Last updated: 20th May 2025
Contents
- Introduction
- Who we are
- What personal data do we collect
- How we use your personal data & legal bases
- How long do we keep your data
- Who we share your data with
- International transfers
- How we protect your data
- Your rights
- Automated decision-making
- Children’s data
- Data breaches
- Cookies & tracking
- Clinical & Regulatory Disclosures
- Changes to this policy
1. Introduction
This website, www.iqdoctor.co.uk, is operated by IQM Medical Ltd (company number: 10173012) (“IQ Doctor”, “we”, “our”, “us”). We are the data controller responsible for your personal data.
We understand the importance of handling personal information carefully and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to respecting your privacy and protecting your personal data.
This Privacy Notice explains what personal information we collect, how we use it, who we share it with, and your rights in relation to your personal data. It forms part of our website terms and conditions and applies whenever you use our services.
2. Who we are
Company details:
IQM Medical Ltd
Registered address: Bradford Court, 123-131 Bradford Street, Birmingham, B12 0NS.
Company number: 10173012
ICO registration number: ZA320053
Data Protection Officer (DPO):
Name: Camran Khan
Email: help@iqdoctor.co.uk
Address: Bradford Court, 123-131 Bradford Street, Birmingham, B12 0NS.
3. What personal data do we collect
- Identity data: name, date of birth, gender.
- Contact data: address, email, phone number.
- Health data (special category): medical history, prescriptions, consultation notes, test results, and information provided to our clinicians.
- Financial data: billing address. We do not hold payment card details.
- Technical data: cookies (see ‘Cookies’ section).
- Communication data: emails, support tickets, and telephone call transcripts.
4. How we use your personal data & legal bases
We process your personal data only where we have a lawful basis under UK GDPR. The main bases we rely on are:
- Performance of a contract – to provide pharmacy and prescribing services, deliver medicines, verify your identity, detect fraud, and manage your account.
- Legal obligation – to comply with pharmacy and healthcare regulations, professional record-keeping rules, and other legal requirements.
- Consent – for optional services such as marketing communications.
- Legitimate interests – for service improvement, staff training, fraud prevention, and audit (balanced against your rights).
For special category health data, we rely on:
- Article 9(2)(h) UK GDPR (healthcare and treatment purposes).
- Article 9(2)(i) UK GDPR (public health and regulatory obligations).
We will primarily use your personal data for the following purposes:
- To register your account and keep it secure.
- To verify your identity and create your patient record.
- To provide consultations, healthcare services, and prescribed medication.
- To process and fulfil any orders you place with us.
- To respond to queries, refund requests, or complaints.
- To share information with third-party suppliers/software where necessary for dispensing and delivery.
- To improve our services through research, customer feedback, and market analysis.
- To communicate with you about services, orders, updates, or regulatory changes.
- To send you marketing communications where you have given consent.
- To comply with applicable law, including responding to lawful requests from courts or regulators.
5. How long do we keep your data
- Prescription and consultation records: minimum 8 years (as required by healthcare regulation).
- Order records: 8 years (in line with prescription and consultation records, and legal reasons).
- Customer service records: up to 3 years after closure.
- Marketing records: until you withdraw consent or unsubscribe.
When no longer required, data is securely deleted or anonymised.
6. Who we share your data with
We may share your personal data with trusted third parties where necessary to deliver our services, subject to strict confidentiality and security safeguards:
- Healthcare professionals and regulators: prescribing doctors, the General Pharmaceutical Council (GPhC), the Medicines and Healthcare products Regulatory Agency (MHRA), the NHS, and other professional or regulatory bodies where required by law.
- Service providers: IT and hosting providers, secure communication platforms, data storage services, email and SMS providers, and customer support systems.
- Delivery companies: couriers and logistics partners to deliver your medicines.
- Payment processors: secure third-party payment providers. We do not store your full payment card details ourselves.
- Analytics and security providers: to help us understand how our website is used, improve performance, and detect fraud or misuse.
- Legal and regulatory bodies: in response to lawful requests from courts, regulators, or law enforcement agencies.
We require all third parties to process your data securely, lawfully, and only for the specific purposes we instruct.
7. International transfers
Some of our service providers (for example, cloud hosting or email services) may transfer your personal data outside the UK/EEA. When this happens, we ensure appropriate safeguards are in place, such as:
- Adequacy regulations issued by the UK government confirming that the destination country ensures adequate protection; or
- Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) approved by the ICO, combined with risk assessments to ensure appropriate protection.
You can contact us if you would like more information about these safeguards.
8. How we protect your data
- Encrypted databases and secure servers.
- Secure and encrypted connection when accessing the website.
- Role-based access control for staff.
- Regular staff training on confidentiality.
- Security monitoring and regular audits.
- Secure data disposal.
9. Your rights
You have the following rights under UK GDPR:
- Right of access (Article 15).
- Right to rectification (Article 16).
- Right to erasure (“right to be forgotten”) (Article 17).
- Right to restrict processing (Article 18).
- Right to data portability (Article 20).
- Right to object (Article 21).
- Rights related to automated decision-making and profiling (Article 22).
To exercise your rights, contact us using the details above. We will respond within one month.
You also have the right to complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we handle your data:
Website: www.ico.org.uk
Telephone: 0303 123 1113
If we rely on your consent (for example, for marketing), you may withdraw that consent at any time by:
- Clicking the “unsubscribe” link in any marketing email,
- Updating your account settings (if available), or
- Contacting us directly at help@iqdoctor.co.uk
10. Automated decision-making
We do not carry out automated decision-making or profiling that has a legal or similarly significant effect on you.
11. Children’s data
Our services are intended for adults aged 18 and over. We do not knowingly collect information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Data breaches
If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and also notify the ICO within 72 hours, as required by law.
13. Cookies & tracking
We use cookies and similar technologies to improve your experience on our website. These may include:
- Strictly necessary cookies – required for the website to determine bots and crawlers. We do not use cookies as the core function for the website.
- Analytics cookies – help us understand how our website is used and improve performance.
- Advertising and personalisation cookies – used to deliver relevant content and marketing based on your browsing behaviour.
For non-essential cookies, we rely on your consent. When you first visit our website, you will be asked to set your cookie preferences via our cookie banner. You can withdraw consent or update your preferences at any time through our [cookie settings link].
| Name of Cookie | First / Third Party | Provider | Purpose |
|---|---|---|---|
| is_bot | Local | IQ Doctor | This cookie is used to check for unauthorised bots visiting our website. |
| _gcl_au | Third Party | Google Analytics | These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the site. |
| _ga_S8SK8KFGW0 | Third Party | Google Manager | The _ga cookie is used to uniquely identify users, specifically with the third and fourth set of numbers explained above. |
| CLID | Third Party | Microsoft | These cookies are placed by the setup script that you installed to run Clarity. When the script is installed, Clarity's cookies send us non-personally identifiable information about your users. |
| _ga _gat_gtag_UA_92994638_2 |
Third Party | Google Tag Manager | The _ga cookie is used to uniquely identify users, specifically with the third and fourth set of numbers explained above. |
| _gid | Third Party | Google Analytics | This cookie registers a unique ID that is used to generate statistical data on how the visitor uses the website. |
| _clck | Third Party | Microsoft | This describes if this specific cookie, localStorage or other resource is responsible for sharing, collecting or storing direct or indirect personal data. |
| _uetsid | Third Party | Microsoft | This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website. Expires 30 minutes after the browsing session ends. |
| _uetvid | Third Party | Microsoft | This is a cookie utilized by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited. |
| MUID | Third Party | Microsoft | This cookie identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes. |
| test_cookie | Third Party | DoubleClick | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
| _clsk | Third Party | Microsoft | This cookie is installed by Microsoft Clarity to store information of how visitors use a website and help in creating an analytics report of how the website is doing. |
| _fbp | Third Party | Used by Facebook to deliver advertising. The cookie contains an encrypted Facebook user ID and browser ID. It will receive information from this website to better target and optimise advertising. | |
| MR | |||
| SRM_B | |||
| ANONCHK | Third Party | Bing | Cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well. |
14. Clinical & Regulatory Disclosures
In some cases, we are legally required to share your personal data with regulators or professional bodies. For example, we may need to provide information to the General Pharmaceutical Council (GPhC) or the NHS to comply with healthcare oversight obligations.
15. Changes to this policy
We keep this Privacy Notice under regular review. Updates will be published on this page with a new “last updated” date.
