Privacy Policy
Privacy Notice
Doc Abode Ltd
1. Introduction
Doc Abode Ltd (“we”, “us”, “our”) is a private limited company registered in England and Wales (Company No. 10158487). Our registered office is International House, 14 King Street, Leeds, England, LS1 2H.
This privacy notice explains how we collect, use, store, and protect personal data. It also describes your rights and how to exercise them under UK data protection law.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant legislation.
Unless stated otherwise, we do not sell or disclose your data to third parties.
To learn more about your privacy rights, visit:
www.knowyourprivacyrights.org
2. Data Protection Officer
If you have questions about this notice or our use of personal data, contact our Data Protection Officer (DPO):
dataprotection@DocAbode.com
3. The Data We Process:
a. Patients
If you are a patient, Doc Abode acts as a data processor on behalf of the NHS organisation responsible for your care. The NHS or private provider is the data controller and determines how and why your data is used.
We may process:
• Identity data: name, date of birth, NHS number
• Contact details: phone number, address
• Health-related data (special category data): including race, ethnicity, or religion, where necessary to support the delivery of care
Important: If you wish to access, amend, or delete your personal data as a patient, please contact the NHS organisation providing your care. We cannot fulfil data rights requests directly because we are not the data controller.
b. Healthcare Professionals
We may process your personal data if you are a clinician or healthcare professional accessing our platform. This includes:
• Identity: name, job title, professional registration number
• Contact details: phone, email
• Employment-related data: qualifications, practice permissions
Doc Abode does not usually hold a direct contract with individual clinicians. We process this data under the lawful basis of legitimate interests, to:
• Verify your right to practise
• Provide system access
• Share your details with NHS commissioners where necessary
c. Website Visitors
We collect:
• Technical information: IP address, browser type, operating system
• Usage data: time on site, pages visited, referring websites
This helps us maintain and improve the website.
d. Location Data
We may log:
• The approximate time and location of a user’s last interaction with the app
This supports audit trails, system monitoring, and coordination of care. We do not track real-time locations.
4. Legal Basis for Processing
We must have a legal basis for processing personal data. These vary depending on your role:
a. Patients
We act under the instruction of the NHS provider, who determines the legal basis for processing your data. Typically, this includes:
• Public task: providing healthcare
• Legal obligation
• Provision of health or social care under Article 9(2)(h) (for special category data)
Doc Abode does not make decisions about how your personal data is used. If we use data for another purpose this will be with the permission of the data controller and a separate privacy notice will be provided to explain how the data is being used.
b. Healthcare Professionals
We process your data under:
• Legitimate interests: to administer access, verify identity, and support healthcare delivery
• Legal obligation: to comply with health sector regulations and accountability
c. Website Visitors
We process your personal data based on:
• Consent (for cookies)
• Legitimate interests: operating and securing our site
5. Information Sharing
We share data only where necessary and with appropriate safeguards.
• Patient data is shared only with healthcare professionals providing care and the NHS commissioner
• Clinician data may be shared with NHS partners for regulatory, planning, or commissioning purposes
• We may share personal data with trusted IT providers or advisers under binding confidentiality agreements
• We may share clinician details (not patient data) if we restructure or transfer part of our business
We do not share patient data for commercial or marketing purposes.
6. International Data Transfers
We store most data in the UK. However, some professional data may be processed in the USA under appropriate safeguards, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office.
We use Sentry to assist with debugging and application performance monitoring. This involves sending a very limited amount of personal data (specifically, a user ID) to Sentry’s servers in the USA. This transfer is protected by Standard Contractual Clauses and Sentry’s participation in the EU-U.S. Data Privacy Framework, which provides an additional layer of assurance regarding data protection standards. dataprivacyframework.gov
We regularly review our data transfer mechanisms and only work with suppliers who provide sufficient guarantees regarding the protection of personal data.
No patient data is transferred outside the UK.
7. Data Retention
We retain personal data only as long as necessary:
• Patient data: typically retained for up to three years after the final care episode, in line with the NHS Records Management Code of Practice. Final decisions rest with the NHS controller.
• Healthcare professional data: retained for three years after account deactivation or contract conclusion, unless required for legal or audit purposes
8. Cookies and Tracking Technologies
Our website uses cookies to enhance functionality and gather analytics.
We use a cookie consent management tool, allowing you to:
• Choose which types of cookies to accept (e.g. essential, performance, marketing)
• Change your preferences at any time
• View a complete list of cookies used on the site
Cookies may track your session, preferences, and website usage. Disabling them may affect functionality.
9. Your Data Protection Rights
Your Data Protection Rights
Under UK data protection law (UK GDPR and the Data Protection Act 2018), you may have the following rights regarding your personal data:
• Access your personal data
You can request a copy of the personal data we hold about you, along with information about how and why we use it.
• Rectify inaccuracies
If you believe any of the personal data we hold is inaccurate or incomplete, you can ask us to correct or update it.
• Request erasure of your data in certain cases
Also known as the "right to be forgotten," this allows you to request that we delete your personal data when there is no legal reason for us to continue processing it. This may not apply in cases where we have a legal obligation or legitimate interest to retain the data.
• Restrict or object to processing
You can ask us to temporarily stop using your data (restrict processing) or object to specific types of processing (such as direct marketing), depending on the legal basis we rely on.
• Request portability of your data
You have the right to receive your personal data in a structured, commonly used and machine-readable format, and to have it transferred to another organisation if technically feasible. This right applies when the processing is based on your consent or a contract and carried out by automated means.
If you are a patient:
Please contact the NHS provider responsible for your care. As a data processor, Doc Abode cannot directly respond to requests relating to patient data.
If you are a healthcare professional employee or ex-employee or website user:
Please contact our DPO at: dataprotection@docabode.com
We may need to verify your identity. We aim to respond within one month.
10. Complaints
If you are unhappy with our handling of your personal data, you can:
1. Contact our DPO:
dataprotection@docabode.com
2. Lodge a complaint with the Information Commissioner’s Office (ICO):
https://ico.org.uk/make-a-complaint/
Doc Abode Ltd
1. Introduction
Doc Abode Ltd (“we”, “us”, “our”) is a private limited company registered in England and Wales (Company No. 10158487). Our registered office is International House, 14 King Street, Leeds, England, LS1 2H.
This privacy notice explains how we collect, use, store, and protect personal data. It also describes your rights and how to exercise them under UK data protection law.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant legislation.
Unless stated otherwise, we do not sell or disclose your data to third parties.
To learn more about your privacy rights, visit:
www.knowyourprivacyrights.org
2. Data Protection Officer
If you have questions about this notice or our use of personal data, contact our Data Protection Officer (DPO):
dataprotection@DocAbode.com
3. The Data We Process:
a. Patients
If you are a patient, Doc Abode acts as a data processor on behalf of the NHS organisation responsible for your care. The NHS or private provider is the data controller and determines how and why your data is used.
We may process:
• Identity data: name, date of birth, NHS number
• Contact details: phone number, address
• Health-related data (special category data): including race, ethnicity, or religion, where necessary to support the delivery of care
Important: If you wish to access, amend, or delete your personal data as a patient, please contact the NHS organisation providing your care. We cannot fulfil data rights requests directly because we are not the data controller.
b. Healthcare Professionals
We may process your personal data if you are a clinician or healthcare professional accessing our platform. This includes:
• Identity: name, job title, professional registration number
• Contact details: phone, email
• Employment-related data: qualifications, practice permissions
Doc Abode does not usually hold a direct contract with individual clinicians. We process this data under the lawful basis of legitimate interests, to:
• Verify your right to practise
• Provide system access
• Share your details with NHS commissioners where necessary
c. Website Visitors
We collect:
• Technical information: IP address, browser type, operating system
• Usage data: time on site, pages visited, referring websites
This helps us maintain and improve the website.
d. Location Data
We may log:
• The approximate time and location of a user’s last interaction with the app
This supports audit trails, system monitoring, and coordination of care. We do not track real-time locations.
4. Legal Basis for Processing
We must have a legal basis for processing personal data. These vary depending on your role:
a. Patients
We act under the instruction of the NHS provider, who determines the legal basis for processing your data. Typically, this includes:
• Public task: providing healthcare
• Legal obligation
• Provision of health or social care under Article 9(2)(h) (for special category data)
Doc Abode does not make decisions about how your personal data is used. If we use data for another purpose this will be with the permission of the data controller and a separate privacy notice will be provided to explain how the data is being used.
b. Healthcare Professionals
We process your data under:
• Legitimate interests: to administer access, verify identity, and support healthcare delivery
• Legal obligation: to comply with health sector regulations and accountability
c. Website Visitors
We process your personal data based on:
• Consent (for cookies)
• Legitimate interests: operating and securing our site
5. Information Sharing
We share data only where necessary and with appropriate safeguards.
• Patient data is shared only with healthcare professionals providing care and the NHS commissioner
• Clinician data may be shared with NHS partners for regulatory, planning, or commissioning purposes
• We may share personal data with trusted IT providers or advisers under binding confidentiality agreements
• We may share clinician details (not patient data) if we restructure or transfer part of our business
We do not share patient data for commercial or marketing purposes.
6. International Data Transfers
We store most data in the UK. However, some professional data may be processed in the USA under appropriate safeguards, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office.
We use Sentry to assist with debugging and application performance monitoring. This involves sending a very limited amount of personal data (specifically, a user ID) to Sentry’s servers in the USA. This transfer is protected by Standard Contractual Clauses and Sentry’s participation in the EU-U.S. Data Privacy Framework, which provides an additional layer of assurance regarding data protection standards. dataprivacyframework.gov
We regularly review our data transfer mechanisms and only work with suppliers who provide sufficient guarantees regarding the protection of personal data.
No patient data is transferred outside the UK.
7. Data Retention
We retain personal data only as long as necessary:
• Patient data: typically retained for up to three years after the final care episode, in line with the NHS Records Management Code of Practice. Final decisions rest with the NHS controller.
• Healthcare professional data: retained for three years after account deactivation or contract conclusion, unless required for legal or audit purposes
8. Cookies and Tracking Technologies
Our website uses cookies to enhance functionality and gather analytics.
We use a cookie consent management tool, allowing you to:
• Choose which types of cookies to accept (e.g. essential, performance, marketing)
• Change your preferences at any time
• View a complete list of cookies used on the site
Cookies may track your session, preferences, and website usage. Disabling them may affect functionality.
9. Your Data Protection Rights
Your Data Protection Rights
Under UK data protection law (UK GDPR and the Data Protection Act 2018), you may have the following rights regarding your personal data:
• Access your personal data
You can request a copy of the personal data we hold about you, along with information about how and why we use it.
• Rectify inaccuracies
If you believe any of the personal data we hold is inaccurate or incomplete, you can ask us to correct or update it.
• Request erasure of your data in certain cases
Also known as the "right to be forgotten," this allows you to request that we delete your personal data when there is no legal reason for us to continue processing it. This may not apply in cases where we have a legal obligation or legitimate interest to retain the data.
• Restrict or object to processing
You can ask us to temporarily stop using your data (restrict processing) or object to specific types of processing (such as direct marketing), depending on the legal basis we rely on.
• Request portability of your data
You have the right to receive your personal data in a structured, commonly used and machine-readable format, and to have it transferred to another organisation if technically feasible. This right applies when the processing is based on your consent or a contract and carried out by automated means.
If you are a patient:
Please contact the NHS provider responsible for your care. As a data processor, Doc Abode cannot directly respond to requests relating to patient data.
If you are a healthcare professional employee or ex-employee or website user:
Please contact our DPO at: dataprotection@docabode.com
We may need to verify your identity. We aim to respond within one month.
10. Complaints
If you are unhappy with our handling of your personal data, you can:
1. Contact our DPO:
dataprotection@docabode.com
2. Lodge a complaint with the Information Commissioner’s Office (ICO):
https://ico.org.uk/make-a-complaint/