Privacy Policy

Empower All Training Privacy Policy (Patients, Clients and Clinicians) – 2025

Your privacy matters to us. At Empower All Training, we handle your information with care, confidentiality and respect — whether you come to us for healthcare, professional training or workplace wellbeing.

This Privacy Policy explains how we collect, use and protect your information in line with the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the requirements of Healthcare Inspectorate Wales (HIW).

1. Who this policy applies to

This Privacy Policy applies to three groups of people we support:

  • Patients who use our clinical and wellbeing services.

  • Clients who work with us through corporate workplace training.

  • Clinicians who take part in professional or accredited clinical training.

2. Who we are

Empower All Training Ltd
Address: [Insert Address]
ICO Registration: XXXXXXX
Data Protection Lead: Dr Rebeccah Tomlinson, Registered Manager

We provide healthcare, wellbeing and training services to help people and organisations thrive. Whatever your reason for connecting with us, you can expect the same standards of confidentiality and respect for your information.

If you have a question about privacy or how we handle your information, please contact us at privacy@empoweralltraining.co.uk.

3. The information we collect

The type of information we collect depends on the service you use:

  • Patients: name, contact details, date of birth, GP information, medical history, treatment plans, prescriptions, consultation notes, test results, billing and emergency contact details.

  • Clients: name, business contact information, job role, training participation records, billing and feedback details.

  • Clinicians: name, professional details, registration and qualification information, training outcomes and supervision records.

4. How we collect your information

Most of the information we collect comes directly from you. This might be through forms, questionnaires, conversations, consultations or online booking systems.

Sometimes, with your consent, we receive information from trusted third parties such as your GP, employer, accrediting body or a training partner.

We may also use cookies or analytics tools on our website to help us understand how people use it — as explained in our Cookie Policy.

5. How and why we use your information

We only collect the information we need to provide the best possible care, training and service. We use your information to:

  • Deliver clinical care, training or workplace programmes safely and effectively.

  • Communicate with you and manage your relationship with us.

  • Meet our legal, professional and regulatory obligations.

  • Improve our quality, safety and user experience.

We may use your information because you’ve given us permission, because it’s part of a contract with you, because we have a legal duty, or because it’s in our legitimate interest to do so.

For health information, we rely on the part of data protection law that allows us to provide health and social care.

6. Health and sensitive information

For patients using our clinical services, we collect health-related information that helps us to provide safe, evidence-based care. This might include information about your symptoms, medications, medical history, or personal factors relevant to your treatment.

For clinicians, this may include professional health information if required for occupational or educational purposes.

We will always explain why we need this information and ask for your clear consent before using it.

7. Who we share your information with

Your information is shared only when it’s necessary and appropriate. We may share information with:

  • Healthcare professionals involved in your care, but only with your agreement.

  • Training partners such as the British Menopause Society (BMS) or the Faculty of Sexual and Reproductive Healthcare (FSRH) for course accreditation.

  • Regulators such as Healthcare Inspectorate Wales (HIW) or the Information Commissioner’s Office (ICO), if required by law.

  • Our secure IT system providers, who are bound by strict data protection agreements.

We do not sell or share your data for marketing purposes.

8. Using anonymised information

Sometimes, we use anonymised information to look at patterns, measure outcomes, or evaluate how well our services are working.

This helps us improve what we do without identifying anyone personally. Anonymised information is stored securely within the United Kingdom and never used for advertising or commercial gain.

9. How long we keep your information

We keep information only for as long as it’s needed:

  • Clinical records – 12 years after your last contact.

  • Training and professional records – 6 years after completion.

  • Financial records – 6 years (to meet tax requirements).

  • Marketing and consent information – until you ask us to remove it.

10. Where and how we store your information

All personal, clinical and training data is stored securely on encrypted systems within the United Kingdom. We do not transfer your data outside the UK.

All systems used by Empower All Training meet NHS and ICO data security standards.

We conduct Data Protection Impact Assessments (DPIAs) before introducing new technology or systems that involve personal data, such as telemedicine or electronic records.

Empower All Training does not provide services to anyone under the age of 18.

11. Keeping your information safe

Protecting your privacy is everyone’s responsibility at Empower All Training. We use strong passwords, encryption and secure networks to keep your information safe.

Access is limited to staff who need it to do their job, and everyone receives regular training on confidentiality and data protection.

We operate a formal incident response process. If a data breach occurs, we will assess the impact and notify the ICO and any affected individuals when legally required.

All staff sign confidentiality agreements and complete annual data protection training to ensure your information is handled safely and respectfully.

12. Your rights

You’re in control of your information. You have the right to:

  • Ask for a copy of the information we hold about you.

  • Ask us to correct anything that’s wrong or out of date.

  • Ask for your information to be deleted, where legally possible.

  • Limit how we use your information.

  • Object to us using your information in certain ways.

  • Withdraw your consent at any time.

If you’d like to use any of these rights, please email privacy@empoweralltraining.co.uk.

We may need to verify your identity before releasing information. We aim to respond within one calendar month and will notify you if a request is particularly complex and needs more time.

13. If you have a concern or complaint

We want you to feel confident that your information is being handled properly. If you’re unhappy or unsure about anything, please contact us first so we can put things right:

Empower All Training Ltd
Address: [Insert Address]
Email: privacy@empoweralltraining.co.uk

If your concern relates to how we handle your personal data, you can contact:
Information Commissioner’s Office (ICO): www.ico.org.uk/make-a-complaint

If your concern relates to the quality or safety of care provided through our clinical services, you can contact:
Healthcare Inspectorate Wales (HIW): https://www.hiw.org.uk/provide-feedback-about-healthcare-service

14. Updates to this policy

We review this policy regularly to make sure it stays accurate and up to date. If we make significant changes, we’ll let you know through our website or when you next use our services.

This policy and information contained on our website are available in Welsh and alternative formats on request.

This version is effective from: November 2025
Owner: Registered Manager
Approved: November 2025
Review: November 2026

Copyright© Empower All Training ltd. All rights reserved.

privacy policy