CGTG Ltd, trading as Lea Medicare

Version 1.0 | Effective Date: 1 April 2026

This Privacy Policy explains how CGTG Ltd, trading as Lea Medicare (“Lea Medicare”, “we”, “us”, “our”), collects, uses, discloses, and protects personal information about visitors to our website (leamedicare.com) and individuals who interact with our company (for example, by requesting a demo, subscribing to updates, or contacting us).

Important note:

This Privacy Policy does not cover our processing of patient data or other personal data that we process on behalf of our healthcare customers. In that context, Lea Medicare acts as a data processor, and the relevant healthcare provider is the data controller. Please contact your healthcare provider directly for information on how they handle your personal data. Our processing in that capacity is governed by a separate Data Processing Agreement with each healthcare provider customer.

1. Who We Are

CGTG Ltd, trading as Lea Medicare, is a company registered in England and Wales under company number 11529985. Our registered office is at 1 Concourse Way, Sheffield, South Yorkshire S1 2BJ, United Kingdom. We are the data controller in respect of personal data described in this Privacy Policy.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

· Contact data — Contact details: name, email address, phone number, company or clinic name, role or job title.

· Communications — Correspondence: content of messages you send us through our website forms, email, WhatsApp, or social media channels.

· Marketing — Marketing preferences: opt-in status for newsletters, product updates, and event invitations.

· Technical data — Information collected automatically when you visit our website, such as IP address, browser type, device information, referring URLs, pages viewed, and interactions with our website.

3. How We Use Your Personal Data

We use your personal data for the following purposes:

· To respond to enquiries and provide requested information or demonstrations.

· To administer and operate our business relationship with you.

· To send marketing communications where you have consented to receive them.

· To improve and secure our website and services.

· To comply with legal and regulatory obligations.

4. Legal Basis for Processing

We rely on the following legal bases under the UK GDPR:

· Legitimate interests: to respond to enquiries, operate our business, and improve our services.

· Consent: for marketing communications and non-essential cookies.

· Contract: to perform our contractual obligations with you.

· Legal obligation: to comply with applicable laws.

5. Sharing Your Personal Data

We may share your personal data with:

· Service providers who support our business (e.g., hosting, email, analytics, CRM providers), subject to appropriate contractual safeguards.

· Professional advisers (e.g., lawyers, accountants).

· Regulators and authorities where required by law.

· Acquirers or potential acquirers in connection with a business transaction.

We do not sell your personal data to third parties.

6. International Transfers

Some of our service providers may be located outside the United Kingdom. Where personal data is transferred to a country without an adequacy decision, we ensure appropriate safeguards are in place, such as the International Data Transfer Agreement or UK Addendum to the Standard Contractual Clauses.

7. Data Retention

We retain personal data only for as long as necessary for the purposes set out in this Privacy Policy, to comply with legal obligations, resolve disputes, and enforce our agreements. Typical retention periods are:

· Enquiries: up to 2 years after last contact.

· Marketing subscribers: until you unsubscribe.

· Website analytics: up to 26 months.

· Records required for legal, tax, or accounting purposes: as required by law (typically 6–7 years).

8. Your Rights

Under the UK GDPR, you have the following rights:

· Right of access: to request a copy of your personal data.

· Right to rectification: to correct inaccurate or incomplete personal data.

· Right to erasure: to request deletion of your personal data in certain circumstances.

· Right to restrict processing: to limit how we process your personal data.

· Right to data portability: to receive your personal data in a portable format.

· Right to object: to processing based on legitimate interests or for direct marketing.

· Right to withdraw consent: at any time where we rely on consent.

· Right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

To exercise your rights, please contact us using the details below.

9. Cookies

Our website uses cookies and similar technologies. For more information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

10. Security

We implement appropriate technical and organisational measures to protect personal data, including encryption, access controls, and regular security testing. However, no method of transmission over the internet is completely secure.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Effective Date” at the top of this policy indicates when it was last revised. Material changes will be notified on our website.

12. Contact Us

For any questions about this Privacy Policy or to exercise your rights, please contact:

CGTG Ltd (trading as Lea Medicare)

1 Concourse Way, Sheffield, South Yorkshire S1 2BJ, United Kingdom

Email: chengi@leamedicare.com

Website: www.leamedicare.com