Rehbox Limited – Privacy & GDPR Compliance Statement

1. Introduction

Rehbox Limited (“we,” “our,” or “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are the Data Controller for the personal information we process unless otherwise stated.

2. Data We Collect

We may collect and process the following types of personal data:
– Identity Data: name, date of birth, contact details.
– Health & Service Data: information you provide relating to health, rehabilitation, or services you use.
– Technical Data: IP address, device identifiers, app usage data, and cookies (where applicable).
– Communication Data: records of correspondence and customer service interactions.

We only collect data that is necessary to deliver our services.

3. Legal Basis for Processing

We process personal data on one or more of the following lawful bases:
– Consent: explicit consent before processing health-related or sensitive data.
– Contract: when processing is necessary to deliver a service you have requested.
– Legal Obligation: to comply with applicable laws and regulations.
– Legitimate Interest: for improving our services, provided these interests do not override your rights.

4. How We Use Your Data

Your personal data is used for the following purposes:
– Delivering and improving our services.
– Managing your account and providing customer support.
– Ensuring security, fraud prevention, and system integrity.
– Meeting regulatory and legal requirements.

5. Data Storage & Security

We implement technical and organisational measures to protect your data, including:
– End-to-end encryption for all data transmissions.
– Secure UK-based (or UK GDPR-compliant) cloud storage with encryption at rest.
– Role-based access control and multi-factor authentication.
– Regular security testing, monitoring, and audit trails.

6. Data Sharing

We do not sell personal data. We may share data with:
– Service providers and partners who support our operations (all GDPR-compliant).
– Regulators or authorities if legally required.
– Third parties only where you have provided explicit consent.

All third-party processors are bound by data processing agreements to ensure GDPR compliance.

7. Data Retention

We retain personal data only for as long as necessary to provide services and meet legal, regulatory, or contractual obligations. When data is no longer required, it will be securely deleted or anonymised.

8. Your Rights

Under UK GDPR, you have the right to:
– Access your data.
– Request correction of inaccurate or incomplete data.
– Request erasure (“right to be forgotten”).
– Restrict or object to processing.
– Request data portability.
– Withdraw consent at any time (without affecting prior lawful processing).

Requests can be made by contacting us at [insert contact email].

9. Breach Notification

In the unlikely event of a data breach that risks your rights and freedoms, we will notify you and the Information Commissioner’s Office (ICO) in accordance with UK GDPR requirements.

10. Contact Us

For questions, concerns, or to exercise your rights, please contact:

Rehbox Limited
81 Wollaton Road, Ferndown, Dorset, United Kingdom, BH228QS
Email: enquiries@rehbox.com


If you are unsatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

Quick Contact Form

    Ask directly your questions to theme author.