1. Who we are

MDP Medical Ltd (company number 16673751) operates the My Doctors Prescription platform.

We provide a digital healthcare service that connects:

• Patients seeking medical advice and, where appropriate, prescriptions
• Independent clinicians (such as GMC-registered doctors)
• Regulated partner pharmacies (such as GPhC-registered pharmacies)

Clinicians and pharmacies are independent providers responsible for the clinical care and dispensing services they deliver. MDP Medical Ltd provides and operates the platform and supporting technical infrastructure.

MDP Medical Ltd acts as the data controller for the operation of the platform and the personal data processed through it.

Independent clinicians and partner pharmacies act as separate data controllers in relation to the personal data they process in providing clinical care and dispensing services.

We are registered with the Information Commissioner’s Office (ICO) under registration number ZC086316.

2. What information we collect

The information we collect depends on your role and how you interact with our website and services.

If you are a patient

We may collect:

• Identity information provided via NHS Login (the NHS secure sign-in service), including a unique user identifier
• Contact details (such as email address and phone number, where provided by you or added to your account)
• Limited demographic information provided by you (for example, date of birth where required as part of a questionnaire)
• Health information (including questionnaire responses, symptoms, relevant medical history, medications, and clinical assessments)
• Consultation records and prescriptions issued through the platform
• Account information (linked to your NHS Login and your activity on the platform)
• Payment and transaction records (processed via secure third-party providers; we do not store full card details)
• Communications with clinicians, pharmacies, or support services

If you access our service using your NHS login details, identity verification is managed by NHS England.

NHS England is the controller for any personal information you provide to them to create and verify your NHS login account. They use this information solely for identity verification purposes.

For this processing, our role is a processor, and we act under the instructions of NHS England.

This does not apply to personal information you provide directly to us, which is processed in accordance with this Privacy Notice.

We may use NHS systems (for example, the Personal Demographics Service (PDS)) to verify certain information where necessary. We do not store additional demographic data from these systems beyond what is required to operate the service.

If you are a clinician

We may collect:

• Identity information provided via NHS Care Identity Service (CIS2 Workforce)
• Professional and contact details (such as name, NHS.net email address, GMC registration number, qualifications, and practice details)
• Verification and onboarding information (including identity checks, right to work, indemnity, and regulatory compliance checks)
• Account and authentication data (including login activity, IP addresses, and security logs)
• Clinical activity on the platform (including case reviews, clinical notes, and prescriptions issued)
• Audit and safety logs required for clinical governance and regulatory compliance
• Payment and invoicing information

If you access our service using NHS Care Identity credentials, identity and authentication services are managed by NHS England.

NHS England is the controller for any personal information used to establish and verify your identity through this service. For this processing, our role is a processor acting under NHS England’s instructions.

If you are a pharmacy user

We may collect:

• Identity and contact details provided by the pharmacy owner
• Professional and organisation details relating to the pharmacy
• Email addresses of pharmacy personnel for account invitations
• Identity and professional details provided by invited users
• Verification and onboarding information
• Account and authentication data
• Dispensing activity (including prescriptions processed, fulfilment records, and delivery or tracking information)
• Audit and safety logs required for regulatory compliance
• Payment and transaction information

If you are a website visitor or make an enquiry

We may collect:

• Contact details (such as your email address), which may be:
  • provided directly by you when submitting a contact form, or
  • automatically populated from your account information if you are signed in
• The content of your enquiry (such as subject, message, and any attachments you choose to provide)
• Technical data (such as IP address, browser type, device information, and approximate location)
• Usage data (such as pages visited and interactions with the website)
• Cookie preferences (see our Cookie Notice)

Please do not include sensitive personal or health information in contact forms, as these are not intended for clinical use.

3. How and why we use your information

We use your personal information to operate, deliver, and improve our services, and to meet legal and regulatory obligations.

For patients

We use your information to:

• Provide the service, including creating and managing your account and enabling you to submit medical questionnaires
• Allow clinicians to review your information and make clinical decisions, including issuing prescriptions where appropriate
• Share necessary information with partner pharmacies to enable dispensing and delivery of medicines
• Process payments and manage transactions
• Communicate with you about your requests, orders, and support enquiries
• Maintain medical records and audit trails required for clinical safety and regulatory compliance
• Verify certain details using NHS systems (such as NHS Login and, where necessary, the Personal Demographics Service)
• Detect and prevent fraud, misuse, or unauthorised access

For clinicians

We use your information to:

• Authenticate your identity via NHS Care Identity Service (CIS2 Workforce) and manage your access to the platform
• Verify your professional registration, qualifications, and compliance requirements
• Provide tools and access to review patient cases, record clinical decisions, and issue prescriptions
• Maintain audit trails and logs for clinical governance, safety, and regulatory requirements
• Process payments and manage invoicing for services you provide
• Communicate with you regarding platform use, updates, and support

For pharmacy users

We use your information to:

• Create and manage pharmacy accounts and associated staff access
• Verify pharmacy registration and regulatory compliance
• Enable receipt and processing of prescriptions issued through the platform
• Support dispensing, fulfilment, and delivery processes
• Maintain audit trails and records required for regulatory compliance
• Process payments and manage financial transactions with your pharmacy
• Communicate with you regarding operations, updates, and support

For website visitors and enquiries

We use your information to:

• Respond to enquiries and provide support
• Manage and track support requests
• Improve our website, services, and user experience
• Maintain security and prevent misuse of our website

We do not use your personal data for marketing unless you have explicitly chosen to receive such communications.

4. Legal basis for processing

We rely on the following legal bases:

Consent

• You choose to use our services and provide health information through questionnaires and consultations
• You choose to allow optional cookies (such as analytics)

You can withdraw your consent at any time. In some cases, this may mean we are no longer able to provide certain services.

Contract

• Creating and managing your account
• Enabling clinical review and prescription services
• Processing payments and transactions
• Providing support and responding to enquiries

Legal obligations

• Healthcare regulations and clinical governance requirements
• Record-keeping obligations
• Responding to lawful requests from regulators or authorities

Legitimate interests

• Operating and improving our platform and services
• Maintaining security, preventing fraud, and protecting against misuse
• Ensuring system reliability, monitoring, and performance
• Managing business operations and defending legal claims

Where we process special category data (such as health information), we rely on Article 9(2)(h) of the UK GDPR (provision of health care) and Schedule 1 of the Data Protection Act 2018.

5. Who we share information with

Clinicians

If you are a patient, your information is shared with an appropriate clinician so they can review your case, make clinical decisions, and issue prescriptions where appropriate.

Partner pharmacies

Where a prescription is issued, relevant information is shared with a partner pharmacy to enable dispensing and delivery of medicines.

Service providers

We use trusted third-party service providers, including:

• AWS
• Vercel
• Microsoft
• Resend

These providers process personal data on our behalf under contractual obligations.

NHS services

Where required, we exchange limited information with NHS systems.

We use your NHS number to help identify you correctly and ensure your information is matched accurately across systems. This is accessed via the Personal Demographics Service (PDS).

Access is strictly controlled and limited to authorised users.

You have the right to object to this use.

Regulators and authorities

Including:

• Care Quality Commission (CQC)
• Information Commissioner’s Office (ICO)
• General Medical Council (GMC)
• General Pharmaceutical Council (GPhC)
• HM Revenue & Customs (HMRC)

Business purposes

We may share information with professional advisers or in connection with legal claims or business transactions.

We do not sell your personal data.

6. Data retention

• Medical records: at least 8 years
• Financial records: at least 6 years
• Audit logs: up to 7 years
• Account data: while active plus a reasonable period

Data is securely deleted or anonymised when no longer required.

7. Your rights

You have the right to:

• Access
• Correction
• Deletion
• Restriction
• Objection
• Data portability
• Withdraw consent

Contact:

• Email: support@mydoctorsprescription.com
• Contact form: https://www.mydoctorsprescription.com/contact

You may complain to the ICO: https://ico.org.uk

8. How we keep your information safe

We use:

• Encryption (HTTPS)
• Role-based access controls
• NHS Login and CIS2 authentication
• Multi-factor authentication
• Monitoring and audit logs
• Security testing and updates
• Staff training

9. Cookies

We use necessary and optional cookies.

See: https://www.mydoctorsprescription.com/cookies

10. Contact

• Email: support@mydoctorsprescription.com
• Contact form: https://www.mydoctorsprescription.com/contact

11. Changes to this notice

We may update this Privacy Notice from time to time.

The latest version will always be available on our website.