Client Portal

Website Privacy Policy

Home Privacy-policy

Effective Date: June 19, 2025

Balance VA Limited

Website: www.balanceva.co.uk

  1. Introduction

    2. Balance VA Ltd (“Balance VA”, “we”, “us”, or “our”) respects your privacy and is committed to complying with its obligations under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and the Privacy and Electronic Communications Regulations (PECR).

    This Privacy Policy explains how we collect, use, share, and safeguard limited personal data collected through our website and outlines the nature of services we provide on behalf of our clinic clients across the UK.

    As a virtual assistant (VA) service provider to clinics, we primarily act as a data processor, not a data controller, for any patient or service user information we may access. This Policy applies exclusively to personal data collected via our own website and business operations, and not to patient data accessed through third-party clinical or insurance platforms, which remain under the control of those respective clinics.

  2. SCOPE OF POLICY

    3. This Privacy Policy applies to:

    • Visitors and users of our website balanceva.co.uk;
    • Individuals who contact us via web forms, email, or telephone;
    • Prospective clients or job applicants who interact with us.

    It does not apply to any patient data input into clinical, practice management, or insurance systems that belong to our healthcare clients. For such data, Balance VA operates solely under the instruction of the clinic as their data processor.

    Please also review our Cookie Policy for further details on how we use cookies and similar technologies.

  3. WHAT IS PERSONAL DATA?

    4. “Personal Data” refers to any information that relates to an identified or identifiable living individual. This includes information that can be used to identify a person directly (such as a name or email address) or indirectly (such as an IP address or unique identification number), when combined with other information.

    Under the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and related laws, Personal Data may include, but is not limited to:

    • Full names, postal or email addresses, and telephone numbers;
    • IP addresses, browser identifiers, or location data;
    • Employment or professional details;
    • Financial or transaction data;
    • Any information that, alone or combined with other data, could lead to the identification of a specific individual.

    Balance VA does not collect or retain patient personal data in the course of providing virtual assistant services to clinics and healthcare professionals. When our agents handle communications on behalf of clinics, such as answering calls, booking appointments, or assisting with insurance-related tasks, they do so by securely logging into the software systems provided and controlled by the clinics themselves. All patient-related data is entered directly into these external systems, which are owned and managed by the clinics or their authorised third-party service providers.

  4. HOW IS YOUR PERSONAL DATA COLLECTED?

    5. While Balance VA does not collect or retain any patient data, we may collect limited personal data from individuals who engage with us directly—such as clients, website visitors, applicants, or business contacts. The types of personal data we collect may include:

    • Identity Data, such as your name, job title, or role within your organisation.
    • Contact Data, including your business email address, phone number, and correspondence address.
    • Technical Data, such as your IP address, browser type, geographical location, and usage patterns when visiting our website.
    • Communications Data, including messages submitted via our website forms or email, such as general enquiries, feedback, or requests for information.
    • Recruitment Data, such as CVs, cover letters, and other information provided when applying for a position with us.

    We collect this data when:

    • You submit an enquiry through our website or contact us by email;
    • You apply for a job with Balance VA or submit a speculative application;
    • You sign up to receive marketing updates, newsletters, or service-related communications.
  5. LEGAL BASIS FOR PROCESSING

    6. Under the UK General Data Protection Regulation (UK GDPR), we are required to process personal data lawfully, fairly, and transparently. Depending on the nature of your interaction with us, we rely on one or more of the following lawful bases:

    • Consent – where you have provided clear and informed consent, such as when you opt in to receive marketing communications.
    • Contractual necessity – where processing is necessary to enter into or perform a contract with you, for instance when managing a service agreement or evaluating a job application.
    • Legitimate interests – where processing is necessary for our legitimate business purposes, such as internal administration, responding to enquiries, recruitment, or improving our website and services, provided your rights and freedoms are not infringed.
    • Legal obligation – where processing is necessary to comply with applicable legal or regulatory requirements.

    We do not use your personal data for any purposes that are incompatible with those stated above, and we never process your data in a manner that would be considered unfair or unlawful.

  6. USE OF YOUR PERSONAL DATA

    7. We use your personal data solely for legitimate, and clearly defined purposes that are necessary for the smooth functioning of our services and the effective management of our relationship with you. These purposes include responding to your enquiries or contact requests, providing you with information about our services, and offering customer support. If you apply for a job with us, we use your data to manage the recruitment process, including reviewing CVs and coordinating interviews. When you register for an account or sign up for our services, we use your information to create and maintain your customer profile, process and deliver services to you, and administer your account securely.

    We also process data to improve the performance, functionality, and security of our website, and to ensure it operates effectively for all users. Usage data is analysed to better understand how visitors interact with our content, which helps us enhance user experience, optimise engagement, and tailor our services to meet customer needs. With your explicit consent, we may send you marketing materials, updates, and personalised recommendations based on your interests or interactions with us. We may also invite you to participate in surveys or feedback activities and use the insights to carry out market research and improve our offerings.

    Importantly, we do not use your personal data for profiling, automated decision-making, or targeted advertising without your clear and informed consent. All use of personal data is done in compliance with applicable data protection laws, and we are committed to handling it with transparency, purpose, and care.

  7. DATA SHARING AND DISCLOSURE

    8. We treat your personal information with care and discretion. We only share personal data where necessary and with trusted third parties who are subject to appropriate data protection obligations. These may include:

    • IT service providers, such as those supporting our website and email infrastructure;
    • Law enforcement authorities or regulatory bodies, if we are legally required to do so;
    • Legal, financial, or insurance professionals, for compliance, audit, or advisory purposes;
    • Website analytics providers, for improving user experience and traffic monitoring;
    • Clinic partners, where your interaction specifically relates to a referral, booking, or communication you have initiated;
    • Recruitment and HR service providers, in connection with the hiring process.

    We do not sell, rent, or trade your personal data with any third parties for marketing or commercial purposes.

  8. INTERNATIONAL DATA TRANSFERS

    9. In some instances, your personal data may be transferred to and processed in countries outside of the United Kingdom. This is most likely to occur when we use service providers or platforms with servers located abroad. When such transfers take place, we ensure your data is protected by implementing appropriate safeguards, such as:

    • Confirming the destination country has been granted an adequacy decision by the UK government;
    • Using Standard Contractual Clauses (SCCs) approved by the Information Commissioner’s Office (ICO);
    • Relying on Binding Corporate Rules adopted by multinational service providers.

    We take all reasonable steps to ensure that your privacy rights remain protected when your data is processed internationally.

  9. DATA SECURITY

    10. We take the security of your personal data seriously and implement a robust combination of technical and organisational measures to protect it against accidental loss, misuse, or unauthorised access. These measures include the use of SSL/TLS encryption to secure data transmitted through our website, role-based access controls to ensure that only authorised personnel can access sensitive information, and secure login protocols when interfacing with third-party platforms or clinic systems. 

    Additionally, we regularly conduct internal reviews and security assessments to evaluate and strengthen our data protection practices. While we are committed to maintaining high standards of security, it is important to note that no method of online transmission or electronic storage is entirely foolproof. Therefore, although we do our best to safeguard your information, we cannot guarantee absolute security, and any data you share with us is at your own risk.

  10. DATA RETENTION

    11. We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or to meet legal, regulatory, or contractual requirements. Typical retention periods include:

    • General enquiries and contact forms – retained for up to 12 months from the date of last contact;
    • Job applications and CVs – retained for up to 12 months unless the applicant is hired, in which case data may be stored in accordance with employment law and HR best practices;
    • Business and contractual records – retained for 6 to 7 years to comply with financial and tax regulations.

    We reiterate that Balance VA does not store or retain any patient data under any circumstances, as all such data is entered into and managed via secure third-party clinic systems.

  11. YOUR RIGHTS UNDER UK GDPR

    12. As a data subject under the UK GDPR, you have a range of rights regarding the personal data we hold about you. These include:

    • The right of access enables you to receive a copy of your personal data.
    • The right to rectification enables you to ask us to correct any inaccurate or incomplete personal data.
    • The right to erasure enables you to ask us to delete your personal data in certain circumstances, for example where it is no longer necessary for us to process it.
    • The right to restrict processing enables you to ask us to halt the processing of your personal data in certain circumstances, for example if you want us to verify its accuracy or our legitimate interests in processing it.
    • The right to object enables you to object to your personal data being processed on the basis of our legitimate interests (or those of a third party). We will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for the exercise or defence of legal claims. Where we use your personal data for direct marketing purposes, you can always object and opt out of future marketing messages using the unsubscribe link in such communications.
    • The right to data portability enables you to ask us to transmit the personal data, that you provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party.

    If you wish to exercise any of these rights, please see Contact Us below. We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request where there is a legal basis to do so, or if it is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.

  12. CHANGE OF PURPOSE

    13. We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another purpose that is compatible with the original one. If we need to use your data for a new, unrelated purpose, we will notify you in advance and explain the legal basis that allows us to do so.

    If we rely on your consent as the legal ground for processing and wish to change the purpose, we will seek your explicit consent before proceeding. You have the right to withdraw your consent at any time.

    We ensure that any change of purpose respects your rights and expectations under applicable data protection laws, particularly the UK GDPR.

  13. COOKIES

    14. Our website uses cookies and similar technologies to provide a better user experience, gather anonymous analytics data, and improve the functionality of our online services. Cookies are small text files placed on your device when you visit our website. They help us understand how visitors interact with our content, monitor technical performance, and make improvements.

    You can manage or disable cookies through your browser settings. For full details on how we use cookies and how you can control them, please refer to our Cookie Policy.

  14. THIRD-PARTY LINKS

    15. Our website may contain links to third-party websites or resources that are not operated by Balance VA. These external sites have their own privacy policies and terms of use, which we do not control. We encourage you to read their policies before submitting any personal data. Balance VA accepts no responsibility or liability for how third-party websites handle your information.

  15. CHILDREN’S POLICY

    16. Our services are not directed to individuals under the age of 13 (or the relevant age of digital consent in your jurisdiction, such as 16 in certain EU member states), and we do not knowingly collect personal information from children without verifiable parental consent. If you are a parent or guardian and you believe that your child has provided us with personal data, please contact us immediately. We will take steps to delete such information from our records promptly.

    If we become aware that we have inadvertently collected personal information from a child without appropriate consent, we will take immediate action to remove the information and ensure compliance with applicable data protection laws.

  16. CONTACT US

    17. If you have any questions about how we handle your personal data, or if you want to exercise any of your rights, please contact us at:

    Email: legal@balanceva.co.uk

    Address: 2 Neptune House, 2 Marina Bay, Gibraltar GX11 1AA.

    All requests will be dealt with promptly and efficiently. You also have the right to lodge a complaint with the Information Commissioner’s Office at any time. 

  17. CHANGES TO THIS POLICY

    18. We reserve the right to change this Privacy Policy from time to time at our sole discretion. If we make any changes, we will post those changes here.  However, if we make material changes to this Policy, we will notify you by means of a prominent notice on the website prior to the change becoming effective.