HeartVets Privacy Policy

Last updated:  November 2025 

 This privacy policy explains how HeartVets (the Heartvets group, which comprises Heartvet Consultants Ltd and Heartvet Solutions Ltd; referred to as “we”, “us” or “our”) collects, uses, shares and protects personal data when you interact with us as a referring veterinary professional, pet owner, attendee at our CPD events, purchaser of telemedicine services or equipment, or a visitor to our website.  

 

  1. Who we are

HeartVets are a private veterinary cardiology consultancy offering telemedicine and equipment sales to veterinary professionals globally, and a clinical cardiology referral service for client-owned pets in the SouthWest UK. Contact details for the data controller are available at the following contact addresses: 

Heartvet Consultants Ltd (for all clinical referrals). UK company number 7188907 

Waldenfields 

Whitestone 

Exeter 

EX4 2HP 

 

Heartvet Solutions Ltd (for telemedicine, CPD and equipment purchases). UK company number 14722555 

Waldenfields 

Whitestone 

Exeter 

EX4 2HP 

 

  1. What personal data we collect

We collect and process different categories of personal data depending on how you interact with us: 

From referring veterinary professionals (including CPD attendees and telemedicine clients): 

  • Name, professional role, workplace contact details (email, phone, address) 
  • Business details (practice name, VAT number where applicable) 
  • Records of referrals, clinical information about animals (see below), communications and case notes 
  • Billing/administrative data (invoices, order numbers). We do not store debit/credit card or raw payment details. 

From pet owners attending our referral clinics: 

  • Owner name, contact details, address 
  • Pet details (name, species, breed, medical history and clinical records, diagnostic images) 
  • Any personal data contained in referral forms or clinical notes 

From website visitors and event attendees: 

  • Cookies and analytics identifiers, IP address and device/browser metadata 
  • Event registration data and dietary/accessibility requirements (if supplied) 

Special categories / sensitive data: 

  • Clinical information about animals is included in case records. Where clinical records include personal data about owners or any information that amounts to personal health data of a natural person (for example, a contact’s health information), this may be treated as special category data and processed only where lawful to do so. 

 

  1. Why we process personal data (purposes) and our lawful bases

We will only process personal data where we have a lawful basis to do so under the UK GDPR (Article 6) and, where appropriate, a condition for processing special category data (Article 9). Typical purposes and lawful bases include: 

  • Providing telemedicine services, equipment sales and clinical referrals — Lawful basis: performance of a contract or taking steps before entering into a contract (Article 6(1)(b)). If personal data includes health-related information about a person, also rely on an Article 9 condition such as processing necessary for medical diagnosis or for the provision of health or social care where that condition applies, or explicit consent where appropriate. 
  • Communicating with referring vets, event administration, CPD invitations — Lawful basis: legitimate interests (Article 6(1)(f)) or consent where you have opted in for marketing communications. We only send marketing where allowed and include an easy opt-out. 
  • Clinical record keeping for pets attending referral clinics — Lawful basis: performance of a contract and/or our legal and professional obligations. Retention periods are set to meet professional and legal requirements and justified on that basis. 
  • Website analytics and cookies — Lawful basis: consent (for non-essential cookies) or legitimate interest for strictly necessary analytics configured to minimise personal data. 

If we plan to rely on consent for any processing, we will ensure consent is freely given, specific, informed and can be withdrawn at any time. 

 

  1. Recipients and international transfers

We may share personal data with: 

  • Service providers (cloud hosting, case management systems, email, analytics, payment processors). We use processors only under contract and with security safeguards. 
  • Other veterinary practices, referring vets and diagnostic labs where required to provide clinical care. 
  • Regulators or law enforcement where required by law. 

International transfers: Where we transfer personal data outside the UK/EEA (for example to cloud services or veterinary partners), we will ensure an appropriate safeguard is in place (UK adequacy, International Data Transfer Agreement (IDTA) / addendum, or other Article 46 mechanism) and we will record that safeguard in our records. 

 

  1. Data retention

We keep personal data only as long as necessary for the purpose it was collected and to meet legal, regulatory or contractual obligations. Example retention approaches (customise to your practice): 

  • Clinical records for adult animals: 10 years from last contact (or shorter/longer if your insurer or professional body requires otherwise). 
  • Clinical records for animals seen as juveniles: keep until the animal would reach an equivalent 25th ‘birthday’ analogue where relevant (apply professional judgement for young animals and legal guidance). 
  • Business / financial records (invoices, contracts): 7 years (HMRC requirements). 
  • Event and marketing optin records: until consent is withdrawn or reviewed regularly (e.g., every 2–3 years). 
  • Website analytics and cookies: retention according to cookie settings and legal requirements. 

We will securely delete, archive or anonymise data when it is no longer needed. 

 

  1. Security

We implement appropriate technical and organisational measures to protect personal data, including encryption at rest and in transit where feasible, access controls, staff training, regular backups, and written processor contracts. We also maintain an incident response plan and will notify affected individuals and the Information Commissioner’s Office where required by law. 

 

  1. Data subject rights

Individuals have rights under UK GDPR including the right to: access their personal data; rectify inaccuracies; erase data (in certain circumstances); restrict processing; object to processing (including profiling and direct marketing); and data portability where applicable. To exercise rights contact: admin@heartvets.co.uk.  We will respond within statutory time limits and advise if any exemptions apply. 

 

  1. Children and minors

Our services are primarily for veterinary professionals and pet owners. If we collect personal data about children (for example, where a child is an owner), we will comply with the Age Appropriate Design Code and any requirements for parental consent where relevant to online services aimed at children. 

 

  1. Cookies and online tracking

We use cookies for essential website functions and, with consent, for analytics and marketing. Our cookie banner and cookie policy explain options and how to withdraw consent. 

 

  1. Changes to this policy

We may update this policy from time to time. We will publish the revised date at the top of this page and, where appropriate, notify users. 

 

  1. Complaints

If you have a complaint about how we handle your personal data, please contact our privacy lead at admin@heartvets.co.uk.  You also have the right to complain to the Information Commissioner’s Office (ICO).