DocTap

Privacy policy

Privacy Notice

DocTap Patient Privacy Notice

Who we are


We are DocTap Limited (company no. 09518278), located at 97-99 King St, London W6 9JN. We are committed to protecting your privacy and keeping your personal data safe.


If you have any questions about how we handle your data, our designated Data Protection Officer is Alexander Hamilton. You can contact him directly and securely by emailing alex@doctap.co.uk or writing to our postal address.


What information do we collect?


The data we collect depends on how you use our services. It may include:


    • Your Details:Information you provide when setting up an account or booking, including your name, contact details, date of birth, and home address. 
    • Special Category Data (Health Data): Because we are a medical provider, we collect highly sensitive information about you. This includes your medical history, symptoms, allergies, current medications, consultation notes, and sometimes information regarding your race or ethnicity where it is clinically relevant to your care.
    • Audio Recordings (AI Note-Taking): With your explicit consent, we record the audio of your consultation to help generate your official clinical notes using a secure AI tool.
    • Payment Details: We use Stripe, a secure third-party payment processor, to handle your appointment fees. DocTap does not see or store your full credit card details. We only receive a secure payment "token" which allows you to book future appointments without re-entering your card details.
    • Website & Device Data:When you use our website, we may collect information about your hardware, IP address, operating system, and browser type for system administration and statistical analysis.


Why do we collect this and what is our "Lawful Basis"?


Under the UK General Data Protection Regulation (UK GDPR), we must have a valid legal reason (Article 6) to process your personal data. We process your general data for the following reasons:

    • To manage your account and bookings: To process your payments, manage your account, and book your appointments, we process your data to fulfil our Contract with you (Article 6(1)(b)).
    • To improve our services: We use statistical website data to improve your user experience and manage our business operations safely under our Legitimate Interests (Article 6(1)(f)).
    • To comply with the law: We may process your data to meet our Legal Obligations (Article 6(1)(c)), such as fraud protection or regulatory audits by the Care Quality Commission (CQC).


Processing your Special Category (Health) Data Because your health data is highly sensitive, the Information Commissioner’s Office (ICO) requires us to meet additional, stricter conditions (Article 9) to process it. We rely on the following conditions:


    • To provide you with medical care: To provide consultations, diagnoses, prescriptions, and to maintain your clinical records safely, we process your sensitive medical data under the Provision of Health or Social Care (Article 9(2)(h)).
    • To generate your clinical notes safely and efficiently (AI Note-Taking): We use a secure AI transcription tool (powered by OpenAI) to listen to and transcribe your consultation. This allows our GPs to focus entirely on you and your care rather than typing. We only record this audio with your Explicit Consent (Article 9(2)(a)). The resulting text notes are then processed as part of your official medical record under the Provision of Health Care.
    • To protect you in an emergency: If you have a medical emergency on our premises and are physically or legally incapable of giving consent, we will share your health data with emergency services (like paramedics or A&E) to protect your life under Vital Interests (Article 9(2)(c)).
    • To protect public health: By law, we are required to report certain infectious "Notifiable Diseases" (such as Measles or COVID-19) to the UK Health Security Agency to protect public health under the Public Health condition (Article 9(2)(i)).


Who do we share your information with?


Your clinical records are strictly confidential. We will never sell your personal data. We only share your information with:


    • DocTap GPs: To provide you with medical care during your appointment.
    • Your NHS GP: With your explicit consent, we will send a summary of your treatment to your regular NHS GP to ensure you receive safe, joined-up care.
    • Other Healthcare Professionals: If you need an urgent referral (such as to A&E or a specialist), we will share the necessary clinical information to protect your health.
    • Our Service Providers: We use trusted third-party data processors (like Stripe for payments and OpenAI for transcribing notes) who assist us in providing our services. They are legally bound by strict contracts to keep your data safe and only use it as instructed by use, and they are strictly prohibited from using your medical data to train their AI models.
    • Business Transfers: If we sell any business or assets, your personal data may be disclosed to the prospective buyer, or transferred as a business asset.
    • Legal Authorities: If we are under a legal duty to disclose your data to comply with the law, enforce our terms of use, or protect the safety of our patients, staff, or others.


Where we store your data and how we keep it safe


All the personal data we collect from you is stored securely within the European Economic Area (EEA). We use administrative, technical, and physical measures to safeguard your personal information against loss, theft, and unauthorised access.

While we take every precaution, the transmission of information via the internet (including email) is not completely secure. We strongly advise you not to include sensitive medical information or credit card details in standard emails to us.


How long do we keep your data?


We are legally required to keep your medical records for specific periods to ensure your safety and comply with the NHS Records Management Code of Practice:


    • Adults: 8 years from the date of the last entry.
    • Children: If the patient is under 17 at the time of treatment, we must keep their records until their 25th birthday.
    • AI Note-Taking Audio: The raw audio recording of your consultation is strictly temporary. It is securely processed to generate the text and then permanently deleted. Neither DocTap nor our AI provider stores the audio or the temporary transcripts once your final clinical note is approved and saved to your record by the GP.


The National Data Opt-Out


DocTap complies with the national data opt-out policy. We only use your clinical data to provide direct medical care. We will never use or share your confidential patient information for research or planning purposes without your explicit consent.


Cookies


A cookie is a small text file sent by our server to your device when you visit DocTap. They improve your user experience by remembering your settings and saving you time.


    • Essential Cookies: Required to perform essential functions, enable you to access private information during your visit, and process secure payments via Stripe.
    • Non-Essential Cookies: We use Google Analytics and AddThis to track visitor numbers, see how users navigate our site, and allow content sharing. This is statistical data and does not identify any individual.

By using DocTap, you consent to our use of non-essential cookies. You can block these at any time by adjusting your browser settings, though this may affect how our website functions.


Your Rights


Under data protection law, you have several rights regarding your personal information:


    • The Right of Access: You can request a copy of the medical records or data we hold about you. We provide this free of charge within one month.
    • The Right to Rectification: You can ask us to correct any factual information that is incorrect or out of date.
    • The Right to Erasure: You can ask us to delete your data. (Please note: We are legally required to retain clinical medical records for the periods stated above, but we can delete your payment tokens or marketing data).
    • The Right to Object: You have the right to ask us not to process your data for marketing purposes.


If you wish to exercise any of these rights, please email support@doctap.co.uk or contact our Data Protection Officer. If you believe your data has been mishandled, you have the right to complain to the Information Commissioner’s Office (ICO).


Third-Party Links


Our website may occasionally contain links to partner networks or affiliates. Please note that these websites have their own privacy policies, and we do not accept any responsibility or liability for how they handle your data.


Changes to this Policy


Any future changes we make to our privacy policy will be posted on this page and, where appropriate, notified to you by email.