Privacy Policy, ClinicExec

    We are committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we use it. ClinicExec is registered with the Information Commissioner's Office (ICO) under registration number ZC116226.
  

1. Who we are

ClinicExec Ltd is a company registered in England and Wales. We operate clinicexec.com and the ClinicExec platform, which provides commercial intelligence services for private Allied Health clinics.

For the purposes of UK GDPR, ClinicExec Ltd is the data controller for personal data collected through our website and platform. Where we process data on behalf of our clinic customers, we act as a data processor under a Data Processing Agreement.

2. What data we collect

2.1 Website visitors

Name and email address (if you submit our demo request form)
Clinic name, number of practitioners, practice software (if provided)
IP address and browser information (collected automatically)
Pages visited and time spent on site (analytics)

2.2 Platform customers (clinic owners)

Name, email address, and clinic details
Login credentials (stored securely, passwords hashed)
Billing information (processed by Stripe, we do not store card details)
Communication history (emails and support interactions)

2.3 Data accessed via integrations

With your authorisation, we access data from the following third-party systems on your behalf:

Cliniko: Appointment records, patient counts, practitioner data, invoices, and scheduling data
Xero: Revenue, invoice, and payment data

This access is read-only. We never write to, modify, or delete data in your Cliniko or Xero accounts. Patient-identifiable clinical data is not accessed or stored, we work with aggregated appointment and financial metrics only.

3. How we use your data

To provide the ClinicExec platform and generate your weekly briefings
To calculate your ClinicExec Score and benchmark against peer clinics
To send your Monday morning briefing emails
To respond to demo requests and customer support enquiries
To send product updates and service communications (you can unsubscribe at any time)
To improve our services and develop new features
To comply with our legal obligations

4. Our legal basis for processing

Contract: Processing necessary to deliver the ClinicExec service to you as a customer
Legitimate interests: Improving our product, preventing fraud, and communicating relevant product updates
Consent: Marketing communications, where you have opted in
Legal obligation: Compliance with applicable UK law

5. Data we never use

    Your clinic's data is never used to train AI models. Aggregated and anonymised benchmark data may be used to calculate industry benchmarks, but individual clinic data is never shared with or disclosed to other ClinicExec customers.
  

6. Who we share data with

We do not sell your data. We may share data with the following categories of third parties, solely to operate the platform:

Stripe: Payment processing
Email delivery providers: To send your Monday briefing and service emails
Cloud hosting providers: Data is hosted in the UK or EEA
Analytics providers: Aggregated, anonymised website analytics only

We require all third-party processors to comply with UK GDPR and to process data only on our documented instructions.

7. Data retention

Active customers: Data retained for the duration of your subscription plus 12 months
Cancelled accounts: Data deleted within 90 days of cancellation, unless you request earlier deletion
Demo requests: Contact details retained for up to 12 months if no subscription is taken out
Financial records: Retained for 7 years to comply with HMRC requirements

8. Your rights under UK GDPR

You have the following rights regarding your personal data:

Right of access: Request a copy of the data we hold about you
Right to rectification: Request correction of inaccurate data
Right to erasure: Request deletion of your data ("right to be forgotten")
Right to restriction: Request that we limit how we use your data
Right to data portability: Receive your data in a machine-readable format
Right to object: Object to processing based on legitimate interests
Rights related to automated decision-making: Not to be subject to solely automated decisions that significantly affect you

To exercise any of these rights, contact us at hello@clinicexec.com. We will respond within 30 days.

9. Data security

All data is encrypted in transit (TLS) and at rest
Access to customer data is restricted to authorised personnel only
We conduct regular reviews of our security practices
In the event of a data breach, we will notify affected customers and the ICO in accordance with UK GDPR requirements

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to active customers and by notice on our website. The date at the top of this page reflects the most recent update.

11. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113

We would, however, appreciate the opportunity to address your concerns before you approach the ICO, please contact us first at hello@clinicexec.com.

Contact us

ClinicExec Ltd

hello@clinicexec.com

clinicexec.com

ICO Registration: ZC116226 · Registered in England and Wales