Lusio Rehab UK Privacy Notice

PRIVACY NOTICE Last Updated: 10 April 2025

BACKGROUND:

Lusio Rehabilitation UK Ltd ("Lusio Rehab", "we", "us", "our") understands that your privacy matters. We’re committed to protecting your personal data and handling it responsibly. This notice explains how we collect, use, store, and share your data, and how we comply with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and where relevant, the EU General Data Protection Regulation (EU GDPR).

1. Information About Us

Company Name: Lusio Rehabilitation UK Ltd

Legal Status: A limited company registered in England

Company Number: 13023357

Registered Address: The Bothy, West Drive, Sudbrooke, Lincoln, LN2 2QZ

Main Trading Address: The Bothy, West Drive, Sudbrooke, Lincoln, LN2 2QZ

Data Protection Officer: Hossein Forooghi

Email: hossein@lusiorehab.com

Postal Address: The Bothy, West Drive, Sudbrooke, Lincoln, LN2 2QZ

2. What Does This Notice Cover?

This notice explains how we collect and handle your personal data through our websites, apps (including LusioMATE and LusioPOSE), products, and services. It also outlines your rights and how to exercise them.

3. What Is Personal Data?

Personal data means any information that can identify you directly or indirectly. This includes your name, contact details, medical history (where applicable), IP address, and other identifiers.

4. What Are My Rights?

You have the following rights under data protection laws:

  • To be informed – via this Privacy Notice and upon request

  • To access your data – see Part 10

  • To correct inaccurate or incomplete data

  • To delete your data (the "right to be forgotten")

  • To restrict processing
    To object to certain uses

  • To withdraw consent (where we rely on it)
    To data portability

  • To avoid automated decision-making – we don’t currently use this

You may contact us anytime (see Part 11) to exercise these rights.

If you’re in the UK, you can contact the Information Commissioner’s Office (ICO) at www.ico.org.uk. If you’re in the EU, your local data protection authority applies. We encourage you to contact us first so we can address your concerns.

5. What Personal Data Do We Collect and How?

We collect personal and non-personal data, including:

  • Identity Data: Name, DOB, profession, address, IP, images/videos (with consent)

  • Contact Data: Email, phone number, postal address

  • Business Data: Job title, business name, professional role

  • Payment Data: Card or bank details (if used for payment)

  • Profile Data: Usage data, medical data related to product use, preferences

  • Third-Party Data: Provided by clinicians or technical providers

Data is collected via:

Direct entry by you or your representative (e.g. clinician)

Device/app use

Analytics tools or third-party integrations

Sensitive health data is processed only with your explicit consent, in compliance with the UK GDPR and other applicable laws.

6. How Do We Use Your Personal Data?

We use your data for:

  • Business administration – to operate effectively (legitimate interests)

  • Providing services – to fulfil our contract with you

  • Payment processing – to manage transactions (contractual necessity)

  • Support and communication – to respond to queries and updates (legitimate interests/contract)

  • Service improvement – to enhance our offerings (legitimate interests)

  • Marketing (with consent) – to inform you of offers and updates (consent/legitimate interests)

We do not use personal data for automated decision-making or profiling.

7. How Long Do We Keep Your Data?

We retain personal data only as long as necessary. Retention periods:

  • Identity/Contact/Business Data: Retained while you are a user; reviewed every 3 years

  • Payment Data: Retained while processing is active; purchase history retained for audit and compliance

  • Profile/Medical Data: Retained indefinitely only where necessary (e.g. product use history for medical/legal purposes); otherwise reviewed every 3 years

  • Third-Party Data: As above, aligned with the type of data supplied

We regularly review our retention schedule to ensure it aligns with the principles of purpose limitation and data minimisation.

8. Where Do We Store or Transfer Your Data?

We may transfer your data internationally (e.g., to Australia, the EU, or the US). When doing so, we:

  • Use countries with adequacy decisions, or

  • Rely on Standard Contractual Clauses (SCCs), or

  • Apply other safeguards required under UK GDPR

Security measures include:

  • Access controls and two-factor authentication

  • Encryption of stored and transmitted data

  • Incident response plans for data breaches

9. Do We Share Your Data?

We may share your data with:

  • Lusio Technology Pty Ltd (Australia) – for delivery of services and product development

  • CRM/Accounting/Payment Providers – under strict agreements and limited access

  • Google/Amazon (Cloud Hosting) – secure global infrastructure

  • Academic Institutions – for anonymised research and development

We may also disclose data if legally required (e.g. court orders).
If we restructure or sell our business, data may transfer to the new entity under equivalent protections.

10. Accessing Your Data (Subject Access Requests)

To request your data:

Email: hossein@lusiorehab.com

Use the subject line: "Subject Access Request"

We aim t respond within 1 month. There’s no charge unless your request is excessive or repetitive.

11. Contacting Us

For any privacy-related questions or to exercise your rights:

  • Contact: Hossein Forooghi, Data Protection Officer

  • Email: hossein@lusiorehab.com

  • Postal Address: The Bothy, West Drive, Sudbrooke, Lincoln, LN2 2QZ, United Kingdom

12. Updates to This Privacy Notice

This Privacy Notice may be updated periodically. Changes will be posted on our website and in our app(s). Please check occasionally to stay informed.




Back to the top