Onko Privacy Policy

Onkohealth Ltd
Privacy Policy

3rd November 2020


  • These general terms and conditions (hereinafter referred to as “Terms”) are an integral part of the contractual relationship between you and Onkohealth Limited (trading as, and hereinafter referred to as Onko) regarding all services and products (hereinafter “Services”) of Onko.
  • The purpose of the health services delivered by Onko is to provide you with support, information and advice to help you improve your health based on the latest scientific evidence.
  • Onko cannot replace the advice of a doctor, or provide medical advice, diagnosis or treatment.

Healthcare services

  • Onko provides services on behalf of the NHS and private healthcare providers in specific regions. Requirements for each service are specified in a contract with the local commissioning body, if you would like more information on your local service, please email enquiries@onkohealth.co.uk      

Self-Pay Services

  • You can book self-pay services of Onko by contacting us directly or your treating doctor can refer you to us.
  • The contract is concluded with the acceptance of your booking with our healthcare professional. Onko can provide you with Services at any time with immediate effect. Both Onko and you can cancel, without giving any reason, by e-mail to your healthcare professional or, e-mail to enquiries@onkohealth.co.uk.
  • In the event of termination, you must provide notice before the billed period end, and no refund for the Services not yet received can be offered. If Onko makes the termination due to important reasons, such as due to incorrect information, Onko may retain all payments already received. Agreed consultations must be cancelled at least 48 hours in advance to be eligible for a refund and notice to reschedule appointments must be received at least 24 hours in advance to avoid a cancellation charge, otherwise all appointments will be charged (note, health insurers do not cover this cancellation charge and therefore it will be charged to you, even if you have health insurance).

Self-pay Services running time

  • The term of a contract is determined by the agreed Service. The contract expires at the end of this term, without any express termination being required.

Self-pay Services prices

  • All prices are exempt from VAT as Onko provides healthcare services delivered by registered healthcare professionals. We reserve the right to change prices.

Self-pay Services payment terms

  • If you have Private Health Insurance cover, the services of Onko will be invoiced directly to your health insurance company.
  • The following conditions apply to people who self-pay: Onko’s services are invoiced monthly in advance. All invoices are payable, net without deduction, within 7 days. Onko can withhold or interrupt its services until payment is received.

Self-pay Services settlement of payments

Data protection

  • If you accept Onko Terms and Conditions, you are confirming our Privacy Statement has been read, understood and accepted.
  • In using your data, Onko will abide by the relevant data protection legislation.

Notifications if there is a change in your personal data

  • Users of Onko’s services are obliged to inform us if any of your personal data becomes inaccurate due to a change in your circumstances.

Limitations of liability

  • The services of Onko do not replace the advice given by your doctor. Please consult with a doctor for any health issues, concerns or circumstances. Do not delay or disregard medical advice based on information from Onko.
  • Any changes you make following advice from an Onko healthcare professional are at your own risk. Onko assumes no responsibility either directly or indirectly for damage, health problems or inconvenience used by the use or misuse of the information provided by Onko.
  • You are responsible for any consequences resulting from misstatements.
  • You agree to keep your password confidential for your user profile. If you pass on your password to a third party, you are responsible and liable for all executed user actions.
  • Onko is only liable for intent and gross negligence. Liability for slight negligence is excluded.


  • Materials of Onko (e.g. questionnaires, guides, worksheets, etc.) are the property of Onko or have been licensed and are protected in whole or in part by copyright. They may be passed on to third parties only with the written consent of Onko.

Changes and additions

  • Onko reserves the right to amend and supplement the Terms and Conditions and Privacy Policy at any time.

Assignment of rights

  • Your claims arising from a contractual relationship with Onko shall be transferable only with the written consent of Onko.

Applicable law / jurisdiction

  • The contractual relationship between the customer and Onko is subject exclusively to English law and shall be subject to the exclusive jurisdiction of the courts of England and Wales.

Privacy statement

  • We typically use your personal information to provide you with an evidence-based health coaching programme.
  • We will only share your data with a referring or connected healthcare professional if clinically relevant.
  • We keep your data secure and treat it in accordance with data protection laws.

Privacy Notice

Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

Our principles for processing personal data are:

  • Fairness and lawfulness: When we process your personal data, the individual rights of the Data Subjects are protected. All personal data is collected and processed in a legal and fair manner.
  • Restricted to a specific purpose: The personal data of you, the Data Subject is processed only for specific purposes.
  • Transparency: You, the Data Subject are informed of how your data is being collected, processed and used.

Please read this policy carefully to understand how we will treat your personal data.

1. Who are we?

Onko is a health coaching service for people affected by cancer. Onko is a company incorporated in England and Wales with registered number 11096924. Registered address Price Mann & Co, 447 Kenton Road, Harrow, HA3 0XY.

Onko is a “data controller”. This means we are responsible for deciding how we hold and use personal information about you.

2. Our Data Protection Officer

The Data Protection Officer (DPO) is responsible for overseeing what we do with your information and monitoring compliance with data protection laws.

If you have any queries or concerns about our use of your personal data, you can contact our Data Protection Officer by writing to:

3. Why are we collecting your information?

The information that you provide to us is required for us to;

  • contact you to book a healthcare professional appointment following a referral from your healthcare provider or via you providing us your information directly.
  • provide you with our Onko app, enabling you to input relevant activity and health information so that our healthcare professionals can provide you with tailored guidance and support based on your specific requirements wherever and whenever you need it.

The personal data we would like to collect from you can be collected in a number of ways including:

  • in our initial telephone call with you after your (self-) referral
  • in any face-to-face or telephone appointments with our healthcare professionals
    when you input information into our Onko app
  • when you report a problem with our Onko app
  • when you contact our support or customer service teams
  • financial information about you including but not limited to your bank account, or the financial information of your insurer or sponsor relating to your care with us.

Information collected automatically about you

  • If you choose to use the Onko app information automatically collected about you through your use of our Onko app
  • If you choose to use the Onko app and share your activity data, information collected through connected external apps, such as activity trackers
  • recording of your telephone calls with our customer service team and healthcare professionals.

Information collected from third parties

  • information provided by your referring healthcare professional (e.g. your GP) on referral and throughout your use of our services.

We may collect and process the following data about you:

  • Information you provide when you use our website www.onkohealth.co.uk (the “website”) or other media by which you use our services. This includes information provided by you at the time you place an order for any of our products or services.
  • If you have provided us with the personal data of another person, you confirm that he/she consents to the processing of his/her personal data and that you have informed him/her of our identity as a data controller and provided him/her with a copy of this Privacy Policy.
  • We may collect information about you using website tracking tools such as Google Analytics to analyse behaviours of our website visitors this will track information about your mobile phone, computer or other device from which you access the website. Such information may include your domain name and IP address, details of your computer operating system and browser, the website you visited prior to visiting our website and unique number identifiers that are automatically generated by our systems when you visit our website. This will include details of the choices you make on our website indicating whether you wish to receive information on our services, for example when signing up to receive our newsletter.
  • Some of this information is retained in “cookie” files on your computer. These files retain useful information that can speed your navigation through frequently visited sites. They can also retain records that track site usage, preferences and passwords. These cookies can be disabled or deleted by activating the setting on your browser if you do not wish them to be used. However, if you select this setting you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log in to our website.

Source of data

The source or where Onko obtained the personal data from if it has not been collected directly from you, the data subject. Note if the personal data has been accessed from publicly accessible source

Data is collected directly by Onko in a variety of ways, including but not limited to, registration forms, online forms, meetings, assessments and consultations, via the Onko app, through our website cookies (see our Terms and Conditions for more information on the cookies we use), through Fitbit data sent via our patients, through phone calls and email communications.  

4. What do we do with your information?

We process your data in accordance with Article 6 (1) and Article 9 (2) of GDPR for the following purposes:

Arranging and conducting an appointment with a healthcare professional

Our healthcare professionals use your information to provide tailored advice and guidance.

Use of the Onko app

When you use the Onko app we may use your personal data to:

  • register you to use the app;
  • administer the app and for internal operations such as to help diagnose problems with our server infrastructure, trouble shoot, analyse data and other administrative purposes;
  • improve the app and to ensure that content is presented in the most effective manner for you and your smartphone;
  • allow you to participate in interactive features of our service when you choose to do so;
  • keep the app safe and secure;
  • To assist us in developing new and improved products as indicated by user practice and preferences, based on our analysis of patterns of site usage.
  • improve the services we offer; and
  • if you report a problem with the app, use your personal data to investigate and resolve the reported problem.

To improve the services we offer

  • To ensure the products and services you have chosen are delivered to you in the most effective way, and to assist with the performance of our internal contract, accounting and administrative functions.
  • To provide you with details of changes to our products or of other product offerings which we believe may be of interest to you from Onko. We will not share your data with third parties for marketing purposes unless we have procured your express consent to do so.

5. What happens if you do not provide your personal information?

Arranging and conducting a healthcare professional appointment

We will only be able to offer you an appointment if we have access to certain types of personal data. To access these services, you will, from time to time, be asked to submit personal data about yourself. If you do not provide that personal data, we will not be able to offer those services to you.

Use of the Onko app

If you do not agree for us to use your personal information when you use the Onko app, you cannot use the Onko app.

6. Complying with data protection law

We will comply with data protection law. At the heart of data protection laws are the “data protection principles” which say that the personal information we hold about you must be:

  • used lawfully, fairly and in a transparent way;
  • collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  • relevant to the purposes we have told you about and limited only to those purposes;
  • accurate and kept up to date;
  • kept only as long as necessary for the purposes we have told you about; and
  • kept securely.
7. What is the lawful basis for using your information?

In accordance with the data protection laws, we need a “lawful basis” for collecting and using information about you. There are a variety of different legal bases for using personal data which are set out in the data protection laws.

The lawful basis on which we rely in order to use the information which we collect about you for the purposes set out in this statement will be:

  • Legitimate interest:
    • Legitimate interest is the lawful basis for processing personal data within Onko’s self-pay services. Using your information will be necessary for our legitimate commercial interest and our interest is not outweighed by the potential impact on your privacy.
  • Public interest:
    • Public interest is the lawful basis for processing personal data within Onko’s commissioned services. Processing your information is necessary for the performance of a task carried out in the public interest laid down in law, i.e. the provision of care.
  • Consent:
    • It is possible that you may give us your consent to use your information for a particular purpose. Consent is the lawful basis for processing personal data only in situations where consent is required, e.g. where an Onko service is being evaluated by an externally appointed provider.

Provision of health or social care:

The lawful basis on which we rely in order to use special categories of personal data which we collect about you for the purposes set out in this statement, e.g. ethnicity, is the provision of health or social care.

8. Sharing information

Whilst we are providing you with a coaching programme, relevant personal data will be shared with your referring healthcare professional and clinical team for the purposes of further caregiving.

We may disclose your personal information to third parties in the following circumstances:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If we, or substantially all of our assets, are acquired by a third party, in which case personal data held about our customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data to comply with any legal obligation.
  • To enforce or apply our Terms and Conditions and other agreements.
  • If it is required to do so to deliver our services. We sometimes outsource certain functions of our business to service providers: some of these service providers may use cloud-based systems: in that case, your personal data would be hosted on their servers, but under our direction and control.
  • To protect the rights, property or safety of Onko our customers or others.
  • Where we have received your permission for us to do so.
  • Any third party which assists us in providing the Services as part of your extended care, including but not limited to, marketing or payment processors.
  • Any third party which assists us in monitoring use of the Services, including the detection and prevention of fraud and collusion in order to comply with any applicable law, regulation, legal process or government request.
  • Any contractors or other advisers auditing any of our business processes or who have the need to access such information for the purpose of advising us.
  • Any law enforcement body which may have any reasonable requirement to access your Personal Information.
  • Any regulatory body or authorised entity which may have any reasonable requirement to access your Personal Information.
  • Any potential purchaser of Onko or any investors in it or in any company within our Group (including in the event of insolvency).

If at any time you wish us to stop processing your Personal Information for the above purposes, then you may contact our Data Protection Officer via email enquires@onkohealth.co.uk.

9. Security of your data

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instruction, and they are subject to a duty of confidentiality. Details of these measures may be obtained from our Data Protection Officer be emailing enquiries@onkohealth.co.uk. All information you provide to us is stored on our secure servers.

Where we have given you (or where you have chosen) a password which enables you to access the Onko app, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Please note that data is stored within the Onko app on your mobile device, and the security of that data depends on your device. If your smartphone is lost or stolen, there is a risk that your data will be accessed. We encourage you to password-protect your smartphone and use a device that includes encryption.Onko will not be held liable for security breaches affecting personal devices held by our customers and will not be held responsible for loss of data resulting from an insecure device not featuring password protection or enhanced encryption.

10. Retention period

Onko takes appropriate measures to ensure that any information collected from you is kept only for so long as is necessary for the purpose for which such information is used.

To determine the appropriate retention period we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a user of our clinical services we will retain and securely destroy your personal information in accordance with our data retention policy.

We normally update your personal data within seven (7) working days of any new or updated personal data being provided to us, to ensure that the personal data we hold about you is as accurate as possible.

We protect your data by offering you a secure transmission method to send us personal or company information.

We also protect your data by implementing security policies and technical measures (contact us for more details via email at enquiries@onkohealth.co.uk) to protect data from:

  • unauthorised access;
  • improper use or disclosure;
  • unauthorised modification; and
  • unlawful destruction or accidental loss.
11. Your rights

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you. In order to do so, as the data subject, you will have to provide proof of identification during the request process, please contact enquiries@onkohealth.co.uk for further guidance.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review – if Onko refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 15 below.

All of the above requests will be forwarded on should there be a third party involved (as stated above) in the processing of your personal data. In line with the Subject Access Request Procedure you can request an SAR form by contacting us at enquiries@onkohealth.co.uk.

12. Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

13. Right to complain to the ICO

You also have the right to complain to the Information Commissioner’s Office (the “ICO”) if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

14. Changes to this privacy policy

We may amend this privacy policy at any time so please review it frequently and at least each time you submit personal information to us. The date at the top of this page will be amended each time this policy is updated. Our current privacy policy applies to all information that we have about you and your account.

15. Complaints

In the event that you wish to make a complaint about how your personal data is being processed by Onko (or third parties), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Onko’s Data Protection Officer.

The details for each of these contacts are:

 Supervisory authority contact detailsData Protection Officer (DPO)/ [GDPR Owner] contact details
Contact Name:Venetia Wynter-BlythKrishna Moorthy
Address line 1:Onkohealth LtdOnkohealth Ltd
Address line 2:Price Mann & CoPrice Mann & Co
Address line 3:447 Kenton Road447 Kenton Road
Address line 4:United KingdomUnited Kingdom
Address line 5:HA3 0XYHA3 0XY

Credits – Guidance was received from IT Governance Publishing Ltd 2018 in producing this document. (© IT Governance Publishing Ltd 2018)