DrDoctor Privacy Notice

This Privacy Notice

This Privacy Notice sets out the way in which we use any personal information that is collected from you whilst using https://www.drdoctor.co.uk (our “Site”). In other words, this Privacy Notice applies solely to the use of our website and any subsequent output of using our website, such as if you enquire about our services, request a demonstration of our services, or make a sales enquiry. For the use of our platform and services, we have a separate Privacy Notice, which you can find here.

Throughout this Notice, we will talk about ‘personal data’. Personal data means information relating to an individual who can be identified, directly or indirectly, from that piece of information. Examples of personal data include but are not limited to: your name, email address, phone number and occasionally other contact details.

References to “us”/”we”/”our” in this Privacy Notice means DrDoctor (registered: ICNH Ltd/) which is registered in England and Wales under company number 08149394. Our trading address is DrDoctor, The Grain House, 46 Loman Street, London SE1 0EH. We are registered at the UK Information Commissioner’s Office under number Z3313550.

What personal information do we collect and process?

Cookies

Our website uses cookies to distinguish you from other users of our Site. This helps us to provide you with a good experience when you browse our Site and also allows us to improve our Site.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer (if you agree). Please note that any cookies collected are not designed to identify you, it is all aggregated and therefore strictly anonymised. You have the option to accept or reject all cookies which are not strictly necessary for our site to run when you visit our Site and interact with our cookie banner.

We use the following cookies on our Site:

Strictly necessary cookies. These are cookies that are required for the operation of our website. These essential cookies are always enabled because our website will not work properly without them. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services. You can switch off these cookies in your browser settings but you may then not be able to access all or parts of our website.
Analytical cookies.These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies.These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Advertising cookies.These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

COOKIE NAME	PROVIDER	CATEGORY	EXPIRY DATE	PURPOSE
hs_ab_test	drdoctor.co.uk	necessary	session	Used to consistently serve visitors the same version of an A/B test page they’ve seen before
vuid	vimeo.com	analytics	399 days	This first party cookie created by Vimeo is used to assign a Vimeo Analytics unique id.
__cf_bm	vimeo.com	necessary	29 minutes	Cloud flare's bot products identify and mitigate automated traffic to protect your site from bad bots. Cloudflare places the __cf_bm cookie on End User devices that access Customer sites that are protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for the proper functioning of these bot solutions.
VISITOR_INFO1_LIVE	youtube.com	advertisement	179 days	Tries to estimate the users' bandwidth on pages with integrated YouTube videos.
YSC	youtube.com	functionality	session	Registers a unique ID to keep statistics of what videos from YouTube the user has seen.
bcookie	linkedin.com	advertisement	365 days	Used by LinkedIn to track the use of embedded services.
__cf_bm	drdoctor.co.uk	necessary	29 minutes	Cloud flare's bot products identify and mitigate automated traffic to protect your site from bad bots. Cloudflare places the __cf_bm cookie on End User devices that access Customer sites that are protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for the proper functioning of these bot solutions.
__cf_bm	hubspot.com	necessary	29 minutes	Cloud flare's bot products identify and mitigate automated traffic to protect your site from bad bots. Cloudflare places the __cf_bm cookie on End User devices that access Customer sites that are protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for the proper functioning of these bot solutions.
UserMatchHistory	linkedin.com	advertisement	30 days	These cookies are set by LinkedIn for advertising purposes, including: tracking visitors so that more relevant ads can be presented, allowing users to use the 'Apply with LinkedIn' or the 'Sign-in with LinkedIn' functions, collecting information about how visitors use the site, etc.
_hjAbsoluteSessionInProgress	drdoctor.co.uk	functionality	29 minutes	The cookie is set so Hotjar can track the beginning of the user's journey for a total session count. It does not contain any identifiable information.
_ga	drdoctor.co.uk	analytics	399 days	ID used to identify users
li_sugr	linkedin.com	analytics	90 days	Used to make a probabilistic match of a user's identity outside the Designated Countries
__hssc	drdoctor.co.uk	analytics	29 minutes	Analytics session cookie
_cfuvid	hubspot.com	necessary	session	This cookie is used to apply rate limits to traffic. It allows the Cloudflare WAF to distinguish individual users who share the same IP address.
_ga_3EGQX7ZZQE	drdoctor.co.uk	analytics	399 days	Used to persist session state
__hssrc	drdoctor.co.uk	analytics	session	Used to determine if a session is a new session
_hjFirstSeen	drdoctor.co.uk	functionality	29 minutes	The cookie is set so Hotjar can track the beginning of the user's journey for a total session count. It does not contain any identifiable information.
_gid	drdoctor.co.uk	analytics	1439 minutes	ID used to identify users for 24 hours after last activity
AnalyticsSyncHistory	linkedin.com	functionality	30 days	Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries
__hs_cookie_cat_pref	drdoctor.co.uk	necessary	179 days	The HubSpot Cookie Banner's consent preferences cookie.
__hstc	drdoctor.co.uk	analytics	179 days	Analytics tracking cookie
__hs_do_not_track	drdoctor.co.uk	necessary	179 days	Prevents the tracking code from sending any information to HubSpot
bscookie	linkedin.com	advertisement	365 days	Used by LinkedIn to track the use of embedded services.
hubspotutk	drdoctor.co.uk	analytics	179 days	Contains visitor's identity
_gat	drdoctor.co.uk	analytics	59 seconds	Used to monitor number of Google Analytics server requests when using Google Tag Manager
_ga_DM0DQP6BZ0	drdoctor.co.uk	analytics	399 days	Used to persist session state
test_cookie	doubleclick.net	functionality	14 minutes	This cookie is set by DoubleClick (which is owned by Google) to determine if the website visitor's browser supports cookies.
__cfruid	drdoctor.co.uk	necessary	session	Used by the content network, Cloudflare, to identify trusted web traffic.
lidc	linkedin.com	advertisement	1 days	Used by the social networking service, LinkedIn, for tracking the use of embedded services.
_hjSessionUser_3789974	drdoctor.co.uk	functionality	364 days	Set when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Hotjar does not track users across different sites. Ensures data from subsequent visits to the same site are attributed to the same user ID.
_hjSession_3789974	drdoctor.co.uk	functionality	29 minutes	Holds current session data. Ensures subsequent requests in the session window are attributed to the same session.
_hjIncludedInSessionSample_3789974	drdoctor.co.uk	functionality	29 minutes	Set to determine if a user is included in the data sampling defined by your site's daily session limit.

Business enquiries and engagement

If you want to get in contact with us to find out more about our services and how we can help you, or to book a demo of our services, we collect a minimum amount of contact details from you to facilitate your request. You are asked to provide us with the following list of personal data:

Name;
Email;
Job Title;
Organisation Name;
Telephone Number; and
Any personal information that you decide to disclose in your message to us. Please be careful what to include in your message.

How do we use your personal data?

The personal data that we collect from you whilst you are using our Site can be used by us for the following purposes:

To respond to your enquiries and product information requests using the ‘Contact Us’, ’Resource Downloads’ or ‘Demo Requests’ sections;
To improve our products and services if your query, complaint and message is relevant to said product or services; and
To utilise cookies to improve your experience when using our Site.

Do we make automated decisions about you?

No, we do not make automated decisions about you.

What is our lawful basis for processing your personal data?

When processing your personal data that we collected from your use of our Site, we rely on the following lawful bases under the UK General Data Protection Regulation (“UK GDPR”):

Lawful basis	What personal data do we collect under this basis and why?
Article 6(1)(a) – Consent	To capture non-essential cookies on our Site.
Article 6(1)(f) – Legitimate interests	Allowing DrDoctor to respond to business enquiries and sales requests from Site users.

We do not intend to collect sensitive personal data from you via our Site.

How do we protect your personal information?

All the data we collect about you as an individual is protected with multiple levels of security including industry leading encryption and access controls. The data centre we use meets a broad range of international and industry specific compliance standards. Data is securely encrypted both in-transit and at rest.

We ensure that all data is backed up and we have a comprehensive Business Continuity Planning & Disaster Recovery plan in place in the event of an unexpected disruption in service or business operations.

Who do we share your personal information with?

Please note that we do not and never will sell your personal data to third parties.

In order for us to effectively deliver our services, we use third party suppliers. They process limited amounts of personal data as strictly necessary for them to provide their service:

Third Party Supplier Name	Purpose
Amazon Web Services	Cloud storage provider for services provided by HubSpot Inc.
HubSpot Inc	Provides ticketing support system for queries made to DrDoctor for enquiries and forms sent through our Site.
Moneypenny (Callitech Limited)	Provides a receptionist and helpline service on behalf of DrDoctor.
Slack Technologies Limited	Provides enquiry visibility to our team to ensure that we can respond to your enquiries within a reasonable timeframe.
Google	Provides us with insights and analytics that help us understand how visitors engage with our website
Hotjar Ltd.	Hotjar is a digital experience insights platform that provides us with visual behaviour insights, in-the-moment feedback for user interactions on our website

Please note that we may be legally required to share your personal data with law enforcement agencies, regulators, courts or other public authorities.

Do we transfer your personal information outside the UK?

The safety and integrity of your personal data is very important to us. At DrDoctor, we risk assess each third party supplier we use and where possible, we also ensure that all security measures and appropriate safeguards are put in place to protect your information and comply with the data protection legislation.

We transfer your personal data outside of the UK when we have a lawful route of doing so.

Transfers from the UK to the European Economic Area (“EEA”) are deemed lawful on the basis of adequacy regulations. When we transfer data from the UK to the US or any non-EEA country we rely on any of the following: an adequacy decision, the EU-US Data Privacy Framework, Standard Data Protection Clauses, an international transfer risk assessment to ensure that your data is safe to be transferred.

How long do we keep your personal information?

We will keep your information for no longer than is necessary and as required to fulfil our legal obligations. If your data is no longer needed, we delete or anonymise it where we have the appropriate lawful basis to do so.

If we rely on consent to process your personal data then we will only retain your data for as long as you consent to us holding it.

When determining the relevant retention periods for personal data we hold on you, we will take the following factors into account:

Our contractual obligations and rights in relation to the information involved;
Whether we have consent to retain the personal data;
Legal obligation(s) under applicable law to retain data for a certain period of time;
Statute of limitations under applicable law(s);
Legal claims or potential disputes;
If you have made a request to have your information deleted;
Guidelines issued by relevant data protection authorities.

What are your rights?

By law, you have the following rights (subject to certain conditions) when it comes to your personal data.

The right to object to processing
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to lodge a complaint
The right to withdraw consent

How to exercise your right

You can exercise any of the above rights by contacting us at support@drdoctor.co.uk.

Timeline

We will always aim to respond to your request as soon as we can. Generally, this will be within one month from when we receive you request. We are entitled to extend the time to respond to your request where it is complex but will notify you if it is going to take longer to deal with.

Verifying your identity

In order to comply with your request, we will need to verify your identity so that we do not disclose any of your personal data to the wrong person. To that end, we may ask for confirmation of your identity as part of the process which may include requesting further documentation and processing more personal data.

Charging a fee or refusals

We usually act on requests and provide information free of charge. However, there are exceptions. If your request is excessive, repeated or manifestly unfounded, we may charge you a reasonable fee to cover our administrative costs or refuse to act on the request.

Contacting us or making a complaint

We are always happy to talk. If you have any questions, concerns or complaints about how your personal data is being used, then please email support@drdoctor.co.uk and we will do everything we can to help.

We have a designated Data Protection Officer. You can contact them at dpo@drdoctor.co.uk.

Alternatively, you can also contact the Information Commissioner’s Office (“ICO”), the UK’s independent regulatory office in charge of upholding information rights for further information or to make a complaint.

You can contact the ICO in one of the following ways:

Address	Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Telephone Number	0303 123 1113 (local rate)
Online	As directed on their website at https://ico.org.uk/make-a-complaint/

Last update: January 2024

We care about your privacy