Privacy policy

DrNote respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.


DrNote Limited is the data controller and responsible for your personal data (referred to as “we”, “us” or “our” in this privacy policy). We are registered in England and Wales under company number 15992387 and have our registered office at Suite A, 82 James Carterton Road, Mildenhall, IP28 7DE.

The purpose of this policy is to explain to you how we control, process, handle and protect your personal information through the business and while you browse or use this website. If you do not agree to the following policy you may wish to cease viewing / using this website, and or refrain from submitting your personal data to us


Policy key definitions:

  • “I”, “our”, “us”, or “we” refer to the business, DrNote Limited

  • “you”, “the user” refer to the person(s) using this website.

  • GDPR means General Data Protection Act.

  • PECR means Privacy & Electronic Communications Regulation.

  • ICO means Information Commissioner’s Office.

  • Cookies mean small files stored on a user’s computer or device.

Key principles of GDPR:

Our privacy policy embodies the following key principles; (a) Lawfulness, fairness and transparency, (b) Purpose limitation, (c) Data minimisation, (d) Accuracy, (e) Storage limitation, (f) Integrity and confidence, (g) Accountability.

If you visit our website and make enquiries through this website, your usage may be tracked by using “cookies” and other similar technologies to help us make improvements to the websites and to the services we make available.  Please see the Cookies section below for more information.

Third-Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

If we receive or send paper documents or other forms of communication on your behalf, we may collect the names and addresses of the third parties and any information contained therein.  When you make a booking through our online booking tool, we will collect information you enter into the booking tool and the IP addresses from which you accessed the website.

Where we provide relevant services to you, such as referral to specialists, we will provide you with these in encrypted format.

We will NOT at any time share any of your information with any third party for the purposes of marketing, advertising, website testimonials without specific consent.

In compliance with GDPR Article 6 (“processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract”), we will use the Personal Data or purposes that include but are not limited to:

  • Processing any enquiries you have about our services;

  • verifying your identity when you use our services or contact us;

  • understanding, processing and executing instructions you give us in relation to the delivery of our services;

  • delivering our services to you;

  • notifying you about  changes to our website, services or terms and conditions or anything else we may be required or reasonably expected to notify you of

  • providing you with accurate and detailed billing for using our services;

  • and collecting payment, and recovering any monies you may owe to us for use of our services.

Age Requirements

By using this site, you confirm that you are the age of majority in your region or that you have provided consent for any minor dependents.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, and title.

  • Contact Data includes billing address, delivery address, email address and telephone numbers.

  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

  • Profile Data

  • Usage Data includes information about how you use our website, products and services.

  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

In compliance with GDPR Article 6 (“processing is necessary for compliance with a legal obligation to which the controller is subject”), we will use the Personal Data for purposes that include but are not limited to:

  • maintaining our business records and accounts;

  • meeting our obligations to HMRC;

  • preventing or detecting a crime, fraud or misuse of our services, and investigating where we believe any of these have or may have occurred;

  • meeting our obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and the London Local Authorities Act 2007;

In compliance with GDPR Article 6  (“the Data Subject has given consent to the processing of his or her Personal Data for one or more specific purposes”), if you have given and not withdrawn consent we may use the Personal Data for these purposes:

  • to provide you with information about our other services, offers or products that you may be interested in; and

  • to provide you with information about third party services, offers or products that you may be interested in.

Whilst storing your data we will use Appropriate Technical and Organisational Measures to keep Personal Data secure and to prevent it being accidentally lost, accessed or used in an unauthorised way, altered or disclosed.   We will make reasonable efforts to ensure the data is accurate and up-to-date and will undertake to rectify any inaccuracies of which we become aware without delay.  All Personal Data we store is stored in the European Economic Area.

We may monitor and record your phone and/or video conversations with us and use this information for training and quality purposes, to ensure any verbal instructions you give us are properly understood, to enable us to investigate complaints, and to meet our legal and regulatory obligations.  All recordings are encrypted and securely stored shortly after completion of the phone call and access to recordings is controlled and monitored.

We may share information with third parties:

  • In response to properly made requests from law enforcement agencies for the prevention and/or detection of a crime, for the purpose of safeguarding national security or when the law requires us to, such as in response to a court order or other lawful demand or powers contained in legislation;

  • in response to properly made requests from regulatory bodies such as the Information Commissioner’s Office and Ofcom;

  • as part of the process of selling our business;

  • as part of current or future legal proceedings; and

  • with a company who is assisting us in providing services to you or who provides services to us which enable us to provide our services to you, examples of such services being billing and financial systems, telecommunications services and customer management systems. Where we use companies for this purpose we have contracts in place to ensure they remain GDPR compliant with your data.

Some of the organisations with whom we may share information may be outside the European Economic Area in countries that do not always have the same data protection laws as the UK.  However, we will have contracts in place with them to ensure that your information is adequately protected and we will remain bound by our obligations even when your personal information is processed outside the European Economic Area.

Where any data breach is identified that affects the information that we hold about or have processed from you, we will take urgent action in accordance with the GDPR and guidance issued from the Information Commissioner’s Office.  If you identify any data breach that affects data we have passed to you, you must notify us in writing immediately and provide full information about the data affected by this breach.

The time period that we will keep information for will vary depending on what the information is used for. Unless there is a specific legal requirement to the contrary, we will keep information in a form which permits identification of Data Subjects only for as long as it is necessary for the purposes for which we process it.  Once the requirement to hold the data is complete, appropriate measures will be taken to delete the data in line with the terms of the GDPR.

Internet cookies

We use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device / computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant adverts or content, referred you to a third party website.

Some cookies are required to enjoy and use the full functionality of this website.

We use a cookie control system which allows you to accept the use of cookies, and control which cookies are saved to your device / computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.

Updates to Privacy Policy

We may update this policy at any time, so please review it regularly. Changes take effect immediately upon posting on our website. If significant changes occur, we will notify you on this page. If our business is acquired or merges with another company, your information may be transferred to the new owners. 

If you wish to access, correct, amend, or delete any personal information we have about you, register a complaint, or request more information, please contact our Privacy Compliance Officer at hello@drnote.co.uk