Privacy & Data Protection
1. Introduction & Our Role
At i-Prescribe Ltd, we take our responsibility as a "Data Controller" of your health information with the utmost seriousness. This policy explains how we collect, use, and protect your personal data in accordance with the UK GDPR, the Data Protection Act 2018, and the GPhC standards.
2. The Data We Collect
To provide safe clinical prescribing, we collect Personal Identity Data, Special Category (Health) Data, Verification Data (KYC), and Technical Data for fraud prevention.
- Medical history, allergies, and current medications.
- Government-issued photo ID and biometric "liveness" data.
3. Lawful Basis for Processing
4. Identity Verification (KYC)
We use [Yoti/Trust Swiftly] to verify your identity. This involves matching your photo ID against global databases to ensure patient safety and prevent prescription fraud.
6. Data Retention
Clinical records are kept for **10 years** as required by law. ID document images are purged within **30 days** of successful verification.
9. Patient Rights & Clinical Law
Under clinical law, your "Right to Erasure" is limited. We must retain prescription and consultation records for 10+ years for audit and patient safety.