Book doctors, shop health and beauty products, and access trusted health content — in 110 languages. All in one place.

Your cart

Your cart is empty

Continue shopping

Global Privacy & Data Transfer Statement

CliniciansCheck is committed to safeguarding personal data across all jurisdictions in which we operate. This statement outlines how we manage the collection, processing, transfer, and protection of personal information in accordance with applicable data protection laws worldwide.

We apply consistent standards across all markets to ensure lawful, fair, and transparent data practices, supported by appropriate legal, technical, and organisational safeguards.

International Legal Frameworks We Follow
Our data governance model is designed to comply with the following frameworks:

  • General Data Protection Regulation (GDPR – European Union and United Kingdom)
  • UK Data Protection Act 2018
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Personal Information Protection and Electronic Documents Act (PIPEDA – Canada)
  • Health Insurance Portability and Accountability Act (HIPAA – United States)
  • Australian Privacy Principles (APPs – Australia)
  • Lei Geral de Proteção de Dados (LGPD – Brazil)

Other national data privacy regulations, through active monitoring and international legal partnerships

These frameworks govern how we collect, store, share, and transfer personal data. We adhere to these rules not only where required, but as a matter of principle.

Individual Rights by Jurisdiction
We recognise and support the rights of individuals under applicable law. These include:

United Kingdom and European Union:

  • Right to access personal data
  • Right to rectification
  • Right to erasure (“Right to be Forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing, including profiling and direct marketing
  • Right to lodge a complaint with a supervisory authority

United States (including California, Virginia, and other states):

  • Right to know what data is collected and how it is used
  • Right to access, correct, or delete personal data
  • Right to opt out of sale or sharing of personal data
  • Right to limit use of sensitive personal data
  • Right to non-discrimination for exercising privacy rights

Australia:

  • Right to access and correct personal information
  • Right to be informed about data handling practices
  • Right to complain to the Office of the Australian Information Commissioner

Other Regions: Wherever local data protection laws apply, we strive to meet or exceed their requirements. In the absence of local law, we apply international best practices as standard.

Cross-Border Data Transfers
Personal data may be transferred to or processed in countries outside the individual’s jurisdiction, including the United Kingdom, European Union, United States, Canada, and Australia.

All such transfers are:

  • Conducted in accordance with international data protection laws
  • Governed by approved Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements (IDTAs)
  • Supported by appropriate contractual and technical safeguards
  • Regularly assessed through data protection impact assessments and transfer risk evaluations
  • Implemented with security controls that maintain confidentiality, integrity, and availability of the data
  • We only transfer personal data to third countries where adequate safeguards are in place, and we routinely review those safeguards to maintain compliance.

Technical and Organisational Safeguards
We apply strict technical and organisational measures to ensure the ongoing protection of personal data. These include:

  • TLS 1.2+ encryption for data in transit
  • 256-bit encryption for data at rest
  • Access control policies with role-based permissions
  • Secure and compliant hosting infrastructure
  • Routine privacy and security audits
  • Privacy-by-design and data minimisation principles embedded into all systems
  • Vendor due diligence and contractual obligations with all data processors

Our infrastructure is aligned with the ISO/IEC 27001 and ISO/IEC 27701 standards for information security and privacy information management.

Your Privacy Choices and Controls
We provide clear options for individuals to exercise control over their personal information. These include:

  • Submitting a Data Subject Access Request (DSAR)
  • Requesting deletion, correction, or restriction of data
  • Managing contact details and communication preferences
  • Opting out of non-essential data collection (including marketing and analytics)

Reviewing and updating cookie preferences

To exercise your rights, you may use our secure request form or contact us directly via email.

Oversight and Accountability
We maintain detailed documentation of our privacy and data transfer practices and operate under the supervision of appropriate data protection authorities.

If you wish to raise a concern or exercise your rights under applicable data protection law, you may contact us or the relevant supervisory authority in your jurisdiction.

Contact Us
Data Protection Officer CliniciansCheck Ltd

Email: operationsteam@clinicianscheck.com