Privacy Policy

1. Introduction

Thanks for choosing 121 Clinic (we or us). We are committed to protecting and respecting your privacy. We hope you take the time to read this Privacy Policy.

Your personal information and privacy are important to us. As our patient, we respect your right to be aware of who has information about you, what they are doing with it, and why, and who else they are sharing it with. We have adopted a privacy compliance culture that cements this relationship with you.

The aim of this Privacy Policy is to set out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. We also want to provide you with a better understanding of:

  • what information we collect;
  • how we use that information;
  • how this information is shared;
  • your rights; and
  • other useful privacy and security-related matters.

In this policy, we use the terms ‘personal data’ and ‘personal information’ interchangeably – they have the same meaning.

2. Your rights

Under the United Kingdom General Data Protection Regulation (UK GDPR), you as a Data Subject have a number of rights which are detailed in this Privacy Policy. Some of these only apply in specific circumstances and are qualified in several respects by exemptions in data protection legislation. We will advise you in our response to your request if we are relying on any such exemptions.

  • Access to personal data: You have a right to request a copy of the personal information that we hold about you. Should you wish to make such a request, please see the “How to contact us” section for information on how to contact us. You should include adequate information to identify yourself and such other relevant information that will reasonably assist us in fulfilling your request. If you’re asking another person to make a request on your behalf (e.g., a claims management company or a relative who helps you with your affairs), we will need to see proof of authorization from you. Your request will be dealt with as soon as possible.
  • Correction of personal data: You can request us to rectify and correct any personal data that we are processing about you which is incorrect.
  • Right to withdraw consent: Where we have relied upon your consent to process your personal data, you have the right to withdraw that consent. To opt out of marketing (i.e., withdraw your consent), you can use the unsubscribe link found in the marketing communication you receive from us, or you can contact our patient care service.
  • Right of erasure: You can request us to erase your personal data where there is no compelling reason to continue processing. This right only applies in certain circumstances – it is not a guaranteed or an absolute right.
  • Right to data portability: This right allows you to obtain your personal data that you have provided to us with your consent or which was necessary for us to provide you with our products and services under the contract we have with you, and where the processing is carried out by automated means, in a format which enables you to transfer that personal data to another organization. You may have the right to have your personal data transferred by us directly to the other organization if this is technically feasible.
  • Right to restrict processing of personal data: You have the right in certain circumstances to request that we suspend our processing of your personal data. Where we suspend our processing of your personal data, we will still be permitted to store your personal data, but any other processing of this information will require your consent, subject to certain exemptions.
  • Right to object to processing of personal data: You have the right to object to our use of your personal data which is processed on the basis of our legitimate interests. However, we may continue to process your personal data despite your objection where there are compelling legitimate grounds to do so or we need to process your personal data in connection with any legal claims. You also have the right to object to our use of your personal data for direct marketing purposes.
  • Right to complain to a supervisory authority: You have the right to lodge a complaint with a supervisory authority in relation to your personal data that we process in accordance with this Privacy Policy. In our case, this is the Information Commissioner’s Office. The contact details of the Information Commissioner’s Office are available on its website https://ico.org.uk/.
3. What personal data do we collect?

Information you give us: You may give us information about you by filling in forms on our app, our site at www.121Clinic.co.uk, or by corresponding with us by phone, e-mail, or otherwise. This includes information you provide us when you utilize a product or service from us. The type of information you will typically provide includes your name, postal address, e-mail address, phone number, banking and proof of identity. Generally, we collect this information from you.

Information we collect about you: With regard to each of your visits to our App or Site, we may automatically collect the following information:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform; and
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through, and from our App or Site (including date and time), products and/or services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.

Some of this information is your personal data. Our lawful basis for processing the information in the first bullet includes this being necessary for our legitimate interests in recognizing users returning to our App and Site and making sure the App and Site operate effectively. Our lawful basis for processing the information in the second bullet includes this being necessary for our legitimate interests in seeing how our App or Site are used and which parts are more popular than others. In addition, the information helps us understand levels of interest in different industries and sectors and assists us in planning our strategy for developing our products and services. This, in turn, helps us improve our App and Site.

Information we receive from other sources: We may receive information about you from the following other sources:

  • If you use any of the other websites we operate or other services we provide. Such data may be shared internally and combined with data collected on our App or Site. We also work closely with third parties (including, for example, business partners, sub-contractors in technical services, advertising networks, analytics providers, and search information providers) and may receive information about you from them that is relevant to our business.
  • If you are requesting services from us, we will request information from your GP.
4. Cookies

Certain statistical information is available to us via our internet service provider through the use of cookies. Our use of cookies is governed by our Cookies Policy which can be accessed here.

Our aim is to continuously improve your experience of our digital channels. We use cookies to improve your customer experience of our products, services, and online applications. Our web server collects information about your visit, for example:

  • number of people who visit the App or Site;
  • date and time of visits;
  • number of pages viewed;
  • amount of time spent on the App or Site; and
  • popular sections of the App or Site.
5. What do we use your personal data for?

Information you give to us. We will use this information:

  • to assess your health and medical condition so that we are able to prescribe medicines safely to you. Our lawful bases for this processing (see below in this Privacy Policy for more details about lawful bases) are to perform our contract with you (including taking steps at your request to enter into that contract).
  • to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products, and services that you request from us. Our lawful bases for this processing are to perform our contract with you (including taking steps at your request to enter into that contract) or, in the case of provision of information, for our legitimate interests in providing you with the requested information.
  • to assess your application for our services and whether you satisfy our eligibility requirements. Our lawful basis for this processing is our legitimate interests in ensuring our services are safe, effective, and responsive to patients.
  • to verify identity in accordance with our legal obligations. Our lawful basis for this processing is to comply with our legal obligations.
  • to manage your condition. Our lawful basis for this is to perform our contract with you.
  • to register you to use our App or Site, subscribe you to a service available via the App or Site, and/or when you report a problem with our App or Site. Our lawful bases for this processing are to perform our contract with you (including taking steps at your request to enter into that contract) or, in the case of dealing with reported problems, for our legitimate interests in fixing our App or Site and developing our services. Subject to your marketing preferences, to provide you with details of products and services that may be relevant to you (see “Direct marketing” section). Our lawful basis for this processing is that you will have consented to receive such communications (this means that consent justifies our processing of your personal data for our marketing communications).
  • to respond to any queries or other communications you submit to us. Our lawful bases for this processing are to perform our contract with you (including taking steps at your request to enter into that contract) and for our legitimate interests in responding to you and developing our services.
  • to notify you about changes to our services. Our lawful bases for this processing are to perform our contract with you and for our legitimate interests in developing our services and keeping you up to date about changes.
  • to ensure that content from our App or Site is presented in the most effective manner for you and for your computer. Our lawful basis for this processing is for our legitimate interests in providing our services, including our App and Site, as effectively as possible.
  • to register or redeem for promotional campaigns. Our lawful basis for this processing is your consent or (if we enter into a contract with you specific to that campaign) to perform our contract with you or (if we don’t ask for consent and if there’s not a contract) for our legitimate interests in promoting our services by way of having our patients participate in promotional campaigns.

Information about your use of the App or Site. We will use this information:

  • to determine which pages are the most popular, peak usage times, and similar information;
  • to administer our App or Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes;
  • to improve our App or Site to ensure that content is presented in the most effective manner for you and for your device;
  • to allow you to participate in interactive features of our App or Site when you choose to do so;
  • as part of our efforts to keep our App or Site safe and secure;
  • to measure or understand the effectiveness of advertising we serve to you and others and to deliver relevant advertising to you; and/or
  • to make suggestions and recommendations to you about goods or services that may interest you.

Our lawful basis for the above processing is for our legitimate interests in providing our services, including our App and Site, as efficiently, effectively, and securely as possible, including understanding how they are used to ensure that you can participate in interactive features and to provide you with relevant and targeted content (including advertising and suggested recommendations). In addition, we have legitimate interests in carrying out effective marketing and customer research activities (this includes profiling about the services you’re likely to be most interested in so that we can tailor the content of direct marketing communications to this).

Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

6. Sharing your personal data

We share your medical information with your GP only. We don’t share your personal data with any third party.

7. Direct marketing

We may (subject to your preferences) use your personal data to make suggestions to you about goods or services that may interest you – based on your consent. Those communications will give you the opportunity to opt out of receiving similar communications in the future (i.e., you can withdraw your consent at any time).

You can also choose to opt out of such future communications by contacting us, namely by:

8. Where we store your personal data

Data that we collect from you will be stored on Cliniko servers in the UK. It may also be processed by personnel operating outside the United Kingdom that work for us or for one of our suppliers, service providers, or sub-contractors. In such circumstances, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable law.

9. Quality access and correction

Information about you is integral to decisions we make about our products and services for you. It is essential that your information is correct. You are encouraged to assist us to ensure this by alerting us to any changes in your particular circumstances.

10. Data retention and deletion

We keep your personal data only as long as necessary to provide you with our products and services and for legitimate and essential business purposes, such as maintaining the performance of products and services, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes (our lawful bases for this processing are the same as set out above in this Privacy Policy – for instance, if we have to keep your data in case of claims by or against you under the contract you were in which has terminated, that will be justified by the lawful basis of the contract and by compliance with our legal obligations if there’s a claim already at issue).

We will keep your personal data on file for as long as you have a contract with us, and we will also retain some records (including personal data relating to your use of our products and services) for a period of no longer than required by applicable legislation.

If you request, we will delete or anonymize your personal data so that it no longer identifies you unless we are legally allowed or required to maintain certain personal data, including situations such as the following:

  • if there is an unresolved issue relating to your account (e.g., outstanding credit on your account or an unresolved claim or dispute), we will retain the necessary personal data until the issue is resolved;
  • where we are required to retain the personal data for our legal, tax, audit, and accounting obligations, we will retain the necessary personal data for the period required by applicable law.
11. Transfer to other countries

Personal data collected within the United Kingdom may, for example, be transferred to and processed by third parties located in a country outside of the United Kingdom. In such instances, we will ensure that the transfer of your personal data is carried out in accordance with UK GDPR, in particular that appropriate contractual, technical, and organizational measures are in place (e.g., such as the Standard Contractual Clauses as required by UK GDPR).

12. Links

We may display advertisements from third parties and other content that links to third-party websites (including on our App or Site). None of these links comprise or imply support or recommendation of any other company, product, or service. We cannot control or be held responsible for third parties’ privacy practices and content. If you click on a third-party advertisement or link, any personal data you provide will not be covered by this Privacy Policy. Please read their privacy policies to find out how they collect and process your personal data. For example, if you consent to cookies which place relevant and engaging advertisements on our Site, those advertisements might have links to third-party websites which have their own privacy policies.

13. Keeping your personal data safe

We are committed to protecting your personal data. We implement appropriate technical and organizational measures to help protect the security of your personal data. However, please note that no system is ever completely secure. We have implemented various policies including pseudonymization, encryption, access, and retention policies to guard against unauthorized access and unnecessary retention of personal data in our systems.

Where you have chosen (or where we have given you) a password which enables you to access certain parts of our App or Site, you are responsible for keeping the password confidential. We ask you not to share your password with anyone.

Please be aware that the transmission of information via the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our App or Site, which you transmit at your own risk. Once we have received your information, we will apply procedures and use security features to try to prevent unauthorized access.

14. Changes to this Privacy Policy

We may occasionally make changes to this Privacy Policy. When we make material changes to this Privacy Policy, we will provide you with prominent notice as appropriate under the circumstances (e.g., by displaying a prominent notice on the relevant services or by sending you an email). We may notify you in advance. Please, therefore, make sure you read any such notice carefully.

15. How to contact us

Thank you for reading our Privacy Policy. If you have any questions, comments, or requests about this Privacy Policy, please contact our Data Protection Officer by:

Email at patientcare@121Clinic.co.uk

We use cookies to improve your experience on our site. By continuing to browse, you agree to our use of cookies. Read our Cookie Policy.