top of page

Privacy Policy

1. Introduction: Our Commitment to Your Privacy

Welcome to Bua Health. We are committed to protecting the privacy and security of your personal information. We take this responsibility very seriously and aim to be completely clear and transparent about how we handle your data.

This Privacy Policy explains what personal data we collect, why we collect it, and how it is used, shared, and protected throughout your journey with us. "Personal data" means any information that can be used to identify you as an individual.

Our service is delivered through a partnership of three independent organisations working together to provide you with a seamless and expert care experience. This policy will introduce you to each partner and explain their specific role. By proactively explaining this collaborative model, we aim to provide you with a clear understanding of how your data flows between the necessary parties to deliver your care, building a foundation of trust from your very first interaction with our platform.


2. Who We Are and Our Role in Your Care

To provide our service, we work with a team of trusted, independent partners:

  • Bua Health (The Platform): We are the technology platform you interact with directly. We are responsible for managing your user account, facilitating the initial online health questionnaire, and processing your payments. Our headquarters are in Northern Ireland.

  • Clinical Partner Pending (The Clinical Partner): Bua is currently evaluating partners to provide clinical services. We will update this section when we have a partner in place and are able to process applications.

  • Corrys (The Pharmacy Partner): Corrys is an independent pharmacy based in Northern Ireland, company number NI 067772, with registered business address 103 Main Street, Fivemiletown, County Tyrone, BT75 0PE, Northern Ireland. They are responsible for receiving your prescription from our Clinical Partner, then professionally dispensing, checking, and dispatching your medication directly to your chosen address.


3. Who Controls Your Data? (Our Responsibilities)

Under data protection law, it is important to distinguish between a "Data Controller" and a "Data Processor."

A Data Controller is an organisation that determines the purposes and means of processing personal data—in simple terms, they decide why and how your data is used and are legally responsible for protecting it.

A Data Processor is an organisation that processes personal data on behalf of a controller and acts only on their instructions.

In the Bua Health ecosystem, responsibility is clearly defined using an "independent controller" model, which reflects the professional duties of our partners:

  • Bua Health is the Data Controller for the information you provide to create and manage your account, your contact details, your payment information, and your technical interactions with our website and platform.

  • Our partner clinic is an independent Data Controller for the sensitive health data you submit in your questionnaire and any information gathered during your consultation. As registered healthcare professionals, they have their own legal and professional obligations to manage your clinical data responsibly and confidentially.

  • Our partner pharmacy is an independent Data Controller for the data contained within your prescription and the information they need to dispense and deliver your medication (such as your name and address).
     

4. The Personal Data We Collect and How We Use It

We collect different types of personal data at different stages of your journey. We are committed to the principle of data minimisation, meaning we only collect the information that is necessary to provide our service safely and effectively.

A. Data You Provide to Us Directly

  • Account and Identity Data: When you create an account, we collect your full name, date of birth, email address, phone number, and delivery address.

  • Payment Data: We collect your credit or debit card details to process payment for our services. This is handled by our secure payment partner, Stripe, and we do not store your full card number on our servers.

  • Health Data: We understand that the information you provide about your health is highly personal and sensitive. Under data protection law, this is known as "Special Category Data" and is given the highest level of protection.

B. Data We Collect Automatically (Technical Data)

  • Usage and Device Data: When you use our platform, we automatically collect technical information, including your IP address, browser type and version, device identifiers, and operating system.

  • Cookies: We use cookies, which are small text files placed on your device, to help our platform function effectively.
     

5. Your Data Protection Rights

Under data protection law, you have a number of rights regarding your personal data. We are committed to upholding these rights.

  • The Right to Be Informed: You have the right to be provided with clear, transparent, and easily understandable information about how we use your data.

  • The Right of Access: You have the right to request a copy of the personal data that we and our partners hold about you.

  • The Right to Rectification: If you believe any personal data we hold is inaccurate or incomplete, you have the right to have it corrected.

  • The Right to Erasure ('The Right to be Forgotten'): You can ask us to delete your personal data in certain circumstances.

  • The Right to Restrict Processing: You have the right to request that we temporarily suspend the processing of your personal data in specific situations.

  • The Right to Data Portability: You have the right to receive a copy of certain personal data you have provided to us in a structured, commonly used, and machine-readable format.

  • The Right to Object: You have the right to object to us processing your data where we are relying on our legitimate interests as our legal basis.
     

6. Contact Us and Your Right to Complain

If you have any questions about this Privacy Policy or how we handle your personal data, please contact our Data Protection Officer.

You also have the right to lodge a complaint with the data protection supervisory authority if you are unhappy with how we have handled your personal data. As Bua Health is headquartered in Northern Ireland, the relevant authority is the Information Commissioner's Office (ICO).

 

Information Commissioner's Office (ICO)

  • Website:

  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

  • Helpline: 0303 123 1113

Website: www.ico.org.uk

bottom of page