Privacy policy

We only collect the personal information you knowingly provide to us – such as your name, organisation, job title, email address or phone number – plus anonymous data about how you use our website. We collect this information so we can answer your questions, provide our services, improve our site and send you relevant updates if you ask us to.

We follow the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Data (Use and Access) Act 2025. We keep your personal data secure, only use it for legitimate purposes and do not sell it. You can ask us what data we hold about you, ask us to correct it or ask us to delete it at any time. If you have any concerns about how we handle your data, please contact us using the details below.

Data controller and contact

Hippocr8es Technology Ltd (HTL) is the data controller for personal data collected via this website.

  • Company name: Hippocr8es Technology Ltd
  • Company number: 15360882
  • VAT number: 503633226
  • Place of registration: England and Wales
  • Contact: You can reach us via hello@h8stl.com for any privacy‑related questions, to exercise your data rights or to raise a concern about how we use your personal data.

Data we collect

We collect the following categories of personal data:

  • Contact information: When you fill out a contact form, request a demo, sign up for our newsletter or communicate with us, you may provide your name, job title, organisation, email address, phone number and other contact details.
  • Communications: We keep records of emails, form submissions and other communications you send to us so that we can respond to and manage your enquiry.
  • Website usage data: We collect information about how you use our website, including your IP address (anonymised or truncated so it is not personally identifiable), browser type, device, pages visited and the date and time of your visits. This data is collected via cookies, analytics tools and server logs.
  • Marketing and CRM data: If you subscribe to updates or register for events, we record your preferences and interactions in our customer‑relationship management (CRM) system so that we can manage our communications with you.
  • Cookies and tracking technologies: We use cookies and similar technologies to remember your preferences and help us understand how visitors use our site.

We do not collect special categories of personal data (such as health, ethnicity or financial details) through our website.

How we use your data

We process personal data for these purposes and rely on the lawful bases indicated below:

  1. Responding to enquiries and providing services – We use your contact details and communications to respond to your requests, provide customer support and deliver the services or training programmes you request. *Lawful basis:* legitimate interests (our interest in answering your queries) or performance of a contract where we have a contractual relationship.
  2. Administrative communications – We may send you important notices about your account, changes to our services, terms or policies. *Lawful basis:* legitimate interests or performance of a contract.
  3. Marketing communications – If you sign up for newsletters or express interest in our events or training, we may send you relevant updates. We will only do this with your consent or where we have an existing relationship and it is lawful to rely on our legitimate interests. You can opt out at any time by clicking the unsubscribe link or contacting us.
  4. Improving our website – We analyse anonymised website usage data and collect statistical information using cookies or similar technologies to understand how visitors use our website and to improve its performance and content. The Data (Use and Access) Act 2025 introduces new exemptions under the Privacy and Electronic Communications Regulations allowing organisations to collect statistical information about how online services are used without explicit consenthttps://www.gov.uk/government/publications/data-use-and-access-act-2025-factsheets/data-use-and-access-act-factsheet-pec-regulations#:~:text=Description%20of%20measure%20The%20DUAA,using%20technologies%20such%20as%20cookies. We rely on these exemptions where appropriate and ensure that data collected is aggregated and does not identify individuals.
  5. Legal obligations and compliance – We may process and retain personal data to comply with legal obligations (for example, responding to regulatory requests or court orders) or to protect our legal rights and those of others. This includes compliance with the Data (Use and Access) Act 2025, the UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations, cyber‑security standards and the NHS Data Security and Protection Toolkithttps://digital.nhs.uk/services/data-security-and-protection-toolkit#:~:text=The%20Data%20Security%20and%20Protection,NHS%20patient%20data%20and%20systems.

We will not process your personal data for purposes incompatible with those above and we do not sell your personal data.

Who we share data with

We only share personal data where necessary:

  • Service providers – We use trusted third parties to provide hosting, analytics, CRM, email and cloud services. These providers act on our instructions and are required to comply with the UK GDPR and protect your data.
  • Professional advisers – We may share data with our accountants, lawyers or consultants where necessary for business, tax or legal reasons.
  • Regulators and authorities – We may disclose personal data if required by law, a court order or a regulatory authority (such as the Information Commissioner’s Office) or to protect our rights, property or safety.

We do not sell or share personal data with advertisers.

International transfers

Our website and data processing may involve transferring personal data outside the UK (for example, when we use cloud or analytics services hosted in other countries). When we do so, we rely on appropriate safeguards such as adequacy regulations, the International Data Transfer Agreement or standard contractual clauses to ensure your data remains protected.

Data retention

We retain personal data only for as long as necessary to fulfil the purposes described above and to meet legal or regulatory requirements. Our typical retention periods are:

  • Contact and CRM data: up to 6 years after our last communication or your last interaction with us (for example, to comply with company, tax and contract obligations).
  • Website analytics data: 14–26 months depending on the analytics provider.
  • Communications and enquiries: up to 1 year after we resolve your enquiry, plus a reasonable period to handle any follow‑up.

We periodically review the data we hold and securely delete or anonymise it when it is no longer needed.

Data security

We take data security seriously and employ physical, technical and organisational measures to safeguard personal data. Our measures include:

  • Encryption & secure connections: Our website uses HTTPS (SSL/TLS) to encrypt data transmitted between your browser and our servers.
  • Access controls: Only authorised personnel and service providers with a need to know can access personal data.
  • Cyber Essentials Plus certification: We follow UK Government cyber‑security standards and maintain Cyber Essentials Plus accreditation to protect against common threats.
  • NHS Data Security and Protection Toolkit (DSPT): As an organisation working with NHS data, we comply with the DSPT and the National Data Guardian’s 10 data security standardshttps://digital.nhs.uk/services/data-security-and-protection-toolkit#:~:text=The%20Data%20Security%20and%20Protection,NHS%20patient%20data%20and%20systems.
  • Regular updates and testing: We keep our software patched and conduct periodic risk assessments, penetration tests and security reviews.

If you suspect any unauthorised access to or misuse of your personal data, please contact us immediately at hello@h8stl.com.

Your rights

Under data protection laws you have rights including:

  1. Right of access: You can ask us for a copy of your personal data.
  2. Right to rectification: You can ask us to correct inaccurate or incomplete data.
  3. Right to erasure: You can ask us to delete your personal data in certain circumstances.
  4. Right to restrict processing: You can ask us to suspend processing of your data in specific situations.
  5. Right to data portability: You can request that we transfer your data to another organisation in a structured, commonly used and machine‑readable format.
  6. Right to object: You may object to processing based on our legitimate interests or to direct marketing at any time.
  7. Right to withdraw consent: Where we rely on consent, you can withdraw it at any time.

To exercise these rights, please email **hello@h8stl.com**. We may need proof of your identity and will respond within one month.

Under the Data (Use and Access) Act 2025, organisations may pause (“stop the clock”) the response time for subject access requests if further information is required from the requesterhttps://www.gov.uk/guidance/data-use-and-access-act-2025-data-protection-and-privacy-changes#:~:text=2. We will notify you if we need more details to fulfil your request and will then continue to process it in a timely manner.

If you believe we are not handling your data properly, you can complain to the UK Information Commissioner’s Office (ICO). However, we would appreciate the chance to resolve your concerns first.

Cookies and tracking technologies

A cookie is a small text file that is downloaded onto your device when you visit a website. Cookies store information about your preferences or past actions. We use cookies and similar technologies to:

  • Recognise your device and remember your preferences.
  • Provide core website functionality (for example, to remember items in a cart or secure forms).
  • Collect statistical information to improve our website and services. The Data (Use and Access) Act 2025 introduces new exceptions allowing analytics or similar technologies to collect statistical information about how online services are usedhttps://www.gov.uk/government/publications/data-use-and-access-act-2025-factsheets/data-use-and-access-act-factsheet-pec-regulations#:~:text=Description%20of%20measure%20The%20DUAA,using%20technologies%20such%20as%20cookies. We may rely on these exceptions for low‑risk analytics cookies that collect aggregated data aimed at improving our services.

Types of cookies we use

  1. Essential cookies: These cookies are necessary for the website to function and cannot be switched off. They enable core features such as security, network management and accessibility.
  2. Analytics cookies: These cookies collect anonymised information about how visitors use our website, such as which pages are most popular and how users move around the site. We use this data to improve the performance and content of our website. Under the new DUAA rules, these cookies may not always require consent, provided they are used solely for statistical purposes and do not identify youhttps://www.gov.uk/government/publications/data-use-and-access-act-2025-factsheets/data-use-and-access-act-factsheet-pec-regulations#:~:text=Description%20of%20measure%20The%20DUAA,using%20technologies%20such%20as%20cookies. However, we still display a cookie banner and provide the option to decline or accept these cookies, in line with the ICO’s guidancehttps://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guide-to-pecr/cookies-and-similar-technologies/#:~:text=You%20must%20tell%20people%20if,be%20actively%20and%20clearly%20given.
  3. Preference cookies* These cookies remember choices you make (such as cookie preferences) and provide enhanced, more personalised features.

Managing cookies

When you first visit our website, a banner will inform you that we use cookies and will allow you to accept or reject non‑essential cookies. You can change your preferences at any time by selecting the cookie settings link in the banner or adjusting your browser settings. Most browsers let you refuse or delete cookies. Blocking essential cookies may affect the website’s functionality.

Further information

For more details about cookies, visit the ICO’s guidance on cookies and similar technologieshttps://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guide-to-pecr/cookies-and-similar-technologies/#:~:text=You%20must%20tell%20people%20if,be%20actively%20and%20clearly%20given. We will update our cookie practices if the ICO’s revised guidance changes after the Data (Use and Access) Act 2025 comes into full forcehttps://ico.org.uk/for-organisations/advice-for-small-organisations/privacy-notices-and-cookies/cookies-and-privacy-notices-in-detail/#:~:text=Cookies%20and%20privacy%20notices%20in,detail.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the law or our practices. If we make material changes, we will notify you by email (if you have given us your contact details) or by posting a notice on our website. Otherwise, the last updated date at the top of this document will be changed. Please review this policy periodically.

curia
cyber-essentials-plus
ukai
All rights reserved. Copyright Hippocr8es Technology Ltd 2025.

We use cookies

We use essential cookies to make our site work. With your consent, we may also use non-essential cookies to improve user experience, personalise content, and analyse website traffic. For these reasons, we may share your site usage data with our analytics partners. By clicking 'Continue', you agree to our website's cookie use as described in our Cookie Policy.