How medicalpracticeuk.org/ Handles Your Data — UK GDPR & the DPA 2018
This Privacy Policy sets out what personal data we collect, why, how long we keep it, who we share it with, and your rights under the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR), regulated by the Information Commissioner’s Office (ICO). We also explain how the NHS National Data Opt-Out and the Caldicott Principles relate to your health data — which is held by the NHS, not by us.
medicalpracticeuk.org/ is an editorial directory. We do not hold, process or store any patient record, NHS number, medical history, appointment record, prescription, or any health data the NHS holds about you. Your health records are held by your GP practice and the NHS under their own controllership, the Caldicott Principles, and the National Data Opt-Out. For access to your health record, use the NHS App or contact your GP practice.
What is in this notice
1. Scope and Controller
This Privacy Policy applies to medicalpracticeuk.org/. The data controller is medicalpracticeuk.org/ Editorial, contactable at info@medicalpracticeuk.org. This notice does not apply to the NHS, NHS England, any GP practice, the CQC, the GMC, or any other body we link to — each is its own controller with its own privacy notice and its own NHS privacy (“fair processing”) notice.
2. Personal Data We Collect
| Category | Examples | Source |
|---|---|---|
| Technical identifiers | IP address, device type, browser | Automatic when you visit |
| Usage data | Pages viewed, time on page, referrer, internal searches | Automatic |
| Contact data | Email address, name (if given), message content | You — only if you email us |
| Cookie data | See Cookie Policy | Automatic; managed by the cookie banner |
| Approximate location | Town/region inferred from IP | Automatic |
We do not collect your name, postal address, NHS number, date of birth, medical history, GP details, or any special-category health data. If you accidentally include any such data in an email to us, we delete it and ask you to take any clinical or registration question to your GP practice or NHS 111.
3. Why We Collect It and Our Lawful Bases
| Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Operating and securing the site | Legitimate interests (Art. 6(1)(f)) |
| Aggregated, anonymous analytics | Consent (Art. 6(1)(a)) where cookies are used |
| Responding to your email | Legitimate interests (Art. 6(1)(f)) |
| Advertising cookies | Consent (Art. 6(1)(a)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. Health Data and the NHS — Important
Special-category health data is subject to additional protection under UK GDPR Article 9. We do not collect or process any health data. Your health records sit with your GP practice and the NHS, governed by the Caldicott Principles (which set out how patient information should be handled), the NHS National Data Opt-Out (which lets you opt out of your confidential patient information being used for research and planning — manage it at nhs.uk/your-nhs-data-matters), and each organisation’s own privacy notice. To exercise rights over your health record, contact your GP practice or use the NHS App.
6. How Long We Keep It
| Category | Retention period |
|---|---|
| Server & security logs | 30 days |
| Aggregated GA4 analytics | 14 months |
| Email correspondence | 24 months from last contact |
| Cookie-consent records | 12 months |
7. Your Rights Under UK GDPR
- Access — a copy of your personal data (a subject access request)
- Rectification — correct inaccurate data
- Erasure — deletion in certain circumstances
- Restriction — limit processing in certain circumstances
- Portability — receive your data in a portable format
- Object — to processing based on legitimate interests, and to direct marketing
- Withdraw consent — at any time, where processing is based on consent
To exercise any right, email info@medicalpracticeuk.org. We respond within one month as required by UK GDPR.
8. Cookies
We use cookies and similar technologies as described in our Cookie Policy, in line with PECR and the ICO’s guidance. Non-essential cookies are set only with your consent via the cookie banner.
9. Children
The site is intended for a general adult audience — people looking for a GP practice or medical practice, including parents and carers acting for others. We do not knowingly collect personal data from children. Under the ICO’s Age Appropriate Design Code (the Children’s Code), services likely to be accessed by children carry additional protections; we minimise data collection accordingly.
10. Security
We use technical and organisational measures appropriate to the limited personal data we process — TLS/HTTPS in transit, encryption at rest where applicable, access controls, processor due diligence, and a breach-response procedure aligned with our UK GDPR Article 33 duty to notify the ICO of certain breaches within 72 hours.
11. Complaints to the ICO
If you are unhappy with how we handle your data, you can complain to the Information Commissioner’s Office (ICO), the UK’s data-protection regulator, at ico.org.uk or on 0303 123 1113. We would, however, appreciate the chance to resolve your concern first.
12. Contact
For any privacy question or to exercise a right: info@medicalpracticeuk.org
Exercise a Data Right
Email us with the subject “Data rights request”. We respond within one month, as required by UK GDPR.
📧 info@medicalpracticeuk.org