Privacy Policy (GDPR + IT Security).

​​

1. About this policy

This policy explains how RescueRx protects and processes your personal information in line with GDPR and UK Data Protection Act 2018.

​

2. What information we collect

• Personal details (name, DOB, address, phone, email)

• Identity verification documents

• Medical history, medicines, and consultation notes

• Uploaded clinical evidence

• Payment confirmation (no card data stored by RescueRx.Clinic)

• Technical data: device, IP address, access logs

​

3. Why we collect information

To:

• Safely assess your clinical request

• Issue private prescriptions

• Maintain accurate medical records

• Prevent fraud or unsafe prescribing

• Meet legal and regulatory requirements (CQC, GPhC, ICO)

​

4. How your data is stored

RescueRx uses the following secure, GDPR-compliant systems:

• Semble (EHR): secure UK/EU data centres, encrypted at rest & in transit

• SignatureRx: secure encrypted prescription transmission

• Encrypted email for prescription PDFs

• Microsoft Azure cloud infrastructure for website hosting + data redundancy

• End-to-end VPN for remote operations

• Multi-factor authentication (MFA) for all accounts

• Access logs automatically monitored

• No patient data stored locally on devices

​

5. Who we share data with

Only when necessary:

• Pharmacies (to dispense your prescription)

• Laboratories (if investigations requested — rare)

• Your GP with consent, or without consent only when essential to prevent serious harm

• Regulators if required by law (e.g. GPhC, CQC)

We do not sell data or use it for advertising.

​

6. Data retention

• Clinical records retained for 10 years (healthcare legal requirement)

• Identity verification retained for 6 months

• Payment confirmations for 7 years (tax purposes)

​

7. Your rights

You can request:

• A copy of your data

• Correction of errors

• Deletion (where possible)

• Restriction of use

• Transfer of data

• Withdrawal of consent