Privacy Policy
Introduction
GENERALPRACTICE.AI respects the privacy of its customers, suppliers and partners. We have therefore formulated and implemented a policy on complete transparency regarding the processing of personal data, its purpose(s) and the possibilities to exercise your legal rights in the best possible way. For employees, we have formulated a separate privacy policy, available upon employment and upon request.
This privacy policy pertains to processing by GENERALPRACTICE.AI by means other than through the use of cookies. GENERALPRACTICE.AI has formulated a separate cookie policy, which can be found on our GENERALPRACTICE.AI's websites: www.generalpractice.ai
Definitions
Party responsible for processing personal data: GENERALPRACTICE.AI; with registered address at 26 South Drive, Dundee, United Kingdom, DD2 5SJ; company registration number 13590557 and Data Protection Officer, Angus Perry who can be reached at info@generalpractice.ai (the “Controller”).
-
Data Protection Authority: The Data Protection Authority of the United Kingdom.
-
Data Protection laws: For European citizens or residents, the EU GDPR 2018; the EU e-privacy directive 2002;
-
For UK citizens or residents, the UK GDPR 2020 and the UK Data Protection Act 2018
and the national laws of the countries where we operate;
For Australian citizens, the Privacy Act 1988.
Collection of data
-
Your personal data will be collected by GENERALPRACTICE.AI and its data processors.
-
Personal data means any information relating to an identified or identifiable natural person (‘data subject’).
-
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The types of personal data we may process through third party applications:
-
Business process.
-
Data.
-
Source.
-
Legal Basis.
-
Providing information and following up on marketing/sales enquiries
-
Names, email addresses and names of the medical practices.
-
Directly from individuals, often clinicians or administrative staff, who are interested in the software.
-
Consent through the website.
-
Functioning of the software and account management.
-
Medical practice name, medical practice address, contact information of key users, user email addresses and user job titles.
-
User data, such as email addresses and job titles, is collected from clinicians and staff members within these medical practices.
-
Legitimate interest.
-
Subscription management.
-
Medical practice data, contact information of key contacts.
-
provided by representatives of the practice, such as practice managers or administrators.
-
Legitimate interest.
-
Billing.
-
Customer names, customer email addresses.
-
Collected from the representatives of the medical practices who are handling the business transactions.
-
Legitimate interest.
​
Purposes
GENERALPRACTICE.AI processes personal data for one or more of the following purposes:
Providing information and following up on marketing/sales enquiries
-
Names
-
Email addresses
-
Medical Practice Data
Functioning of the software and account management
-
Practice details
-
Contact information
-
Email addresses of users
-
Job titles of users
Subscription management
-
Practice details
-
Contact information
Billing
-
Customer names
-
Customer email addresses
How we collect, store or otherwise process your data:
Data is collected through various methods by GENERALPRACTICE.AI:
-
We collect data on our GeneralPractice.AI website for website enquiries;
-
We collect data via our online sign-up process or through direct interactions with our Australian counterpart to enable practices to sign up to use of our software;
-
We collect user data during the onboarding process with the medical practices;
-
We use third-party software to manage customer data for accounting and customer relationship management purposes.
Sharing data with third parties
We may have to share your data with third parties, including third-party service providers. We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your Personal Data outside the United Kingdom. If we do, you can expect a similar degree of protection in respect of your Personal Data. We will only share your Personal Data with third parties in accordance with the GDPR and as outlined in the legal justification table above.
All data collected is hosted on platforms that comply with relevant data protection regulations. Specifically, data hosted on Glide's platform (the software - using Google Cloud), Xero (Amazon Web Services (AWS) and Wix (Company website) is stored on a top-tier, third-party data hosting providers with servers located in the US.
Storage and protection of data
Your data is protected by GENERALPRACTICE.AI and its processors in pursuance to all legal requirements set by the relevant data processing laws. GENERALPRACTICE.AI has taken technical and organisational security measures to protect your data and requires its data processors to meet the same requirements. GENERALPRACTICE.AI has signed processing agreements with its processors to ensure an adequate level of data protection.
In principle, all data is hosted within the UK or the EEA. Exceptionally, we may use third party applications to process data whose headquarters are located in the US. In this case, the third party relies on the US-UK Data Bridge and takes adequate precautions to ensure the security and privacy of data is maintained, including but not limited to encryption.
The following security measures are taken by GENERALPRACTICE.AI to protect your personal data in the course of the listed business processes:
Organisational security measures
Staff
GENERALPRACTICE.AI staff members are required to conduct themselves in a manner consistent with GENERALPRACTICE.AI’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. All staff members undergo appropriate background checks prior to hiring and sign a confidentiality agreement outlining their responsibility in protecting customer data. We continuously train staff members on best security practices, including how to identify social hacks, phishing scams, and hackers.
Access controls
GENERALPRACTICE.AI maintains your data privacy by allowing only authorized individuals access to information when it is critical to complete tasks for you. GENERALPRACTICE.AI staff members will not process customer data without authorization.
Data hosting
As a rule, data is hosted within countries and areas that provide a substantially similar level of protection as data subjects have under the GDPR. To ensure this, we rely on Adequacy Decisions as a legal basis for our international data transfers. In exceptional circumstances, where data is transferred to a country or area not subject to an Adequacy Decision, we rely on Standard Contractual Clauses with the recipient and take
supplementary security measures to secure this data transfer, such as anonymisation.
Physical security
The data centres on which personal data is hosted are secured and monitored 24/7 and physical access to facilities is strictly limited to select staff.
Technical security measures
All devices which are used to access personal data for which we are responsible are secured with antivirus software, firewalls, encryption and access management. We regularly update operating systems and software to ensure vulnerabilities cannot be exploited. We carry out regular vulnerability scanning of our website and have engaged credentialed external auditors
to verify the adequacy of our security and privacy measures.
​
Your rights regarding information
For data subjects from the EEA and/or the UK
Each data subject has the right to information on and access to, and rectification, erasure and restriction of processing of their personal data, as well as the right to object to the processing and the right to data portability.You also have the right to request that you are not made subject to decision making based solely on automated processes, including profiling, if these decisions would have a significant effect on you.
You can exercise these rights by contacting us at the following email address: info@generalpractice.ai
If we have any doubts as to your identity, we may request you to provide us with proof of identification, such as through sending us a copy of your valid ID. Ensure that you write “Data Request” in the subject line of your email.
Within one month of the submitted request, you will receive an answer from us. We will not charge you for submitting your request unless the request is manifestly unfounded or otherwise unreasonable in its nature.
Depending on the complexity and the number of the requests this period may be extended to two months.
For data subjects from Australia
We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988.
This privacy notice satisfies the notice requirements defined in the Privacy Act, in particular: what personal information we collect from you, from which sources, for which purposes, and other recipients of your personal information.
If you do not wish to provide the personal information necessary to fulfil their applicable purpose, it may affect our ability to provide our services, in particular:
-
offer you the products or services that you would like to use;
-
respond to or help with your requests on our website or via our software;
-
manage your subscription or account with us;
-
confirm your identity and protect your account.
At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us at info@generalpractice.ai
If you believe we are unlawfully processing your personal information, you have the right to submit a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner.
​
Marketing
You may receive commercial offers from GENERALPRACTICE.AI. If you do not wish to receive them (anymore), please send us an email to the following address: info@generalpractice.ai and ensure that you write “Data Opt-Out” in the subject line of your email.
Your personal data will not be used by our partners for commercial purposes.
If you encounter any personal data from other data subjects while visiting our website, you are to refrain from collection, any unauthorised use or any other act that constitutes an infringement of the privacy of the data subject(s) in question. The collector is not responsible in these circumstances.
​
Data retention
GENERALPRACTICE.AI retains personal data only for so long as necessary to fulfil the purposes for which it was collected, including as described in this Privacy Policy or as required by law. We will retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Policy. When assessing retention periods, we first carefully examine whether it is necessary to retain the personal data collected and, if retention is required, work to retain the personal data for the shortest possible period permissible under law. You may, at any time, request your data to be deleted from any GENERALPRACTICE.AI account, system or other data processing medium in accordance with the process described above.
Applicable law
These conditions are governed by the laws and regulations of the country where we are headquartered. The court in the district where we are headquartered has the sole jurisdiction if any dispute regarding these conditions may arise, save when a legal exception applies.
Children's Data
We do not knowingly process children's data, unless specifically stated in this Privacy Policy. If you have concerns about or knowledge of a child using our services, products, websites or apps without parental consent, please contact our DPO via info@generalpractice.ai to ensure we can take appropriate action as soon as possible.
Contact
For questions about this privacy policy, product information or information about the website itself, please contact: info@generalpractice.ai
​​