Privacy Policy

Effective Date: 5 October 2025

GP Practice Resources ("we", "us", "our") is committed to respecting and protecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal data when you use our website, digital downloads, and related services (collectively, the "Services"). It applies to visitors, registered users, and customers located in the United Kingdom and the European Economic Area.

1. Data Controller

GP Practice Resources acts as the data controller for personal data processed through the Services. Questions about this Policy can be submitted via our contact form or by emailing privacy@gppracticeresources.co.uk.

2. Personal Data We Collect

We collect and process the following categories of personal data:

  • Account details: name, practice name, professional role, email address, and password (stored in hashed form).
  • Transaction data: billing contact, purchase history, VAT numbers, and invoice records for paid offerings.
  • Communications: enquiries submitted via our contact form, support tickets, testimonials, and survey responses.
  • Usage information: device identifiers, IP address, browser type, pages viewed, and interactions with downloadable Resources.
  • Marketing preferences: opt-in status for newsletters or product updates.

3. How We Use Personal Data

We process personal data to:

  • Provide, personalise, and maintain the Services and downloadable Resources.
  • Fulfil purchases, manage subscriptions, and provide customer support.
  • Send service notices, product updates, and where permitted, marketing communications.
  • Monitor performance, conduct analytics, and improve the Services.
  • Protect against fraud, misuse, or security threats.
  • Comply with legal obligations, including tax and accounting requirements.

4. Legal Bases for Processing

We rely on the following legal bases under UK GDPR:

  • Contract performance: to provide Resources and services you request.
  • Legitimate interests: to improve the Services, secure our platform, and communicate relevant updates. We balance these interests against your rights and expectations.
  • Legal obligation: to meet statutory record-keeping or regulatory requirements.
  • Consent: for optional updates, marketing emails, and non-essential cookies. You may withdraw consent at any time.

5. How We Share Personal Data

We share personal data only when necessary:

  • Service providers: trusted processors that host our infrastructure, process payments, send emails, or provide analytics. Each provider is bound by contractual data protection obligations.
  • Professional advisers: accountants, auditors, or legal counsel when required.
  • Regulators or authorities: where we must comply with legal or regulatory requests, or defend legal claims. We do not sell personal data.

6. International Transfers

If we transfer personal data outside the UK or EEA, we will use approved safeguards such as the UK International Data Transfer Addendum, Standard Contractual Clauses, or rely on adequacy regulations.

7. Data Retention

We retain personal data for as long as needed to deliver the Services, comply with legal obligations, resolve disputes, and enforce our agreements. We apply anonymisation or secure deletion when data is no longer required.

8. Security Measures

We implement administrative, technical, and physical safeguards, including encryption in transit, access controls, and regular security reviews. No system is completely secure, so you should protect your account credentials and notify us of suspected breaches promptly.

9. Your Rights

Under UK data protection law you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data where we have no legal basis to continue processing.
  • Object to or restrict processing in certain circumstances.
  • Receive a copy of your data in a portable format.
  • Withdraw consent for processing based on consent. To exercise your rights, contact us using the details above. We may need to verify your identity before responding.

10. Cookies and Similar Technologies

We use essential cookies to operate the Services and, with consent, analytics cookies to understand usage. For detailed information on the types of cookies we deploy and how to manage your preferences, see our Cookie Policy.

11. Children

The Services are designed for professionals working in GP practices. We do not knowingly collect personal data from children under 16. If you believe a child has provided information, contact us so we can delete it.

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in law or our practices. The "Effective date" shows the latest revision. We will provide advance notice of material changes when required by law.

13. Concerns and Complaints

If you have concerns, please contact us first so we can address them. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
https://ico.org.uk
Telephone: 0303 123 1113