Privacy PolICY

Effective Date: 1st September 2024

1. Who We Are

The Fourth Collective Ltd ('The Fourth', 'we', 'us', or 'our') is committed to protecting your personal data and respecting your privacy. This Privacy Notice explains how we collect, use, and safeguard your information.

Company Details:

  • Company Name: The Fourth Collective Ltd

  • Company Number: 16080482

  • Contact: hello@thefourth.uk

2. What Information We Collect

We collect and process the following categories of personal data:

2.1 Contact Details

We collect your name, email address, phone number, and postal address. We use this information to provide our services, communicate with you about your care, manage your account, and respond to your enquiries. The lawful basis for this processing is the performance of our contract with you and our legitimate interests in providing customer service.

2.2 Health and Wellness Information

We collect information about your postnatal health and wellness to provide tailored care and support services. This is special category data under UK GDPR. We process this information based on your explicit consent and because it is necessary for the provision of healthcare and health management services. You can withdraw your consent at any time, though this may affect our ability to provide services to you.

2.3 Payment Information

We collect payment details necessary to process transactions and issue invoices. We do not store full payment card details ourselves; these are securely processed by our payment service provider. The lawful basis for this processing is the performance of our contract with you and compliance with legal obligations (such as tax and accounting requirements).

2.4 Usage Data

When you use our website or app, we collect information about how you interact with our services, including pages visited, features used, and technical information such as your IP address, browser type, and device information. We use this information to improve our services, ensure security, and analyse performance. The lawful basis for this processing is our legitimate interests in improving and securing our services, as well as your consent for non-essential cookies.

2.5 Marketing Preferences

If you consent to receive marketing communications, we collect and store your preferences for newsletters, updates, and promotional content. The lawful basis for this processing is your consent, which you can withdraw at any time using the unsubscribe link in our emails or by contacting us directly.

2.6 Information from Third Parties

We may receive information from:

  • Healthcare professionals (with your consent)

  • Payment processors

  • Website analytics providers

  • Social media platforms (if you interact with us there)

3. How We Use Your Information

We use your personal data for the following purposes:

3.1 Service Delivery

  • Providing postnatal care and wellness services

  • Creating and managing your account

  • Communicating with you about your care

  • Processing bookings and appointments

  • Sending service-related notifications

3.2 Business Operations

  • Processing payments and invoicing

  • Responding to enquiries and providing customer support

  • Improving and developing our services

  • Internal record keeping and administration

  • Analysing service usage to enhance user experience

3.3 Legal and Compliance

  • Complying with legal obligations (tax, accounting, regulatory)

  • Protecting our legal rights and interests

  • Preventing fraud and ensuring security

  • Responding to legal requests and investigations

3.4 Marketing (with your consent)

  • Sending newsletters and updates about our services

  • Informing you of new services or features

  • Personalising your experience with relevant content

  • Conducting customer surveys and gathering feedback

4. Lawful Basis For Processing

We process your data based on one or more of the following lawful bases:

4.1 Consent

You have given clear, specific, and informed consent for us to process your personal data for particular purposes. This applies to:

  • Processing special category health data for providing our services

  • Marketing communications

  • Non-essential website cookies and analytics

You can withdraw your consent at any time by contacting us. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

4.2 Contract

Processing is necessary to provide the services you have requested or to take steps before entering into a contract with you. This includes:

  • Managing your account and bookings

  • Delivering our postnatal care services

  • Processing payments

  • Communicating about your service

4.3 Legal Obligation

We must process your data to comply with legal requirements, including:

  • Tax and accounting obligations (keeping financial records)

  • Responding to lawful requests from authorities

  • Healthcare record-keeping requirements

4.4 Legitimate Interests

Processing is necessary for our legitimate interests or those of a third party, provided your rights and freedoms do not override those interests. This includes:

  • Improving our services and website functionality

  • Fraud prevention and security measures

  • Business analytics and operational efficiency

  • Internal administration

We carefully balance our legitimate interests against your rights and freedoms. You have the right to object to processing based on legitimate interests.

5. Who We Share Your Data With

We may share your personal data with the following categories of recipients:

5.1 Service Providers

We work with carefully selected third-party service providers who process data on our behalf, including:

  • IT system administrators and hosting providers

  • Payment processors and merchant services

  • Email and communication platforms

  • Cloud storage providers

  • Website analytics providers

Customer relationship management (CRM) systems

All service providers are required to maintain appropriate security measures and are contractually bound by data processing agreements. They can only process your data according to our instructions and for specified purposes.

5.2 Healthcare Professionals

With your explicit consent, we may share relevant health information with your healthcare providers, such as your GP, midwife, or health visitor. We will always ask for your specific consent before making such disclosures.

5.3 Legal and Regulatory Authorities

We may disclose your data when required by law or in response to valid legal requests from:

  • Law enforcement agencies

  • Regulatory bodies

  • Courts and tribunals

  • Tax authorities (HMRC)

5.4 Professional Advisers

We may share data with our professional advisers (lawyers, accountants, auditors, insurers) when necessary for obtaining professional advice or managing business risks.

5.5 Business Transfers

If we are involved in a merger, acquisition, reorganisation, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change and ensure the new entity continues to protect your data in accordance with this Privacy Notice.

6. International Transfers

We primarily store and process your data within the United Kingdom. If we need to transfer your data outside the UK, we will ensure appropriate safeguards are in place to protect your information, such as:

  • Transfers to countries with an adequacy decision from the UK government

  • Standard Contractual Clauses approved by the ICO

  • Binding Corporate Rules

  • Service provider certifications demonstrating appropriate safeguards

We will inform you of any international transfers and the safeguards applied when we collect your data or upon request.

7. How Long We Keep Your Data

We retain your personal data only for as long as necessary for the purposes we collected it. Specific retention periods are:

7.1 Health and Wellness Records

We retain postnatal health and wellness records for 7 years after your last service.

7.2 Active Customer Accounts

While your account is active and you continue to use our services, we retain your account information and associated data.

7.3 Inactive Customer Accounts

For customer contact details and non-health information, we retain data for up to 7 years after your last contact or service. However, we review inactive accounts regularly and may delete data sooner if it is no longer needed for our legitimate purposes.

7.4 Financial Records

We are legally required to retain financial records, including invoices, payments, and tax documentation, for a minimum of 7 years after the end of the relevant financial year. This is required by HMRC regulations.

7.5 Marketing Communications

We retain your marketing preferences and consent records until you withdraw consent. After withdrawal, we keep a suppression record (to ensure we do not contact you again) but delete other marketing data within one month.

7.6 Website Analytics

Website usage data and analytics are typically retained for 26 months, which is standard practice for analytics services.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you, along with information about how we use it. This is commonly known as a Subject Access Request (SAR). We will respond within one month of receiving your request.

8.2 Right to Rectification

You have the right to request that we correct any inaccurate personal data about you or complete any incomplete data. You can update many details directly through your account settings, or contact us for assistance.

8.3 Right to Erasure ('Right to be Forgotten')

In certain circumstances, you have the right to request deletion of your personal data. This applies when:

  • The data is no longer necessary for the purpose we collected it

  • You withdraw consent (where consent is the lawful basis)

  • You object to processing based on legitimate interests and we have no overriding grounds

  • The data has been unlawfully processed

  • The data must be deleted to comply with a legal obligation

However, we may refuse deletion if we need to keep the data to comply with legal obligations (such as retaining financial records for tax purposes) or to establish, exercise, or defend legal claims.

8.4 Right to Restrict Processing

You can request that we limit how we use your data in certain situations, such as:

  • When you contest the accuracy of the data (while we verify accuracy)

  • When processing is unlawful but you prefer restriction to deletion

  • When we no longer need the data but you need it for legal claims

  • When you have objected to processing (while we verify our legitimate grounds)

During a restriction period, we can store the data but not use it without your consent (except for legal claims or protection of others' rights).

8.5 Right to Data Portability

Where we process your data based on consent or contract, and the processing is automated, you have the right to:

Receive your personal data in a structured, commonly used, and machine-readable format (such as CSV or JSON)

Request that we transmit your data directly to another service provider (where technically feasible)

8.6 Right to Object

You have the right to object to processing of your personal data in certain circumstances:

  • Processing based on legitimate interests or public interest - you can object and we must stop unless we have compelling legitimate grounds that override your interests

  • Direct marketing - you can object at any time and we must stop immediately (use the unsubscribe link in emails or contact us)

  • Processing for research or statistical purposes - you can object unless the processing is necessary for public interest reasons

8.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal effects or similarly significantly affect you. We do not currently engage in automated decision-making of this nature. If this changes, we will inform you and explain your rights.

8.8 Right to Withdraw Consent

Where we process your data based on your consent (such as for marketing or processing special category health data), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing before withdrawal. You can withdraw consent by:

  • Using the unsubscribe link in marketing emails

  • Updating your preferences in your account settings

  • Contacting us directly using the details in Section 15

8.9 How to Exercise Your Rights

To exercise any of these rights, please contact us using the details provided in Section 15 below. We will respond to your request within one month (this may be extended by two months for complex requests, in which case we will explain the reason for the delay).

We may need to verify your identity before processing your request to protect your data from unauthorised access. We will not charge a fee unless your request is manifestly unfounded or excessive.

9. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, accidental loss, destruction, or damage. Our security measures include:

9.1 Technical Security

  • Encryption of data in transit using TLS/SSL protocols

  • Encryption of data at rest (stored data)

  • Multi-factor authentication for system access

  • Regular security updates and patches

  • Firewall protection and intrusion detection systems

  • Secure backup and disaster recovery procedures

  • Regular security testing and vulnerability assessments

9.2 Organisational Security

  • Staff training on data protection and security

  • Confidentiality agreements with all employees and contractors

  • Access controls based on need-to-know principle

  • Clear roles and responsibilities for data protection

  • Regular security audits and compliance reviews

  • Incident response and data breach procedures

  • Secure physical premises with access controls

  • Clear desk and secure disposal policies

9.3 Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We will also report the breach to the Information Commissioner's Office (ICO) within 72 hours where required by law.

10. Cookies And Tracking Technologies

Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device that help us provide and improve our services.

10.1 Types of Cookies We Use

Essential Cookies: Necessary for the website to function properly. These enable core functionality such as security, network management, and accessibility. You cannot opt out of these cookies.

Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously. This helps us improve website performance and user experience.

Functionality Cookies: Enable enhanced functionality and personalisation, such as remembering your preferences and settings.

Marketing Cookies: Used to track visitors across websites and display relevant advertisements. These may be set by third-party advertising partners.

10.2 Managing Cookies

You can control cookie preferences through:

  • Our cookie consent banner (displayed on your first visit)

  • Your browser settings (most browsers allow you to refuse or accept cookies)

  • Opt-out tools provided by advertising networks

Please note that blocking certain cookies may impact your experience on our website and limit functionality.

For detailed information about the cookies we use, please see our separate Cookie Policy [link to cookie policy if you have one].

11. Marketing Communications

We will only send you marketing communications if you have given us your consent or where we have a legitimate interest to do so (such as sending service updates to existing customers).

11.1 How to Opt Out

You can opt out of marketing communications at any time by:

  • Clicking the 'unsubscribe' link at the bottom of any marketing email

  • Updating your communication preferences in your account settings

  • Contacting us directly using the details in Section 15

  • Opting out of marketing communications will not affect essential service-related communications (such as appointment confirmations, service updates, or important account information).

11.2 Personalisation

With your consent, we may use information about your preferences and interactions with our services to personalise marketing communications and make them more relevant to you.

12. Children's Data

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 18 without appropriate parental or guardian consent.

While we may hold information about children as part of our postnatal care services (for example, information about your baby), this is collected from and with the consent of the parent or guardian.

If you believe we have inadvertently collected information from a child without proper consent, please contact us immediately and we will take steps to remove that information from our systems.

13. Third-Party Websites

Our website may contain links to third-party websites, services, or applications. This Privacy Notice applies only to our website and services. When you click on links to other websites, you will be subject to their privacy policies and practices.

We are not responsible for the privacy practices or content of third-party websites. We encourage you to read the privacy notices of any third-party sites you visit.

14. Changes To This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or business operations. When we make significant changes, we will notify you by:

  • Sending an email notification to the address associated with your account

  • Displaying a prominent notice on our website

  • Providing an in-app notification (if applicable)

The 'Last Updated' date at the top of this notice indicates when it was last revised. We encourage you to review this Privacy Notice periodically to stay informed about how we protect your data.

Continued use of our services after changes to this Privacy Notice constitutes your acceptance of the updated terms. If you do not agree with the changes, you may discontinue using our services and request deletion of your data (subject to legal retention requirements).

15. Contact Us

If you have any questions about this Privacy Notice, how we handle your personal data, or if you wish to exercise any of your rights, please contact us:

The Fourth Collective Ltd / Email: hello@thefourth.uk

16. Complaints

We take your privacy concerns seriously and are committed to resolving any complaints fairly and promptly.

16.1 Contact Us First

If you have a concern about how we handle your personal data, please contact our Data Protection Contact using the details above. We will:

  • Acknowledge your complaint within 5 working days

  • Investigate the matter thoroughly

  • Provide a full response within 30 days

16.2 Information Commissioner's Office (ICO)

You have the right to lodge a complaint with the UK's data protection supervisory authority at any time:

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Phone: 0303 123 1113

Website: www.ico.org.uk

You can contact the ICO at any time, but we hope you will contact us first so we have the opportunity to address your concerns directly.

---

This Privacy Notice was last updated in January 2026 and reflects our commitment to protecting your personal data in accordance with UK GDPR and the Data Protection Act 2018.

Return Home