Your Data Subject Rights

The UK General Data Protection Regulation (UK GDPR) gives you specific rights regarding your personal data. As a healthcare marketplace, The Health Nav is committed to protecting these rights and making it easy for you to exercise them.

These rights apply to all personal data we process, including your health information, contact details, preferences, and usage data. We take these rights seriously and have processes in place to respond to your requests promptly and effectively.

What is personal data?

Personal data is any information that can identify you directly or indirectly, including:

• Name, email address, and contact information
• Health information and medical preferences
• Location data and search history
• Account preferences and settings
• Device information and IP addresses
• Cookies and tracking data

Why these rights matter

These rights give you control over your personal data and ensure transparency in how we use your information. They are particularly important in healthcare contexts where sensitive personal data is involved.

You have the right to be informed about how we collect, use, and protect your personal data. This includes clear, transparent information about our data processing activities.

What this means:

• Clear information about what data we collect
• Why we collect it and how we use it
• Who we share it with and why
• How long we keep it
• Your rights and how to exercise them

Where to find this information:

• Privacy Policy - Comprehensive data processing information
• Cookie Policy - Detailed cookie and tracking information
• Account settings - Your specific data and preferences
• Email communications - Clear opt-in/opt-out options

Healthcare-specific information:

For health-related data, we provide additional information about:

• How we protect your health information
• Who has access to your medical data
• How we ensure data accuracy in healthcare contexts
• Your rights regarding sensitive health data

You have the right to request a copy of all personal data we hold about you. This is called a "Subject Access Request" (SAR) and is free of charge.

What you can request:

• All personal data we hold about you
• Information about how we obtained your data
• Details about how we use your data
• Who we share your data with
• How long we keep your data
• Your rights regarding this data

How to make a request:

Send an email to privacy@thehealthnav.co.uk with:

• Subject line: "Subject Access Request"
• Your full name and email address
• Any specific data you're looking for
• Preferred format for receiving the data

What you'll receive:

• Personal data in a readable format (PDF, CSV, or JSON)
• Explanation of how we use your data
• Information about data sources and sharing
• Details about your rights

Healthcare data considerations:

For health-related data, we may need to verify your identity more thoroughly and may provide additional context about medical data processing.

You have the right to have inaccurate or incomplete personal data corrected. This is particularly important for healthcare data where accuracy is crucial.

What can be corrected:

• Incorrect contact information (name, email, phone)
• Outdated address or location data
• Incorrect health preferences or conditions
• Wrong account settings or preferences
• Inaccurate profile information

How to request corrections:

• Account settings: Update most information directly in your account
• Email: Send corrections to privacy@thehealthnav.co.uk
• Support: Contact our support team for assistance

Healthcare data accuracy:

For health-related information, we may:

• Request verification from healthcare providers
• Ask for supporting documentation
• Consult with medical professionals when appropriate
• Maintain audit trails of corrections

Response process:

We will respond to correction requests within one month and may extend this by up to two months for complex cases. We'll inform you of any delays.

You have the right to request deletion of your personal data in certain circumstances. This is also known as the "right to be forgotten."

When you can request deletion:

• Your data is no longer necessary for the original purpose
• You withdraw consent and there's no other legal basis
• Your data has been processed unlawfully
• You object to processing and there are no overriding legitimate interests
• Your data must be erased to comply with a legal obligation

When we may not be able to delete:

• Legal obligations require us to keep certain records
• Data is needed for public health purposes
• Data is necessary for medical research (with appropriate safeguards)
• Data is required for legal claims or proceedings
• Data is needed to protect the rights of others

Healthcare data considerations:

For health-related data, we may need to retain certain information for:

• Medical record keeping requirements
• Public health monitoring
• Legal and regulatory compliance
• Patient safety and care continuity

How to request deletion:

Email privacy@thehealthnav.co.ukwith "Data Deletion Request" in the subject line. We'll explain what can and cannot be deleted.

You have the right to restrict how we process your personal data in certain situations. This means we can store your data but not use it for most purposes.

When you can request restriction:

• You contest the accuracy of your data (while we verify it)
• Processing is unlawful but you prefer restriction to deletion
• We no longer need the data but you need it for legal claims
• You object to processing (while we verify legitimate interests)

What restriction means:

• We can store your data but not process it
• We can process it with your consent
• We can process it for legal claims
• We can process it to protect other people's rights
• We can process it for important public interest reasons

Healthcare context:

In healthcare settings, restriction may be appropriate when:

• There are disputes about medical information accuracy
• You want to limit data sharing while maintaining care
• There are concerns about data processing legitimacy
• You need time to consider your options

How to request restriction:

Contact us at privacy@thehealthnav.co.ukexplaining why you want to restrict processing. We'll assess your request and explain the implications.

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another service provider.

When this right applies:

• You provided the data to us
• We process it based on your consent or contract
• Processing is carried out by automated means

What you can request:

• Your personal data in a portable format (JSON, CSV, XML)
• Direct transmission to another service (where technically feasible)
• Data that you have provided to us
• Data that we have observed about you (with your consent)

Healthcare data portability:

For health-related data, we can provide:

• Your health preferences and conditions
• Appointment history and bookings
• Provider ratings and reviews
• Search history and saved preferences
• Account settings and profile information

Formats we provide:

• JSON: Machine-readable format for developers
• CSV: Spreadsheet-compatible format
• PDF: Human-readable report
• XML: Structured data format

How to request portability:

Email privacy@thehealthnav.co.ukspecifying your preferred format and any destination service for direct transmission.

You have the right to object to certain types of data processing, including processing for direct marketing and processing based on legitimate interests.

When you can object:

• Direct marketing: Always - you can opt out of marketing communications
• Legitimate interests: When we process data for our business purposes
• Profiling: When we make automated decisions about you
• Research: When we use your data for research purposes

Marketing objections:

You can object to marketing by:

• Clicking unsubscribe links in emails
• Updating preferences in your account settings
• Emailing privacy@thehealthnav.co.uk
• Using the privacy button on our website

Legitimate interests objections:

You can object to processing based on legitimate interests, including:

• Website analytics and performance monitoring
• Fraud prevention and security measures
• Service improvement and development
• Business operations and administration

Healthcare-specific objections:

In healthcare contexts, you can object to:

• Health data being used for research (with appropriate safeguards)
• Profiling for healthcare recommendations
• Data sharing with third-party healthcare providers
• Automated health assessments or recommendations

Our response:

We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for legal claims.

You have rights regarding automated decision-making and profiling that significantly affects you. This includes decisions made by algorithms without human involvement.

Your rights include:

• Right to human intervention: Request human review of automated decisions
• Right to express your point of view: Challenge automated decisions
• Right to contest: Appeal automated decisions
• Right to explanation: Understand how automated decisions are made

Automated decisions we may make:

• Healthcare provider recommendations
• Service availability and scheduling
• Fraud detection and risk assessment
• Content personalization
• Search result ranking

Healthcare-specific automated decisions:

In healthcare contexts, automated decisions might include:

• Matching patients with appropriate healthcare providers
• Recommending services based on health conditions
• Assessing appointment availability
• Prioritizing urgent care needs

How to exercise these rights:

If you're subject to an automated decision, you can:

• Request human review of the decision
• Ask for an explanation of the decision-making process
• Provide additional information for reconsideration
• Appeal the decision through our support channels

Contact for automated decisions:

Email privacy@thehealthnav.co.ukwith details about the automated decision you want to challenge.

Exercising your data subject rights is straightforward. We've made it easy to contact us and request information or changes to your personal data.

Step-by-step process:

1. Identify your request: Determine which right you want to exercise
2. Gather information: Collect any relevant details or documentation
3. Contact us: Send your request to privacy@thehealthnav.co.uk
4. Verification: We may ask for identity verification
5. Response: We'll respond within the required timeframe
6. Follow-up: We'll keep you informed of progress

What to include in your request:

• Clear description of what you're requesting
• Your full name and email address
• Any relevant account information
• Preferred method of response
• Any specific concerns or requirements

Identity verification:

For security and privacy protection, we may need to verify your identity by:

• Asking for additional identification documents
• Verifying information only you would know
• Using secure authentication methods
• Confirming your email address

Alternative contact methods:

• Email: privacy@thehealthnav.co.uk (preferred)
• Support: Through your account support channels
• Post: The Health Nav Ltd., 123 Health Tech Avenue, London, EC1V 2NX

We are committed to responding to your data subject rights requests promptly and within the legal timeframes required by UK GDPR.

Standard response times:

• General requests: Within 1 month (30 days)
• Complex requests: Up to 2 additional months (with explanation)
• Urgent requests: As soon as reasonably possible
• Identity verification: Within 1 week

What makes a request complex:

• Large volumes of data involved
• Multiple data sources to check
• Third-party data sharing verification
• Healthcare data requiring medical review
• Legal or regulatory considerations

If we need more time:

If we need to extend the response time, we will:

• Inform you within 1 month of receiving your request
• Explain why we need more time
• Provide a specific timeline for completion
• Keep you updated on progress

Healthcare data considerations:

For health-related requests, additional time may be needed for:

• Medical professional consultation
• Healthcare provider coordination
• Regulatory compliance verification
• Patient safety considerations

What happens if we don't respond:

If we fail to respond within the required timeframe, you have the right to:

• Make a complaint to the Information Commissioner's Office (ICO)
• Seek judicial remedy
• Request compensation for damages

If you're not satisfied with how we handle your data or respond to your rights requests, you have several options for making a complaint.

Internal complaints process:

1. Contact us first: Email privacy@thehealthnav.co.uk with your concerns
2. Escalation: Request escalation to our Data Protection Officer
3. Formal complaint: Submit a formal written complaint
4. Review: We'll conduct an internal review
5. Response: We'll provide a detailed response

External complaint options:

• Information Commissioner's Office (ICO): UK's data protection regulator
• Legal action: Seek judicial remedy through courts
• Alternative dispute resolution: Mediation or arbitration

Information Commissioner's Office (ICO):

You can complain to the ICO if you believe we have:

• Failed to respond to your data subject rights request
• Processed your data unlawfully
• Failed to protect your data adequately
• Breached data protection principles

How to contact the ICO:

• Website: ico.org.uk
• Phone: 0303 123 1113
• Email: casework@ico.org.uk
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Before making an external complaint:

We encourage you to:

• Give us a chance to resolve the issue internally
• Provide us with specific details about your concerns
• Allow reasonable time for us to investigate
• Consider whether the issue can be resolved through discussion

Submit a Data Subject Access Request (DSAR) through our secure form, or contact us directly via email.

If you have any questions about your data subject rights, want to exercise any of these rights, or need assistance with data protection matters, please don't hesitate to contact us.

Last Updated: 10/12/2025