• There are no suggestions because the search field is empty.

Doctor Care Anywhere Privacy Policy

Welcome to the DCA Privacy Policy, which contains essential legal information informing you of how we process your personal data.

Doctor Care Anywhere Limited (“DCA”, “we”, “us”, “our”) is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data.

This policy applies to all services provided by DCA, including digital consultations, prescriptions, referrals and any services accessed through our website or mobile applications.

1. Who We Are

DCA provides healthcare services and acts as the data controller for your personal data.

This means we are responsible for deciding how and why your personal data is used.

Our services are supported by technology providers within the DCA Group and by carefully selected third‑party providers who process data on our behalf.

 

2. How to Contact Us

If you have any questions about this Privacy Policy or how we use your personal data, you can contact our Data Protection Officer:

Email: dpo@doctorcareanywhere.com

You also have the right to contact your local data protection authority, such as the UK Information Commissioner’s Office (ICO).

 

3. The Personal Data We Collect

Depending on how you use our services, we may collect the following types of personal data.

Personal Information

  • Name
  • Date of birth
  • Address
  • Email address
  • Phone number
  • Account login details
  • Symptoms and medical history
  • Consultation notes
  • Diagnoses and treatment plans
  • Prescriptions
  • Test results and referrals
  • Clinical letters sent to us or uploaded by the patient from other healthcare services

Health and Medical Information

Because we provide healthcare services, we process medical information such as:

This type of information is known as special category data and is protected by strict data protection laws.

Technical Information

When you use our services, we may also collect:

  • IP address
  • Device and browser type
  • Website or app usage information
  • Cookies and analytics data

Service and Account Information

We may also record:

  • Appointment history
  • Messages with clinicians or support teams
  • Insurance or employer eligibility information
  • Payment information where applicable

Credit and debit card information

If you make a payment on the app, your credit and debit card details are processed by a third-party payment provider.

We don't store any of your credit or debit card information and we only keep details of the transactions on our secure servers.

 

4. How We Collect Your Data

We collect personal data in several ways:

  • directly from you when you register, book an appointment, or use our services
  • from clinicians during consultations
  • from your employer, insurer, or partner organisation (if they provide access to our service)
  • automatically when you use our website or mobile applications

5. How We Use Your Personal Data

We use your personal data to:

  • provide medical consultations and healthcare services
  • diagnose and treat medical conditions
  • issue prescriptions and referrals
  • manage your account and appointments
  • communicate with you about your care
  • improve and monitor the quality of our services
  • meet legal, regulatory, and safeguarding requirements

We may also use limited information for service improvement, training, and system security.

We never sell your personal data.

6. Use of Artificial Intelligence Tools

We may use artificial intelligence (AI) tools to support clinicians during consultations. These tools help generate draft summaries of consultations and assist clinicians in preparing accurate clinical notes.

During a consultation, relevant information may be processed by the AI system to produce a suggested summary or documentation. This allows clinicians to focus more on the conversation with you and can improve the accuracy and efficiency of medical record-keeping.

AI tools are used strictly to support documentation and administrative tasks. They do not make clinical decisions or provide diagnoses.

All AI-generated content is reviewed by a qualified clinician. Clinicians may edit, correct, or reject any AI-generated content before it is added to your medical record. The clinician remains fully responsible for the final clinical record and any medical decisions made about your care.

No decisions about your care are made solely by automated means. All decisions involve human review by a qualified clinician.

We use AI as part of providing healthcare services. The lawful basis for processing your personal data is the provision of healthcare, and the processing of health data is permitted for medical diagnosis and the delivery of care.

Where AI tools are provided by third-party suppliers, we ensure they operate under strict data protection and confidentiality agreements and only process personal data on our instructions. These providers are not permitted to use your data for their own purposes.

All AI tools used by DCA operate under appropriate security measures and data protection safeguards, and are used solely to support the delivery of healthcare services.

7. Our Legal Basis for Using Your Data

Data protection law requires us to have a lawful basis for using your personal data.

Processing Purposes

Legal bases

To complete pre-contractual formalities or to provide services, including

  1. Assessing your eligibility for our digital GP services (whether through insurance or pay-as-you-go)
  2. Creating and managing your account
  3. Verifying your identity

Personal Data - Contract

 

Health Data - Health or social care (the provision of health care or treatment and the management of health care systems or services)

To provide you with services for example

  1. Health advice, prescription, medical treatment
  2. Booking appointments
  3. Any other Services in connection with DCA

Personal Data - Contract

Health Data - Health or social care (the provision of health care or treatment and the management of health care systems or services)

We process personal data to carry out internal activities that support the delivery of our services. This includes, for example:

  1. Maintaining, improving, and fixing our systems, including our website and app
  2. Monitoring how you use our services to resolve technical or account-related issues
  3. Evaluating and improving the quality of our services, including AI tools that assist clinicians, and training our staff to provide best care
  4. Reviewing AI-generated consultation notes for quality assurance, accuracy, and further development of AI support tools
  5. Combining information collected during registration and app use to provide a seamless service experience

 

Where possible, we pseudonymise data or remove identifying details, such as your name or contact information, to protect your privacy.

Personal Data - Legitimate Interest

 

Health Data - Health or social care (the provision of health care or treatment and the management of health care systems or services)

To process and manage payments for the services you use, in line with our Terms and Conditions.

Personal Data - Contract

To send essential information and notifications to you, such as password resets, service updates, and administrative or support messages, via email, SMS, or the app.

Personal Data - Legitimate Interest

We may use data in an aggregated or anonymised form that does not personally identify you. For example, we may show general trends on our website or app, such as the number of users of our service.

 

We may also anonymise data related to certain illnesses, symptoms, or conditions and use it to understand how we can improve our services and what we can offer to our users.

Personal Data - legitimate interest

Health Data - Health or social care (the provision of health care or treatment and the management of health care systems or services)

We may process data to improve your experience and our services, for example by sending surveys or requests for feedback, analysing how you use our app or website.

Where possible, we remove or pseudonymise identifying details, and we ensure our interests do not override your rights.

Personal Data - Legitimate Interest

We may process personal data to ensure safety, compliance with legal obligations, or respond to government or regulatory requests. This includes, for example:

  • Sharing information with regulatory bodies such as the General Medical Council, Care Quality Commission, law enforcement authorities, or courts
  • Working with banks, financial institutions, or fraud prevention services to detect and prevent fraud
  • Investigating potential illegal activity, abuse, breaches of our Terms, or threats to the security of our services or the safety of individuals
  • Asserting or defending our legal rights

Personal Data - Legal obligation and/or, Legitimate Interest

 

If Health Data is shared - Health or social care (the provision of health care or treatment and the management of health care systems or services), Reasons of substantial public interest (preventing or detecting unlawful acts), legal claims or judicial acts

We may process your data to protect public health. This could include using information to support research, monitor, track, or manage public health emergencies, such as pandemics.

Where necessary and lawful, your data may be shared with organisations such as the NHS, Public Health England, local authorities, other health organisations, or GPs.

We limit the use and sharing of data to what is strictly necessary and only for the duration of the public health emergency.

Personal Data - Public Task

Health Data - Public Health

We may process and, if necessary, share your personal data in connection with a merger, acquisition, or reorganisation that involves the transfer of our business or part of it to a third party.

If this happens, we will notify you before sharing your personal data and will obtain your explicit consent before sharing any health data.

Personal Data - Legitimate Interest

Health Data - Explicit Consent


7. Who We Share Your Personal Data With

We only share your personal data where necessary for your care or where required by law.

This may include:

  • doctors, clinicians, and healthcare professionals involved in your treatment
  • pharmacies and diagnostic providers
  • laboratories and specialist referral providers
  • regulators and authorities where legally required
  • insurers or employers where your service is provided through them

We only share the minimum amount of information necessary for each purpose. Clinical (health) information is only shared where it is relevant to your care, where you have given your consent, or where there is another lawful basis to do so.

We do not share your medical information with employers or insurers for non-care purposes without your knowledge or, where required, your consent.

8. Data Processors We Work With

We work with trusted third-party providers who help us operate our services. These organisations act as data processors, which means they only process your personal data on our instructions and in accordance with our data protection policies.

DCA remains the data controller and is fully responsible for your personal data. All processing by third-party providers is governed by formal agreements that meet the requirements of Article 28 of the UK GDPR.

For example, processors may include:

  • Technology platform providers supporting consultations or medical records
  • IT and hosting providers
  • Administrative and support service providers

We may add other processors as our services develop, but we remain responsible for your data at all times.

9. International Transfers

Some of our technology providers may operate outside the UK or European Economic Area (EEA). Where this happens, we only transfer personal data when necessary to provide healthcare services or support our systems.

We ensure that your personal data is protected during such transfers by using appropriate safeguards, including:

  • Transfers to countries subject to an adequacy decision by the UK government
  • Standard Contractual Clauses approved by the UK Information Commissioner’s Office
  • Binding contractual obligations that require providers to maintain data protection standards equivalent to those in the UK

Even when your data is transferred internationally, your rights under UK data protection law remain in place. This includes the right to access, correct, or delete your data, and the right to have it processed securely.

Personal data is only retained for as long as necessary to provide care or meet legal and regulatory requirements.

10. How Long We Keep Your Data

We retain personal data only for as long as necessary to provide healthcare services and meet legal or regulatory obligations.

Your information

How long we keep it (retention period)

Medical records including any medical history and health information provided by you

Up to 10 years after the death of the patient

Audio or video recordings of consultation

2 years

Communications with support teams - phone calls, emails and live chats

1 year

 

11. How We Protect Your Data

We use appropriate technical and organisational measures to protect your personal data, including:

  • Data encrypted at rest and in transit
  • secure systems and hosting environments
  • restricted access to medical records
  • monitoring and security testing
  • staff confidentiality training

12. Your Rights

Under data protection law, you have rights over your personal data, including the right to:

  • access your personal data
  • correct inaccurate information
  • request deletion of your data in certain circumstances
  • restrict or object to certain processing
  • receive a copy of your data (data portability)
  • withdraw consent where processing is based on consent

To exercise these rights, please contact our Data Protection Officer.

13. Cookies and Website Tracking

Our website and apps use cookies and similar technologies to improve functionality and analyse usage.

You can manage your cookie preferences through your browser settings or our cookie banner.

14. Children’s Data

Some of our services may be used for children where permitted under the relevant healthcare scheme. Where children’s data is processed, additional safeguards apply and parents or guardians may be involved in decision‑making where appropriate.

15. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our services or legal requirements.

When we update the policy, we will revise the “Last updated” date at the top of the page.

16. Contact and Complaints

If you have concerns about how we use your personal data, please contact our Data Protection Officer: dpo@doctorcareanywhere.com

You also have the right to lodge a complaint with your local data protection authority, such as the Information Commissioner’s Office (ICO) in the United Kingdom.

Thank you for taking the time to read our Privacy Policy.