Login
Login
Get Started

Privacy Policy

Effective Date: 23 February 2026
Last Reviewed: 10 June 2026

This privacy notice explains how Treat-It Clinic, operating as part of The GP Service (UK) Ltd, collects, uses and protects your personal information when you use our website, mobile application, web application and related clinical services.

In this notice, “Treat It”, “we”, “us” and “our” means Treat-It Clinic and The GP Service (UK) Ltd, unless stated otherwise.

Please read this notice carefully so that you understand how we use your personal information, what rights you have, and how to contact us if you have any questions or concerns.

1. Who We Are

Treat-It Clinic is a brand operated as part of The GP Service (UK) Ltd, a company registered in England and Wales.

Company number: 09359853

Registered / correspondence address: The Technocentre, Coventry University Technology Park, Puma Way, Coventry, West Midlands, CV1 2TT

Email: support@treat-it.clinic

Telephone: 0247 509 8777

Privacy contact: privacy@treat-it.clinic

ICO registration number: ZA194910

For the personal information we collect and use to provide our services, The GP Service (UK) Ltd is normally the data controller. This means we decide why and how your personal information is used.

In some cases, other organisations involved in your care, such as pharmacies, clinicians, laboratories, NHS GP practices or payment providers, may also act as separate data controllers for their own activities.

2. Our Commitment to Data Privacy and Security

We take our responsibilities under the UK General Data Protection Regulation, the Data Protection Act 2018 and relevant healthcare confidentiality requirements seriously.

We use personal information only where we have a lawful reason to do so. We also apply appropriate technical and organisational security measures to protect your information from unauthorised access, loss, misuse or disclosure.

Some operational support may be provided by staff or suppliers located outside the UK or European Economic Area, including, where applicable, Sri Lanka. Where this involves access to personal information, we apply safeguards designed to protect your information, including:

  • role-based access controls;
  • secure company-managed systems and devices;
  • encryption and secure remote access controls;
  • confidentiality obligations and staff training;
  • data processing agreements with relevant suppliers; and
  • appropriate international transfer safeguards, such as the UK International Data Transfer Agreement, UK Addendum to EU Standard Contractual Clauses, or other lawful transfer mechanisms where required.

3. The personal information we collect

We collect different types of personal information depending on how you use our services.

Registration and account details

This may include:

  • your name;
  • date of birth;
  • contact details, including email address, telephone number and postal address;
  • login and account details;
  • identity verification information;
  • NHS number, where applicable;
  • NHS GP practice details, where applicable; and
  • device, browser and technical information linked to your use of the Treat It system.

Clinical and health information

When you use our clinical services, we may collect:

  • medical history;
  • symptoms and consultation information;
  • medication and prescription information;
  • allergies and relevant health conditions;
  • consultation notes;
  • test results, where applicable;
  • Summary Care Record information, where this is accessed lawfully and with appropriate safeguards;
  • information you provide through forms, questionnaires or consultations; and
  • information needed to assess whether treatment or referral is clinically appropriate.

This type of information is special category data under data protection law and is handled with additional protections.

Payment and transaction information

Where you pay for services, payment information is processed securely by our payment provider, such as Stripe. We may receive limited payment confirmation details, but we do not store full card details.

Communications and support information

If you contact us, we may collect:

  • copies of emails or messages;
  • call notes or records of enquiries;
  • complaints or feedback;
  • support requests; and
  • information needed to respond to your query.

Website, cookies and analytics information

When you use our website or digital services, we may collect technical information such as:

  • IP address;
  • browser type;
  • device information;
  • pages visited;
  • date and time of access;
  • cookie identifiers; and
  • information about how users interact with our website.

Where analytics or marketing cookies are used, we will ask for consent where required.

4. Where we get your information from

Most of the information we use is provided directly by you.

We may also receive information from:

  • clinicians involved in your care;
  • pharmacy partners;
  • laboratories or diagnostic providers;
  • payment providers;
  • NHS services or GP practices, where applicable;
  • identity verification providers;
  • technology and system providers; and
  • analytics or marketing partners, where permitted.

5. How we use your personal information

We use your personal information for the following purposes:

To provide healthcare services

This includes:

  • registering you for the service;
  • assessing your suitability for treatment;
  • arranging consultations;
  • issuing prescriptions where clinically appropriate;
  • arranging delivery of prescriptions, medicines or test kits;
  • making referrals where needed;
  • maintaining clinical records;
  • sharing relevant information with your NHS GP or other healthcare professionals where clinically appropriate or required by professional guidance; and
  • dealing with clinical queries, complaints or safeguarding concerns.

To manage your account and communicate with you

This includes:

  • sending appointment, prescription, service and account notifications;
  • responding to enquiries;
  • helping with technical or support issues;
  • confirming payments and orders; and
  • notifying you of important service changes.

To meet legal, regulatory and professional obligations

This includes:

  • complying with healthcare regulation;
  • maintaining clinical records;
  • responding to regulators, courts or law enforcement where required;
  • managing complaints and incidents;
  • carrying out audits and quality assurance;
  • protecting patient safety; and
  • meeting tax, accounting and legal requirements.

To improve our services

We may use information to:

  • monitor service quality;
  • understand how our services are used;
  • improve user experience;
  • develop and test service improvements;
  • identify and resolve technical problems; and
  • produce anonymised or aggregated reports.

Where possible, we use anonymised information for service improvement so that individuals cannot be identified.

Marketing and service updates

We may send you marketing communications where we have a lawful basis to do so, such as your consent or where permitted by law.

You can opt out of marketing at any time by using the unsubscribe link in our emails or contacting us at support@treat-it.clinic.

We will still send you important service, clinical, account or safety communications where necessary, even if you opt out of marketing.

6. Our lawful bases for using your information

We rely on different lawful bases depending on the purpose of the processing.

These may include:

  • Contract: where we need to use your information to provide the service you have requested.
  • Legal obligation: where we must process information to comply with the law.
  • Legitimate interests: where we have a legitimate business, service, security or administrative reason to use your information, provided this does not override your rights.
  • Consent: where we ask for your consent, for example for certain marketing or optional cookies.
  • Vital interests: where processing is necessary to protect someone’s life.
  • Public task or healthcare-related legal duties: where relevant to the provision of health services and professional obligations.

For special category health information, we also rely on an additional condition under data protection law. This will usually be because the processing is necessary for the provision of health or social care, medical diagnosis, treatment, healthcare management, or for reasons of substantial public interest where applicable.

7. Who we share your information with

We only share personal information where there is a lawful reason and where it is necessary.

We may share information with:

  • clinicians, prescribers and healthcare professionals involved in your care;
  • pharmacy partners;
  • laboratories or diagnostic providers;
  • your NHS GP practice, where clinically appropriate or required by professional guidance;
  • NHS services, where applicable;
  • payment providers, such as Stripe;
  • IT, hosting, support and system suppliers;
  • delivery and fulfilment partners;
  • professional advisers, auditors and insurers;
  • regulators, including healthcare regulators and the Information Commissioner’s Office;
  • law enforcement agencies or courts, where required by law; and
  • organisations involved in safeguarding or protecting patient safety.

We do not sell your personal information.

8. Data storage, security and international access

Your information is stored securely using approved systems and infrastructure, which may include UK-based hosting providers such as AWS and Redcentric.

We use appropriate security measures, including:

  • encryption in transit;
  • HTTPS across our web and mobile systems;
  • access controls based on staff role and need;
  • secure authentication;
  • staff confidentiality obligations;
  • cybersecurity and data protection training;
  • audit logs and monitoring where appropriate;
  • supplier due diligence; and
  • data protection agreements with suppliers.

Where staff or suppliers outside the UK or EEA access personal information, access is restricted to what is necessary for their role and is protected by contractual, technical and organisational safeguards.

9. How long we keep your information

We keep personal information only for as long as necessary for the purpose it was collected, including to meet clinical, legal, regulatory, accounting and reporting requirements.

Clinical records are normally retained for at least 11 years, or longer where required by law, professional guidance, clinical safety requirements or the circumstances of the case.

Other types of information, such as account, billing, support, marketing or analytics information, may be kept for different periods depending on the reason it is held.

When information is no longer required, it is securely deleted, anonymised or archived in line with our retention procedures.

10. Your rights

You have rights under data protection law. These include the right to:

  • ask for a copy of your personal information;
  • ask us to correct inaccurate or incomplete information;
  • ask us to delete information in certain circumstances;
  • ask us to restrict how we use your information in certain circumstances;
  • object to certain uses of your information;
  • withdraw consent where we rely on consent;
  • object to direct marketing at any time;
  • ask for certain information in a portable format; and
  • complain about how your information has been handled.

Some rights may be limited where we need to keep information for clinical, legal, regulatory or patient safety reasons.

To exercise your rights, please contact:

Privacy contact: privacy@treat-it.clinic

We may need to confirm your identity before responding to your request.

11. Data protection complaints

If you are unhappy with how we have handled your personal information, please contact us first so that we can investigate and respond.

You can contact our Privacy Officer at:

Email: privacy@treat-it.clinic

Post: The Technocentre, Coventry University Technology Park, Puma Way, Coventry, West Midlands, CV1 2TT

Telephone: 0247 509 8777

We will review your complaint and respond in line with applicable data protection requirements.

You also have the right to complain to the Information Commissioner’s Office, which is the UK regulator for data protection.

ICO website: www.ico.org.uk

ICO telephone: 0303 123 1113

12. Cookies and analytics

Our website and digital services may use cookies and similar technologies to:

  • enable secure login;
  • remember user preferences;
  • improve website functionality;
  • understand how users interact with our services;
  • improve performance and security; and
  • support analytics and marketing, where permitted.

Essential cookies are needed for the website and system to work.

For non-essential cookies, such as analytics or marketing cookies, we will ask for consent where required. You can manage or disable cookies through your browser settings or through any cookie preference tool made available on our website.

Please see our Cookie Policy for more information.

13. Changes to This Privacy Notice

We may update this privacy notice from time to time to reflect changes in our services, systems, suppliers, legal requirements or how we use personal information.

Where changes are significant, we will take reasonable steps to bring them to your attention, such as by email, account notification or a prominent notice on our website.

14. Contact Us

If you have any questions about this privacy notice or how we use your personal information, please contact:

Privacy Officer

Treat-It Clinic / The GP Service (UK) Ltd

The Technocentre, Coventry University Technology Park

Puma Way

Coventry

West Midlands

CV1 2TT

Email: privacy@treat-it.clinic

Support email: support@treat-it.clinic

Telephone: 0247 509 8777