Privacy Policy
How we collect, use, and protect your personal information.
Last updated: 22 December 20251. Introduction
This website, www.iqdoctor.co.uk, is operated by IQM Medical Limited (company number: 10173012) ("IQ Doctor”, “we”, “our”, “us”). We are the data controller responsible for your personal data.
We understand the importance of handling personal information carefully and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to respecting your privacy and protecting your personal data.
This Privacy Notice explains what personal information we collect, how we use it, who we share it with, and your rights in relation to your personal data. It forms part of our website terms and conditions and applies whenever you use our services.
2. Who we are
Company details:
IQM Medical Ltd
Registered address: Bradford Court, 123-131 Bradford Street, Birmingham, B12 0NS.
Company number: 10173012
ICO registration number: ZA320053
Data Protection Officer (DPO):
Name: Camran Khan
Email: help@iqdoctor.co.uk
Address: Bradford Court, 123-131 Bradford Street, Birmingham, B12 0NS.
3. What personal data do we collect
- Identity data: name, date of birth, gender.
- Contact data: address, email, phone number.
- Health data (special category): medical history, prescriptions, consultation notes, test results, and information provided to our clinicians.
- Financial data: billing address. We do not hold payment card details.
- Technical data: cookies (see ‘Cookies’ section).
- Communication data: emails, support tickets, and telephone call transcripts.
4. How we use your personal data & legal bases
We process your personal data only where we have a lawful basis under UK GDPR. The main bases we rely on are:
- Performance of a contract – to provide pharmacy and prescribing services, deliver medicines, verify your identity, detect fraud, and manage your account.
- Legal obligation – to comply with pharmacy and healthcare regulations, professional record-keeping rules, and other legal requirements.
- Consent – for optional services such as marketing communications.
- Legitimate interests – for service improvement, staff training, fraud prevention, and audit (balanced against your rights).
For special category health data, we rely on:
- Article 9(2)(h) UK GDPR (healthcare and treatment purposes).
- Article 9(2)(i) UK GDPR (public health and regulatory obligations).
We will primarily use your personal data for the following purposes:
- To register your account and keep it secure.
- To verify your identity and create your patient record.
- To provide consultations, healthcare services, and prescribed medication.
- To process and fulfil any orders you place with us.
- To respond to queries, refund requests, or complaints.
- To share information with third-party suppliers/software where necessary for dispensing and delivery.
- To improve our services through research, customer feedback, and market analysis.
- To communicate with you about services, orders, updates, or regulatory changes.
- To send you marketing communications where you have given consent.
- To comply with applicable law, including responding to lawful requests from courts or regulators.
5. How long do we keep your data
- Prescription and consultation records: minimum 8 years (as required by healthcare regulation).
- Order records: 8 years (in line with prescription and consultation records, and legal reasons).
- Customer service records: up to 3 years after closure.
- Marketing records: until you withdraw consent or unsubscribe.
When no longer required, data is securely deleted or anonymised.
6. Who we share your data with
We may share your personal data with trusted third parties where necessary to deliver our services, subject to strict confidentiality and security safeguards:
- Healthcare professionals and regulators: prescribing doctors, the General Pharmaceutical Council (GPhC), the Medicines and Healthcare products Regulatory Agency (MHRA), the NHS, and other professional or regulatory bodies where required by law.
- Service providers: IT and hosting providers, secure communication platforms, data storage services, email and SMS providers, and customer support systems.
- Delivery companies: couriers and logistics partners to deliver your medicines.
- Payment processors: secure third-party payment providers. We do not store your full payment card details ourselves.
- Analytics and security providers: to help us understand how our website is used, improve performance, and detect fraud or misuse.
- Legal and regulatory bodies: in response to lawful requests from courts, regulators, or law enforcement agencies.
We require all third parties to process your data securely, lawfully, and only for the specific purposes we instruct.
7. International transfers
Some of our service providers (for example, cloud hosting or email services) may transfer your personal data outside the UK/EEA. When this happens, we ensure appropriate safeguards are in place, such as:
- Adequacy regulations issued by the UK government confirming that the destination country ensures adequate protection; or
- Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) approved by the ICO, combined with risk assessments to ensure appropriate protection.
You can contact us if you would like more information about these safeguards.
8. How we protect your data
- Encrypted databases and secure servers.
- Secure and encrypted connection when accessing the website.
- Role-based access control for staff.
- Regular staff training on confidentiality.
- Security monitoring and regular audits.
- Secure data disposal.
9. Your rights
You have the following rights under UK GDPR:
- Right of access (Article 15).
- Right to rectification (Article 16).
- Right to erasure (“right to be forgotten”) (Article 17).
- Right to restrict processing (Article 18).
- Right to data portability (Article 20).
- Right to object (Article 21).
- Rights related to automated decision-making and profiling (Article 22).
To exercise your rights, contact us using the details above. We will respond within one month.
You also have the right to complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we handle your data:
Website: www.ico.org.uk
Telephone: 0303 123 1113
If we rely on your consent (for example, for marketing), you may withdraw that consent at any time by:
- Clicking the “unsubscribe” link in any marketing email,
- Updating your account settings (if available), or
- Contacting us directly at help@iqdoctor.co.uk
10. Automated decision-making
We do not carry out automated decision-making or profiling that has a legal or similarly significant effect on you.
11. Children’s data
Our services are intended for adults aged 18 and over. We do not knowingly collect information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Data breaches
If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and also notify the ICO within 72 hours, as required by law.
13. Cookies & tracking
We use cookies and similar technologies to improve your experience on our website. These may include:
- Strictly necessary cookies – required for the website to determine bots and crawlers. We do not use cookies as the core function for the website.
- Analytics cookies – help us understand how our website is used and improve performance.
- Advertising and personalisation cookies – used to deliver relevant content and marketing based on your browsing behaviour.
For non-essential cookies, we rely on your consent. When you first visit our website, you will be asked to set your cookie preferences via our cookie banner. You can withdraw consent or update your preferences at any time through our [cookie settings link].
| Name of Cookie | First / Third Party | Provider | Purpose |
|---|---|---|---|
| is_bot | First Party | IQ Doctor | Used to detect and prevent unauthorised automated bot access to our website for security and fraud-prevention purposes. |
| _gcl_au | Third Party | Used by Google AdSense to experiment with advertising efficiency and measure conversion performance. | |
| _ga_S8SK8KFGW0 | Third Party | Google Analytics | Used to persist session state and distinguish users for analytics and reporting purposes. |
| _ga | Third Party | Google Analytics | Used to distinguish unique users by assigning a randomly generated identifier and to generate statistical usage data. |
| _gid | Third Party | Google Analytics | Used to store information about how visitors use the website and to generate analytics reports. |
| CLID | Third Party | Microsoft Clarity | Identifies the first-time visit of a user and stores information about user interactions for behavioural analytics. |
| _clck | Third Party | Microsoft Clarity | Persists a Clarity user ID and preferences across multiple page views. |
| _clsk | Third Party | Microsoft Clarity | Connects multiple page views by a user into a single session recording. |
| _uetsid | Third Party | Microsoft Bing Ads | Used to store and track visits across websites to enable targeted advertising via Bing Ads. |
| _uetvid | Third Party | Microsoft Bing Ads | Used to track visitors across websites to provide relevant advertising. |
| MUID | Third Party | Microsoft | Identifies unique browsers visiting Microsoft sites and is used for analytics and advertising purposes. |
| test_cookie | Third Party | DoubleClick | Used to test whether the user’s browser supports cookies. |
| _fbp | Third Party | Meta (Facebook) | Used by Meta to deliver, measure, and improve the relevance of advertisements. |
| ANONCHK | Third Party | Microsoft Bing | Stores a user’s session ID to verify ad clicks and assist in reporting and personalisation. |
14. Clinical & Regulatory Disclosures
In some cases, we are legally required to share your personal data with regulators or professional bodies. For example, we may need to provide information to the General Pharmaceutical Council (GPhC) or the NHS to comply with healthcare oversight obligations.
15. Changes to this policy
We keep this Privacy Notice under regular review. Updates will be published on this page with a new “last updated” date.