Privacy Policy

Staff GP Access ("we", "us", "our") provides an employee wellbeing service that helps UK businesses give their staff convenient access to GP support delivered by an independent third-party healthcare service provider. This Privacy Policy explains how we collect, use, share and protect personal data when you visit our website, request a quote, purchase a plan, or when your business uses our service.

For the purposes of UK GDPR and the Data Protection Act 2018, Staff GP Access is the data controller of personal data collected through this website and through our business relationship with you. Our healthcare service provider acts as an independent data controller of clinical and consultation data created when an employee uses GP services.

If you have questions about this policy or your data, please contact us:

• Email: [insert email address]
• Phone: [insert phone number]
• Postal: [insert UK business address]

We may collect and process the following categories of personal data:

• Business contact data: name, job title, business name, work email, work phone.
• Account & billing data: billing address, VAT details, plan size, payment confirmation references (we do not store full card details — payments are processed by Stripe).
• Enquiry data: the information you provide in our contact and quote forms, including industry and message content.
• Employee enrolment data (where you choose to share it): employee names and contact information needed to issue access details. You are responsible for ensuring you have a lawful basis to share this with us.
• Website usage data: IP address, device, browser, pages viewed and approximate location, collected through cookies and similar technologies.

Health and clinical information shared during a GP consultation (telephone or video) is handled directly by our healthcare service provider under their own privacy notice. Staff GP Access does not routinely receive or store the content of consultations or clinical records.

We use personal data for the following purposes:

• To respond to enquiries and prepare quotes — legitimate interests.
• To set up your business account, take payment and provide the service — contract.
• To arrange activation with our healthcare service provider — contract and legitimate interests.
• To send service-related communications (renewals, account changes) — contract.
• To comply with legal, regulatory and tax obligations — legal obligation.
• To prevent fraud, secure our systems and improve the website — legitimate interests.
• To send marketing about Staff GP Access where you have opted in or are an existing business customer — consent or legitimate interests. You can opt out at any time.

• Our healthcare service provider, to activate and deliver GP services to your staff.
• Stripe, to process online payments securely.
• IT, hosting, email, analytics and customer support providers acting as our processors.
• Professional advisers (accountants, lawyers, insurers) where reasonably necessary.
• Regulators, law enforcement and other authorities where required by law.

We do not sell personal data.

Where personal data is transferred outside the UK, we rely on UK adequacy regulations or appropriate safeguards such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.

We keep personal data only for as long as necessary for the purposes set out above, including to meet legal, accounting or reporting requirements. Enquiry data is typically kept for up to 24 months. Customer account and billing records are kept for at least 6 years to comply with UK tax requirements.

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and vetted suppliers. No system is completely secure, and we cannot guarantee absolute security of data transmitted over the internet.

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request erasure ("right to be forgotten") in certain circumstances.
• Restrict or object to processing in certain circumstances.
• Request data portability.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us using the details above. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

Our website uses cookies and similar technologies for essential site functionality and, with your consent, for analytics. You can manage cookies through your browser settings. A separate cookie notice will be displayed where required.

Our website and service are intended for businesses and adult employees. We do not knowingly collect data directly from children through this website.

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent version.

Staff GP Access is an employee wellbeing and GP support service. It is not private medical insurance and is not a replacement for emergency care. In a medical emergency, call 999 or use the appropriate NHS urgent care service.