Home

Privacy Policy

Privacy Policy

Last updated: 12/09/2025

1. Introduction and Scope

NowDoctor Ltd, trading as UbiClinic (“UbiClinic”, “we”, “our” or “us”), registered in Northern Ireland under company number NI691716 and having its registered office at 6 St Saviours Gate, Parkgate, Ballyclare BT39 0FN, is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store, share, and safeguard personal data relating to individuals who use our platform and services, including Hosts (providers of clinical and wellness space) and Guests (practitioners booking space) (together, “Users”).

This Policy applies to your use of the UbiClinic platform and associated services within the United Kingdom. By creating an account or otherwise using our services, you acknowledge that you have read and understood this Privacy Policy.

We process personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA 2018”).

2. Data We Collect

We collect and process the following categories of personal data:

2.1 Data provided by Hosts

When registering and maintaining a Host account, we collect:

  • Forename and surname of the practice manager or other authorised representative,
  • Organisation name,
  • Street address of the premises,
  • Telephone number,
  • Email address,
  • Website address.

This information is required for verification purposes, for communication with UbiClinic and with Guests, and to ensure that Guests can identify and locate the Host’s premises.

2.2 Data provided by Guests

When registering and maintaining a Guest account, we collect:

  • Title, forename and surname,
  • Date of birth,
  • Email address,
  • Telephone number,
  • Website and/or social media handles (if provided),
  • Professional body membership number and professional credentials.

This information is required to verify practitioner identity and suitability, and to enable Hosts to make an informed decision regarding booking requests.

2.3 Documents and Credentials

Guests may upload documents evidencing qualifications, professional body membership, or insurance coverage.

  • Such documents are visible to Hosts with whom the Guest seeks to make a booking, and to UbiClinic administrators for account verification.
  • These documents are not shared with the general public or other third parties.

2.4 Technical and Log Data

When Users access the UbiClinic platform, we automatically collect:

  • IP address, stored in access logs for security, auditability, and abuse prevention,
  • Browser and device information (to the extent logged for security purposes),
  • Authentication cookies used to maintain active sessions.

Cookies are used solely for authentication and security. UbiClinic does not use cookies for tracking, analytics, or advertising purposes.

2.5 Communications Data

Messages sent via the UbiClinic internal messaging system are stored to provide a record of communications between Hosts and Guests, and to enable UbiClinic to investigate disputes or misuse of the platform.

3. How We Use Personal Data

We use the personal data described in Section 2 for the following purposes:

3.1 Provision of Services

  • To create, administer, and manage User accounts,
  • To verify the identity, credentials, and authorisation of Hosts and Guests,
  • To process bookings, payments, and cancellations,
  • To facilitate secure communication between Hosts and Guests through the UbiClinic platform.

3.2 Communications

  • To send service-related communications, including booking confirmations, cancellations, updates, and support notifications,
  • To send infrequent updates regarding changes to the platform or our terms and policies,
  • To send notifications of new listings or availability where a Guest has explicitly requested such alerts (consent-based).

3.3 Security and Abuse Prevention

  • To maintain audit logs and monitor access to prevent fraud, unauthorised use, or abuse of the platform,
  • To investigate and resolve disputes or complaints between Users.

3.4 Service Improvement and Analytics

  • To analyse how Users interact with the platform, including usage frequency and feature popularity,
  • To identify areas where services may be improved,
  • To conduct research into platform performance and reliability.

We do not use personal data for advertising or marketing purposes beyond the communications described above.

4. Sharing of Personal Data

4.1 Sharing with Hosts

When a Guest submits a booking request, UbiClinic will share the following details with the relevant Host for the purpose of evaluating and confirming the booking:

  • Guest’s name, profile picture, professional credentials, membership number, verification status, and any supporting documents uploaded.

This information is shared solely with the Host(s) to whom the booking request is directed. It is not shared with other Hosts or with the general public.

4.2 Sharing with Guests

When a Guest views available listings, they will be provided with the Host’s organisation name, premises address, contact details, and other information necessary for the Guest to make an informed booking decision.

4.3 Sharing with UbiClinic Administration

UbiClinic administrators may access User data, including credentials and documents, for the purposes of:

  • Verifying accounts and compliance with these Terms,
  • Investigating disputes, misconduct, or misuse,
  • Performing security, auditing, and support functions.

4.4 Payment Processing

  • Hosts must register a connected account with Stripe to receive payments.
  • UbiClinic shares a unique connected account identifier with Stripe to facilitate payment processing.
  • Stripe collects and processes Host banking and payment details directly; UbiClinic does not store or have access to such information.
  • All payment processing is subject to the Stripe Terms of Service.

4.5 External Sharing

Except as provided in this Section, UbiClinic does not disclose personal data to third parties.
We do not sell or license User data.
We will only disclose data where required by law, court order, or regulatory obligation.

5. Legal Basis for Processing

UbiClinic processes personal data under the following lawful bases, as provided by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018:

5.1 Contractual Necessity

Processing is necessary for the performance of the contract between UbiClinic and the User, including:

  • Creating and administering accounts,
  • Facilitating bookings and payment transactions,
  • Communicating booking confirmations, amendments, and cancellations.

5.2 Legitimate Interests

We process personal data where it is necessary for our legitimate interests, provided such interests are not overridden by the fundamental rights and freedoms of the User. This includes:

  • Ensuring the security and integrity of the platform,
  • Monitoring and preventing misuse or fraudulent activity,
  • Analysing platform usage to improve functionality and user experience,
  • Investigating and resolving disputes between Users.

5.3 Legal Obligations

We may process and retain certain data to comply with applicable legal, tax, and regulatory obligations, including record-keeping and auditing requirements.

5.4 Consent

Where we rely on consent, Users will be asked to provide clear and explicit agreement prior to processing. Consent may be withdrawn at any time. Consent-based processing includes:

  • Sending notification emails about new listings or availability, where a User has opted-in to receive such communications,
  • Storing and displaying supporting credentials uploaded by Guests, accessible only to relevant Hosts and UbiClinic administrators.

6. Data Retention and Storage

6.1 Retention Period

  • UbiClinic retains personal data for as long as a User maintains an active account on the platform.
  • Upon account closure, personal data will be deleted or anonymised, save that:
    • Booking and transaction records may be retained for up to five (5) years for financial, auditing, and legal compliance purposes.
    • Records of disputes or investigations may be retained for as long as reasonably necessary to resolve the matter and comply with legal obligations.

6.2 Storage Location

All personal data is stored in a secure cloud environment located within the United Kingdom.

6.3 Security Measures

UbiClinic implements appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction, including but not limited to:

  • Encrypted connections (TLS) for all data transmissions,
  • Authentication and authorisation procedures for access control,
  • Logging and monitoring of system access,
  • Periodic security reviews and testing of platform safeguards.

While we take all reasonable steps to protect User data, no system can be guaranteed as completely secure. Users acknowledge that they provide information at their own risk, subject to the protections afforded under applicable law.

7. User Rights

In accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Users are entitled to exercise the following rights in respect of their personal data:

7.1 Right of Access

Users have the right to request confirmation as to whether their personal data is being processed and, where that is the case, to obtain a copy of such data together with certain related information.

7.2 Right to Rectification

Users have the right to request the correction of any inaccurate or incomplete personal data held by UbiClinic.

7.3 Right to Erasure

Users may request the deletion of their personal data where:

  • The data is no longer necessary for the purposes for which it was collected,
  • The User withdraws consent (where processing is based on consent),
  • The User objects to processing (where processing is based on legitimate interests), or
  • The processing is unlawful.

This right is subject to any overriding legal or regulatory obligations requiring UbiClinic to retain certain information.

7.4 Right to Restrict Processing

Users may request the restriction of processing of their personal data under specific circumstances, including disputes regarding accuracy or objections to processing.

7.5 Right to Data Portability

Where processing is carried out by automated means and based on consent or contract, Users have the right to receive their personal data in a structured, commonly used, and machine-readable format, and to request transmission to another controller.

7.6 Right to Object

Users may object at any time to the processing of their personal data where such processing is based on legitimate interests. UbiClinic shall cease processing unless compelling legitimate grounds are demonstrated.

7.7 Right to Withdraw Consent

Where processing is based on consent, Users may withdraw their consent at any time, without affecting the lawfulness of processing carried out prior to such withdrawal.

7.8 Right to Complain

Users have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or other competent supervisory authority if they believe their rights have been infringed.

8. Cookies

8.1 Use of Cookies

UbiClinic uses cookies strictly necessary for the functioning of the platform. These cookies are employed solely to:

  • Authenticate Users during login sessions,
  • Maintain secure access to User accounts,
  • Facilitate navigation and continuity of service within the platform.

8.2 No Tracking or Advertising Cookies

UbiClinic does not employ cookies for analytics, advertising, marketing, or tracking purposes.

8.3 User Control

Most browsers allow Users to manage or block cookies via their settings. However, as authentication cookies are essential for platform operation, disabling such cookies may result in loss of access to User accounts or services.

9. Children and Minors

9.1 Eligibility

The UbiClinic platform is intended exclusively for use by individuals aged 18 years and over.

9.2 Prohibition on Use by Minors

Persons under the age of 18 are strictly prohibited from creating an account, accessing, or using the platform in any capacity.

9.3 Verification

UbiClinic reserves the right to take reasonable measures to verify the age of Users, including requesting supporting documentation where appropriate. Accounts found to be in breach of this requirement may be suspended or permanently terminated.

10. Geographic Scope

10.1 Territorial Limitation

The UbiClinic platform is intended for use by individuals and organisations resident or established within the United Kingdom.

10.2 Restriction on Non-UK Use

Users located outside the United Kingdom are not authorised to create an account or utilise the platform.

10.3 Disclaimer of Liability

UbiClinic accepts no responsibility or liability for any use of the platform by persons or entities outside the United Kingdom, and such use shall be at the User’s own risk.

11. Changes to this Privacy Policy

11.1 Right to Amend

UbiClinic reserves the right to amend, update, or otherwise modify this Privacy Policy at any time, to reflect changes in legal requirements, operational practices, or services offered.

11.2 Notice of Changes

Users will be notified of material changes in advance by email to the address registered with their account. The updated Privacy Policy will also be made available on the platform.

11.3 Continued Use as Acceptance

Continued access to or use of the platform after the effective date of any changes shall constitute the User’s acceptance of the revised Privacy Policy.

12. Contact Information

12.1 Data Controller

The data controller responsible for the processing of personal data under this Privacy Policy is:

NowDoctor Ltd, trading as UbiClinic
Company No. NI691716
6 St Saviours Gate
Parkgate, Ballyclare
BT39 0FN
United Kingdom

12.2 Contact for Data Requests

For all privacy-related enquiries, including requests to access, correct, delete, or export your personal data, please contact us at:

Email: support@ubiclinic.io