This is the Privacy Policy for Syrona Limited, with registered address, 3 Warners Mill, Silks Way, Braintree, Essex, United Kingdom, CM7 3GB (“Syrona”, “us”, “we” or “our”). It explains how we, as data controller, collect, use and share the information that we receive or collect about you (that may include personal information) through our website at (referred to as “the Site”) which you can use to consultations (“Therapy Sessions an Online Telehealth”) and purchase-related goods (“Products”) (collectively referred to as “the Services”), and through other interactions with us that you may have during the course of our various marketing and other activities. It also explains the rights you as a user of our Services have to control the use of your information. Personal information means any information relating to a natural person that allows that individual to be identified either directly or indirectly from that information. In this Policy, we distinguish between users of the Services on whose behalf of consultations bookings are made or on whose behalf Products are purchased who we refer to as “Users” and users of the Services on whose behalf we offer the consultations who we refer to as Consultants.

Please read this Privacy Policy carefully before you start using the Website.

Other applicable terms

In addition to this Privacy Policy, our website Terms of Use also apply to your use of the Services and are, where relevant, incorporated by reference into this Privacy Policy.

1. Information we collect about you

Our primary goals in collecting information are to provide our Services to our Users and Consultants and to enable us to best respond to our Users and Consultants’ requests for help or information and to improve our Services and their features and content and to promote our Services both through our website and through our events, newsletters, competitions and promotions where we have your permission to do so.

Categories of Information we collect from you:

Relating to both Users and Consultants

Identity data – information used to identify users including first name, last name, title, date of birth, gender, telephone number, feedback or survey responses, log in and User and Consultant password details.

Contact data – postal address, email address, telephone number and mobile number

Financial data – bank accounts of Consultants in order to pay them for the Services and payment card details to manage payment consultations by Users on behalf of the Consultants and purchases of Products on behalf of Retailers, We note we do not collect full card details but work with third party payment providers (see below) to processor the payment.

Technical data – internet protocol (IP) address, log in (password), browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used by the user to access the website.

Marketing and communications data – User and Consultant preferences in receiving marketing from Syrona and any third party affiliates.

Operational data – including interaction with the Services and transcripts from calls, messages from “live chats” with both Users and Consultants,

Location data – data that is used to enable the Consultant to find the User in order to perform the treatment and the User to check the arrival of the Consultant.

Aggregated data – data that is collected, used and shared such as statistical or demographic data for any purpose, e.g. used to analyse trends, track users’ movements around the website and to gather information on our User base as a whole. Or, in the case of Consultants, we may collect data such as the number of bookings and schedule information.

Relating to Users only:

Transaction data -includes details of the Products and Services Users have purchased from the website. Usage data-information about how Users use the Services. This includes how you interact with the Services, for example, how long you engage with Syrona at a time, how often a booking is made. and which parts of the Services you interact with and the features you use.

Profile data -includes User website browsing history, demographic information such as date of birth, gender, physical address, email address feedback and survey responses, any information that you have made publicly available on our noticeboards or on social media networks

Work-related data – We work with businesses to deliver our Services to their employees. If you are employed by one of those businesses, We will collect information from you directly when you do this policy and we will also be able to associate this with the information provided by your employer, such as your job title.

Service Notes – we may collect information about our Service delivery, for example, instructions on how to access a building. You provide this information voluntarily. We pass this information on to Consultants so that they can understand any specific access / similar requirements.

Medical Data – No medical information is stored on your phone, instead we use secure servers to hold all information about your symptoms, treatments, appointments and sessions, and procedures.

Information about your health and social circumstances. This includes:

  • Information you provide as part of using our services

  • Information provided during your online appointments

  • Notes and reports relevant to your health, including any information you have told us about your health.

  • Details of your treatment and care, including any diagnosis, medical advice, comments and care plan from your Syrona Consultant and other staff who have cared for you.

  • Results of investigations, such as laboratory tests and x-rays.

  • Relevant information from health and social care professionals, relatives or those who care for you.

  • Information about your ethnicity, sexual orientation, sex life, religious beliefs or opinion or genetic data where this is relevant to your care or is information that you have provided to us as part of your care.


We may sometimes need to use your personal information to:

·    co-operate with regulators, like the Care Quality Commission

·    comply with a legal obligation, like a court order requiring us to release information

·    deal with disputes and legal claims, for example if you make a legal claim against one of our GPs

·    deal appropriately with any risk to public health

To provide you with Syrona services we need to share your personal information with Syrona clinicians and our medical team.

  • Consultants work in partnership with Syrona as self-employed contractors. This is very similar to the way that many GPs and medical professionals work in independent GP practices in partnership with the NHS, across the country.

  • Syrona are responsible for maintaining the privacy of your personal information. All consultants have to demonstrate they have completed the necessary training in personal information handling before they can start consulting with our patients.

  • We employ a clinical team, who are part of Syrona. They may need to access your personal information so that we can provide you with services, for example if you have a query or concern about your consultation or treatment, or if the information is needed to assist our Chief Medical Officer with quality assurance. Only those employees of Syrona who need access to information in order to do their jobs are allowed access.

We also need to share information with partner organisations that help administer Syrona accounts.

For example:

  • Our IT suppliers, including suppliers of data storage services

  • Contractors who provide our telephone services

  • Suppliers of web hosting services

  • Organisations that we use to obtain feedback from patients who have agreed to do this

The Information Commissioner’s Office (ICO) is responsible for ensuring that organisations comply with data protection rules. You can find out more about what the conditions for processing are on their website:

When we are using personal information we must meet one of the conditions set out in Article 6 of the General Data Protection Regulation (GDPR).

Under the GDPR there is some personal information that is so sensitive that it gets extra protection. This special data is any personal information about someone’s:

  • health (including mental health);

  • sex life;

  • sexual orientation;

  • racial or ethnic origin;

  • political opinions;

  • religious or philosophical beliefs

It also includes genetic data and biometric data if that information is used to identify an individual.

When we are using special data we must also meet one of the conditions set out in Article 9.

We have set out in the table below which conditions we are relying on when we use your personal information.

We have set out below the conditions that we are relying on in order to use your data.


Article 6 condition

Article 9 condition

Co-operate with regulators, like the Care Quality Commission

Article 6(1)(e) – public task

Article 6(1)(c) – compliance with a legal obligation

Article 9(2)(g) – substantial public interest


comply with a legal obligation, like a court order requiring us to release information

Article 6(1)(c) – compliance with a legal obligation

Article 9(2)(f) – establishment, exercise or defence of legal claims

Article 9(2)(g) – substantial public interest

deal with disputes and legal claims, for example if you make a legal claim against one of our consultants

Article 6(1)(f) – legitimate interests (we have a legitimate interest in being able to deal with disputes and legal claims)

Article 9(2)(f) – establishment, exercise or defence of legal claims

deal appropriately with any risk to public health

Article 6(1)(e) – public task

Article 6(1)(c) – compliance with a legal obligation

Article 9(2)(h) – healthcare and social care purposes

Article 9(2)(i) – public health

let you know more about the products and services of third parties that may be relevant to you

Article 6(1)(a) – consent

Article 9(2)(a) – consent

let you know more about our services and offers

Article 6(1)(a) – consent

Article 9(2)(a) – consent

obtain payment from you for our services

Article 6(1)(b) – performance of a contract

No special data used

carry out identity/soft credit checks

Article 6(1)(b) – performance of a contract

No special data used

help maintain the quality of and improve Syrona services

Article 6(1)(f) – legitimate interests (we have a legitimate interest in maintaining and improving the quality of Syrona services)

Article 9(2)(h) – healthcare and social care purposes

provide you with Syrona services

Article 6(1)(b) – performance of a contract

Article 9(2)(h) – healthcare and social care purposes


Relating to Consultants only:

• Information we may collect from you from your use of the Services

We will use this information to administer the Services and for internal operations, including troubleshooting, data analysis, testing research and statistical survey purposes. We will also use this information to measure the effectiveness of how we present content and deliver our Services and how we market and advertise. This information will also be used to allow you to participate in the interactive features of our Services, when you choose to do so. It is always your choice whether or not to provide information. If you do not provide certain information however, you may not be able to use certain features of the website or be provided with certain Services.

• Information we may collect from other sources or which is automatically collected

Information may be gathered from our affiliates and third-party sources including without limitation our third-party service providers (such as events, marketing services and payment providers), publicly available data, other companies and referrals.

When you visit the Website we may automatically collect additional information about you, such as the type of internet browser or mobile device you use, any website from which you have come to the Website and your IP address (the unique address which identifies your device on the internet) and your operating system, which are automatically recognised by our web server. You cannot be identified from this information and it is only used to assist us in providing an effective service on the Website and to collect broad demographic information for aggregate use.

We may from time to time collect personal details from available sources, such as LinkedIn, or from a publically available online registry to which you give your details or from your company’s website to contact you in our legitimate business interests with business opportunities which we think might be required from you. In our first communication with you, we will identify if we have obtained your information which we use for these purposes from a third-party source.

2. Uses made of your information

We will use the personal information described above to:

(a) To assess and verify the qualifications and credentials of Consultants and to create and maintain profiles of Consultants;

(b) To manage and process the collection of payment of behalf of Consultants for Consultations booked by Users and collection of payment on behalf of Retailers for Products purchased by Users;

(c) analyse the use of the Services and the visits to the Site in order to improve our content and Services including research into our Users’ demographics and tracking of sales data;

(d) where you have not objected, send you information to Users and Consultants which we think you may find useful or which you have requested from us, including marketing communications such as emails about any improvements to the Products or Services, special offers or promotions, events, competitions, new Products or Services;


(f) where you have not objected, send you, information about any improvements to existing products or services, special offers or promotions, events or competitions, new products or services of carefully selected Business Partners. Syrona does not share any personal data of its Users or Consultants with any Business Partners but you may see our Business Partners name, logos and other brand references appearing in the emails which we send to you.

We may review, scan, or analyse your communications on the Syrona Platform between the User and the Service provider for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research, analytics, and customer support purposes. In some cases, we may also scan, review, or analyse messages to debug, improve, and expand product offerings. We use automated methods where reasonably possible. However, occasionally we may need to manually review some communications, such as for fraud investigations and customer support, or to assess and improve the functionality of these automated tools. We will not review, scan, or analyse your messaging communications to send third party marketing messages to you, and we will not sell reviews or analyses of these communications. These activities are carried out based on Syrona’s legitimate interest in ensuring compliance with applicable laws and our Terms, preventing fraud, promoting safety, and improving and ensuring the adequate performance of our services.

3. Purposes and Lawful Bases for which Syrona uses your data

We have set out in the tables below a description of the ways we use your personal information, the category of information it comes under and the legal basis or bases which we rely on to process it, including where we are relying on our legitimate interests and identifying what those interests are. There may be more than one lawful basis on which we process your information depending on the specific purposes for which we are using the information. Where we rely on legitimate interests we are always careful to balance your privacy rights with those interests.

Please note that these are examples of the kinds of personal information we collect and of the uses we may make of it. We may from time to time collect other types of personal information including and not limited to information you voluntarily give us.

Please contact us if you need more information at

4. How we may share your Information

In order to provide the Services, we may share the information Users provide with Consultants to assist them in providing the Consultations booked by Users.

In order to provide the Services, we may share the information Consultants provide to Users to assist them in selecting a Consultant to book consultations with.

We may share the information you provide or that we otherwise collect through your use of the Services (including, where applicable, personal information) to carefully selected third parties including affiliates, consultants and contractors who support our business and operations including, inter alia, processing transactions, fulfilling requests for information or assistance, receiving and sending communications, [analysing data, providing other support services such as advertising, PR, events related services and other web-related services such as web hosting and web-monitoring services including analytics providers and search information providers. These third parties will keep the information confidential and to use it only to the extent necessary to provide the applicable service(s) or as otherwise permitted or required by law. Some examples of key service providers we work with include Google (cloud storage, analytics, and advertising services), Amazon Web Services (storage), (marketing services) and Facebook (marketing services).

In some cases, we work in partnership with other carefully selected companies, Business Partners, and from time to time, with your consent, we may send you information about these third-party Business Partners’ selected products or services in our communications with you. We do not share your personal data with these third parties directly.

We may disclose aggregate statistics about visitors to the Website in order to describe our services to prospective partners, advertisers, sponsors and other reputable third parties and for other lawful purposes.

In the event that we undergo re-organisation, or are sold to a third party, you agree that any personal information we hold about you may be transferred to that re-organised entity or third party.

We may disclose your personal information if legally entitled or required to do so (for example if required by law or by a court order or if we believe that such action is necessary to prevent fraud or cybercrime or to protect the Site or Service, or the rights, property or personal safety of any person).

5. Information you may collect as a User or Consultant

If you are a Consultant, you are responsible for ensuring that you comply with applicable data protection law in respect of any personal information that you collect about Users in the course of your provision of the Services. Syrona does not accept any responsibility for this processing of personal data.

If you are a User, you are responsible for any misuse of personal information that you may collect in the course of your receipt of the Services. Syrona does not accept any responsibility for this processing of personal data.

6. Cookies and similar technology

The Site also uses cookies or similar technology to collect information about your access to the Site. Cookies are small text files that include a unique reference code that a website transfers to your device to store and sometimes track information about you. A number of cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the Site and will last for longer. 

This includes personal data you provide when you:

  • search for one of our apps or our website

  • download one of our apps

  • create a Syrona account on-line;

  • purchase services through our website or one of our apps;

  • log in to Syrona and use the Services;

  • report a problem with a Syrona app or website;

  • request marketing to be sent to you;

  • enter a competition, promotion or survey; or

  • give us some feedback.

We also gather technical information about your visit, like what device you are using to access Syrona services.

We automatically collect this personal data by using cookies, server logs, application data caches, browser web storage and other similar technologies. We may also receive data about you if you visit other websites that use our cookies. Please see our cookie policy for further details.

7. Public forums

The Site may, from time to time, make chat rooms, message boards, newsgroups and/or other public forums available to Users and Consultants. Any information that is disclosed in these areas becomes public information and you should exercise caution when using these and never disclose your personal information.

8. Child safety

Protecting the safety of children when they use the internet is very important to us. Our Site and Services are not intended for nor directed towards children and we do not knowingly collect personal information from children. If you believe that your child may have provided us with personal information without your consent, you may alert us at

9. External links

The Site may, from time to time, contain links to external websites. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We have no control over these third parties and we are not responsible for the content of such websites or for the privacy policies or practices of such third parties. You should review the privacy policy of any third party website carefully that you visit.

10. Payment processing

All payments transactions made through the Services are conducted through our payment providers, PayPal, and Stripe. You will be providing credit or debit card information directly to these providers who process payment details, encrypting your credit/debit card information and authorising payment. If you use Stripe to process your payment, you will stay on our Site but will provide your information directly to the payment providers, we only see a tokenised version of the information. If you make a payment using PayPal, you will be directed to PayPal’s own website. The processing of your payment information is done so in accordance with these third parties’ own privacy policies and terms :

11. Security

We place great importance on the security of all personal information associated with both Users and Consultants. We have implemented appropriate technical and organisational measures to ensure the security of your information and to protect any personal information that is transmitted, stored or otherwise processed against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. In addition, we limit access to this information to only those employees, agents, contractors and other third parties who have a business need to know. They will only process it on our instructions and they are subject to a duty of confidentiality.

The safety and security of your personal information also depends on you. Where you have a secure log in and or password for access to certain parts of our Site you are responsible for keeping your log in and/or password confidential. We ask you not to share your log in details or password with anyone. We also urge you to be careful about giving out information in public areas of the Site like message boards. The information you share in public areas may be viewed by any user of the Site or the Services. It is also advisable to close your browser when you have finished your user session to help ensure others do not access your personal information.

Unfortunately, no electronic data transmission over the internet or storage of information can be guaranteed to be completely secure or error free and we therefore cannot warrant or guarantee the security of information you submit via the Site or Service transmitted to our Site or Service and any such submission is at your own risk.

12. Data storage and international transfers

Information that you submit via the Services is sent to and stored on secure servers located inside and outside the European Economic Area (“EEA”), for example in the United States. Where we transfer your information outside the EEA in this way, we will take steps to require that your privacy rights continue to be protected. By way of example, and as mentioned above, we work with key service providers such as Google, Facebook, Amazon Web Services and Salesforce and we have signed data processing addendums which reflect data transfer mechanisms to provide adequate protection to the personal data transferred outside the EEA. As per GDPR guidance, data can be stored by US-based entities as long as these entities are certified under the EU/US Privacy Shield.

Details on the Amazon Privacy Shield certification can be found here:

More details on AWS GDPR compliance can be found here:

Regulatory Compliance

We are fully compliant with HIPAA, PIPEDA, PHIPA, and GDPR regulations.


Syrona Approach


Data is encrypted during transfer and at rest. We also encrypt all backups and log data.

Minimum Necessary Access 

Access controls always default to no access unless overridden manually.

Physical Security

Our servers are maintained by an SSAE 18 provider which utilizes industry-leading security tools, and best practices.


All network requests, successful and unsuccessful, are logged.


All log data is encrypted and unified, enabling secure access to full historical network activity records.

Vulnerability Scanning

All customer and internal networks are scanned regularly for vulnerabilities.


All customer data is backed up every 24 hours. Thirty (30) days of rolling backups are retained. 

 If you would like further information on this, please do contact us (


13. Opting out

Where we have your consent, or where you have not objected to receiving (as applicable) we will use your personal information to send you marketing and promotional communications by email about our products/services or to send you feedback surveys and ratings review requests on treatments provided, you. As mentioned above, where we partner and work with carefully selected Business Partners, our email communications may also contain information from our Business Partners.

You can object to further marketing communications at any time by clicking on the unsubscribe link included in each such communication or notify us by email at

14. How long we keep your information

We need to retain your information (including your personal information, where applicable) for as long as you remain an active user of the Services in order for us to meet our contractual obligations to you, and for longer periods as are legally required or permitted.

We may need to retain certain personal information even once a User account has been closed for differing periods, depending on the category of personal information concerned, for example, to enforce our terms, for fraud prevention, to identify, issue or resolve any legal claims, for proper record-keeping purposes and/or as required for our business operations or by applicable law.

Account information for individuals (including people who have completed the on-line registration process) who have not used our consultation services will be deleted after two years, unless we are required to retain such information for any legal or regulatory reason.

Account information about individuals (for example your name, log in details, summary details of the Syrona  services you have used, any complaints you have made about our service) who have accessed our services will be kept until two years after they last accessed the services or communicated with us, whichever is later.

We may also retain certain personal information following any objection indicated by you to receiving Syrona marketing communications for the purpose of ensuring that your wishes continue to be respected and we do not to contact you further.

We may also retain aggregated information beyond this time for research purposes and to help us to develop and improve Services. You cannot be identified from aggregate information retained or used for these purposes.

15. How we keep your data secure

At Syrona we take security and the secure storage of personal data seriously. We encrypt and store all personal data on secure servers using the latest technologies which are protected by several layers of security.

We do not store any of your personal health data on your mobile device or within your web browser storage permanently. We may collect some personal data and store it temporarily on your computer or mobile device or within your web browser storage (e.g. your post-code during the sign-up process) but this data is not kept on your device after the process for which it is being used has ended.

All data sent between your browser and our servers are secured using the industry standard AES-256 bit encryption

When using the Syrona app or website, all your personal data is transmitted through the internet using Secure Socket Layers (SSL) technology and the successor TLS Transport Layer Security. SSL is an industry standard technology designed to prevent any third party from capturing and viewing your personal data while in transit. We use TLS 1.2 to encrypt your data both between your browser and our servers and between our servers and other internal networks. Data stored on our servers are also encrypted using AES encryption algorithms.

You are required to go through a two-step identity verification process to create your account. Access to your account is protected with a password that you create. You are responsible for keeping this password confidential. We strongly recommend that you do not disclose your password to anyone else and Syrona will never ask you for your password in any unsolicited communication (including unsolicited correspondence such as letters, phone calls, emails or text messages). You will only ever be able to reset your password using a two-step identity verification process.

For more information on how we keep your data secure, please contact us at


16. Your rights

You have the right under certain circumstances:

To be provided with a copy of your personal information held by us You can read more about this right here (;

To request the rectification or erasure of your personal information held by us (You can read more about this right here (;    


To request that we cease processing your personal data in certain circumstances  You can read more about this right here:

To object to our processing of personal data for the purposes of sending you direct marketing emails;

To request that we restrict the processing of your personal information while we verify or investigate your concerns;

To request that your information be transferred to a third party;

To withdraw consent where your personal information has been processed on this basis. You have the right to withdraw that consent without detriment by emailing us at or by clicking on the unsubscribe link found at the bottom of our emails;

If your request or concern is not satisfactorily resolved you may approach the local data protection authority (see In the UK this is the Information Commissioner (

17. Changes to this Privacy Policy

We may change this Privacy Policy from time to time. If a revision is material we shall notify you before they take effect either through the Site or by sending you a notification (as required). Any such material changes will only apply to personal information collected after the revised Privacy Policy takes effect.

18. Contact us

Please submit any questions or concerns regarding our Privacy Policy or any questions about the security of our Site or Services to:

By emailing:;


By post: (Re: Privacy Policy) 3 Warners Mill Silks Way, Braintree, Essex, United Kingdom,  CM7 3GB


We may update this notice from time to time. If we plan to update the policy we will let you know through the Syrona website or the Syrona app. When you log on to your account we will also let you know if the notice has been updated since you last accessed Syrona services. You should stop using our website and apps if you do not agree to any changes.


This notice was most recently updated on 3rd July 2020. To obtain an historic version of this notice please contact us at