Privacy Policy
I Need A Prescription – Medical Clinic
Effective Date: 12/02/2026
Website: www.ineedaprescription.co.uk
1. Introduction
I Need A Prescription (“we”, “us”, “our”) is a UK-based private online medical clinic providing remote healthcare services.
We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with:
- The UK General Data Protection Regulation (UK GDPR)
- The Data Protection Act 2018
- Applicable healthcare confidentiality obligations
For the purposes of data protection law, I Need A Prescription is the Data Controller.
2. Who We Are
Clinic Name: I Need A Prescription
Business Type: Private Online Medical Clinic
Registered In: United Kingdom
ICO Registration: 808634
Contact Email: info@ineedaprescription.co.uk
All consultations are conducted remotely. We do not offer in-person appointments.
3. The Type of Data We Collect
We may collect and process the following categories of personal data.
3.1 Identity Data
- Full name
- Date of birth
- Address
- Email address
- Telephone number
- Photographic ID (passport or driving licence)
- Live selfie image
- Body photographs (where required for clinical assessment)
3.2 Special Category (Health) Data
- Medical history
- Current medications
- Weight, height, BMI
- Mental health disclosures
- Pregnancy status
- Consultation responses
- Uploaded medical evidence
Health data is classified as special category data under UK GDPR and is handled with enhanced protection.
3.3 Technical Data
- IP address
- Browser type
- Device information
- Website usage data
3.4 Payment Data
Payments are processed securely via third-party payment providers.
We do not store full card details.
4. Lawful Basis for Processing
We process personal data under the following lawful bases.
4.1 Provision of Healthcare
Processing is necessary for:
- The provision of medical diagnosis and treatment
- Clinical decision-making
- Patient safety
This includes processing of special category health data under Article 9(2)(h) UK GDPR.
4.2 Legal Obligations
We may process data where required to:
- Comply with regulatory requirements
- Maintain medical records
- Respond to lawful requests from authorities
4.3 Legitimate Interests
We may process limited data for:
- Fraud prevention
- Identity verification
- Protection of the clinic’s legal rights
5. Identity Verification & Clinical Photographs
As part of remote prescribing safeguards, patients may be required to provide:
- Valid photographic identification
- A live selfie
- Clinical photographs where relevant
This helps to:
- Prevent fraud
- Confirm patient identity
- Ensure safe prescribing
- Protect against misuse of prescription medicines
Failure to provide accurate information may result in refusal of treatment.
6. How We Use Your Information
We use your information to:
- Assess medical suitability
- Prescribe treatment where clinically appropriate
- Monitor ongoing treatment safety
- Maintain accurate medical records
- Respond to patient queries
- Prevent misuse or fraudulent access
We do not sell personal data to third parties.
7. Data Sharing
We may share limited information with:
- UK-registered pharmacies (for dispensing prescriptions)
- Payment processors
- Secure IT and hosting providers
- Regulators or legal authorities where required
All third parties are required to process data securely and in compliance with UK data protection law. We do not transfer your data outside the UK unless appropriate safeguards are in place.
8. Data Retention
Medical records are retained in accordance with UK healthcare guidance.
As a general rule:
- Adult medical records are retained for a minimum of 8 years from the date of last treatment.
- Records may be retained longer where clinically or legally necessary.
- Identity documents and photographs may form part of the medical record where relevant to prescribing decisions.
9. Data Security
We implement appropriate technical and organisational measures to safeguard personal data, including:
- Encrypted systems
- Secure cloud-based medical software
- Access controls
- Password protection
- Restricted access to medical records
However, no online system can be guaranteed to be completely secure.
By using our services, patients acknowledge the inherent risks of transmitting information electronically.
10. Your Rights Under UK GDPR
Patients have the right to:
- Access their personal data
- Request correction of inaccurate data
- Request erasure (where legally permissible)
- Restrict processing
- Object to processing
- Request data portability
Medical records cannot always be erased where retention is required for legal or regulatory compliance.
Requests can be made by contacting: info@ineedaprescription.co.uk
11. Complaints
If a patient is dissatisfied with how their data is handled, they are encouraged to contact us directly in the first instance. Patients also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
12. Cookies
Our website may use cookies to improve functionality and user experience. Users may control cookie settings through their browser settings.
13. Refusal of Treatment
Submission of personal or medical information does not guarantee prescription or treatment. Clinical decisions remain at the sole discretion of the prescribing clinician.
14. Limitation of Liability
While appropriate steps are taken to safeguard personal data, we shall not be liable for:
- Inaccurate information provided by patients
- Unauthorised access resulting from factors beyond our reasonable control
- Misuse of prescriptions obtained through false or incomplete declarations
Patients are responsible for ensuring the accuracy of the information submitted.
15. Updates to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available on our website.
16. Contact
I Need A Prescription
Email: info@ineedaprescription.co.uk
Website: www.ineedaprescription.co.uk