1. INTRODUCTION

Twiqk Ltd. ("Twiqk", "we", "us", "our") is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you access or use the Twiqk website and platform (the "Platform").

This Policy complies with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations (PECR)

2. DATA CONTROLLER

Twiqk Ltd. is the Data Controller responsible for your personal data.

For all privacy-related matters, contact:

Josh Sim, Data Protection Officer

Josh.sim@twiqk.com

3. PERSONAL DATA WE COLLECT

We may collect and process the following categories:

A. Identity Data

• Full name
• Date of birth (where required for age verification)

B. Contact Data

• Email address
• Telephone number

C. Account Data

• Login credentials
• Account preferences

D. Usage Data

• Search queries
• Treatment interests
• Interaction behaviour
• Platform engagement metrics

E. Technical Data

• IP address
• Device type
• Browser type
• Operating system
• Session timestamps

F. Marketing Data

• Consent preferences
• Communication history

G. Communications Data

• Messages sent via forms or email

4. SPECIAL CATEGORY DATA

Twiqk does not intentionally collect health data.

If you voluntarily disclose health-related information (e.g., treatment concerns), this is processed only:

• With your explicit consent
• For the limited purpose of responding to your enquiry

We strongly advise users not to submit detailed medical histories via the Platform.

5. HOW WE COLLECT DATA

We collect data through:

• Direct user input (forms, account creation)
• Cookies and tracking technologies
• Analytics tools
• Communications with us
• Third-party integrations (where applicable)

6. LAWFUL BASIS FOR PROCESSING

We rely on:

• Consent (marketing, analytics cookies, optional features)
• Contractual necessity (account provision)
• Legitimate interests (platform improvement, fraud prevention)
• Legal obligations (compliance requirements)

Where processing is based on consent, you may withdraw consent at any time.

7. HOW WE USE YOUR DATA

We use personal data to:

• Provide access to the Platform
• Facilitate user-requested connections with clinics
• Improve website functionality
• Personalise user experience
• Monitor performance and security
• Prevent fraud or misuse
• Send marketing communications (with consent)
• Comply with legal obligations

We do not sell personal data.

8. SHARING OF DATA

We may share data with:

• Verified clinics (only where user requests or consents)
• IT service providers
• Hosting providers
• Analytics providers
• Payment processors (if applicable)
• Legal authorities (where required by law)

All third-party processors operate under contractual data protection obligations.

9. INTERNATIONAL TRANSFERS

Where data is transferred outside the UK, we ensure:

• Adequacy regulations OR
• Standard Contractual Clauses (SCCs) OR
• Equivalent safeguards

10. DATA RETENTION

We retain data only for as long as necessary for:

• Service provision
• Legal compliance
• Legitimate business purposes

Inactive accounts may be deleted after 6 months.

Where deletion is requested, data will be erased unless retention is legally required.

11. YOUR RIGHTS

Under UK GDPR, you have the right to:

• Access your data
• Correct inaccurate data
• Request erasure
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent
• Lodge a complaint with the Information Commissioner's Office (ICO)

Requests can be made via: Josh.sim@twiqk.com.

We may require identity verification before processing requests.

12. AUTOMATED DECISION-MAKING

Twiqk does not conduct automated decision-making that produces legal or similarly significant effects.

If future AI-based features are introduced, this Policy will be updated accordingly.

13. SECURITY MEASURES

We implement appropriate technical and organisational measures including:

• Encryption
• Access controls
• Secure hosting infrastructure
• Monitoring systems
• Staff confidentiality obligations

No system is entirely secure; use of the Platform is at your own risk.

14. DATA BREACHES

Where required by law, we will:

• Notify the ICO within 72 hours
• Inform affected users where there is a high risk

15. CHILDREN

The Platform is not intended for individuals under 18.

We do not knowingly collect children's personal data.

16. CHANGES TO THIS POLICY

We may amend this Privacy Policy from time to time.

Continued use of the Platform constitutes acceptance of updates.