Privacy Policy
1. Important information and who we are
Privacy policy
This privacy policy explains how Healthspan Technologies Limited, trading as Kiora (“Kiora”, “we”, “us” or “our”), collects and uses your personal data through your use of our website and services. This includes any data you provide when you contact us, complete an enquiry form, request a callback or engage our services.
Kiora supports parents and guardians of children with additional care needs by helping them understand and access financial support, including Disability Living Allowance (DLA).
Please read this policy carefully alongside any other privacy notice we may provide when we collect or process your personal data.
Who we are
Our company number is 15728029 and our registered office is Spaces West Kensington, Avonmore Road, London, W14 8TS. Healthspan Technologies Limited is the data controller responsible for your personal data.
We have appointed a data protection officer (DPO) to oversee questions relating to this policy. To ask a question or exercise any of your rights, please contact us using the details in section 10.
2. The types of personal data we may collect about you
We may collect the following personal data about you:
Basic identity data – your name and title.
Contact data – your email address, telephone number and preferred contact time.
Residency data – the country within the United Kingdom where you live.
Communications data – details of any contact we have had with you, including records and recordings of telephone calls, emails, online enquiries, complaints and correspondence.
Child information
We collect information you provide about your child so we can assess eligibility for relevant benefits and support and provide our services. This may include their age, citizenship and residency status, care arrangements, educational support plans, and details of any current or previous benefit claims. It may also include special category data about your child’s health and needs – such as physical or mental health conditions, disabilities, developmental, behavioural, sensory, mobility, care and support needs. We collect only the information needed for the services we provide, and we receive it directly from parents or guardians, not from third parties.
3. How is your personal data collected?
Your interactions with us
You may give us your personal data by completing online forms or corresponding with us by phone, email or otherwise, including when you:
- Complete an eligibility enquiry form
- Request a callback or contact us through our website
- Request information about, or engage, our services
- Provide feedback or submit a complaint
Automated technologies
As you interact with our website, we may automatically collect technical data about your equipment and browsing through cookies and similar technologies. Please see our Cookie Policy for further information.
4. How we use your personal data
Legal basis
We only process your personal data where we have a lawful basis to do so. We rely on one or more of the following:
Performance of a contract – where we need to perform a contract with you or take steps at your request before entering one.
Legitimate interests – where processing is necessary for our legitimate interests and these are not overridden by your rights.
Legal obligation – where processing is necessary to comply with the law.
Consent – where you have consented to processing for a specific purpose. We rely on explicit consent when processing information about your child’s health and care needs.
Purposes for which we use your personal data
| Purpose/Use | Type of data | Legal basis |
|---|---|---|
| Register you as a new enquiry and create a client record | Identity, Contact, Residency, Communications | Performance of a contract |
| Assess whether your child may be eligible for DLA and other support | Child information, Special category data | Explicit consent of parent or guardian |
| Contact you about your enquiry, arrange callbacks and discuss support | Identity, Contact, Communications | Performance of a contract |
| Provide our services, including help with DLA applications and supporting documentation | Identity, Contact, Communications, Child information, Special category data | Performance of a contract; explicit consent |
| Manage our relationship with you, including complaints, requests and enquiries | Identity, Contact, Communications | Performance of a contract; legal obligation; legitimate interests |
| Administer and protect our business and website (troubleshooting, testing, maintenance, security) | Identity, Contact, Technical | Legitimate interests; legal obligation |
| Use analytics to improve our website, services and customer experience | Technical, Usage | Legitimate interests |
| Send you marketing communications where permitted by law | Identity, Contact, Communications | Consent or legitimate interests, as applicable |
Information about children
Kiora provides services to parents and guardians, not directly to children. Any information about a child is provided by a parent, guardian or other person with parental responsibility. Please provide only the information necessary for us to assess eligibility and provide our services.
Marketing
You may receive marketing communications from us where you have requested information about our services and have not opted out. You can ask us to stop at any time by contacting us.
We will obtain your express consent before sharing your personal data with any third party for their own marketing purposes. We will never share information about your child’s health or care needs with third parties for their own marketing.
5. Disclosures of your personal data
We may share your personal data, where necessary, with:
- Employees and authorised representatives of Healthspan Technologies Limited
- Service providers for CRM, cloud storage, IT infrastructure, website hosting and technical support
- Professional advisers, including lawyers, accountants and insurers
- Regulators, law enforcement and other authorities where required by law
We require all third parties to respect the security of your personal data and to process it in accordance with the law and our instructions.
6. International transfers
We primarily store and process your data within the UK and European Economic Area (EEA). In particular, the sensitive information you share about your child’s health and care needs is held securely within the UK or EEA, where it benefits from strong UK and EU data protection safeguards.
Some of our trusted service providers – such as those offering email, analytics or IT support – may process other types of personal data outside the UK or EEA. When this happens, we ensure your data remains protected by:
- Only working with providers that meet strong privacy and security standards
- Putting in place safeguards such as Standard Contractual Clauses (SCCs) approved by the UK or EU
- Carrying out transfer risk assessments where needed to protect your rights
We aim to minimise international transfers wherever possible, and we’ll let you know if anything changes that affects how your data is handled.
7. Data security
We take the security of your information seriously, especially as much of it relates to your child’s health and care needs. All personal data is held on secure, encrypted platforms, both in transit and at rest, and we use two factor authentication across our key systems to guard against unauthorised access.
Access is limited to the people who genuinely need it to support you, using role based permissions so only the right team members can view sensitive information. Our team is trained in data protection, and we regularly review who has access to what. We also carefully assess the third-party providers we rely on to ensure they meet our security standards.
8. Data retention
We retain your personal data only for as long as reasonably necessary to fulfil the purposes for which we collected it, including to satisfy legal, regulatory, tax, accounting and reporting requirements.
Where we provide services to you, we may retain relevant records for up to six years following the end of our relationship. In some circumstances we may anonymise your data for statistical purposes, after which it is no longer personal data and may be retained on an ongoing basis.
9. Your legal rights
Under data protection law you have the right to:
- Access your personal data
- Correct inaccurate personal data
- Request deletion of your personal data
- Restrict or object to processing
- Request portability of your personal data
- Withdraw consent where processing is based on consent
To exercise any of these rights, please contact us.
10. Contact details
If you have any questions about this policy or how we use your personal data, please contact us:
Email: hello@kiora.org.uk
Post: Spaces West Kensington, Avonmore Road, London, W14 8TS
Telephone: 0204 634 7313
11. Complaints
You have the right to complain at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection, at www.ico.org.uk. We would, however, appreciate the chance to address your concerns first.
12. Changes to the privacy policy and your duty to inform us of changes
We keep this privacy policy under regular review and may update it from time to time. Please ensure the personal information we hold about you or your child remains accurate and up to date.
13. Third-party links
Our website may contain links to third-party websites, plug-ins and applications. We do not control these sites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.
