Privacy Policy

Introduction

At ThanksDoc, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your personal information when you use our online platform.

By accessing or using our services, you agree to the practices described in this policy.

This Privacy Policy outlines how ThanksDoc ("we", "us" or "our") collects, uses, protects, and shares your personal data when you use our services.

We are committed to ensuring that your personal and health data are handled in compliance with UK data protection laws, including the General Data Protection Regulation (GDPR), Data Protection Act 2018 and Care Quality Commission (CQC) Guidelines.

Data controller

ThanksDoc is the data controller responsible for the personal information that we collect and process.

If you have any questions or concerns about how your data is handled, you can contact our Data Protection Officer (DPO) as follows:

• Data Protection Officer: Dr Linda Odogwu
• Email: info@thanksdoc.co.uk
• Postal Address: 639 High Road, The Trampery, ThanksDoc, N17 8AA, United Kingdom

What data we collect

We collect personal information directly from you or from third-party providers (such as the NHS) when necessary for providing healthcare services.

The types of data we collect include:

Personal Identification Data

• Full name
• Date of birth
• Contact details (address, email, phone number)
• NHS number (if applicable)

Health Information

• Medical history
• Current medications
• Health concerns or symptoms you disclose
• Diagnoses, prescriptions, and treatment plans
• Results of diagnostic tests (e.g. blood tests, imaging)

Technical Data

• IP address
• Device information (browser type, operating system)
• Usage data related to how you interact with our website or app

Financial Information

• Payment details for services

How we use your data

We use your personal data to provide you with safe and effective healthcare services, including:

• Diagnosis and treatment: To assess your symptoms and medical history, offer diagnoses, and prescribe appropriate treatment.
• Appointments: To schedule and manage your consultations with healthcare professionals.
• Medical records: To maintain accurate medical records in line with legal and regulatory requirements.
• Communication: To contact you about your appointments, test results, and follow-up care via email, phone, or SMS.
• Data sharing: To share your data with third parties when necessary for your care (e.g. specialist referrals, diagnostic tests).
• Payments: To process payments for appointments and other services.

We will only use your data when we have a legal basis to do so, such as your consent, the need to perform a contract (e.g. providing healthcare services), or compliance with legal obligations.

Legal basis for processing your data

Under GDPR, we process your data under the following legal grounds:

• Consent: When you have given clear consent for us to process your personal information for a specific purpose (e.g. sharing information with third-party healthcare providers).
• Performance of a contract: To fulfil our obligations to you as part of delivering healthcare services.
• Legal obligation: To comply with applicable laws, including reporting requirements or public health obligations.
• Vital interests: In emergency situations where your life is at risk, we may process your data without explicit consent.
• Public interest: When processing is necessary for public health, such as reporting infectious diseases.

How we share your data

We may share your personal data with the following third parties for the purposes described in this policy:

• Healthcare providers: Other doctors, specialists, or healthcare facilities (e.g. hospitals, labs) involved in your care.
• NHS: To ensure continuity of care and for necessary coordination with NHS services.
• Pharmacies: To fulfil prescriptions and deliver medication.
• Regulatory bodies: The CQC, General Medical Council (GMC), or other relevant regulatory authorities, to comply with legal requirements.
• Third-party service providers: To manage our IT systems, such as cloud storage providers, who ensure data security and compliance.

Data sharing without consent

In exceptional circumstances, we may share your information without your consent if required by law or to protect your vital interests, such as safeguarding vulnerable individuals or responding to public health emergencies.

Data security

We are committed to protecting your personal data and have implemented strong security measures, including:

• Encryption: We use secure encryption methods when transmitting and storing sensitive data.
• Access controls: Only authorised personnel have access to your data, based on their role in delivering your care.
• Regular audits: We regularly audit our systems to ensure compliance with data protection regulations and to identify any vulnerabilities.
• Incident management: In the event of a data breach, we will follow all regulatory reporting requirements and inform affected individuals where required by law.

Data retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, regulatory, and reporting obligations.

Your medical records will be retained in accordance with NHS and healthcare regulatory guidelines, typically for at least 8 years after your last interaction with our service, or longer if required by law.

Your data protection rights

You have the following rights under data protection law:

• Right to access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can request correction of any inaccurate or incomplete data.
• Right to erasure: You can request that we delete your data, subject to certain legal conditions.
• Right to restrict processing: You can request that we restrict the processing of your data in certain circumstances.
• Right to data portability: You can request that we transfer your data to another provider.
• Right to object: You can object to the processing of your data where it is based on legitimate interests or direct marketing.
• Right to withdraw consent: Where we rely on consent to process your data, you have the right to withdraw that consent at any time.

To exercise your rights, please contact our Data Protection Officer.

Cookies and tracking technologies

Our website and app use cookies and similar tracking technologies to enhance your experience. Cookies are small text files stored on your device that help us understand how you use our service and improve performance.

For more information, please review our Cookie Policy.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, regulatory requirements, or legal obligations. Any changes will be posted on our website, and we will notify you if these changes are significant.

Contact us

If you have any questions, concerns, or complaints regarding this Privacy Policy or your personal data, please contact us:

• Data Protection Officer: Dr Linda Odogwu
• Email: info@thanksdoc.co.uk
• Postal Address: 639 High Road, The Trampery, ThanksDoc, N17 8AA, United Kingdom

By following this Privacy Policy, we ensure that your personal information is handled in compliance with data protection regulations and best practices, and we will maintain your privacy and confidentiality when using ThanksDoc.