Skip to content
Get started

Privacy Policy

Secure Clinic respects and protects your data.

Introduction

Secure Clinic Ltd. is responsible for storing and processing the data of its clients. This document explains who we are, what data we collect and how we use and share it. It explains how you can contact us with questions and requests about your data.

This version of the privacy policy is currently active. This is the third version and was last updated 09/06/2024.

Who we are

Secure Clinic is operated by Secure Clinic Ltd, a company registered in England. Our company registration number is 15050934.

Secure Clinic is registered with the Information Commissioner's Office. Our registration number is ZB629367.

How to contact us

Secure Clinic can be contacted by email at [email protected].

Our registered company mailing address is Secure Clinic Ltd, 71-75 Shelton Street, Convent Gardens, London.

Data we collect & use about your company

You provide us with information when you sign up for our service (including for a free trial). You provide:

  • The name of your business, and the type of business you operate.
  • The address of your business.
  • The telephone number of your business.
  • An email address for your business.
  • The full name of an administrator for your account.
  • The email address of an administrator for your account.
  • The date of birth of an administrator for your account
  • The postal address of an administrator for your account

At a later date you may provide us with information about extra users of your system. Again, this is by form. Data collected includes:

  • The full name of extra users.
  • The email address of extra users.
  • The date of birth of extra users
  • The postal address of extra users

When you are using the service, you (or your extra users) store information about your clients. Storage of this data is not covered by this policy, please see below.

How & why we use this data

The contact information for your company is used to personalise your ongoing service, to reduce the risk of fraud when taking recurring payments, and to contact you with important messages about your service or application. This does not include marketing messages.

Payments are processed by third parties using your information - please see section on third parties below for further details.

If you have given us specific consent for marketing messages and product updates, we may additionally send these to your registered business contact details, and the emails of your users.

The personal information of your account administrator and any extra users is used to allow a personalised login experience, to provide individual logging of actions on your account by your users, and in the prevention and detection of fraud.

The date of birth and postal address of your account administrator and any extra users is used to verify identity documents whilst preventing and detecting fraud.

Where is your data stored

When you first sign up for our service (including starting a free trial), you choose where to have your data stored. You can confirm this by looking at the web address (URL) of your system:

  • Sites ending in uk.secure.clinic store and process their data in London, United Kingdom.

Once you login to your site, data will be transferred to your device wherever in the world it currently is.

You are responsible for the management and removal of any data transferred onto your device from our application. This is particularly important for downloaded files, but also applies to browser caches.

How long is your data stored?

Your data is stored for as long as your account is active with us.

If your account is dormant or abandoned, but has been a paying subscriber in the past, we will continue to store your data until you contact us to either resume your subscription (settling any unpaid fees) or formally terminate your account stating your wish for your data to be deleted.

If your account is dormant or abandoned, but has never been a paying subscriber, your data and your client's data will be deleted permanently within 6 months of your trial ending.

Data you store with us about your clients

Your account administrator or extra us uses the Secure Clinic Application to store data about your own clients. This includes their personal details, and is likely to include sensitive and personal medical information.

Secure Clinic Ltd does not access, manually process or share the information you store about your clients.

Management of your clients data is not covered by this policy. Your company is responsible for maintaining their own privacy policy and ensuring that storage on our systems complies with this. You are responsible for sharing this policy with your clients, and ensuring your compliance with it and applicable laws.

Your own policy must be compliant with all laws that apply to you and your clients.

The Secure Clinic App may automatically process data on behalf of your authenticated administrator or additional users to provide you with our service. For example, we will provide automated encryption, decryption, indexing and searching functions on the data you provide, and return this information to authenticated users.

Data you store with us about your clients will be kept in the application and in backup form for the whole time you have an account with us. This includes if you abandon your account.

Data Breaches

Secure Clinic makes the security of your stored data our absolute priority.

In the event that we become aware of a breach of this data security that affects either your business data, user data or your client data we will notify potentially affected clients within 24 hours.

As a commitment to transparency, we will publish the results of any investigations into potential data breaches publicly on our website for review. These documents will not include any personally identifiable information.

Cookies

Cookies are small files of text that are stored by our servers on your device.

Cookies that are used on your Secure Clinic App (web addresses starting with 'your-site.secure.clinic') are used to safely identify your device and maintain your logged in status. You can not remain logged in without these 'essential' cookie.

Cookies that are used on our main website (secure.clinic) or our help site (help.secure.clinic) include additional statistics cookies. These follow the path you take through our website to improve the service we offer to you and similar users in the future. These cookies are not used to personally identify you, but may provide us with information about your device (such as mobile/laptop, operating system, screen size etc.). All of this information is anonymous.

We do not store non-essential cookies without your advance consent.

Sharing your data with third parties

Secure Clinic never accesses your client data. This data is never shared with third parties.

In order to process payments and reduce fraud, Secure Clinic shares your business name, business address, business telephone number and business email address with our payment provider.We do not collect or store payment details, this is delegated to our payment provider.

Our current payment provider is Stripe. You must read and agree to their own privacy policy to use our service.

In order to send emails about our products including updates on new features and getting started advice, we share your business name and business email address with our email list manager.

Our current email list manager is Email Octopus. You must read and agree to their own privacy policy to use our service.

In order to send SMS messages to your clients, Secure Clinic shares your business name with our messaging provider.

Our current messaging provider is Twilio. You must read and agree to their own privacy policy to use our service.

Updates to this policy

Planned updates to this policy will be communicated via email to all subscribers. A notice period of at least seven days will be provided before the new policy takes effect. Your ongoing use of the service after the effect date signifies your acceptance of the new policy. You will not be able to continue with our service if you do not consent to the new policy, but in this case we will support you in leaving our service and taking control of your data with no extra charges before the change is implemented.

In unanticipated situations, it may be necessary to make emergency updates to this privacy policy without notice. These will be effective immediately once published. All registered subscribers will be notified by email when the new policy is implemented. Users will then be given a 60 day period to notify us if they do not consent to the new policy, in which case we will support your business in leaving our service and taking control of your data with no extra charges.