My Life Plan Login

Privacy Policy

This Privacy Notice explains how Morelife (UK) Ltd (“Morelife”) collects, uses, stores, and shares your personal information. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 and the standards of the Care Quality Commission (CQC). 

 

1.

What personal data we collect – What we collect and how we use personal data.

Morelife processes the personal data of individuals, and these include names, addresses, telephone numbers and email addresses. Morelife processes personal data to enable it to provide health-related services to its service users, maintain accounts and records as well as promote its services. 

Morelife does not sell personal information to anyone and only shares it with third parties who are facilitating the delivery of Morelife’s services. 

We may collect and process the following types of personal information: 

  • Basic details: Name, address, date of birth, telephone number, email address. 
  • Health and well-being information: Health records, lifestyle data, information you provide in relation to our services. 
  • Other information: Information relating to your use of our services or website. 

 

Where the data comes from:

  • Self-referral  
  • NHS, /GPs.  
  • Local authority  

 

2. 

How we share your personal information 

Morelife may need to share your personal information with other organisations. Where such sharing is necessary, we will comply with the requirements of the GDPR on data sharing. The types of organisations/groups that we may share personal data with are set out below: 

  • Healthcare professionals.
  • Social & welfare organisations.
  • Local councils.
  • Business associates.
  • Families, associates, and representatives of the person whose personal data is processed.
  • Service providers.

 

3.

How we use your personal information 

We use your personal data for the following purposes: 

  • To provide health-related services to you. 
  • To maintain accounts and records. 
  • To monitor, evaluate, and improve our services. 
  • To communicate with you about your care and our services. 
  • To meet legal and regulatory requirements. 

 

4.

Lawful basis for processing 

Under the UK GDPR, we must have a lawful basis for processing your personal data. Depending on the context, we rely on: 

  • Consent – Where you have given clear consent for us to process your personal data for a specific purpose. 
  • Contract – Where processing is necessary for the performance of a contract with you (or to take steps at your request before entering into one). 
  • Legal obligation – Where we need to comply with a legal requirement. 
  • Vital interests – Where processing is necessary to protect someone’s life. 
  • Legitimate interests – Where processing is necessary for our legitimate interests, provided these are not overridden by your rights and freedoms. 

 

5.

Special category (health) data 

Because we provide health-related services, we may process information about your health. We will only do this where one of the following conditions applies: 

  • With your explicit consent. 
  • Where processing is necessary for the purposes of preventive or occupational medicine, medical diagnosis, or the provision of health or social care. 
  • Where processing is necessary for reasons of public interest in the area of public health. 

 

6.

How we share your personal information 

We do not sell your personal information. We may share your data with trusted third parties to support the delivery of our services, including: 

  • Healthcare professionals. 
  • Social and welfare organisations. 
  • Local councils. 
  • Families, associates, and representatives of service users. 
  • Business associates and service providers working with us under contract. 

 

Where sharing is necessary, we comply with UK GDPR requirements and ensure that appropriate safeguards are in place. 

 

7.

International transfers 

All personal data is stored and processed within the United Kingdom. We do not transfer personal data outside the UK. 

 

8.

How long we retain your information 

We will not keep your personal data for longer than necessary. Retention periods are determined by: 

  • Our contractual and service obligations. 
  • Legal and regulatory requirements. 
  • NHS or healthcare record retention guidance. 

 

For example, health records are generally retained for 8 years after the end of treatment (longer for children or if required by law). For details of retention periods specific to your data, please contact our Data Protection Officer. 

 

9.

Your rights 

You have the following rights under UK GDPR: 

  • Right of access – To request a copy of the personal data we hold about you. 
  • Right to rectification – To request correction of inaccurate or incomplete data. 
  • Right to erasure – To request deletion of your data where it is no longer required. 
  • Right to restrict processing – To request restriction of our use of your data. 
  • Right to data portability – To receive your data in a structured, commonly used, and machine-readable format, or to request transfer to another controller. 
  • Right to object – To object to certain processing, including direct marketing. 
  • Right to withdraw consent – Where processing is based on consent. 
  • Rights related to automated decision-making – Morelife does not make decisions based solely on automated processing, including profiling, that have a legal or similarly significant effect on you, however we do use a professional and system assisted process.

To exercise your rights, please contact our Data Protection Officer at dpo@more-life.co.uk. 

 

10.

How we secure your information 

We use appropriate technical and organisational measures to protect your personal data, including: 

  • Secure servers and systems. 
  • Using Secure Sockets Layer (SSL) software or other similar encryption technologies to encrypt confidential data in transit and at rest; 
    • Access controls and authentication measures. 
    • Staff training on data protection and confidentiality. 

 

11.

Cookies and similar technologies 

We use cookies on our website to improve functionality and enhance your experience. Non-essential cookies are only set with your consent. For more details, please see our Cookies Policy (available on our website or on request from dpo@more-life.co.uk).  

We also collect data through Google Analytics, social media pixels, Brevo mailing and online sign-up forms. We utilise Hootsuite and Metabusiness services.

 

12.

CQC Compliance Statement  

Morelife adheres to the standards of the Care Quality Commission (CQC). All personal and health information is handled in line with CQC expectations for confidentiality, record-keeping, and information governance, as well as UK data protection law. Staff are trained in confidentiality, secure record management, and appropriate sharing of information. 

In the event of a data breach, we will notify the ICO within 72 hours where legally required and affected individuals where there is a high risk to their rights and freedoms.  

 

13.

Questions or concerns 

If you have any questions about how we handle your personal information, please contact: 

  • Data Protection Officer 
    MoreLife (UK) Ltd 
    Nexus Leeds Ltd, Discovery Way, Leeds, LS2 3AA 
    Email: dpo@more-life.co.uk

 

You also have the right to complain to the UK Information Commissioner’s Office, although we would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us first. (ICO): 

  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 
  • Telephone: 0303 123 1113 

GDPR Compliance Statement

Morelife UK Ltd – UK GDPR Compliance Overview

Our Company is fully committed to protecting the personal data and privacy of all patients, staff, and partners in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognise that the nature of our service involves handling sensitive health data, and we take all reasonable steps to ensure this data is processed lawfully, fairly, and securely.

Key elements of our GDPR compliance program include:

  • Lawful processing: Personal data is collected only for specified and legitimate purposes such as treatment, healthcare management, billing, and legal compliance. We rely on lawful bases including consent, contractual necessity, and legal obligation.
  • Patient consent: Clear, informed consent is obtained before collecting or processing sensitive health information. Patients have the right to withdraw consent at any time.
  • Data minimisation: Only data essential for the provision of services is collected and stored. Unnecessary or outdated information is securely deleted.
  • Security measures: We employ robust technical and organisational controls including encryption, access restrictions, staff training, and secure storage to protect data from unauthorised access, loss, or damage.
  • Third-party compliance: All suppliers and partners who process personal data on our behalf are required to comply with GDPR through Data Processing Agreements.
  • Data subject rights: We have established clear processes to facilitate individuals’ rights, including access, rectification, deletion, and objection to processing.
  • Incident management: A formal data breach response plan ensures timely identification, reporting, and mitigation of any data security incidents.
  • Staff training: Regular GDPR and data protection training is mandatory for all employees and contractors.
  • Ongoing monitoring: Compliance is regularly reviewed through audits and policy updates to reflect evolving regulations and best practices.


Our Company understands the critical importance of data privacy in healthcare and continuously strives to uphold the highest standards of data protection.