Privacy & GDPR policy

Last Updated: November 2025

1. Introduction

This Privacy & GDPR Policy explains how Lift and Revive (“we”, “us”) collects and processes your personal data in accordance with the UK GDPR and Data Protection Act 2018.

We provide healthcare services and therefore process both personal data and special category health data.

Data Controller:
Trisha Mueller, Lift and Revive
hello@liftandrevive.com
07393565131

2. What Data We Collect

We may process the following categories of data:

  • Identity and contact data: name, date of birth, phone number, email address, postal address.

  • Health data: medical history, symptoms, treatment notes, clinical assessments, onward referrals.

  • Appointment and administrative data: booking information, attendance records, communications.

  • Payment information: deposits, invoices, and payment confirmations (card details are processed by Stripe; we do not store full card numbers).

  • Website data: IP address, browser type, cookies (see Cookie Policy if applicable).

3. Lawful Bases for Processing

We process your data under the following lawful bases:

  • Performance of a contract: to deliver assessment and treatment services.

  • Consent: for processing special category (health) data.

  • Legitimate interests: appointment administration, ensuring safe service operation.

  • Legal obligation: maintaining clinical and financial records, insurance requirements, safeguarding.

4. How Your Data Is Used

Your information is used to:

  • Provide safe and effective clinical care

  • Manage and schedule appointments

  • Process deposits and payments

  • Maintain accurate clinical, administrative and financial records

  • Communicate with you regarding your care

  • Meet legal, professional and insurance obligations

We do not use your data for automated decision-making.

5. Sharing Your Data

We only share your data where necessary and lawful, such as:

  • With other healthcare professionals (with your consent)

  • With insurers (if applicable)

  • With service providers who securely support our systems (e.g., booking platform, Stripe)

  • With accountants or regulators where required

We do not sell your data and do not share it for unrelated marketing purposes.

6. Data Retention

We retain:

  • Clinical records: for 8 years after your final appointment (or until age 25 if you were under 18), in line with UK professional guidance.

  • Financial records: for 6 years for tax and audit purposes.

  • Website/cookie data: as per your cookie settings.

7. Data Security

Your data is stored in secure, encrypted systems with restricted access.
All staff and practitioners follow strict confidentiality and data-protection requirements.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access your data

  • Request correction

  • Request erasure (where legally permitted)

  • Withdraw consent for health-data processing

  • Restrict or object to processing

  • Request data portability

To exercise any rights, contact hello@liftandrevive.com
You may also complain to the ICO at www.ico.org.uk.

9. Updates to This Notice

We may update this notice periodically.
The most recent version will always be available on our website.