Updoc is committed to protecting your personal data. This Privacy Notice (Privacy Notice) explains how Venture Startups Limited (Updoc, we, us, or our) processes, holds, uses, manages and secures personal data that we collect about you, and the rights and choices that you have regarding your personal data under the Data Protection Act 2018 and the UK General Data Protection Regulation (Data Protection Laws).
This Privacy Notice, together with the Terms & Conditions, cover your use of the Updoc Platform and forms a contract between you and Updoc. It is important that you take time to read each document.
Capitalised terms that are not defined in this Privacy Notice have the same meaning given to them in the Terms & Conditions.
Updoc manages your personal data as a controller. Importantly, Partner Practitioners manage your personal data as separate and independent controllers in accordance with their own data privacy policies and processes.
The way that we collect personal data from you depends on our relationship with you. From your initial interaction with Updoc, we collect personal data from you (voluntarily or automatically) as well as from third parties such as your Partner Practitioners and through direct mailing or online marketing sources.
We collect different types of personal data from you depending on our relationship with you, as well as your interactions with us.
If you choose not to provide personal data to us, or do not provide us with accurate personal data, you may not be able to receive the Services, experience certain features of the Updoc Platform or we may not be able to undertake certain activities for you.
Here are some examples of the types of personal data that we collect:
Category | Examples |
---|---|
Identity | Your full name, date of birth, gender and NHS number. |
Contact details | Your residential address, email address and telephone number. |
Health data* |
*Health data constitutes ‘special category data’, meaning that these data are considered sensitive. |
Financial data | Your billing details, including credit/debit card details/direct debit details and your billing address. |
Marketing & feedback data |
|
Other data | Any other information that you choose to provide us. |
Category | Examples |
---|---|
Device & web data | Your device ID, IP address, statistics on page views, traffic, standard web log-in information, interactions with the Updoc Platform, and any other website event-based data to help us understand how you are using the website. |
Mobile activity data | Updoc Platform activity, crash logs, diagnostics, approximate location and any other app and device-based data to help us understand how you are using the application version of the Updoc Platform. |
Other data | Any information that you provide us when you contact us through the Updoc Platform, which can include details about your identity, queries and, where you choose to provide it, your health data. |
Data Protection Laws require that we only use your personal data for purposes that we tell you about and with an appropriate legal basis. Here are the purposes that we process your personal data, along with the legal basis that we rely on for such processing:
Purpose | Legal Basis |
---|---|
Provision of Services – to offer, and facilitate the provision of the Services, including creating your Account, managing your requests, questions/ queries, connecting you with Partner Practitioners, delivering outcomes provided by Partner Practitioners, billing and collection activities, delivering products to you and providing you with content. We use internal tools and third-party software that utilise artificial intelligence and large language models (collectively, the Software) to generate and summarise content for you and your Partner Practitioners. |
|
Communication – to interact with, and inform you about, the Services. For example, keeping you informed when Partner Practitioners send you notifications, responding to your questions/ queries and otherwise facilitating Services provided by Partner Practitioners. When a call is included as a part of the Services, we may record the conversation with your Partner Practitioner to create a written record of the consultation – this is similar to the notes your GP takes when you consult with them. We promptly delete the recording after the transcription is developed, which is used for quality and assurance purposes, and to maintain a record of the consultation that we maintain so that your Partner Practitioner can comply with their professional obligations. We use Software to analyse the communication that you send us, including to streamline the customer service that we provide you by retrieving information that we, or our service providers, have about you. |
|
Marketing – to send you marketing or promotional information that you have asked us to provide, or that we think you would like. We may use your health data to send you marketing information that is tailored to you or that we think could be of interest to you, but only where you have provided explicit consent. You can opt out of receiving some or all of the marketing or promotional materials that we send to you by clicking ‘unsubscribe’ in the communication that we have sent you or by contacting our customer support team. |
|
Online advertising – to keep you aware of our Services and to help you find products and services that you may like. |
|
Analytics & service improvement – analyse and improve the Services, Updoc and its products and services of Updoc as well as related bodies corporate of Updoc (each a Group Entity and collectively the Updoc Group), including through research and development, or otherwise managing our business and processes. |
|
Compliance – to comply with applicable Laws (including applicable record-keeping requirements) or to comply with orders made by Regulatory Authorities. |
|
Enforcing our rights – to enforce, protect or get advice on our rights or obligations, exercising or defending claims, fraud detection, product misuse, credit checks and regulatory authority checks and requirements. | Legitimate interest: to protect and enforce our legal rights and claims |
Where we have appropriate safeguards in place and we consider it necessary for the purposes outlined in this Privacy Notice, we may share your personal data with the third parties set out below:
Other than as listed above, we will only disclose your personal data when you direct or give us permission, when we are required by applicable Law, or when we suspect fraudulent or criminal activities.
We do not sell your personal data to third parties for marketing purposes.
We may transfer your personal data to countries outside of the UK. We may disclose personal data to Group Entities, as well as certain third-party service providers located in Australia, the United States, Europe and the United Kingdom.
Some of these countries may not offer the same level of data protection as the applicable Data Protection Laws and are not recognised by the Information Commission’s Office (ICO) as providing an adequate level of protection. Where this is the case, we enter into appropriate contractual safeguards with providers in such countries to uphold the purpose limitation, access, recourse, enforcement and adequate security of your privacy rights and the integrity of your personal data when we transfer it out of the UK (including, where required, entering into the UK standard contractual clauses).
Where your consent is required for any direct marketing-related communication, we will only provide you with such information if you have opted in. You may opt out at any time by clicking the unsubscribe or opt-out links in any electronic marketing communication we send to you or by contacting us at to privacy@updoc.uk.
We generally store your personal data in secure cloud systems using Amazon Web Services.
Your personal data is important to us, so we make sure that we take reasonable steps to protect your personal data from misuse, interference and loss, and from unauthorised access, modification, destruction or disclosure in accordance with Data Protection Laws. Some of the security measures we take include, redundancy protection and monitoring, access controls, encryption and security audits and testing. In addition, all our employees are trained in privacy compliance and are required to protect your personal data to comply with this Privacy Notice.
We retain your personal data for as long as is required for the permitted purposes (outlined above), or for longer if otherwise required by Law.
When determining retention periods, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised disclosure or the use of the personal data, the purposes for which we collect the personal data and any other applicable legal, tax, accounting or other regulatory requirements.
Under this Privacy Notice and Data Protection Law, you have various rights concerning the personal data that we hold about you.
It is important to note, however, that certain rights may not always be applicable because of legal obligations that we must comply with or certain exemptions that apply. For example, there may be situations where we are required to continue to retain or process your personal data, where disclosure is not required or where particular rights may not apply at all. We will tell you when any of these instances apply.
Here are your rights under this Privacy Notice:
If you make any one or more of the requests above, you will be required to verify your identity. Please send a description of your personal data in writing stating your name and your relationship with us to privacy@updoc.uk. We may require proof of identity to verify your request and to protect personal data from unauthorised access. We will carefully consider your request and will deal with your request without undue delay and within the time limits provided under Data Protection Laws, which is generally one calendar month and up to three calendar months from the date we receive your request).
If you feel that we have not complied with this Privacy Notice or with applicable Data Protection Laws, please send your complaint to our Privacy Officer at privacy@updoc.uk. You also have the right to make a complaint to the ICO as directed on their website (www.ico.org.uk).
From time to time, we may make changes to this Privacy Notice, including how we process your personal data – taking into account new laws, regulations and technology. Please visit our website (www.updoc.co.uk) to obtain a copy of the latest version of this Privacy Notice at any time.
© Updoc 2025
Unit 5 of 222 Kingsland Road, E28DG