Privacy & Data Protection Your data. Handled with the same care as your health. This policy explains what personal information OUR GP collects through this website and when you book or attend an appointment, why we collect it, and the choices and rights you have over it. Last updated: [3rd July 2026] Jump to a section Who we are Information we collect How we use your information Our legal basis for processing Health & medical information Who we share information with Cookies on this website How long we keep information Keeping information secure Your rights Children’s information Changes to this policy Contact us & complaints Section 1 Who we are OUR GP is a trading name of SRS Health Group Limited (Company No. SC819788), a private GP clinic regulated by Healthcare Improvement Scotland, based at HEAL Physiotherapy, 14 Dudhope Street, Dundee DD1 1JU. For the purposes of data protection law, SRS Health Group Limited is the “data controller” responsible for your personal information when you use this website or our clinical services. Back to top ↑ Section 2 Information we collect We collect different information depending on how you interact with us — browsing the website, getting in touch, or booking and attending an appointment. When What we collect Browsing ourgp.co.uk Technical data such as your IP address, browser type, device type, and pages viewed, gathered automatically via cookies and analytics (see Cookies). Enquiring by phone, WhatsApp, email or our contact form Your name, contact details, and the content of your message. Booking an appointment Name, date of birth, contact details, address, and payment information (processed securely by our booking and payment providers — we do not store full card details ourselves). Attending a consultation or test Clinical and health information relevant to your care — see Health & medical information below. Back to top ↑ Section 3 How we use your information To respond to enquiries and arrange, confirm, or reschedule appointments To provide safe, appropriate clinical care and keep accurate medical records To take payment and manage invoicing To send appointment reminders and essential service updates To meet our legal and regulatory obligations, including those set by Healthcare Improvement Scotland and the GMC To understand how visitors use our website, so we can keep it accurate and easy to use With your separate consent, to send news, health tips, or clinic updates by email Back to top ↑ Section 4 Our legal basis for processing Under UK GDPR and the Data Protection Act 2018, we rely on the following legal bases: Contract — to arrange and deliver the appointment or service you’ve booked Legal obligation — to meet record-keeping, regulatory, and reporting requirements as a healthcare provider Legitimate interests — to run and improve our website, and for general clinic administration, where this doesn’t override your rights Consent — for marketing communications and non-essential cookies, which you can withdraw at any time Health or social care purposes (a special category condition) — for processing health data as part of providing you clinical care Back to top ↑ Section 5 Health & medical information Health information is “special category data” under UK GDPR and is given extra protection. When you consult with one of our GMC-registered doctors, your medical record may include symptoms, history, examination findings, test results, diagnoses, and treatment. This information is: Recorded and stored in line with GMC and Healthcare Improvement Scotland standards Accessible only to the clinicians and staff directly involved in your care, or supporting the running of the clinic (e.g. booking and billing) Never used for marketing purposes Shared with your NHS GP or another healthcare provider only with your consent, or where we are required to by law (for example, a safeguarding concern) If you have a specific question about how your individual medical record is handled, our clinical team can talk you through this — see Contact us below. Back to top ↑ Section 6 Who we share information with We do not sell your personal information. We share it only where necessary, with: Laboratory partners — to process blood tests and return results Our booking platform (semble.io) — to manage appointments securely Payment providers — to process card payments, Apple Pay, and Google Pay IT, hosting, and email providers — who store or process data on our behalf under a data processing agreement Regulators and authorities — where we are legally required to (e.g. Healthcare Improvement Scotland, GMC, or a court order) Other healthcare providers — such as your NHS GP, only with your consent or where necessary for your ongoing care All third parties we work with are required to keep your information secure and use it only for the purpose we’ve agreed with them. Back to top ↑ Section 7 Cookies on this website Cookies are small text files stored on your device that help our website run properly and let us understand how it’s used. When you first visit ourgp.co.uk, you’ll see a cookie banner where you can accept or decline non-essential cookies. Type Purpose Can you decline? Essential Required for the website to function correctly (e.g. remembering your cookie preference) No — these are necessary for the site to work Analytics Helps us understand how visitors use the site, so we can improve it Yes Functional Remembers choices you’ve made to improve your experience Yes You can change or withdraw your cookie consent at any time by clearing your browser’s site data for ourgp.co.uk, or through your browser’s cookie settings. Back to top ↑ Section 8 How long we keep information Medical records — retained in line with GMC and Scottish healthcare record-keeping guidance (typically a minimum of [X] years from your last treatment, or longer for certain records) Booking and billing records — kept for as long as required for accounting and tax purposes Website enquiries — kept only as long as needed to respond, unless you go on to become a patient Marketing consent — kept until you unsubscribe or withdraw consent When information is no longer needed, it is securely deleted or anonymised. Back to top ↑ Section 9 Keeping information secure We use appropriate technical and organisational measures to protect your information, including secure, access-controlled clinical systems, encrypted payment processing, and staff training on confidentiality. Access to medical records is limited to those directly involved in your care or the essential running of the clinic. Back to top ↑ Section 10 Your rights Under UK GDPR, you have the right to: Ask what personal information we hold about you, and get a copy of it Ask us to correct information that’s inaccurate or incomplete Ask us to delete your information, where we’re not required to keep it for legal or clinical reasons Object to, or ask us to restrict, certain processing Withdraw consent at any time, where we rely on consent (e.g. marketing, non-essential cookies) Ask for your information in a portable format, where applicable To exercise any of these rights, contact us using the details below. We’ll respond within one month, as required by law. Back to top ↑ Section 11 Children’s information Where we provide care to a patient under 16, information is collected and used in line with standard clinical consent and confidentiality guidance for children and young people, and, where appropriate, with parental or guardian involvement. Back to top ↑ Section 12 Changes to this policy We may update this policy from time to time, for example to reflect changes in the law or how we use your information. The “last updated” date at the top of this page will always show the latest version. Back to top ↑ Section 13 Contact us & complaints If you have any questions about this policy or how we handle your information, or you’d like to exercise any of your rights, please get in touch: Phone: +44 7857 761328 Email: admin@ourgp.co.uk Address: HEAL Physiotherapy, 14 Dudhope Street, Dundee DD1 1JU If you’re unhappy with how we’ve handled your information, you have the right to complain to the UK’s data protection regulator, the Information Commissioner’s Office (ICO). We’d appreciate the chance to resolve any concerns directly first. Questions about your data? Our team is happy to talk you through anything in this policy before or after you book. Call us WhatsApp OUR GP is a trading name of SRS Health Group Limited. Company No. SC819788 · Regulated by Healthcare Improvement Scotland.