Privacy Policy

Last Updated: 10/02/2025

 

This Privacy Notice explains how Clinicol (“we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you use our services (“Services”), including:

 

• Visiting our website at https://clinicol.co.uk
• Communicating with us via email.
• Engaging with us in other ways (e.g., phone calls, marketing interactions).

 

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this notice carefully. If you do not agree with our policies and practices, please do not use our Services.

 

1. What Information Do We Collect?

 

We collect two main types of information:

 

(a) Information You Provide to Us:

 

• Contact Information: Your name, email address, phone number, mailing address, and other contact details you provide when you contact us, register for services, or request information.
• Account Information: If you create an account with us, we collect your username, password, and other information needed to manage your account.
• Medical and Health Information: Information you voluntarily provide about your health, medical history, symptoms, treatments, and other health-related details. This information may be provided in various ways:
  • During Online Forms: When you complete online forms for appointment booking, health questionnaires, or registration, we collect the information you provide in those forms.
  • In Consultations (Phone/Video/In-Person): During consultations, our healthcare professionals will record relevant details about your medical history, symptoms, diagnoses, treatment plans, and progress notes.
  • Via Email (with Security Warning):  While we strongly advise against sending highly sensitive health information via unencrypted email, if you choose to communicate with us this way, we will process the health information you provide in your emails.  Please see our important security warning regarding email communication below.
• Email Correspondence: The content of emails you send to us (including any attachments) and our replies. This may include appointment requests, medical inquiries, prescription requests, and other communications related to your healthcare.
• Payment Information: If you make payments for our services, we may collect payment card details or other financial information. (Note: If you use a third-party payment processor, they collect this information directly, and you should review their privacy policy.)
• [Consider Removing “Job Title” unless clearly justified. If justified, explain purpose here.  For example, if you offer Occupational Health services: “Job Title and Employer Details (in limited circumstances):  If you are using our Occupational Health services, we may collect your job title and employer details as provided by your employer or you, to facilitate the provision of these services.” ]

 

(b) Information We Collect Automatically:

 

• Log Data: When you visit our website, our servers automatically record information (“Log Data”), including your IP address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device information, search terms, and cookie information.
• Device Data: We may collect information about the device you use to access our Services, including the device type, operating system, settings, unique device identifiers, and crash data.
• Usage Data: We collect information about how you use our Services, such as the features you use, the actions you take, and the time, frequency, and duration of your activities.
• Cookies and Similar Technologies: We use cookies and similar technologies (e.g., web beacons, pixels) to collect information about your browsing activity, personalize your experience, and improve our Services. You can control cookies through your browser settings. See our Cookie Notice [Link to Cookie Notice if you have one – highly recommended] for more details.

 

Important Security Warning Regarding Email Communication:

 

Standard email communication is not a secure method of transmitting sensitive personal or health information.  While we use secure email protocols where possible, we cannot guarantee the absolute security of emails.  We strongly advise you not to send highly sensitive medical information (e.g., detailed medical history, diagnosis, highly personal details) via unencrypted email.  For secure communication of sensitive health information, please contact us by phone at [Your Phone Number] to discuss alternative options such as [mention secure portal if you have one, or secure file sharing methods, or even scheduling a phone consultation].  We also offer [mention secure portal if you have one] for secure messaging and document exchange.

 

2. How Do We Use Your Information?

 

We use your information for the following purposes:

 

• Providing and Managing Our Services: To deliver the healthcare services you request, manage appointments, process prescriptions, maintain your medical records, and provide customer support.
• Communicating with You: To respond to your inquiries, send you appointment reminders, provide updates about our services, and communicate with you about your health (with your consent where required).
• Managing Email Communications: To process and respond to your emails, manage appointment requests, provide medical advice (where appropriate and within the scope of our services), and fulfill other requests related to your healthcare.
• Improving Our Services: To analyze how our Services are used, identify trends, improve website functionality, develop new features, and enhance the overall user experience. [Note:  This use will primarily rely on anonymized and aggregated data.  If you process identifiable health data for service improvement, you MUST ensure you have a valid legal basis, and it is highly unlikely “Legitimate Interests” will be sufficient for identifiable health data in this context without explicit consent. Reconsider if you are using identifiable health data for service improvement beyond basic operational needs.]
• Security and Fraud Prevention: To protect the security of our Services, prevent fraud, and investigate suspicious activity.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests.
• Marketing (with your consent): To send you information about our services, promotions, and events that may be of interest to you. You can opt out of marketing communications at any time.
• To save or protect an individual’s vital interest: We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.

 

3. What Are Our Legal Bases for Processing Your Information?

 

Under UK GDPR, we must have a valid legal basis for processing your personal information. We rely on the following legal bases:

 

• Consent: We may process your information if you have given us specific consent to use your personal information for a particular purpose. For sensitive personal data (such as health information provided via email or otherwise), we rely on your explicit consent. We will obtain this consent separately, for example, through a consent form during registration or before engaging in detailed medical discussions via email. You can withdraw your consent at any time.
• Performance of a Contract: We may process your information when it is necessary to fulfill our contractual obligations to you, such as providing healthcare services you have requested.
• Legitimate Interests: We may process your information when it is reasonably necessary to achieve our legitimate business interests (e.g., improving our website functionality and user experience by analyzing aggregated and anonymized website usage data, preventing fraud), provided those interests do not outweigh your fundamental rights and freedoms.  [Note:  We have conducted a Legitimate Interests Assessment and balancing test to ensure that our interests are not overridden by your rights.  Details of this assessment are available upon request.]
• Legal Obligations: We may process your information to comply with legal obligations, such as responding to lawful requests from government authorities, including reporting certain communicable diseases to public health agencies.
• Vital Interests: In rare cases, we may process your information to protect your vital interests or the vital interests of another person (e.g., in a medical emergency).

 

4. Who Do We Share Your Information With?

 

We may share your information with the following categories of third parties:

 

• Service Providers: We use third-party service providers to help us operate our business and provide our Services. These providers may have access to your information only to perform tasks on our behalf and are obligated to protect your information. Examples include:
  • Email service providers (e.g., Google Workspace, Microsoft 365)
  • IT support providers
  • Cloud storage providers
  • Payment processors (if applicable)
  • Appointment scheduling software providers
• Healthcare Professionals: We may share your information with other healthcare professionals involved in your care, such as your GP, specialists you are referred to, pharmacists for prescription dispensing, or other members of your direct healthcare team.  We will always seek your explicit consent before sharing your health information with other healthcare professionals unless we are legally obliged to do so (e.g., for public health reporting, or under a court order).
• [Removed “Business Partners” Category – Reconsider adding only if absolutely necessary and with very strong justification and explicit consent mechanisms as per previous review]
• Legal Authorities: We may disclose your information to legal authorities if required by law, such as in response to a court order or subpoena.
• Business Transfers: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

 

We have data processing agreements in place with our third-party service providers to ensure they protect your information in accordance with UK GDPR.

 

5. How Do We Keep Your Information Safe?

 

We take the security of your information seriously and have implemented appropriate technical and organizational measures to protect it from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

 

• Data Encryption: We use encryption to protect sensitive data during transmission and storage.
• Access Controls: We restrict access to your personal information to authorized personnel who need it to perform their job duties.
• Regular Security Audits: We regularly review and update our security practices to address emerging threats.
• Staff Training: Our staff are trained on data protection and confidentiality.
• Email Security: While we use secure email protocols and TLS encryption where feasible, email communication is not inherently secure. We cannot guarantee the absolute security of information transmitted via email.  As highlighted in our Email Security Warning above, we advise you to exercise caution when sending sensitive personal information via email and to consider alternative communication methods (e.g., phone, secure portal – if available) for highly sensitive information.

 

6. How Long Do We Keep Your Information?

 

We will retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law (e.g., for medical record-keeping requirements).  For medical records, we adhere to the retention periods recommended by [Insert relevant UK medical professional body/guidance – you need to research and insert the specific body/guidance, e.g.,  NHS Records Management Code of Practice or GMC guidance]. After the applicable retention period, we will securely delete or anonymize your medical records. When we no longer need other types of your information, we will also securely delete or anonymize it.

 

7. Your Privacy Rights

 

Under UK GDPR, you have the following rights regarding your personal information:

 

• Right of Access: You have the right to request a copy of the personal information we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
• Right to Erasure (“Right to be Forgotten”): You have the right to request that we delete your personal information in certain circumstances.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances.
• Right to Data Portability: You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format and to transmit it to another data controller.
• Right to Object: You have the right to object to the processing of your personal information in certain circumstances, including processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: If we are processing your personal information based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

 

To exercise any of these rights, please contact us using the contact details provided below. We will respond to your request within one month, as required by UK GDPR.

 

8. International Data Transfers

 

Your data will not be transferred outside of the UK. (If this is incorrect and you do transfer data internationally, you must include detailed information about the safeguards in place, such as Standard Contractual Clauses or Binding Corporate Rules.)

 

9. Children’s Privacy

 

Our Services are not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately.

 

10. Do Not Track Signals

 

We respect Do Not Track (DNT) browser settings. However, please note that our website, like many others, uses cookies and similar technologies for essential website functionality, performance analysis, and user experience improvement.  For full details about our use of cookies and how to manage your preferences, please see our Cookie Notice: [Link to Cookie Notice if you have one]. You can generally manage your cookie preferences through your browser settings.

 

11. Changes to this Privacy Notice

 

We may update this Privacy Notice from time to time. This Privacy Notice is reviewed and updated at least annually, or more frequently as necessary to reflect changes in our data processing practices or legal requirements. We will post any changes on this page and update the “Last Updated” date. We encourage you to review this Privacy Notice periodically.

 

12. Contact Us

 

If you have any questions or concerns about this Privacy Notice or our data practices, please contact us at:

 

Clinicol, London, UK. Email: [email protected]

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection, if you believe we have not handled your personal information in accordance with UK GDPR. You can find their contact details on their website: https://ico.org.uk/

[/vc_column_text][/vc_column][/vc_row]