1. Introduction

This Privacy Policy explains how DRUB (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you use our earwax removal and wellness pod services, website, booking system, and communications. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By booking an appointment, attending a session, or interacting with DRUB, you consent to the practices described in this Privacy Policy.

2. Data We Collect

We may collect the following types of data:

2.1 Personal Identification Data

– Full name

– Date of birth

– Address

– Email address

– Telephone number

2.2 Medical & Health Information

– Relevant ear/health history

– Symptoms

– Medication history

– Contraindications

– Treatment notes from your appointment

2.3 Booking & Transaction Information

– Appointment history

– Payment information (processed securely via third-party providers)

– Invoices and receipts

2.4 Technical Data

– IP address

– Device type

– Browsing data on our website

– Cookies (see Section 10)

2.5 Communication Data

– Emails

– SMS messages

– Call logs (not recordings)

3. Legal Basis for Processing

We process your data under the following lawful bases:

3.1 Consent – When you explicitly agree to treatment or data processing.

3.2 Contract – To fulfil appointment bookings and provide clinical services.

3.3 Legal Obligation – Compliance with regulatory bodies and tax purposes.

3.4 Vital Interests – When health-related issues require urgent action.

3.5 Legitimate Interests – For improving services, reminders, or communications.

4. How We Use Your Data

We use your data for:

4.1 Providing clinical services and maintaining accurate health records.

4.2 Booking and managing appointments.

4.3 Processing payments and issuing invoices.

4.4 Contacting you regarding upcoming appointments or follow-up advice.

4.5 Improving customer experience, service quality, and safety.

4.6 Meeting legal, regulatory, and insurance obligations.

4.7 Internal audits and business reporting.

We will never sell your data.

5. Sharing Your Information

Your data may be shared only with:

5.1 Healthcare professionals involved in your care (if required or referred).

5.2 IT service providers (booking systems, encrypted storage, email platforms).

5.3 Payment processors (Stripe, Square, PayPal – depending on setup).

5.4 Legal or regulatory entities (CQC, HMRC) where required by law.

5.5 Emergency services if there is serious risk of harm.

All third parties comply with GDPR and maintain strict confidentiality.

6. Data Storage & Security

6.1 Your data is stored on secure, encrypted systems.

6.2 Access is restricted to authorised, trained DRUB staff only.

6.3 Physical and digital safeguards prevent unauthorised access, alteration, or loss.

6.4 Clinical notes are stored in compliance with medical and legal standards.

7. Data Retention

7.1 Medical records are stored for a minimum of **8 years**, in accordance with healthcare regulations.

7.2 General personal data is retained only as long as necessary.

7.3 Financial records must be kept for **6 years** under UK law.

7.4 You may request deletion of non-clinical data where legally allowable.

8. Your Rights Under GDPR

You have the right to:

8.1 Access your personal data

8.2 Correct inaccurate or incomplete data

8.3 Request deletion (where legally permitted)

8.4 Restrict processing

8.5 Object to certain types of processing

8.6 Request data transfer (data portability)

8.7 Withdraw consent at any time

8.8 Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights:

Email: hello@thedrub.com

Phone: 0203 916 6463

9. Children’s Privacy

We only collect data for children under 18 when a parent or guardian provides consent. Such records follow the same clinical requirements and retention periods.

10. Cookies & Website Tracking

Our website may use cookies to:

10.1 Improve browsing experience

10.2 Analyse website traffic

10.3 Support booking and payment functionality

You may disable cookies in your browser settings.

11. Marketing Communications

11.1 We may send appointment reminders, follow-up messages, or service updates.

11.2 Marketing emails and SMS are optional and require explicit opt‑in consent.

11.3 You may unsubscribe at any time.

12. International Data Transfers

We do not store or transfer personal data outside the UK unless our service providers do so under GDPR-compliant safeguards such as Standard Contractual Clauses (SCCs).

13. CCTV & Pod Security

13.1 Some pod locations may use CCTV for safety and security.

13.2 CCTV does not record inside clinical areas or private spaces.

13.3 Footage is stored securely and deleted within standard retention periods.

14. Changes to This Policy

DRUB may update this Privacy Policy periodically. Updates will be posted on our website with the new “Last Updated” date.

15. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: hello@thedrub.com

Phone: 0203 916 6463

Address: Drub, Kiosk Greenford Quay, Glassworks, Grenan Square, UB6 0GR