lead at info@earwaxsolution.co.uk or call +44 1293 365124.

You can also complain to the UK regulator:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113 · ico.org.uk

Changes to this policy

When we update this policy, we post a new “Last updated” date and, if the change is significant, we will let you know by email or during booking.

bottom of page