City Clinics is on a mission to become the go-to global platform for online health and wellness. Through this website (our “Site”), we provide individuals with easy access to advice, medical support, and treatment options to empower them to make proactive decisions about their health.
We understand that lengthy legal documents can be overwhelming, but we kindly ask you to read this Privacy Notice (“Notice”) carefully. It contains important information about who we are, how and why we collect, store, use, and share your personal information, your rights regarding your personal data, and how to contact us or the relevant supervisory authority if you have any concerns or complaints.
We’ve designed this policy to be as clear and user-friendly as possible. Simply click on the drop-down headings below to explore specific topics in more detail.
What Does This Privacy Policy Cover?
This Notice applies to any personal information we collect from you or obtain about you from a third party in the following situations:
- When you use our Site.
- When you register an account with us.
- When you purchase our products or services.
- When you interact with our social media channels.
- When you provide feedback, participate in market research or user testing, or offer customer testimonials.
- When you provide services to us as a supplier.
- When you request information about our products and services.
Please note, our Site, products, and services are intended for individuals aged 18 and over. We do not knowingly collect personal data relating to children.
If you do not agree with the contents of this Notice, you should not sign-up for an account, purchase products or services, or otherwise submit information to us.
Who collects information about you?
City Clinics is responsible for the personal information it collects, stores, uses, and shares. When we do so, we are responsible as a ‘controller’ of that personal information. When we refer to “City Clinics,” “we,” “our,” “us,” or “the Company” in this Notice, we are referring to City Clinics Limited (company number [Insert Company Number]). For details on how to contact us, please see the “Contact Us” section of this Notice.
Useful Terms
In this Privacy Policy:
- “Customer” means individuals who register an account on the Site who may or may not purchase products or services from City Clinics.
- “Website Visitors” means individuals who visit our Site. Website Visitors may include Customers.
- “Suppliers” means those external vendors and suppliers that provide products and/or services to City Clinics.
- “Personal information” or “personal data” means any information about an individual from which that person can be directly or indirectly identified. It does not include data where the identity has been removed (i.e., anonymous data).
What personal information do we collect?
We may collect, use, store, and transfer different kinds of personal information about you, grouped together as follows:
- Identity Data: First name, last name, username, password, date of birth, user or device identifiers, job title, and company.
- Contact Data: Email address, home address, business address, telephone number, and professional and/or social network contact details.
- Financial Data: Credit card and/or billing information for payments, or bank details for services you provide to us.
- Transaction Data: Information about payments and details of purchases you have made, which may include Health Data in certain circumstances.
- Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, referral sources, browser plug-in types and versions, operating system and platform, and other technology used to access the Site.
- Usage Data: Information about how you use our Site, such as pages visited, length of visits, actions taken, and interactions with our social media channels.
- Audio/Visual Data: Your image and/or voice.
- Assessment Data: Information provided in response to health-related questionnaires or consultations with clinicians. This may include Health Data.
- Feedback Data: Feedback from market research, user testing, or customer testimonials, which may include Health Data.
- Marketing and Communications Data: Your preferences for receiving marketing or other communications from us.
- Health Data: Information about your current health, medical history, health conditions, or consultation notes.
How will we use your personal information?
Customers
When you create an account, we collect Identity Data and Contact Data to manage and administer your account. We may also process the following:
- Identity Data, Contact Data, Transaction Data, and Assessment Data to assess your suitability for treatments and process transactions.
- Health Data to provide medical consultations, recommend treatments, or prescribe medication.
- Audio/Visual Data to facilitate consultations with medical professionals.
- Feedback Data for improving services and products or participating in market research.
- Marketing and Communications Data to send promotions or deliver advertisements on social media.
We may also use your data in anonymized form for research purposes and to improve healthcare treatments.
Website Visitors
When visiting our Site, we may automatically collect Technical Data and Usage Data through cookies to improve user experience, measure the effectiveness of content, and administer the Site.
If you take a pre-treatment assessment as an unregistered user, we will process your Identity Data and Assessment Data to evaluate your suitability for treatment.
Social Media Users
When engaging with City Clinics’ social media channels (e.g., Facebook, Instagram, Twitter, TikTok), we collect Usage Data and Technical Data to analyze interactions and improve content. If you contact us via social media, we will process your Contact Data to respond to your messages.
Suppliers
If you provide services to City Clinics, we will collect Identity Data, Contact Data, Transaction Data, and Financial Data to manage contracts and facilitate payment for services.
Other Individuals
If you agree to participate in market research or user testing, we will collect Identity Data, Contact Data, Audio/Visual Data, and Feedback Data to improve our services and user experience.
How Do We Collect Personal Information About You?
We may collect information from the following sources:
Directly From You:
This is the information you (or an individual with authority to act on your behalf) have provided to us for the purposes set out in this Notice. It includes any information you provide to us when consulting with one of our clinicians and when you interact with us by phone, email, web form, or otherwise.
Third-Party Sources:
Where you are a Supplier, this will include information about you or your colleagues that is available through publicly available sources, such as professional networking sites (including LinkedIn) and general market research.
Information We Collect Automatically:
When you visit our Site, we collect certain Technical and Usage Data automatically from your device.
Who Do We Share Your Personal Information With?
We may share and disclose your personal information with the following categories of third parties for the purposes described in this Notice:
Partner Clinicians
When you register a user account and purchase a product or service, your contract is with City Clinics. However, in order to provide our services to you, City Clinics may provide your personal information to our Partner Clinicians, who will act as independent data controllers in respect of that information. These clinicians provide services to City Clinics, including holding patient consultations, assessing the clinical appropriateness of treatment, and prescribing medication. Our Partner Clinicians are all registered in the United Kingdom with the General Pharmaceutical Council, hold accredited pharmacist independent prescriber qualifications, and are trained in providing remote consultations and issuing prescription medicine online. Please see our general Website Terms of Use and Terms of Sale for further information on our Partners’ roles.
Our Medical Service Delivery Partners
For the provision of specialized services, City Clinics may engage subcontractors, who will use your personal information that we transfer to them to provide their services. For instance:
- Subcontractor 1 is registered with the Care Quality Commission (CQC) and uses your information to:
- Register you as a user of our service.
- Process your orders and provide your details to clinicians and pharmacies for consultation and medication needs.
- Manage our relationship with you by addressing queries or notifying you about service changes.
Service Providers
We use a number of Suppliers who perform functions on our behalf and/or help us in providing the products and services to you, such as cloud-based software providers, online storage providers, web hosting providers, email service providers, and web analytics providers.
Our service providers are required to keep your personal information strictly confidential and are not allowed to use it for any other purpose than to carry out the services they are performing for us.
Professional Advisors
We may disclose personal information to our professional advisers, such as lawyers, auditors, accountants, and insurers, if necessary, as part of the professional services they are performing.
Business Transfers
We may share personal information with third parties to whom we choose to sell, transfer, or merge part of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the new owners may use your personal information in the same way as set out in this Notice.
Compliance With Laws
We may very occasionally be required to disclose some personal information as required to comply with the law.
Security and International Data Transfers
Security
We work tirelessly to safeguard the security and integrity of our Site and the systems we use to process your personal data. We have implemented widely accepted standards of technology and operational security (having regard to the type and amount of personal data processed) to prevent against personal information being accidentally lost or used or accessed in an unauthorised or unlawful way. However, it is generally understood that no method of electronic storage or transmission online is 100% secure. As a result, whilst we have implemented appropriate technical and organisational measures, we cannot guarantee the absolute security of your personal data or accept responsibility for any unauthorised access or loss of personal data that is beyond our control.
We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
We also suggest that our users take sensible steps to keep their data secure online; for example, by following guidance from the NHS and BCS Chartered Institute for IT: Keeping your online health and social care records safe and secure.
International Data Transfers
Where personal information is shared and disclosed as set out above, these parties may be established outside the United Kingdom. For example, some of the service providers we use to support our services are based in the United States, and this involves a transfer of your personal information to the USA. Whenever we transfer your personal information outside the United Kingdom, we ensure that a similar degree of protection is afforded to it by ensuring appropriate safeguards are implemented. This may include, where appropriate, relying on an adequacy decision or signing up to an International Data Transfer Agreement or Standard Contractual Clauses. To find out more information regarding the specific mechanism used by us when transferring your personal information outside the United Kingdom, please contact City Clinics’ Data Protection Officer at [Insert Email Address].
Our Use of Cookies and Similar Technologies
We may use cookies and other information-gathering technologies to learn more about how you interact with our Website. You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our Site may become inaccessible or not function properly. Please see our Cookie Policy for more information about the cookies we use.
Security
We work tirelessly to safeguard the security and integrity of our Site and the systems we use to process your personal data. We have implemented widely accepted standards of technology and operational security (having regard to the type and amount of personal data processed) to prevent against personal information being accidentally lost or used or accessed in an unauthorised or unlawful way. However, it is generally understood that no method of electronic storage or transmission online is 100% secure. As a result, whilst we have implemented appropriate technical and organisational measures, we cannot guarantee the absolute security of your personal data, or accept responsibility for any unauthorised access or loss of personal data that is beyond our control.
We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
We also suggest that our users take sensible steps to keep their data secure online; for example, by following guidance from the NHS and BCS Chartered Institute for IT: Keeping your online health and social care records safe and secure.
International Data Transfers
Where personal information is shared and disclosed as set out above, these parties may be established outside the United Kingdom. For example, some of the service providers we use to support our services are based in the United States, and this involves a transfer of your personal information to the USA. Whenever we transfer your personal information outside the United Kingdom, we ensure that a similar degree of protection is afforded to it by ensuring appropriate safeguards are implemented. This may include, where appropriate, relying on an adequacy decision or signing up to an International Data Transfer Agreement or Standard Contractual Clauses. To find out more information regarding the specific mechanism used by us when transferring your personal information outside the United Kingdom, please contact our Data Protection Officer at [email address].
Our Use of Cookies and Similar Technologies
We may use cookies and other information gathering technologies to learn more about how you interact with our Website. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our Site may become inaccessible or not function properly. Please see our Cookie Policy for more information about the cookies we use.
Third-Party Links and Services
This Website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
How Long Do We Keep Your Personal Information For?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information, and whether we can achieve those purposes through other means, and the applicable legal requirements.
Marketing
If you receive marketing communications from us, you can ask us to stop sending you marketing messages at any time by following the unsubscribe links in any marketing message or by contacting our Data Protection Officer at [email address].
Please note that opting out of marketing communications does not opt you out of receiving important service-related communications.
Your Rights
Subject to any exemptions provided by law, you may have the right to:
- Request access to your personal information (commonly known as a “data subject access request”) and to certain other supplementary information that this Notice is already designed to address.
- Request correction of the personal information we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information in certain circumstances. However, given the nature of our products and services, it will not always be possible for us to delete your data upon request as there may be valid legal reasons for us to continue processing it (for example, the need to retain medical records to comply with legal requirements). You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Receive the personal information concerning you which you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit those data to a third party in certain situations.
- Object to processing of your personal information at any time for direct marketing purposes.
- Object to decisions being taken by automated means which produce legal effects concerning you or significantly affect you.
- Object in certain other situations to our continued processing of your personal information.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Withdraw your consent to our processing of your personal information, where we have collected and processed it with your consent.
For more information, please refer to the appropriate data protection legislation or consult the Information Commissioner’s Office for guidance. If you would like to exercise any of these rights, please contact our Data Protection Officer at [email address] and let us have enough information to identify you. We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
How to Contact Us
Please address requests and questions about this Notice to our Data Protection Officer at [email address].
How to Complain
We hope that we can resolve any query or concern that you raise about our use of your personal information.
You also have the right to make a complaint to your supervisory authority. In the UK, this is the Information Commissioner’s Office (www.ico.org.uk).
Changes to This Notice
This version was last updated on [date]. To ensure that you are always aware of how we use your personal information we will update this Notice from time to time to reflect any changes to our use of your personal information and as required to comply with changes in applicable law or regulatory requirements. However, we encourage you to review this Notice periodically to be informed of how we use your personal information.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
