Privacy Policy

1. Introduction

Medelic Ltd ("we", "our", "us") is committed to protecting and respecting your privacy. This policy explains how we collect, use, and safeguard personal data when you use our AI-powered triage platform.

We are registered with the Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Medelic Ltd is the data controller for personal data processed through our website and marketing activities. For patient data processed through our triage platform, the GP practice or healthcare organisation is the data controller, and Medelic acts as a data processor.

3. Information We Collect

Website Visitors

• Contact information (name, email, organisation) when you submit enquiries
• Technical data (IP address, browser type, device information)
• Usage data (pages visited, time on site)

Healthcare Professionals

• Professional credentials and registration details
• Account login information
• Usage logs and audit trails

Patient Data (Processed on behalf of GP Practices)

• NHS number and demographic information
• Clinical information shared during triage calls
• Voice recordings (where consent is provided)
• Triage outcomes and clinical summaries

4. How We Use Your Data

• To provide and improve our triage services
• To respond to enquiries and provide customer support
• To comply with legal and regulatory obligations
• To ensure the safety and security of our platform
• To send service updates and, with consent, marketing communications

5. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract: To deliver services to healthcare organisations
• Legal obligation: To comply with healthcare regulations
• Legitimate interests: To improve our services and ensure security
• Consent: For marketing communications and optional features

6. Data Retention

Patient clinical data is retained in accordance with NHS records management guidelines (typically 8 years for adults, longer for children). Website enquiry data is retained for 2 years. You may request deletion of your data at any time, subject to legal retention requirements.

7. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• UK-based data centres with ISO 27001 certification
• Regular security assessments and penetration testing
• Staff training and access controls

8. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time

To exercise these rights, contact us at privacy@medelic.com or write to our Data Protection Officer.

9. Cookies

We use essential cookies to ensure our website functions correctly. We do not use tracking or advertising cookies. For more information, see our Cookie Policy.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or through our platform. The latest version will always be available on this page.