Privacy Policy V1.1
Last Updated: 31st December 2025
Effective Date: 31st December 2025
ANU CAPITAL LIMITED, trading as Emara Health, (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data.
We process personal information in accordance with applicable UK laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003.
This Privacy Policy (together with any documents referred to on it) set out how we collect, store and use your personal data when you interact with us (e.g., via our website – www.emarahealth.co.uk, phone, email, SMS, or in person) or use any of our services.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. If you have any questions about our Privacy Policy, please contact us by sending an email to admin@emarahealth.co.uk.
This Privacy Policy applies to personal information we collect about:
Visitors to our website
People who do business with us
People who utilise any of our services
Who We Are
emarahealth.co.uk (“our Website”) is owned and operated by ANU CAPITAL LIMITED (‘we’, or ‘us’, or ‘our’), a company incorporated and registered in England with the registration number: 16818531 and registered office address: (Anu Capital) 60 Bridge Street, Kington, United Kingdom, HR5 3DJ. ANU CAPITAL LIMITED trades as Emara Health.
We are registered with the Information Commissioner’s Office under registration number ZC016238.
For the purposes of applicable data protection law, we act as a data controller in respect of the personal data we process in connection with our administrative services and business operations. Where personal data is processed by third-parties e.g. surgeons, or healthcare providers, those parties act as independent data controllers in respect of the clinical services they provide. Those third parties may share relevant personal data with us where you have consented.
Our designated Data Protection Officer is Awais Ul-Hassan who can be contacted at admin@emarahealth.co.uk.
Information We Collect
Personal data, or personal information, means any information about an individual from which that person can be identified.
All our services are non-clinical services. We process your personal data to meet our legal and contractual obligations, and to provide you with our services. We will never collect any unnecessary personal data from you and do not process your data in any other way than specified in this Privacy Policy.
Personal data we may collect from you and process is:
Identity Data: including full name, email address, data of birth, home address, occupation, gender, telephone number, mobile number;
Health Data (Special Category Data): limited to information relevant for non-clinical administrative purposes, such as facilitating bookings with a third party.
Financial Data: including bank account and payment card details;
Transaction Data: includes details about payments to and from you and other details of products and services you have purchased from us;
Technical Data: includes information about how you use our website, products and services, internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;
Profile Data: includes purchases made by you or services that you have experienced, your interests, preferences, feedback and survey responses;
Marketing and Communications Data: includes your preferences in receiving marketing from us and your communication preferences. This may also include images/selfies, videos and written testimonials you send us and provide consent to be used in our marketing literature.
Website & Other Interactions: including your communications via post, email, phone, social media, form submissions online or in person, feedback submissions.
Security Data: CCTV recordings for security purposes.
It is important that the personal data we hold about you is accurate and current. You must inform us, at the earliest opportunity available, of change to your personal data.
Data Minimisation Principle
Emara Health collects only the health data necessary to provide the non-clinical services that we offer.
We do not collect full medical histories or unrelated clinical details.
Marketing images or optional personal information are collected only with separate explicit consent.
How We Collect Personal Data
We may collect personal data from you in the following ways:
Directly from you, when you:
Contact us via post, email or telephone
Engage with us on social media
Fill in forms online or in person
Visit or browse our website
Interact (open/click) with our emails
Request further information from us
Engage with our services
Make payments to us or require a refund
Make a payment through us or using us
Enter a competition, promotion or survey
Give us some feedback
In-person.
We may operate CCTV systems for security purposes.
We may collect personal data from third-parties
You may receive services from independent third parties, such as surgeons, clinics or hospitals. In connection with our non-clinical services, we may receive relevant personal data from those parties where you have requested this or where you have provided consent.
Communication Methods
We may communicate with you by telephone, SMS, email, and/or post. Note – if we call the telephone number(s) which you have provided, and our call is diverted to voicemail, we may leave a voice message.
Our communication might be:
To provide you with administrative updates and reminders e.g. about appointments with a third party;
To respond to enquiries or providing information you have requested; and
To ask you to complete a survey which is for the purpose of improving our service (not a form of marketing).
How We Use Your Personal Data (Legal Basis for Processing)
We share personal data only where necessary to operate our business and provide our non-clinical services, where you have asked us to do so or have provided consent, or where we are required or permitted to do so by law.
We retain personal data only for as long as necessary for the purposes set out in this Privacy Policy.
We do not sell your personal data.
Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.
Where you have given explicit consent.
The purposes and reasons for processing your personal data are:
We collect your personal data to carry out our obligations arising from any contracts entered into between you and us and to provide you with the services that you request from us;
We use your personal data to answer your queries, to provide you with the information that you request from us, to notify you about changes to our services and to better understand demand for our services;
We use your personal data to contact you regarding your appointments with third parties;
We use your personal data to provide non-clinical assistance and non-clinical services to you;
We collect your personal data to take payment and process refunds;
We collect your personal data to administer our website to ensure that content from our website is presented in the most effective manner for you and for your computer, and for internal operations, including troubleshooting, data analysis, testing, research and statistical purposes;
We collect and store your personal data as part of our legal obligations, for example business accounting and tax purposes;
We will occasionally send you marketing information. Such information will be non-intrusive;
We have set out below a description of the ways we plan to potentially use your personal data, and which of the legal basis we rely on to do so.
Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Please note that we will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please get in touch.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so or obtain your consent.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required and permitted by law.
Who Has Access
Emara Health staff: authorised non-clinical staff, role-based access
Independent third parties: such as surgeons, consultants, healthcare professionals, clinics, theatre facilities or venue providers, where access or sharing is necessary to provide non-clinical administrative services, and where you have requested this or provided consent.
Marketing partners: only with explicit consent and restricted access
Marketing & Promotional Offers
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have opted in for receiving that marketing.
We may use your Identity, Technical, and Profile Data to form a view on what we think may be of interest to you.
You can ask us to stop sending you marketing messages at any time following the opt-out links on any marketing message sent to you or by contacting us at any time. You can contact us by email: admin@emarahealth.co.uk.
Special Categories Data
Owing to the services that we offer, we may need to collect, store and process sensitive personal information (known as special category data) about you. Special category data is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and information concerning health.
Please note, Emara Health is not a healthcare provider and does not provide any form of medical treatments, medical diagnosis, medical assessments or medical advice. We may collect and process Health Data for the purpose of facilitating bookings with a third-party and to provide other non-clinical services. Where we collect such information, we will only request and process the minimum necessary for the specified purpose.
With the exception of Health Data, we do not collect any other special categories of personal data about you. Nor do we collect any information about religious or philosophical beliefs, political opinions, trade union membership, genetic and biometric information.
The lawful basis for this processing is your explicit consent in accordance with Article 9(2)(a) UK GDPR.
Administrative Facilitation and Booking Support (required):
You must provide explicit consent for Emara Health to collect and process limited health-related information for non-clinical administrative purposes, including:
recording your procedure(s) of interest submitted via our booking or enquiry forms;
sharing relevant information with, and receiving information from, independent third-parties (e.g. surgeons, medical professionals, clinics, hospitals or theatre providers) for the purpose of facilitating bookings and any relevant non-clinical administration; and
accessing or reviewing relevant clinical documents held by third-party providers only where necessary to support our non-clinical administrative service, respond to queries, or confirm booking-related details.
Any such access is limited in scope and purpose.
Emara Health does not provide medical advice, make clinical decisions, assess treatment suitability, or maintain a definitive medical record.
Marketing Consent (optional):
You may provide separate explicit consent for Emara Health to use images, videos, testimonials or other content you submit for marketing or promotional purposes. This consent is entirely optional.
You may withdraw your consent at any time by contacting us at admin@emarahealth.co.uk. Withdrawal of consent will not affect the lawfulness of processing carried out before the consent was withdrawn.
Information We Collect When You Visit or Browse Our Website
With regard to each of your visits to our website we may automatically collect the following information:
We use a third party server to host our website. This is located in the UK and provided by Krystal.io. When someone visits our website we use a third-party service, Google Analytics, to collect standard internet log information, details of visitor behaviour patterns, technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, geographical location, time zone setting, browser plug-in types and versions, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. Please note that this is statistical data about our users’ browsing activities and patterns. It is not used by us to directly identify individual visitors.
Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products/services you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website, and also allows us to make improvements to our website. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy.
We may also use Facebook Pixels from time to time
We collect and process the above personal data about you for the purposes of analysing the use of the website and services. The legal basis for this processing is your consent, where required by law. Strictly necessary cookies, which are essential for the operation and security of our website, are used on the basis of our legitimate interests.
Information from Third Parties
We may receive personal data about you from third parties which may include other businesses, independent surgeons, clinics or healthcare providers.
We may combine information received from third parties with information you provide to us and information we collect directly from you. We will use this information only for the purposes described in this Privacy Policy and in accordance with applicable data protection law.
Where a third party shares personal data with us at your request, or because you have asked that data to be shared, we will process that information on the basis of your consent.
Authorised Access To Clinical Records
To help provide our non-clinical services, we may, with your explicit permission, access or receive limited medical records, consultation notes or treatment-related documents held by independent third-parties e.g. surgeons, clinics or hospitals.
Purpose: Any access to such information is limited strictly to non-clinical purposes, such as confirming booking details. Our role is solely non-clinical. Emara Health does not provide medical advice, make clinical decisions, assess treatment suitability, or deliver healthcare services.
Lawful Basis: We process this information based on your Explicit Consent (Article 9(2)(a) UK GDPR).
Nature of Access: We generally view this data through third-party portals or software (such as Zanda).
Withdrawal: You may withdraw your consent at any time by contacting us at admin@emarahealth.co.uk. If consent is withdrawn, we may be unable to continue providing certain administrative services that rely on access to this information.
Children’s Privacy
Our website and services are intended only for people at least 18 years old. They are not intended for children. We do not knowingly collect personal data from anyone under 18. If we become aware that we have received information from someone under 18, we will simply delete it immediately.
You may only purchase our services if you are at least 18 years old.
Persons under the age of 18 shall not use our website and/or purchase our services.
It is possible that we could receive information pertaining to persons under the age of 18 by deception. If we are notified of this, as soon as we verify the information, we will immediately delete the information.
If a parent/guardian believes that we may have collected information, store, process information about their child, they can contact us at admin@emarahealth.co.uk to request that it be deleted. We may take reasonable steps to verify the identity of the requester before responding.
Data Processors and Data Sharing
ANU CAPITAL LIMITED, trading as Emara Health, uses certain third-party service providers (“data processors”) to support the operation of our business. These may include providers of hosting, analytics, customer relationship management, communications, payment processing and other technical or administrative services.
Where we use data processors, we ensure that agreements are in place requiring them to process personal data on our instructions and to comply with applicable data protection law. Our data processors are not permitted to use personal data for their own purposes or to disclose it to third parties except as permitted by lawful contract or required by law.
In addition, we may share personal data with independent third parties who act as their own data controllers, such as surgeons, clinics, hospitals or theatre providers, where this is necessary for non-clinical administrative purposes and where you have requested this or provided consent. These parties process personal data in accordance with their own privacy policies and legal obligations.
We may also disclose personal data:
where we are required to do so by law or a regulatory authority;
to professional advisers (such as accountants, insurers or legal advisers) where reasonably necessary for the operation of our business; or
where you have otherwise given consent.
Payment Processing
We use Stripe to process payments for our services. When you make a payment, you will provide your payment card details directly to Stripe. Stripe’s use of your personal information is governed by their Privacy Policy, which can be viewed at https://stripe.com/gb/privacy.
Failure to Provide Personal Data
Where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel providing a service or a product you have ordered; we will notify you if this is the case at the time.
Your Rights
Subject to few limitations on certain rights, your principal rights in relation to your personal information under data protection laws are set out below. You can exercise any of your rights in relation to your personal data by sending an email to: admin@emarahealth.co.uk.
Right to access
You have the right to access any personal information that we collect, store and processes about you and to request information about: what personal data we hold about you; the purposes of the processing; the categories of personal data concerned; the recipients to whom the personal data has/will be disclosed; how long we intend to store your personal data for; if we did not collect the data directly from you, information about the source. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
Right to rectification
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a lawful valid reason for not doing so, at which point you will be notified.
Right to erasure
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
Right to restrict processing
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
Right to object to processing
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
Right to data portability
Where applicable, you have the right to data portability of your information which means you have the right to receive your personal data from us in a structured, commonly used and machine-readable format.
Right to complain to a supervisory authority
If you consider that our processing of your personal information infringes data protection laws or are unsatisfied with how we have handled your personal information, you have the right to lodge a complaint with the supervisory authority.
The supervisory authority in the UK is the Information Commissioner’s Office (ICO), the contact details of which are:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
0303 123 1113
Right to withdraw consent
To the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.You can withdraw your consent to our processing of your personal data by emailing us at admin@emarahealth.co.uk or you can withdraw your consent to email marketing by using the unsubscribe link in such communications.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
Disclosure of Your Information
We do not share or disclose any of your personal data without your consent, other than for the purposes specified in this Privacy Policy, where there is a legal requirement or to enforce our Terms and Conditions.
We use a number of third parties to provide us with services necessary to run our business.
We use the below third parties to provide the below business functions and services. We disclose your personal information to these third party service providers only where necessary to enable us to run our business in the circumstances set out below.
They act in accordance with instructions from us and comply fully with this and their own privacy policy, the data protection laws and any other appropriate confidentiality and security measures.
We may disclose your personal data to our accountants, insurers and professional advisers insofar as reasonably necessary for the purposes of completing tax returns, obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We may disclose your personal data to our business partners, suppliers and sub-contractors insofar as reasonably necessary for the performance of any contract we enter into with you and/or where you have provided consent.
Financial transactions relating to our services may be handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
We may disclose your personal data to HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.
We may disclose your personal data to analytics and search engine providers that assist us in the improvement and optimisation of our website. We use Google Analytics on our website; Google uses this information, including IP addresses and information from cookies, for a number of purposes.
In addition to the specific disclosures of personal data set out above, we may disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If ANU CAPITAL LIMITED, substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
If Emara Health, substantially all of its assets are acquired by a third party, in which case personal data held by it will be one of the transferred assets.
If such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person, or in order to enforce or apply our Terms and Conditions and other agreements. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and debt collection agencies. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Transfers of Your Personal Data Outside the UK
The information that we collect from you may be transferred to, and stored in, countries outside the United Kingdom (“UK”).
We may use certain products or services that may be hosted or stored outside the UK. Where this occurs, we take steps to comply with applicable data protection law.
The UK government has approved the International Data Transfer Agreement (IDTA) and the UK Addendum to the EU Standard Contractual Clauses, which provide safeguards for personal information that is transferred outside the UK. We often use these when transferring personal data outside the UK.
How Long We Keep Your Data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We only ever retain personal data for as long as is necessary and we have a review and retention process in place to meet these obligations and compliance with UK data protection law.
We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, enforce our agreements, in order to protect your vital interests or the vital interests of another natural person, and as otherwise described in this Privacy Policy.
At the end of the period, your personal data will either be deleted or anonymised.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
Security
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and after it is received. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: secure hosting of our website, using an SSL certificate, verifying the identity of anyone who requests access to information prior to granting them access to the information, only sharing and providing access to your information to the minimum extent necessary.
Unfortunately, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, while we strive to protect your personal information, we can’t guarantee its absolute security.
If you have any questions about the security of your personal information, you can contact us at admin@emarahealth.co.uk.
In the unlikely event of a personal data breach, we have a procedure to notify the Information Commissioner’s Office (ICO) and, where necessary, affected individuals without undue delay.
Changes to Our Privacy Policy
We keep our Privacy Policy under regular review. If we change our Privacy Policy we will post the changes on this page, and we may also notify you of changes by email. Please check back frequently to see any updates or changes to our Privacy Policy.
Links to Other Websites
Our website contains links to other websites. This Privacy Policy only applies to this website so when you access links to other websites you should read their own privacy policies. We do not control these third-party websites and are not responsible for their privacy statements.
How to Contact Us
We welcome your views about our website and our Privacy Policy.
If you would like to contact ANU CAPITAL LIMITED, trading as Emara Health, with any queries or comments you can do so by:
Email at: admin@emarahealth.co.uk
