Privacy Notice

1. Who we are

Corpus Health Ltd ("Corpus Health", "we", "us") is the data controller for personal data processed through this website and our workplace wellbeing services. We are registered in England and Wales.

Registered address: 1 Pembroke Gate, Newlands Drive, Maidenhead, SL6 4LL, United Kingdom.

For privacy questions, contact us at hello@corpushealth.co.uk.

2. Personal data we collect

• Contact data — name, work email, company, role, phone number when you submit a consultation form.
• Account data — email and authentication identifiers if you create an account.
• Order data — items purchased, billing details and order history.
• Support data — messages you send us and our replies.
• Usage data — pages viewed, device/browser information, IP address and approximate location.
• Cookie data — see our Cookie Policy.

3. How we use your data and our legal bases

• To respond to enquiries and arrange consultations — legitimate interests and, where applicable, steps before entering a contract.
• To provide and improve our services — performance of a contract and legitimate interests.
• To process payments and issue invoices — performance of a contract and legal obligation.
• To send service emails (booking confirmations, account notices) — performance of a contract.
• To send marketing emails — only with your consent or to existing customers on a soft opt-in basis; you can unsubscribe at any time.
• For security, fraud prevention and analytics — legitimate interests and, for non-essential analytics cookies, consent.
• To meet legal obligations — including tax, accounting and responding to lawful requests.

4. Who we share data with

• Service providers — hosting, database, email delivery and analytics tooling that process data on our instructions.
• Paddle — Paddle.com Market Limited acts as Merchant of Record for all purchases and handles payment processing, tax compliance, invoicing and refunds.
• Practitioners — accredited clinicians delivering on-site services, where you have booked a session.
• Professional advisers — legal, accounting and insurance advisers.
• Authorities — where required by law or to protect our rights.

We do not sell personal data.

5. International transfers

Some of our service providers process data outside the UK or EEA. Where this happens, we rely on appropriate safeguards such as UK/EU adequacy decisions or Standard Contractual Clauses with additional measures where needed.

6. How long we keep data

We keep personal data only as long as necessary for the purposes above. Enquiry and marketing data is typically kept for up to 24 months from your last interaction. Order and invoice records are kept for at least 6 years to meet UK tax law. Account data is kept while your account is active and for a short period after closure. After these periods we delete or anonymise the data.

7. Your rights

Under UK GDPR you have the right to:

• access a copy of your personal data;
• request correction of inaccurate data;
• request erasure where applicable;
• restrict or object to certain processing;
• data portability for data you provided to us;
• withdraw consent at any time where processing is based on consent;
• lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email hello@corpushealth.co.uk. We will respond within one month.

8. Security

We use appropriate technical and organisational measures including encryption in transit, access controls, role-based permissions and secure third-party infrastructure to protect your data.

9. Changes to this notice

We may update this notice from time to time. Material changes will be posted here with an updated date.