client login

BHW Logo with signature landscape transparent

Privacy Policy

Last updated: June 2025

Birch Health & Wellness is committed to safeguarding your privacy.

This Privacy Policy explains how we collect, use, and protect your personal information when you:

  • use our website (tokibirch.com)

  • access our Patient Portal via Practice Better (www.practicebetter.io)

  • sign up for our email list or free resources

  • purchase digital products or services

  • engage with any other part of our business.

By using our website, Patient Portal, signing up for our mailing list, or purchasing a product or service, you are agreeing to this Privacy Policy.

If you have any questions about this Policy, please contact us at: support@tokibirch.com.

1. What Information We Collect

We may collect the following types of personal information:

a) Personal Information

Information you provide to us, such as:

  • Name

  • Email address

  • Contact details

  • Billing information

  • Account login details (where applicable)

  • Any personal data you choose to share with us (e.g. via forms, surveys, programme enrolment, support requests)

b) Protected Health Information

If you are a client, we collect and store:

  • Information provided in the course of your consultations and health care services

  • Information from any functional testing you undertake via Birch Health & Wellness

  • Practitioner notes and records within our Practice Better EMR system

  • Billing and payment records for healthcare services provided

This information is stored securely in line with medical confidentiality requirements.

c) Website and Marketing Data

When you visit our website, opt-in for a free resource, register for a webinar or challenge, or purchase a digital product, we may also collect:

  • IP address

  • Browser type

  • Device information

  • Referrer details (how you arrived at our site)

  • Interaction data (pages viewed, emails opened, links clicked)

  • Purchase history (for products bought via our website)

This helps us understand how visitors use our website and improve the experience.

2. How We Use Your Information

We use your information to:

  • Provide health care services to you (if you are a client)

  • Manage your Patient Portal account

  • Communicate with you regarding appointments, test results, and health services

  • Process payments and send receipts

  • Provide you with digital products and services you purchase

  • Send you marketing emails where you have opted in

  • Send you free resources and content you have requested

  • Improve our website and services

  • Comply with legal obligations

3. Lawful Bases for Processing Your Data

We process your personal data under the following lawful bases, as defined by UK GDPR:

  • Consent — when you opt in to receive marketing communications or free resources

  • Contract — when you purchase a product or service or engage with our health services

  • Legal obligation — where required to comply with law or regulatory requirements

  • Legitimate interests — to operate and improve our website, services, and communications

4. Marketing Communications and Website Visitors

If you sign up to our email list (via website forms, quizzes, or freebie downloads), you consent to receive occasional emails from Birch Health & Wellness. These may include:

  • Educational content

  • News and updates

  • Information about products and services

  • Special offers or promotions

You can unsubscribe at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at support@tokibirch.com.

We never sell or share your personal data with third-party marketers.

Free resources (guides, checklists, challenges) are provided for personal use only and may not be copied, shared, or sold. See our Terms & Conditions for full details.

We do not use automated decision-making or profiling to make decisions that would have a legal or significant effect on you.

5. Condition-Specific Content

Periodically, we may send you content related to your health condition(s), based on information you have provided as a client or via opt-in. You can opt out of these communications at any time.

6. Opt-Out

You can opt out of marketing emails at any time by clicking the unsubscribe link or by contacting us.

Please note:

  • You may still receive important notices related to your account, health services, or purchases.

  • You cannot opt out of necessary system or legal notices.

7. Anonymous, Aggregate Information

We may collect and use anonymous, aggregate data for:

  • Statistical analysis of website usage

  • Improving the website experience

  • Optimising marketing performance

  • Understanding trends and user behaviour

This data does not identify you personally.

8. Cookies and IP Addresses

Our website uses cookies to improve your experience and provide personalised content.

Cookies are small data files stored on your device. They help us:

  • Recognise returning visitors

  • Remember preferences

  • Analyse website traffic

  • Improve marketing campaigns

You can control cookies through your browser settings. Disabling cookies may affect your ability to use certain parts of our website.

We also log IP addresses and browser information for security and analytics purposes.

9. Privacy Protection for Children

Our website and Patient Portal are not directed at minors under age 18.

If you are a parent or guardian managing health services for a child, we may collect and process relevant health and billing information with your consent and in line with UK GDPR and other applicable laws.

10. Sharing Your Information

We do not sell or share your personal data with third parties, except:

  • To trusted service providers who support our operations (e.g. Practice Better, email marketing platforms, payment processors)

  • As required by law (see "Legal Requirement" below)

  • In an emergency or where harm may occur (see "Imminent Harm" below)

  • With your explicit consent

All service providers we work with are contractually required to protect your information and comply with UK GDPR.

11. EHR Maintenance and Vendor Access

Our Practice Better EMR and website services may require occasional access by technical support providers. These vendors only access the information necessary to perform their services, and are contractually bound to maintain confidentiality.

12. Imminent Harm

We may disclose certain Protected Information if we reasonably believe you or another person may be at risk of serious harm, or if required to prevent unlawful activity.

13. Legal Requirement

We will disclose your information if required by law, court order, or regulatory authority.

If we receive a legal request, we will notify you unless prohibited by law.

14. International Data Transfers

Some of the platforms we use to process and store your data may be located outside the UK. In such cases, we ensure appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements.

15. Data Retention

We retain your Protected Information and personal data only for as long as necessary to:

  • Provide services

  • Comply with legal requirements

  • Maintain medical recordkeeping standards

  • Support your customer relationship with us

Marketing-related data (such as email list subscriptions) will be retained until you unsubscribe or request deletion.

You may request deletion of your data at any time by contacting us.

16. Security

We take data security seriously and use technical, administrative, and physical safeguards to protect your information.

Measures include:

  • SSL encryption for data transmission

  • Password-protected access

  • Secure cloud hosting for our EMR system

  • Regular backups and monitoring

  • Vendor agreements to ensure GDPR compliance

While we take every reasonable step to protect your data, no system can guarantee 100% security.

17. Your Password and Account Information

If you use the Patient Portal, it is your responsibility to keep your password confidential.

Anyone with your login credentials can access your account.

18. Notice of Security Incident

If we become aware of a data breach affecting your personal data, we will notify you and the Information Commissioner’s Office (ICO) in line with UK GDPR requirements.

19. Your Rights Under UK GDPR

You have the right to:

  • Access the personal data we hold about you

  • Request correction of inaccurate data

  • Request deletion of your data (where legally permissible)

  • Object to processing or restrict certain uses of your data

  • Withdraw consent for marketing at any time

To exercise your rights, please contact us at: support@tokibirch.com.

20. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on our website.

Your continued use of our services constitutes acceptance of any changes.

21. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:
support@tokibirch.com

End of Privacy Policy

Toki Birch is a certified functional medicine practitioner helping women over 40 reverse underactive thyroid and bring about remission from Hashimoto’s naturally.

FOR SUPPORT ISSUES OR QUESTIONS, PLEASE EMAIL US AT SUPPORT@TOKIBIRCH.COM

Copyright © •TOKI BIRCH • All Rights Reserved