Book doctors, shop health and beauty products, and access trusted health content — in 110 languages. All in one place.

Your cart

Your cart is empty

Continue shopping

Global Privacy Jurisdictional Data Map

Clinicians Check

Version 1.0 | Published: 29 May 2025 | Status: Active

Next Review Due: 29 November 2025

Policy Owner: Global Data Protection Officer (DPO)

Approved by: Legal, Privacy and Ethics Committee

Jurisdiction: Global – UK, EU, US, Canada, Australia, Singapore, India, Brazil

1. Purpose

1.1 This document outlines the jurisdictions in which CliniciansCheck operates and details how personal data is collected, stored, transferred, and protected across international borders.

1.2 It supplements the Global Privacy Policy by providing users, regulators, and partners with a clear view of how local laws are applied and which protective measures are in place to ensure lawful data handling and cross-border compliance.

2. Scope

2.1 This data map applies to all users, patients, clinicians, vendors, partners, and third-party processors engaged through the CliniciansCheck platform.

2.2 It includes personal data, sensitive health data, profile data, transaction records, communications, and uploaded documentation.

2.3 The map details data residency, applicable privacy laws, legal transfer mechanisms, and supervisory authority contact points per jurisdiction.

3. Jurisdictional Compliance Summary

3.1 United Kingdom Personal data is processed in accordance with the UK GDPR and the Data Protection Act 2018. Supervisory authority: Information Commissioner's Office (ICO). International transfers are governed by UK International Data Transfer Agreements (IDTAs) or UK Addendums to EU Standard Contractual Clauses (SCCs).

3.2 European Union (EU/EEA) Personal data is governed by Regulation (EU) 2016/679 (General Data Protection Regulation). Data may be transferred internationally using EU SCCs, adequacy decisions, or binding corporate rules. Supervisory authorities vary by member state.

3.3 United States Personal data is processed in compliance with applicable state laws including the California Consumer Privacy Act (CCPA) and the Health Insurance Portability and Accountability Act (HIPAA). Data transfers follow the EU–US Data Privacy Framework (where applicable) or SCCs. Additional controls are applied to protected health information (PHI).

3.4 Canada Data is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA). Transfers are protected through contractual and technical safeguards. Canada benefits from adequacy status with the EU.

3.5 Australia Data is processed in compliance with the Australian Privacy Principles (APPs) under the Privacy Act 1988. Overseas disclosures require that the recipient country provides similar protection, and contracts are in place to ensure accountability.

3.6 India Data is managed in alignment with the Digital Personal Data Protection Act (DPDPA), 2023. Cross-border data transfers are assessed on a case-by-case basis pending formal adequacy guidelines and government rules.

3.7 Singapore Data is protected under the Personal Data Protection Act (PDPA). Transfers are permitted where contractual clauses and organisational measures demonstrate comparable protection.

3.8 Brazil Data is processed under the Lei Geral de Proteção de Dados (LGPD). Transfers outside Brazil are allowed where the destination provides adequate protection or standard clauses are in place.

3.9 Other Countries In all other countries where CliniciansCheck operates or engages users, data is processed in accordance with local law, supplemented by contractual protections, and technical safeguards including encryption, access controls, and role-based permissions.

4. Data Transfer Mechanisms

4.1 International data transfers are governed by the following tools and legal instruments:

4.2 Standard Contractual Clauses (SCCs) approved by the European Commission for non-adequate third countries.

4.3 UK Addendums or International Data Transfer Agreements (IDTAs) for transfers from the UK.

4.4 Binding corporate rules (BCRs) where applicable to affiliated or contracted service providers.

4.5 Data Privacy Framework certification (for eligible US-based vendors).

4.6 Explicit informed consent from the data subject when required by law.

4.7 Contractual clauses incorporating technical and organisational safeguards where adequacy does not exist.

5. Local DPO and Supervisory Contact Points

5.1 CliniciansCheck maintains a Global Data Protection Officer and designates regional points of contact in accordance with Article 27 of the GDPR and similar provisions in other legal systems.

5.2 Regional DPO contact information is made available upon request for data subjects in the EU, UK, Brazil, and other required locations.

5.3 Any data subject may contact the DPO at:

Email: operationsteam@clinicianscheck.com

6. Security Measures and Technical Safeguards

6.1 All personal data, regardless of jurisdiction, is protected through end-to-end encryption, firewalls, intrusion detection systems, and continuous monitoring.

6.2 Role-based access control ensures that only authorised personnel can access sensitive data.

6.3 Logging and audit trails are maintained for all data access or modification events.

6.4 In the event of a breach, incident response protocols are triggered in accordance with the relevant legal framework (e.g. GDPR 72-hour rule, HIPAA breach notification rule)

7. User Rights and Legal Remedies

7.1 Users may exercise their privacy rights under local laws, including but not limited to: right of access, correction, deletion, restriction, portability, objection, and withdrawal of consent.

7.2 Requests may be submitted through the data subject request process outlined in the Privacy Policy or by email to: operationsteam@clinicianscheck.com

7.3 CliniciansCheck will comply with the applicable legal timeframes and documentation requirements in each jurisdiction.

8. Changes to This Data Map

8.1 This jurisdictional data map is reviewed and updated at least every six months or more frequently if legal changes or international agreements affect data flows.

8.2 All updates are version-controlled and published on the CliniciansCheck website.

9. Version Control

9.1 Version: 1.0

9.2 Date Published: 29 May 2025

9.3 Status: Active

9.4 Next Scheduled Review: 29 November 2025

9.5 Policy Owner: Global Data Protection Officer (DPO)

9.6 Approved By: Legal, Privacy and Ethics Committee

9.7 Applies To: All users, patients, clinicians, staff, vendors, and international partners