MEND

Privacy Policy

Last updated: May 2026

Mend Clinic (“we”, “our”, “us”) is committed to protecting your privacy and ensuring your personal and medical data is handled in a safe, secure, and transparent way. This Privacy Policy explains how we collect, use, store, and protect your data when you access our services.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all relevant medical confidentiality laws.

1. Who We Are

Mend Clinic is a private medical service operated by Instant GP Limited, a registered company in England and Wales. We are registered with the Care Quality Commission (CQC).

  • Company name: Instant GP Limited
  • Registered address: 30 Stratford Road, Wolverton, Milton Keynes, England, MK12 5LW
  • Email: info@instantgp.co.uk

2. What Data We Collect

We only collect the minimum information required to deliver our medical opinion service.

Personal Information

  • Name
  • Date of birth
  • Address
  • Email address
  • Phone number

Medical Information

  • Medical history
  • Symptom descriptions and health concerns
  • Medication and supplement use
  • Previous medical investigations
  • Treatment plans
  • Letters and referrals

Payment Information

  • Processed securely by our payment provider (Stripe)
  • We do not store full card details
  • We do not use cookies
  • We do not track analytics
  • We do not use advertising pixels
  • We do not collect browsing behaviour

3. How We Collect Your Information

We collect data in the following ways:

  • When you book an appointment
  • During registration via the patient portal
  • When you complete the medical questionnaire
  • When confirming or updating an email
  • When providing follow-up information

4. How Your Data Is Used

We use your personal and medical data only for the following purposes:

  • Providing your medical opinion and clinical assessment
  • Creating and managing your patient account
  • Processing payments via Stripe
  • Automated data summarisation to assist clinical review (with your explicit consent)
  • Sending clinical correspondence and notifications
  • Matching you with relevant specialists in our network

We never sell your data. We do not use your data for advertising or marketing without your explicit consent.

5. Where Your Data Is Stored

All medical data is stored securely on Semble, a UK-based CQC-compliant medical records system. Semble provides:

  • End-to-end encryption
  • UK data residency
  • GDPR-compliant data hosting
  • NHS-grade security
  • Strict access controls

We do not store patient data on local devices, email, or third-party access systems.

6. Legal Basis for Processing

Under UK GDPR, we process your data on:

  • Article 6(1)(b) — Provision of medical care (contractual obligation)
  • Article 9(2)(h) — Medical diagnosis and treatment
  • Article 6(1)(a) — Compliance with applicable legal obligations

This means we are legally permitted — and in many cases legally required — to process personal data in order to deliver safe, effective healthcare.

7. Who We Share Data With

We only share your data where clinically necessary for your care:

  • Semble (electronic medical records)
  • Laboratories (if you undergo blood testing)
  • Pharmacies (if medication is prescribed)
  • Other clinicians (with your consent)

We do not share your data with:

  • Employers
  • Insurance companies
  • Marketing platforms
  • Social media platforms
  • Third-party analytics or cookies

8. Your Rights Under UK GDPR

You have the right to:

  • Access your data
  • Request corrections to inaccurate data
  • Request deletion (where legally permissible)
  • Restrict or object to processing
  • Request transfer of your data (data portability)

Some records (such as clinical medical records) may not be completely deleted due to clinical and legal obligations.

To exercise your rights, email us at info@instantgp.co.uk.

9. Data Retention

Medical records are retained in line with UK NHS medical standards:

  • Adults: typically 8 years after last contact
  • Children: until age 25
  • Medication records: minimum 5 years

We do not keep personal data longer than necessary.

10. Security Measures

We use multi-layered security, including:

  • Encrypted medical records via Semble
  • AES-256 encryption at rest for all clinical data
  • TLS 1.3 encryption in transit
  • Secure login and role-based permissions
  • Strong authentication requirements
  • No client storage of medical data

11. No Cookies & No Tracking

Our website does not use:

  • Cookies
  • Analytics trackers
  • Advertising pixels
  • Third-party scripts

We do not track your activity across our site.

12. Updating This Policy

This policy may be updated periodically to reflect regulatory requirements or service changes. The latest version will always be available on our website.

13. Contact Us

If you have any questions regarding this Privacy Policy or how we handle your data, please contact:

Instant GP Limited
30 Stratford Road, Wolverton
Milton Keynes, MK12 5LW
England
Email: info@instantgp.co.uk

Back