GPDQ Ltd (t/a GPDQ) (we, us and our) is committed to protecting and respecting your privacy.
1. Our identity and contact details
The data controller is GPDQ Ltd (data protection registration number ZA147981) of 727-729 High Road, London, N12 0BP. Our data protection officer is Suhal Ullah, who can be contacted by email at firstname.lastname@example.org or by post at GPDQ, St Marks Studios, 14 Chillingworth Road, London, N7 8QJ.
2. Information we collect from you
We will collect and process the following data about you:
Information you give us
2.1 This is information you give us by filling in forms on our website at https://www.gpdq.co.uk, or on our mobile applications (together our “platform”), or by corresponding with us by phone, email or otherwise. It includes information you provide when you register to use our platform, search for services on our platform, enter a competition, promotion or survey and when you report a problem with our platform. The information you give us may include your name, address, phone number, email address, date of birth, financial and credit card information including billing address, medical records (including NHS summary care records) or personal description.
Information we collect about you
2.2 With regard to each of your visits to our platform and our service we may collect the following information:
2.21 technical information, including the Internet Protocol address (IP address) used to connect your computer to the internet, your login information, browser type and versions, operating systems, certain device information and your location; and
2.22 information about your visit including the full Uniform Resource Locators (URL), clickstream to, through and from our platform (including date and time), services you viewed or searched for, page response times, download errors, lengths of visits to certain pages, page interaction information (such as scrolling, clicks and mouse overs) and methods used to browse away from the page.
2.23 information from and about your consultation including the appointment location and duration, medical notes taken during the appointment, any information provided by your medical insurance provider (if applicable), and any test results (if applicable).
3. Uses of the information and the legal basis for processing
We use information held about you in the following ways:
Information you give to us
3.1 We use this information:
3.1.1 for internal record keeping and account creation;
3.1.2 to carry out our obligations arising from any contracts entered into between you and us, to provide you with the services that you request from us with the best possible care delivery, and for our legitimate business interests;
3.1.3 to confirm GP bookings when you make them;
3.1.4 to provide you with information about other services that are similar to those you have already purchased or enquired about;
3.1.5 to send promotional emails about new products, special offers or other information and to make suggestions or recommendations which we think you may find interesting, using the contact information that you have provided;
3.1.6 to contact you for market research purposes by email, phone or mail;
3.1.7 to notify you about changes to our services or our terms and conditions;
3.1.8 and to customise our platform to ensure that the content is presented in the most effective manner for you and for your device. Information we collect about you
3.2 We will use this information:
3.2.1 to administer our platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
3.2.2 to improve our services and our platform to ensure that content is presented in the most effective manner for you and your device;
3.2.3 as part of our efforts to keep our platform safe and secure; and
3.2.4 to measure or understand the effectiveness of marketing we serve to you and others, and to deliver relevant marketing to you.
4. Disclosure of your information
4.1 You agree that we have the right to share your personal data with:
4.1.1 other GPs (NHS or private), acute or mental health Trusts, local authorities, community health providers, pharmacists, care homes, out of hours providers, the Care Quality Commission, Medico Legal entities, the General Medical Council, the Health Service Ombudsman, NHS counterfraud, NHS Digital, NHS England, Public Health commissioning organisations, emergency services and specific non NHS organisations for the purposes of direct and indirect delivery of care.
4.1.2 any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006; and
4.1.3 selected third parties including:
184.108.40.206 business partners (including medical insurance providers), payment service providers, GPs, and other suppliers and sub-contractors for the performance of any contract we enter into with them or you;
220.127.116.11 and analytics and search engine providers that assist us in the improvement and optimisation of our platform.
4.2 We will disclose your information to third parties:
4.2.1 in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business assets;
4.2.2 if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about customers using our platform will be one of the transferred assets; and
4.2.3 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; to protect our rights, property or safety or that of our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
5. Where we store your personal data
5.1 Your GP medical record is held on our secure clinical system. This clinical system allows for our doctors to hold, store and view your medical records. We will not share your medical records with anyone unless you give consent or as required under Clause 4.
5.3 All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password, which enables you to access certain parts of our platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
5.4 Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our platform; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
6. Information retention and deletion
We may retain your personal data for the following purposes and periods, unless and until you request deletion or anonymisation of your personal data:
6.1 for as long as you are receiving our services;
6.2 if necessary, for our legitimate business interests outlined above (we will delete your information if it is no longer reasonably necessary for us to retain it); or
6.3 for as long as necessary to comply with any legal requirement.
7. Your rights
7.1 You may request correction, erasure or a copy of your personal data or otherwise stop us from using your data at any time (if certain criteria apply). We will usually inform you (before collecting your data) if we intend to use your data for marketing purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting the Data Protection Officer at email@example.com. However some information may be withheld under some exceptional circumstances.
7.2 Our platform may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
7.3 If you consider our use of your personal data to be unlawful or you have any other concerns, you have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
8. Access to information
You may request details of personal data we hold about you.