We are committed to protecting your data. This privacy policy will inform you as to how we look after your data when you use our platform at https://justdoctor.co.uk/privacy or via the Just Doctor application (“Platform”) (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
1. WHAT THIS POLICY COVERS
This privacy policy aims to give you information on how we collect and process your data through your use of our Platform.
JUST Doctor – Web Application
Just Doctor – Mobile APPs
In this policy, the following words have the following meanings:
Customer includes the following (a) customers who have entered a contract with us for the supply of the Services and Just doctor (b) customers who have subscribed for a trial of our Services and Just doctor, in both cases in accordance with our Terms of Service. For clarity, Customer means both a customer and its Staff.
Flex Professionals – Professionals and their staff directly registered with Just doctor online platform to offer services to Just doctor Flex users .
Controller, Processor, Data Subject, Personal Data, Personal Data Breach, processing and appropriate technical and organisational measures: as defined in the Data Protection Legislation.
Data Protection Legislation: the UK Data Protection Legislation and any other European Union legislation relating to Personal Data and all other legislation and regulatory requirements in force from time to time which applies to a party relating to the use of Personal Data (including, without limitation, the privacy of electronic communications).
UK Data Protection Legislation: all applicable data protection and privacy legislation in force from time to time in the UK, including the General Data Protection Regulation ((EU) 2016/679) (UK GDPR); the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended.
Patients mean the Customer's patients.
Flex users mean patients directly registered with Just Doctor network Platform seeking healthcare services.
Patients Data means the Personal Data of Patients, including clinical notes and assessments
Personal Data means any information relating to an identified natural person that is processed by the Company as a result of, or in connection with, the provision of the Services or our Site; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
ICO means the Information Commissioner’s Office and any successor to it as data protection authority.
Us, Our, We or Company means Just Doctor Limited and our Staff.
You, Your means you as an individual Patient or User, or your organisation and its Staff.
Services means the software provided and developed by the Company which may be supplied to you, as well as all associated services including emails we send, social media accounts, and any websites or other online services provided by the Company in connection with the software. Use of the Services we provide is governed by our Terms of service.
Staff means your or our employees, workers, agents and sub-contractors, as applicable.
Site means the Company's website at www.justdoctor.co.uk. Use of our site is governed by our Terms and Conditions of use.
Site User means a visitor to the Site, whether or not such visitor is a customer.
Purpose of this Privacy Policy
This policy, together with:
Our Terms of Use, applicable to your use of our website (our Terms and Conditions of Service) and any other documents referred to in the Terms of Service
The Site is not intended for children to register with Just Doctor Network Platform
It is important that you read this Privacy Policy together with any other Privacy Policy or fair processing policy we may provide on specific occasions when you are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.
Our Privacy Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you, or other sites linked from our services. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads.
The Kind of Information we collect
The type of information we collect varies depending on whether an individual is a Customer, a Patient, or a Site User (that is, someone who visits the Site but is not a customer).
This section applies to information our Customers give us about you and your Staff in connection with our provision of the Services. This information may include:
Identity Data including name, username.
Contact Data including address, email address and telephone number
Transaction Data including payment information and history of payments to and from you and other details of products and services you have purchased from us. We do not store your payment card details.
Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data including information about how you use or interact with the Site or our Services (such as the pages visited, links clicked, non-sensitive text entered, mouse movements, referring URL).
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We use different methods to collect data from and about you are including through:
Direct interactions. You provide our Company with most of the data we collect. This includes Personal Data of you or your Staff that you provide when you:
Automated technologies or interactions. As you interact with our website, we will automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies, server logs and other similar technologies, which may be operated by our partners who assist us in serving ads or providing other services to you. We may also receive Technical and Usage Data about you if you visit other websites employing our cookies.
For Patients of a Customer, the Company is acting as a service provider (or processor) to the Customer for the Services. We collect information on the direction of Customers and have no direct relationship with the Patients whose information we process. This section applies to information a Customer enters into just doctor about its Patients when using just doctor, which we may process when providing our Services to Customers. Patient Data we collect may include, but is not limited to:
Name, Address, Email , Mobile Number ,Insurer details GP details, medical records, Treatment Plans, Letters & documentation, Communications with other healthcare professionals and Medicolegal claims and related medical claim information Other information necessary for the operation of the Services and/or Just doctor .
This Patient Data may be supplied to us by you when you:
Use our Services in the course of your business.
Use Just Doctor in the course of your business; or
When you report a problem with our Site.
This section applies to information of patients registering with Just doctor platform to find the Health Care Provider and to use Just doctors Health diary. The personal data we will process to facilitate your booking depends on your healthcare provider, but usually includes detailed personal information such as Name, Address, Email , Mobile Number, Insurer details, GP details, Medical records, Treatment Plans, Letters & documentation, time of booking, date and location of booking and other relevant free text Communications with other healthcare professionals and Medicolegal claims and related medical claim information Other information necessary for the operation of the Services and/or Just doctor .
This section applies to information we may process relating to all Site Users, whether or not a Site User is also a Customer. Site User Data may include:
Technical Data including your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Usage Data including information about how you use or interact with the Site or our Services (such as the pages visited, links clicked, non-sensitive text entered, mouse movements, referring URL).
As you interact with our website, we will automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies, server logs and other similar technologies, which may be operated by our partners who assist us in serving ads or providing other services to you. We may also receive Technical or Usage Data about you if you visit other websites employing our cookies.
How we will use personal data
Lawful Basis for the Company's processing activities.
In this privacy policy, the following terms have the following meanings:
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us by admin@justdoctor.co.uk
Performance of Contract means processing your Personal Data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal obligation means processing your Personal Data where it is necessary for compliance with a legal obligation that we are subject to.
When the Company processes Personal Data, whether as Data Controller or as Data Processor, we will rely on the following lawful grounds for processing of each of the categories of data identified above.
We have set out below, in a table format, a description of all the ways we may use Customer Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may have more than one lawful ground for processing your Personal Data depending on the specific purpose for which we are using such data. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Data where more than one ground has been set out in the table below.
Generally, we do not rely on consent as a legal basis for processing your Personal Data although we will get your consent before sending third- party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by following the opt-out links on any marketing message sent to you.
| What we Collect and its purpose? | What is our lawful Basis ? |
| To register you as a new customer( Identity , Contact ) | Performance of Contract |
| To process and deliver your order including Manage payments, fees and charges Collect and recover money owed to us ( Identity, Contact ,Transaction, Marketing and Communications ) | (a) Performance of a contract with you (b) Legitimate Interests: to recover debts due to us |
| To manage our relationship with you which will include:(a) Notifying you about changes to our terms or Privacy Policy (b) Asking you to leave a review or take a survey( Identity, Contact, profile, Marketing and Communications ) |
(a) Performance of contract (b) Comply with a legal obligation (c) Legitimate Interests: to keep our records updated and to study how customers use our products/services |
| To enable you to partake feedback on our services. ( Identity, Contact, Profile, Usage, Marketing and Communications ) | (a) Performance of a contract (b) Legitimate interests: to study how customers use our products/services, to develop them and grow our business |
| To administer and protect our business and the Site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) ( Identity, Contact ,Technical) |
(a) Legitimate Interests: for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise
(b) Comply with a legal obligation |
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you( Identity, Contact, Profile, Usage, Marketing and Communications ) | Legitimate Interests: to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy |
| To use data analytics to improve our website, products/services, marketing, customer relationships and experiences( Technical and Usage) | Legitimate Interests: to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy |
| To make suggestions and recommendations to you about goods or services that may be of interest to you( Identity, Contact, Technical, Usage , profile, Marketing and Communications ) | Legitimate Interests: to develop our products/services and grow our business |
The following are our legal bases for our processing of Patient Data:
You have obtained all necessary and appropriate consent from the Patient/data subject in accordance with Data Protection Legislation;
Our processing of Patient Data is necessary for your use of Just Doctor , our provision of the Services to you, and for our performance of under the contract with the Customers whose Patients' Data is provided to us; and/or
Your legitimate interests, namely the provision of your services to your Patients with the assistance of the Services
Patient Data may be processed by the Company for the purposes of:
If you, the Customer, fail to provide certain information when requested, the Company may not be able to perform the Services and any contract we have entered into with you or we may be prevented from complying with our legal obligations.
The following are our legal bases for our processing of Flex Users Data:
If you are a flex user , we collect the following personal data from you when you use the Just Doctor Network Platform
| What we Collect and its purpose? | What is our lawful Basis ? |
| To register you as a new Flex User ( Identity , Contact details ) that you provide in order for us to provide you with further information on our services, including technical updates and service information. ( Identity, Contact, , Marketing and Communications ) | Our legitimate interests to keep you informed about our services and provide you with service updates. |
| Information you leave after your review of the Health Professional ( Identity, Contact, Profile, Marketing and Communications ) | Our legitimate interest to connect patients with reliable healthcare providers that data being made public by the data subject. |
| Your personal details when you register with us and the information filled in the Appointment booking form to find the healthcare provider. ( Identity, Contact, Profile, and Communications ) | Our contract with you to process your enquiry and connect you with the most appropriate Healthcare Provider. |
| To make suggestions and recommendations to you about goods or services that may be of interest to you( Identity, Contact, Technical, Usage , profile, Marketing and Communications ) | To develop our products/services and grow our business |
| To use data analytics to improve our website, products/services, marketing, customer relationships and experiences( Technical and Usage) | To define types of Flex users for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy |
| To administer and protect our business and the Site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) ( Identity, Contact ,Technical) | (a) Legitimate Interests: for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise (b) Comply with a legal obligation |
The Data may be processed by the Company for the purposes of:
The legal basis for this processing is because it is necessary for the following legitimate interests:
Site User Data may be processed by the Company for the purposes of:
Where we are Data Controller (in respect of Customer Data and Flex users Data only): the Company will only use personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Where we are Data Processor: the Company will only process Patient Data in accordance with the conditions for processing set out in this policy. We shall only process Patient Data relevant to a particular Customer’s Patients, while our contract with the Customer is continuing and shall cease such processing (a) when requested by the Customer (b) on termination of the contract (c) on cancellation of the contract; or (d) at the request of the data subject.
We strive to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your Personal Data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.
Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of service purchase, service experience or other transactions.
How we share Personal Data
You agree that the Company has the right to share Customer Data (but not Patient Data) with:
Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
Selected external third parties including:
Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
Other third parties:
We will not sell, rent or share Customer Data or Patient Data with third parties in other ways without your consent unless we are entitled by law to do so.
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
How we Protect and Store Personal Data
We may hold Personal Data in electronic databases, such as our customer management system. We take all reasonable steps to keep any Personal Data we hold about you (and your Patients) secure. All information which is provided to, or collected by, the Company is:
Stored on the Company's secure servers within the United Kingdom.
Hosted on secure data centre managed by our hosting partner ( AWS) with 24/7 manned security, CCTV, biometric access to the facility and restrictive access to the internals of the building based on authorisation levels.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data Breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Where the Company has given you (or where you have chosen) a password which enables you to access your account, you are responsible for keeping this password confidential. The Company asks you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although the Company will do its best to protect your Personal Data, the Company cannot guarantee the security of your data transmitted via the Site; any transmission is at your own risk. Once the Company has received your information, the Company will use strict procedures and security features to try to prevent unauthorised access.
Our web and Mobile APPs require the below permissions for APP functions .
Location services – For Patients and Flex Users
Our web and APP solutions ask you to update your location , this is to help you find the nearest services ( Private services ) from your current location . You can switch these services On and Off any time . This service is also used to validate your health and wellbeing diary , Appointments times depending on your time zone to provide you with an entry appropriate to the time zone.
Camera – Use of camera is to take pictures , videos and to conduct a video consultation with your health care professional.
Microphone – To conduct a Video Consultation and to record audio .
Bluetooth – To sync with blue tooth devices to obtain readings – Example – Blood pressure, pulse oximeter.
You can disable or enable them from Phone settings –
For health care professionals –
Camera – Use of camera is to take pictures , videos and to conduct a video consultation with your patients.
Microphone – To conduct a Video Consultation and to record audio .
Data Retention
The Company will retain Customer Data for:
as long as we are providing the Services to you;
for a period of at least six (6) years from the date the Services end. We may also retain Customer Data for longer periods of time where such retention is necessary for us to comply with a legal obligation, or in order to protect your vital interests or the vital interests of another natural person.
The Company will retain Patient Data for:
as long as we are providing the Services to the Customer who provided the Patient Data to us;
a maximum period of six days (60) days from the date the Services end.
The Company will retain flex users Data for:
As long as we are providing the Services to you;
For a period of at least six (6) years from the date the Services end.
We may also retain Customer Data for longer periods of time where such retention is necessary for us to comply with a legal obligation, or in order to protect your vital interests or the vital interests of another natural person.
The Company will retain Site User Data for: as long as we are providing the Site.
You acknowledge and agree that we back up your data daily and retain in our back up server until the end of your contract. Following the end of your contact or termination we do not take any back up of your data.
Under certain circumstances, if you are an individual in respect of whom the Company processes Personal Data, you have the following rights. Please note that this is a summary of your rights. If you wish to understand your rights in detail you should read the relevant laws, guidance and regulations for a fuller explanation.
You have the right to:
Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it. We will supply the data free of charge but we reserve the right to charge a reasonable fee (or refuse to act on the request) if you request additional copies of the information, if access requests are unfounded or excessive.
Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios:
Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
We are regulated by the Information Commissioner's Office (ICO). If you are not happy with any aspect of our data handling, you can complain to the ICO directly. You can contact them at: Information Commissioner's Office,Wycliffe House,Water Lane,Wilmslow,Cheshire,SK9 5AF,Phone: 0303 123 1113
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights listed above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the website may become inaccessible or not function properly. For more information about the cookies we use, please use the link for cookies policy.
This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
How to contact us
Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to
Data Protection Officer
Just Doctor
86 Twinnies Road
Wilmslow
SK9 4BP
We will ask you for a proof of identity. Data protection laws give us one month to get back to you.
Changes to the Privacy Policy and your duty to inform us of changes
We keep our Privacy Policy under regular review. We may change this policy from time to time to take account of:
Changes to Data Protection Legislation and other laws which may affect this policy;
Guidance issued by the ICO and others;
Issues raised by our Customers, partners and end users
Accordingly, we suggest that you regularly check this page to ensure that you continue to be comfortable with the measures that we are taking to protect your privacy. It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us. If you do not agree to the changes, then you can stop using our services at any time.
Last updated DEC 2024