PRIVACY POLICY

Last updated: 03/12/2025

---

Privacy Policy

This Privacy Policy explains how KNEED Digital Health Limited (“we”, “our”, “us”) collects, uses, and protects personal information through kneed.ie, including general enquiries and clinical referrals submitted by healthcare professionals.

We process personal data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (Ireland).

---

1. Data Controller

KNEED Digital Health Limited
Ground Floor,
71 Lower Baggot Street,
Dublin 2,
Ireland
Email: colm@kneed.ie

We are the Data Controller for all personal data processed through this website and our clinical referral system.

---

2. Data We Collect

2.1 Website Enquiry Form (Elementor Forms)

When you contact us through our website, we collect:

• Name
• Email address
• Phone number
• “Who are you?”
• Message content

This information is provided voluntarily.

---

2.2 Clinician Referral Form (Microsoft Forms – Embedded)

Healthcare professionals may submit referrals for patients through our secure Microsoft Form.
This form collects personal data and special category health data.

Patient Information

• Full name
• Date of birth
• Email
• Phone
• Home address
• Town / city
• Confirmation that the patient has agreed to the referral

Clinical Information

• Diagnosis of knee osteoarthritis
• VLCD suitability
• BMI, weight, height
• Comorbidities
• Relevant medications
• Additional clinical notes (optional)

Referrer Details

• Referrer name
• Clinic / organisation
• Email
• Phone

---

3. How Data Is Collected and Stored

Website Enquiries

• Submitted securely through Elementor
• Delivered to our email inbox
• Stored temporarily in our WordPress database (“Collect Submissions” enabled)

Clinical Referrals

Referral data is:

• Collected via Microsoft Forms
• Stored securely within our Microsoft 365 environment
• Encrypted in transit and at rest
• Accessible only to authorised KNEED clinicians

No clinical information is stored on the public-facing website.

---

4. Legal Basis for Processing

4.1 Website Enquiries

Processed under:

• Article 6(1)(f) GDPR – legitimate interest in responding to enquiries
• Article 6(1)(a) GDPR – consent (information you choose to provide)

---

4.2 Clinical Referral Data (Special Category Data)

Processed under:

Article 6 GDPR

• Provision of a healthcare-related service
• Legitimate interest in operating a clinical referral pathway

Article 9 GDPR

• Article 9(2)(h) – processing necessary for the provision of health care

Referrer Confirmation

Healthcare professionals submitting a referral confirm that:

• The patient has agreed to the referral; and
• They are authorised to share the clinical information for assessment and triage.

---

5. How We Use Your Data

General Enquiries

• Responding to your message
• Providing information
• Maintaining communication records

Clinical Referrals

• Assessing eligibility
• Triage and decision-making
• Contacting the patient
• Coordinating appointments
• Maintaining clinical records

We do not use referral data for marketing.

---

6. Data Retention

Website Enquiries:

Retained for up to 12 months.

Clinical Referral Data:

Retained for up to 7 years, in line with healthcare record requirements.

---

7. Data Sharing

We do not sell personal data.

We only share personal data with trusted third-party providers where necessary to deliver our services. These include:

• Microsoft – for Microsoft 365 email, document storage, and internal communication
• Our website hosting provider – to operate the kneed.ie site
• Our email service provider – for secure communication
• Cliniko – for practice management, scheduling, and clinical documentation
• NutritIO – for dietetic monitoring, food-logging, and nutrition support
• PhysiTrack – for physiotherapy exercise programmes and telehealth delivery
• Referring clinicians – doctors or healthcare professionals directly involved in the patient’s care
• KNEED clinicians – dietitians and physiotherapists delivering the programme

Where referral forms are submitted through the website, the data may be securely transferred into these clinical platforms to support assessment and care delivery.

All third-party processors operate under GDPR-compliant data processing agreements, and personal data is never shared outside these purposes.

---

8. International Transfers

Our systems are hosted within the EU/EEA using Microsoft 365 regional infrastructure.
Where limited processing occurs outside the EU/EEA, it is restricted to jurisdictions that are formally recognised by the European Commission as providing an adequate level of data protection.

---

9. Cookies and Tracking

kneed.ie uses:

• Essential WordPress cookies
• Essential Elementor cookies

We currently do not use analytics or tracking cookies such as:

• Google Analytics
• Meta Pixel
• Hotjar
• Advertising or behavioural tracking cookies

If this changes, this policy will be updated.

---

10. Your Rights

Under GDPR, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion (where legally appropriate)
• Restrict or object to processing
• Request data portability
• Withdraw consent at any time

To exercise any rights, email: colm@kneed.ie

You may also lodge a complaint with the Irish Data Protection Commission.

---

11. Children’s Data

Our service is intended for adults.
We do not knowingly collect data from individuals under 16 without appropriate authorisation.

---

12. Updates to This Policy

We may update this Privacy Policy periodically.
The “Last updated” date will reflect any revisions.

---

13. Contact Us

For privacy-related questions or requests:

KNEED Digital Health Limited
Email: colm@kneed.ie