Dr Fertility is totally committed to protecting the privacy of users of our services and Website. We understand the sensitive nature of our products and the importance of privacy on the internet. We comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) and strive to be market leaders when it comes to digital health and privacy.
This policy explains how we use your personal data for our Healthcare Services and Products and covers:
- Who we are;
- Your personal data that we store and how we obtain it;
- What we use your personal data for;
- How and why we share your personal data with others;
- How long we retain your data;
- Data storage, security and transfers;
- Changes to this policy;
- Your rights.
If you have any further questions about how we process your information, please do not hesitate to get in touch by contacting our Data Protection Officer:
Address: Data Protection Officer, Dr Fertility, WeWork, No.1 Spinningfields, Quay Street, Manchester M3 3JE
1. Who we are
Our mission at Dr Fertility is to support anyone on their fertility journey through providing fertility education, products and services.
Any reference to “Dr Fertility”, “our”, “us”, “we” and “Company” are references to Dr Fertility Ltd, a limited company registered in England and Wales (company number 11403516), the registered office being WeWork, No.1 Spinningfields, Quay Street, Manchester M3 3JE.
“Website” – we provide products, content and services via our Website https://www.drfertility.co.uk
“Website Provider” – our website is managed and hosted by the third-party Shopify Inc.
“Services” – these include Healthcare Consultations, Home Testing Services, referrals, and the sale of products on our Website.
“Healthcare Consultations” – our Clinicians provide telephone consultations and video consultations via our Third-Party Clinical System
“Clinicians” – the appropriately qualified medical professionals such as doctors, nurses and pharmacists based in the UK who provide the Healthcare Consultations.
“Third-Party Clinical System” – we utilise Heydoc Ltd software to provide video healthcare consultations
“Testing Provider” - we work with Medichecks.com Ltd to offer Home Testing Services
“Home Testing Services” – our range of testing Services that can be undertaken at home.
“Products” – we offer a range of fertility products including fertility monitors, ovulation tests, pregnancy tests, fertility lubricants, vitamins and supplements
“Fulfilment Partner” - we fulfil product orders for products we stock via our partner Virtual Distribution Ltd
“Dropship Partners” – we fulfil some products directly from manufacturers and distributors where necessary
2. Your personal data that we store and how we obtain it
The information we collect and store falls into the following categories:a) Personal details
When you purchase a Product, book a Healthcare Consultation or Home Testing Service, set up an account or subscribe to receive our communications, you provide us with basic information about yourself, such as your name, date of birth, physical address and email address. You will also present a copy of photo identification (ID) to one of our Clinicians during a healthcare consultation to confirm your identity. You are responsible for the accuracy of the information that you provide to us.
b) Health and medical information
Following a Healthcare Consultation or Home Testing Service, we will also hold health and medical information. This will include information about your health, symptoms, treatments, consultations and sessions, medications, and test results. Prior to your Healthcare Consultation you may be asked to complete a pre-consultation questionnaire, from which information will be updated on our Third-Party Clinical System.
Following or during a Healthcare Consultation or Home Testing Service, one of our Clinicians will update our clinical system with details of the consultation and any test results. You will be given access to these consultation notes through our Third-Party Clinical System.
Your purchase history with our Website may be shared with our Clinicians to offer you a better experience and for the purposes of providing you with personalised health care.
We get some of this information directly from you when you register with us and when you use our healthcare Services. If you have given consent for us to do so, we will send the consultation notes that we take during your Healthcare Consultation and test results with your GP using secure NHSmail.
We retain records of our consultations and interactions with you to also enable us to carry out audits to ensure a high quality of care is provided to you, and to allow us to learn from them to improve the quality of our Services. To monitor our service quality, we may retain records of when you contact our support teams via email, phone or our interactive chatbot and live chat service on our Website.
c) Financial information
If you make any payments on our Website or Third-Party Clinical System, your credit/debit card details are processed directly by a third-party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers and we will not retain your credit or debit card information.
d) Technical information and analytics
When you use our Website or Third-Party Clinical System, we may automatically collect the following information where this is permitted by your device or browser settings:
We work with partners who provide us with analytics and advertising services (for our Services only and not for third party advertising). This includes helping us understand how users interact with our Services, providing our advertisements on the internet, and measuring performance of our Services and our adverts. Cookies and similar technologies may be used to collect this information, such as your interactions with our Services.
Cookies are a small file containing letters and numbers that are stored in your browser or the hard drive of your device and it is used to transfer information. You can prevent the setting of cookies by adjusting the settings on your browser or your mobile phone.
3. What we use your personal data for
We only collect, keep, use or share your information for genuine business purposes, when you have approved us to do so, or when we are obliged to legally. These purposes are as follows:
a) Providing products and services
We collect and use your personal details and financial details to develop and deliver our contractual agreement with you for the provision of the Services.
We obtain and use your health and medical information for medical purposes, including medical diagnosis and the provision of healthcare or treatment. This includes the information collected through our Healthcare Consultations with you and our Home Testing Services.
It may also include sharing information with other healthcare professionals as necessary for the provision of healthcare to you, such as your GP, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, and diagnosis centres chosen by you for the purpose of imaging request forms.
b) Service and product improvement
We will use your medical information to improve our healthcare Products and Services for the purpose of ensuring high standards of quality and safety of healthcare to safeguard your rights. Strict confidentiality and data security provisions apply at all times to safeguard your rights and you can at any time ask us to stop using your medical information in this way.
We may also anonymise certain parts of the information that you provide to us before aggregating it with other data in a manner that means that it cannot be de-anonymised and used to subsequently identify you (for example, so that we can analyse trends within, say, women aged between 18-30). This anonymised aggregated data may be used by us to develop our business and identify trends and shall not be subject to data protection laws.
c) Other uses
We continually strive to improve our business and for the purpose of enabling us to do this by identifying potential user experience or technical issues we may analyse data about your use of our Products and Services. Analysis of this data also enables us to forecast demand for our products and services to help us to match our capacity with demand. Strict confidentiality and data security provisions will apply at all times and we will not use your medical information for this purpose.
Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection.
In order to enable us to properly provide ongoing healthcare or treatment, we are required to store your medical information for safety, regulatory, and compliance purposes to ensure high standards of quality and safety of our Services. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by regulatory bodies including the General Medical Council, MHRA, and Care Quality Commission, or as otherwise required by law or regulation. In all cases we shall only act where suitable and specific measures exist to safeguard your rights. We will also audit consultations and your other interactions with our Services for safety, regulatory and compliance purposes as necessary to ensure appropriate standards are being met in respect of the provision of healthcare or treatment. Strict confidentiality and data security provisions will apply at all times to any such audit and access.
d) Communicating with you
As part of our contractual agreement to provide Products and Services, we use your email address, phone number and/or other details to contact you by email or telephone to update you on your product order (including order confirmation, dispatch confirmation), Healthcare Consultation or Home Testing Service.
Where you have opted in to receive marketing communications, we may use your email address, phone number and/or other details to present you with occasional updates, marketing messages and research requests (such as surveys and focus groups). To help improve the relevancy of our marketing messages we may utilise your personal details and medical information (such as local events in your area, and content tailored for specific medical conditions). You have the right to opt out of marketing communications at any time by clicking the “unsubscribe” link in our emails or by contacting us using the details above.
4. How and why we share your personal data with others
We will never sell information that can be used to personally identify you to a third party. However, we may share and disclose your personal data to certain third parties as set out in the following section.
We may share personal information about you (for example, purchases made via our website) with our Clinicians for the purposes of enabling them to undertake consultations and provide healthcare and treatment. Such Clinicians shall always be registered as medical professionals subject to a general obligation of confidentiality to you and a duty to protect your personal information, but they will also be subject to contractual obligations with us to do the same.
b) Information sharing with third-party service providers
We may share personal information about you in respect of our Website, Products and Home Testing Services with our service providers and partners, which include our Testing Provider, Fulfilment Partner, Dropship Partners, our ecommerce platform provider (Shopify), our payment service providers (PayPal, Stripe, Amazon Pay) , our cloud service providers (Amazon Web Services), and email marketing provider (Mailchimp). Through Shopify we use a number of third-party apps to provide services such as the regular back up of data and to manage delivery costs per product. A full list of our third party providers can be obtained from contacting our DPO at DPO@drfertility.co.uk.
Our Amazon Web Services servers are based in the United Kingdom; however, we may transfer your personal data outside of the UK and the European Economic Area (EEA) (e.g. Shopify is based in Canada and Mailchimp in the United States). This will always be in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards.
c) Information sharing with other healthcare providers
We will, where necessary for your treatment or care and with your prior consent, share your information with your other health and social care providers. For example, your NHS and other NHS bodies, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, diagnosis centres chosen by you for the purpose of imaging requests, and other health and care bodies.
We may be required to share information, without consent, with other healthcare providers for safeguarding purposes in accordance with our legal obligations.
d) Anonymised information
We may display on our marketing communications, Website and internal reporting, aggregated and anonymised data that does not personally identify you, but which shows general statistics and trends, for example, survey results and customer review rating.
e) Legal Disclosures
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our Services or the physical safety of any person.
f) Third Party Purchaser
Except as described above, we will never share your personal information with any other party without your consent.
5. How long we retain your data
6. Data storage, security and transfers
We store all your personal data and health and medical information on secure Amazon Web Services servers in the UK.
We use Shopify as our ecommerce platform provider in respect of sales of Products and Home Testing Services via our website. Where you submit personal data to our website it transfers through Shopify’s servers before we receive the relevant details, under normal circumstances Shopify will use its servers in the Republic of Ireland for this but on occasion its servers in the USA or in Canada may be used. There is no intention that your data will be accessed or manipulated while it is on those servers and therefore this is deemed to be transferred within the UK.
Where you have chosen a password that enables you to access your personal account, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
We do not store any credit or debit card information. Payments are processed via a third-party payment provider whose servers are located within either the UK, the EEA or the US that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL technology.
Your data may be processed or stored via destinations outside of the UK and the European Economic Area (EEA), but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards. For example, we work with third parties who help deliver our Services to you, whose servers may be located outside the UK or EEA.
Those safeguard may include the transfer personal information to countries that have been assessed by the European Commission as providing an adequate level of protection for personal information. Where we transfer data to companies within the US we will ensure that such companies are certified under the EU-US privacy shield. In all cases we shall also ensure that appropriate contractual arrangements are in place to protect your personal data, including (where the foregoing does not apply) standard model clauses in a format approved by the EC.
7. Changes to this policy
We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our Products and Services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy.
8. Your rights
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by unsubscribing from our communications or contacting us at: DPO@drfertility.co.uk
Under data protection law, you have rights including:
- Your right of access - You have the right to ask us for copies of your personal information (also known as a subject access request).
- Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
- Your right to not be subject to automated individual decision making – you have the right to not be subject to decisions based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at DPO@drfertility.co.uk if you wish to make a request. If you ask us to no longer send you any marketing (by email or SMS) please allow two working days for your request to be processed in our system.
Contacting The Information Commissioner's Office
If you are not happy with the way in which we have dealt with your personal data or your enquiries relating to that personal data, it is your right to make a complaint to the data protection regulator. The regulator is the Information Commissioner’s Office:
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113 (local rate).
ICO website: https://www.ico.org.uk
Last updated: 17.06.2020