Skip to main content

Privacy Policy

Effective Date: 15 October 2025

Protect Clinical ("we", "us", "our") is committed to respecting and protecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal data when you use our website, clinical safety management platform, and related services (collectively, the "Services"). It applies to visitors, registered users, and customers located in the United Kingdom and the European Economic Area.

1. Data Controller

Protect Clinical acts as the data controller for personal data processed through the Services. Questions about this Policy can be submitted via our contact form or by emailing contact@mypracticemanager.co.uk.

2. Personal Data We Collect

We collect and process the following categories of personal data:

  • Account details: name, organisation name, professional role, email address, and password (stored in hashed form).
  • Organisation information: company name, vendor type, practice details, clinical safety officer information.
  • Clinical safety documents: DCB0129/DCB0160 reports, hazard logs, risk assessments, and related documentation.
  • Transaction data: billing contact, subscription details, VAT numbers, and invoice records for paid services.
  • Communications: enquiries submitted via contact forms, support tickets, feedback, and survey responses.
  • Usage information: device identifiers, IP address, browser type, pages viewed, and interactions with platform features.
  • Marketing preferences: opt-in status for newsletters, product updates, and educational content.

3. How We Use Personal Data

We process personal data to:

  • Provide, personalise, and maintain the Services and clinical safety management platform.
  • Store and manage clinical safety documentation and compliance records.
  • Facilitate collaboration between technology vendors and GP practices.
  • Fulfil subscriptions, manage accounts, and provide customer support.
  • Send service notices, compliance updates, and where permitted, marketing communications.
  • Monitor performance, conduct analytics, and improve the Services.
  • Protect against fraud, misuse, or security threats.
  • Comply with legal obligations, including NHS Digital reporting requirements and regulatory standards.

4. Legal Bases for Processing

We rely on the following legal bases under UK GDPR:

  • Contract performance: to provide clinical safety management services and platform features you request.
  • Legitimate interests: to improve the Services, secure our platform, support NHS clinical safety standards, and communicate relevant regulatory updates. We balance these interests against your rights and expectations.
  • Legal obligation: to meet statutory record-keeping, NHS compliance, or regulatory requirements.
  • Consent: for optional updates, marketing emails, and non-essential cookies. You may withdraw consent at any time.

5. How We Share Personal Data

We share personal data only when necessary:

  • Service providers: trusted processors that host our infrastructure (Firebase), process payments, send emails, or provide analytics. Each provider is bound by contractual data protection obligations.
  • Collaboration partners: clinical safety documents may be shared between technology vendors and GP practices where authorised for compliance purposes.
  • Professional advisers: accountants, auditors, or legal counsel when required.
  • Regulators or authorities: where we must comply with legal, NHS, or regulatory requests, or defend legal claims. We do not sell personal data.

6. International Transfers

If we transfer personal data outside the UK or EEA, we will use approved safeguards such as the UK International Data Transfer Addendum, Standard Contractual Clauses, or rely on adequacy regulations.

7. Data Retention

We retain personal data for as long as needed to deliver the Services, comply with legal and regulatory obligations (including NHS clinical safety record-keeping requirements), resolve disputes, and enforce our agreements. Clinical safety documentation may be retained for extended periods to meet regulatory standards. We apply anonymisation or secure deletion when data is no longer required.

8. Security Measures

We implement administrative, technical, and physical safeguards, including encryption in transit and at rest, access controls, secure cloud infrastructure (Firebase), and regular security reviews. No system is completely secure, so you should protect your account credentials and notify us of suspected breaches promptly.

9. Your Rights

Under UK data protection law you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data where we have no legal basis to continue processing.
  • Object to or restrict processing in certain circumstances.
  • Receive a copy of your data in a portable format.
  • Withdraw consent for processing based on consent. To exercise your rights, contact us using the details above. We may need to verify your identity before responding.

10. Cookies and Similar Technologies

We use essential cookies to operate the Services and, with consent, analytics cookies (Firebase Analytics) to understand usage. For detailed information on the types of cookies we deploy and how to manage your preferences, see our Cookie Policy.

11. Children

The Services are designed for professionals working in healthcare technology and GP practices. We do not knowingly collect personal data from children under 16. If you believe a child has provided information, contact us so we can delete it.

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in law or our practices. The "Effective date" shows the latest revision. We will provide advance notice of material changes when required by law.

13. Concerns and Complaints

If you have concerns, please contact us first so we can address them. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
https://ico.org.uk
Telephone: 0303 123 1113