Start your journey

With Dr. Iulia Danciut, Lifestyle Neurologist. Where neurology meets lifestyle medicine. Let your brain design a beautiful life.

Website Privacy Policy for Patients and Clients

Last Updated: 09 June 2026

This document is designed to help you understand why and how Beautiful Life…Style Ltd. uses your personal data through the use of our website at www.beautifullifestyle.co.uk and in the provision of our services. By personal data, we mean information that relates to a living individual and which can identify or be identified with that individual.

We are Beautiful Life…Style Ltd., a company with Companies House Number 15794996. Our registered office is at 1st Floor Manor House, Main Road, Ryehill HU12 9NH.

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you.

If you have any questions about this document or how we handle your personal data, you may contact us by emailing us at [email protected].

  1. What Personal Data Do We Collect From You?

In delivering our services, we may collect and process the following personal data about you:

  • Your Name and Contact Information: Including your full name (including any middle names), email address, telephone number, and residential address.
  • Demographic Information: Your date of birth.
  • Emergency Contact Details: As provided by you.
  • GP Details: Your UK GP’s name and address (for Medical Consultations).
  • Medical and Health Information: Your medical history and information about your health as completed by you in our Medical History Form or intake questionnaires. This may include details of medical conditions, medication, weight, lifestyle, and other information that might be relevant to your health such as race, ethnicity, sex life or sexual orientation, or religious or philosophical belief.
  • Billing Information: Your billing information, transaction and payment card information.
  • Contact History: Your contact history with us.
  • Website Usage Information: Information about your usage of our website through cookies. Please see our separate Cookie Policy for more details. This may include technical information about the device and IP address used to connect your computer to the internet, information about your visit including the full URL, resources you viewed or searched for, length of visit to certain pages and page interaction information.
  • Information You Submit: When contacting us, enquiring about services, or booking appointments, we process personal information about you in order to respond to your enquiry or complaint, or when you use our online booking system.
  • Information from Our Online Booking System (Semble): When you use our integrated online booking system (Semble), we collect personal data necessary for booking and providing our services. This typically includes your name, contact details, reason for booking, and for UK medical patients, your GP details. Payments are processed via Stripe, which is integrated with Semble.
  • Health Questionnaires/Forms: Any health questionnaires or forms that collect sensitive personal data (health information) are managed securely within Semble and are used for the purpose of initial assessment and to inform your medical consultation or health coaching.
  • Marketing Information: If you sign up to receive marketing emails or information, we will use your name and email address to send you the material you have requested, such as our newsletter.
  • AI Services (Meal Refine): We offer AI-based meal planning services that involve collecting interview data and using artificial intelligence to generate personalised recommendations. Full details about data collection, processing, storage, and your rights regarding our AI services are covered in our separate AI Services Privacy Policy, available in the footer of the website.
  • New

Clinical Documentation via Heidi AI: We use an AI-powered clinical documentation tool called Heidi (provided by Heidi Health Ltd) to assist your clinician with transcription, note-taking, and drafting of clinical letters and correspondence during or following your consultation. In doing so, Heidi processes the health information discussed during your consultation, including special category personal data such as your medical history, symptoms, diagnoses, medications, and any other health-related information shared during your appointment. This data is de-identified and pseudonymised by Heidi before AI processing. No identifiable audio recordings are permanently stored. Heidi acts as a Data Processor on behalf of Beautiful Life…Style Ltd. (as Data Controller) under a formal Data Processing Agreement, in accordance with the UK GDPR and the Data Protection Act 2018. Full details are set out in the Special Category Data and Third-Party Processors sections below. Heidi enables your clinician to focus their full attention on you during the consultation rather than on manual note-taking, making appointments more efficient and thorough. All notes and outputs generated by Heidi are reviewed, directed, and approved by your clinician before being saved to your clinical record — Heidi handles the paperwork, you remain in your clinician’s hands at all times. We chose Heidi because it is purpose-built for clinical environments, is rigorously certified (ISO 27001, SOC 2, Cyber Essentials, and NHS DTAC), and meets the highest standards of UK data protection. It is worth noting that AI is now embedded in many everyday tools most people use: Microsoft Teams uses AI to transcribe and summarise meetings, and Google Workspace uses AI across Gmail, Docs, and Meet. We have simply chosen a tool purpose-built for healthcare, with clinical-grade data protection to match.

If you do not provide the personal data we ask for, it may delay or prevent us from providing our services to you.

  1. How Is Your Personal Data Collected?

We collect most of this personal data directly from you — in person, by telephone, text or email and/or via our website and questionnaires. However, we may also collect information:

  • from a third party with your consent, e.g. your GP;
  • from cookies on our website — for more information on our use of cookies, please see our Cookie Policy;
  • via our IT systems; and
  • New

via Heidi, our AI clinical documentation platform, which processes health information discussed during your consultation in order to generate clinical notes, consultation summaries, and correspondence on behalf of your clinician.

  1. How and Why We Use Your Personal Data (Lawful Bases)

We will use your personal data to register you as a patient/client, administer the provision of services to you, manage our relationship with you and to improve the level of services that we offer.

Under data protection law, we can only use your personal data if we have a proper reason, e.g.: where you have given consent; to comply with our legal and regulatory obligations; for the performance of a contract with you or to take steps at your request before entering into a contract; or for our legitimate interests or those of a third party.

The table below explains what we use your personal data for and why.

What we use your personal data for

Our reasons (the legal basis for using your data)

Providing our services to you

To perform our contract with you or to take steps at your request before entering into a contract.

Operational reasons, such as improving efficiency, training and quality control

For our legitimate interests or those of a third party i.e. to be as efficient as we can so we can deliver the best service to you at the best price.

Updating and enhancing client records

To perform our contract with you or to take steps at your request before entering into a contract.

Retaining evidence of the treatment / advice we have given you

To comply with our legal and regulatory obligations.

Providing marketing information to you on other services we offer

By consent to keep in touch with our customers about the services we offer.

Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies

To comply with our legal and regulatory obligations.

Providing information required by external medical practitioners and healthcare personnel involved in your care and treatment

To perform our contract with you or to take steps at your request before entering into a contract. To comply with our legal and regulatory obligations.

Responding to enquiries, complaints and requests

For our legitimate interests to serve our customers.

New

Generating clinical notes, consultation summaries, and clinical correspondence using Heidi AI clinical documentation tool, to support accurate record-keeping and continuity of care

New

Article 9(2)(h) UK GDPR — processing necessary for the provision of health or social care or treatment. Schedule 1, Part 1, Paragraph 2 of the Data Protection Act 2018 — health or social care purposes. Combined with performance of a contract (Article 6(1)(b) UK GDPR).
  1. How and Why We Collect Special Category Personal Data

In providing our services to you, we will be required to collect more sensitive personal data from you, to which additional protections apply under data protection law. This includes:

  • information relating to your health, including details of medical conditions, medication, weight and lifestyle;
  • information revealing your racial or ethnic origin; and
  • information on your sex life or sexual orientation or religious or philosophical belief that may be relevant to your health.

The legal basis for us processing such special category personal data is for the purposes of offering you healthcare, treatment and the management of our healthcare systems and services. This includes for the purposes of preventative medicine and giving you medical diagnoses.

For our medical consultations provided to individuals in the UK: The processing of your health data is necessary for the provision of health or social care or treatment or the management of health or social care systems and services (Article 9(2)(h) of GDPR). This is combined with the lawful basis of performance of a contract (Article 6(1)(b) of GDPR) to provide you with medical services.

For our health coaching services provided internationally: The processing of your health-related information relies on your explicit consent (Article 9(2)(a) of GDPR) obtained during our onboarding process, and is also necessary for the performance of a contract (Article 6(1)(b) of GDPR) to provide you with our health coaching services.

New

Processing of Special Category Data via Heidi AI Clinical Documentation Tool: In the course of using Heidi, your special category personal data — including your medical history, symptoms, diagnoses, medications, and any other health-related information discussed during your consultation — will be processed by Heidi for the sole purpose of generating clinical documentation on behalf of your clinician. The legal basis for this processing is Article 9(2)(h) UK GDPR (processing necessary for the provision of health or social care or treatment) and Schedule 1, Part 1, Paragraph 2 of the Data Protection Act 2018 (health or social care purposes). Your data is de-identified and pseudonymised by Heidi before AI processing takes place. No identifiable audio recordings are permanently stored by Heidi. Heidi acts as a Data Processor under a formal Data Processing Agreement with Beautiful Life…Style Ltd. as Data Controller. No patient data is used to train any third-party large language model. You have the right to opt out of the use of Heidi; please see our Terms of Service (Clause 2.4) and your Consent Form for details.

As the data involved relates to your health, we shall ensure that any such consent obtained is explicit consent. Please note that without your consent to do this, we will be unable to offer you access to our clinic and services, as your health data is necessary for us to provide the support and information required.

  1. Who Will Have Access To Your Personal Data?

Internally, we only grant access to personal data (including special category personal data) to those people that need access to that data to carry out their role.

Externally, we may share personal data (including special category personal data) with the following categories of recipients, subject always to due respect for your privacy:

  • Our Service Providers:
    • The companies that manage our IT infrastructure (e.g., NECL Consulting, who provide our IT support).
    • Companies that provide us with cloud-based IT systems (e.g., Semble Software for practice management, data storage, booking, and managing records).
    • New

Heidi Health Ltd — our AI clinical documentation provider. Heidi processes health information discussed during your consultation to generate clinical notes, consultation summaries, and clinical correspondence on behalf of your clinician. Heidi acts as a Data Processor under a formal Data Processing Agreement with Beautiful Life…Style Ltd. All data is hosted on UK-based servers (Amazon Web Services UK infrastructure). Data is encrypted in transit and at rest. All notes generated by Heidi are reviewed, directed, and approved by your clinician before being saved to your clinical record. Heidi is fully compliant with the UK GDPR, the Data Protection Act 2018, ISO 27001, SOC 2, DTAC (Digital Technology Assessment Criteria), and Cyber Essentials. No patient data is used to train any third-party AI or large language model. Sub-processors engaged by Heidi are bound by data processing agreements restricting use of your data to the provision of the Heidi service only. We selected Heidi specifically because it is purpose-built for clinical environments and meets the highest standards of healthcare data protection.

    • Website Hosting providers (e.g., WordPress, GoDaddy).
    • Analytics providers (e.g., Google Analytics, provided by Google LLC).
    • Email Marketing providers (Mailchimp).
    • Payment Processors (e.g., Stripe, integrated with Semble).
    • External companies providing services to us such as blood testing and analysis (e.g., laboratory providers).
    • Xero for accounting purposes.
    • Professionals (accountant).
  • Our External Advisers: For instance, IT consultants, accountants and potentially lawyers in the future, when professional advice is required.
  • Your GP and other Medical Practitioners or Healthcare Professionals: Involved in your care or treatment, only where we have been given express permission to do so or we have cause to believe that you are a danger to yourself or others.
  • Our Regulators, Law Enforcement, Intelligence Services and Other Government Authorities: When they require us to do so. This includes the General Medical Council (GMC), the Information Commissioner’s Office (ICO), and the Care Quality Commission (CQC).
  1. Transfers of Your Information Outside of the United Kingdom

The UK has differing data protection laws than other countries, some of which may provide lower levels of protection of privacy. We generally store and process personal data inside the UK. However, it is sometimes necessary for us to share your personal data to countries outside the UK, for example, where the third parties who assist us in providing the services are outside of the UK. In those cases, we will comply with applicable UK laws designed to ensure the privacy of your personal data.

New

In relation to data processed via our Heidi AI clinical documentation tool: Heidi Health Ltd prioritises UK data sovereignty and all UK patient data is hosted within the United Kingdom on Amazon Web Services UK infrastructure. Some sub-processor redundancy facilities exist within the EU (Dublin, Ireland and Frankfurt, Germany); however, an adequacy decision between the UK and EU exists permitting such transfers, and all sub-processors are bound by appropriate data processing agreements. No identifiable patient data is transferred outside the UK/EU region.

We can provide more information on the countries outside of the UK to which we transfer your personal data on request.

  1. How We Keep Your Data Secure

We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.

We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

  1. When Will We Delete Your Data?

We will not keep your personal data for any longer than we need it for the purpose for which it is used. When it is no longer necessary to keep your personal data, we will delete or anonymise it. Different retention periods apply for different types of personal data:

  • Medical and Health Coaching Records: We retain patient and client records, particularly medical records, for a minimum of 8 years after the date on which we stop providing services to you, in line with UK medical guidelines for adult patients.
  • New

Heidi AI Clinical Documentation: Audio captured by Heidi during a consultation session is temporary and is not permanently stored. Transcripts and clinical notes generated by Heidi are retained on UK-based servers for the period configured by Beautiful Life…Style Ltd., after which they are irreversibly and permanently deleted. Once deleted, this data cannot be recovered by Heidi or any other party. The underlying clinical notes, once reviewed and approved by your clinician and saved to your clinical record (Semble), are retained in accordance with the Medical and Health Coaching Records retention period above (minimum 8 years).

  • General Enquiries and Marketing Data: If you make a general enquiry but do not become a patient or client, or if you subscribe to our marketing list, we will retain your data for a period of 2 years, unless you request earlier deletion.
  1. Your Rights

As a data subject, the law gives you certain rights in respect of the personal data that we hold about you. Below is a short overview of those rights (for more information please visit www.ico.org.uk).

  • The Right of Access: With some exceptions designed to protect the rights of others, you have the right to a copy of the personal data that we hold about you. Access is free of charge; however, we may make a reasonable charge for additional copies beyond the first, based on our administrative costs.
  • The Right to Correction (Rectification): You have the right to have the personal data we hold about you corrected if it is factually inaccurate. This right does not extend to matters of opinion.
  • The Right to Erasure (“the right to be forgotten”): In some limited circumstances, you have the right to have personal data that we hold about you erased. This right is not generally available where we still have a valid legal reason to keep the data.
  • The Right to Object: You have the right to object to our processing of your personal data where we rely on “legitimate interests” as our legal basis for processing, but we may be able to continue processing if our interest outweighs your objection.
  • The Right to Prevent Processing in Some Circumstances: You have the right in some circumstances to request that temporary restrictions are placed on how we process your personal data.
  • The Right to Opt Out of Marketing: You have the right to require us to stop using your personal data to send you marketing information. The quickest way is to use the “unsubscribe” links in our communications.

If you would like to exercise any of your rights, please contact us by emailing [email protected]. We will respond within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

  1. Complaints to the Regulator

We treat the protection of your personal data with the utmost importance but if you have cause to complain, we would always ask that you contact us first so we can attempt to resolve the matter for you.

However, you also have the right to lodge a complaint about our handling of your personal data with the Information Commissioner’s Office (ICO). Information about how to do this is available at www.ico.org.uk or you can contact them on 0303 123 1113 or via www.ico.org.uk/make-a-complaint.

  1. Withdrawing Consent

If we are processing your personal data on the basis of your consent, you have the right to withdraw that consent at any time, in which case we will stop that processing unless we have another legal basis on which to continue. Please be advised that in certain circumstances, withdrawal of consent to continue processing your personal data may have further impact on your future access to, or benefit from, our services or part of them.

In relation to Heidi specifically: you may withdraw consent to the use of Heidi at any time by notifying us in writing at [email protected] prior to your appointment. Please note that opting out of Heidi results in a higher consultation fee applying, as set out in Clause 6.8 of our Terms of Service, as manual note-taking requires significantly more clinician time. We will never refuse to provide services to you solely because you choose not to use Heidi.

  1. Changes to This Policy

We may change this privacy policy at any time. Where we make significant changes, for instance where we use your personal data for materially different purposes, we will email you to let you know.

Beautiful Life…Style Ltd. | Company No. 15794996 | 1st Floor Manor House, Main Road, Ryehill HU12 9NH | [email protected] | +44(0)7449915114 | CQC Registered

Download / Print