Privacy Policy

Effective Date: 15 October 2025

This Privacy Policy explains how we collect, use, and share personal data when you visit gppracticeresources.co.uk or purchase our downloadable resources. It also explains your rights under UK data protection law.

1. Who We Are (Data Controller)

My Practice Manager Ltd (trading as GP Practice Resources) is the data controller for personal data processed through this website and our downloadable resources.

  • Legal entity: My Practice Manager Ltd
  • Company number: 16021943 (England & Wales)
  • Registered office: First Floor, Swan Buildings, 20 Swan Street, Manchester, M4 5JW
  • Contact: contact@mypracticemanager.co.uk or via our contact form

Note: If you use other My Practice Manager Ltd services (such as our SaaS products), those are governed by separate privacy notices. This policy covers GP Practice Resources only.

2. Personal Data We Collect

We collect and process the following categories of personal data:

  • Account details: name, practice name, professional role, email address, and password (stored in hashed form).
  • Transaction data: billing contact, purchase history, VAT numbers, and invoice records for paid offerings.
  • Communications: enquiries submitted via our contact form, support tickets, testimonials, and survey responses.
  • Usage information: device identifiers, IP address, browser type, pages viewed, and interactions with downloadable resources.
  • Marketing preferences: opt-in status for newsletters or product updates.

We do not intend to process patient-identifiable or special category data via this website. Please do not upload or share such data. If you inadvertently provide it, we will delete it where feasible.

3. How We Use Personal Data and Legal Bases

We process personal data for the purposes and on the legal bases below:

| Purpose | Examples | Legal Basis (UK GDPR) | | ------- | -------- | --------------------- | | Provide website and deliver resources | Account setup, access to downloads, customer support | Contract (Art. 6(1)(b)) | | Process payments and issue invoices | Card payments, fraud checks, receipts | Contract and Legitimate interests (preventing fraud); Legal obligation (tax) | | Service communications | Purchase confirmations, download links, policy updates | Contract / Legitimate interests | | Improve services | Analytics, performance monitoring, feedback analysis | Legitimate interests (improving services) | | Marketing | Newsletters and product updates | Consent or Legitimate interests (soft opt-in for existing customers) with opt-out | | Security and abuse prevention | Rate-limiting, detecting misuse | Legitimate interests | | Legal and compliance | Tax/audit records, responding to regulators | Legal obligation |

4. How We Share Personal Data

We share personal data only when necessary:

  • Service providers: trusted third-party processors that host our infrastructure, process payments, send emails, or provide analytics. These include payment processors, hosting providers, email services, and analytics platforms. Each provider is bound by contractual data protection obligations.
  • Professional advisers: accountants, auditors, or legal counsel when required.
  • Regulators or authorities: where we must comply with legal or regulatory requests, or defend legal claims.

We do not sell personal data.

5. International Transfers

Some service providers may process data outside the UK or EEA. Where this occurs, we use appropriate safeguards such as:

  • UK Addendum to EU Standard Contractual Clauses or the International Data Transfer Agreement (IDTA); and/or
  • Adequacy regulations (where the destination has been recognised as providing adequate protection).

You can contact us for details of the transfer safeguards relevant to your data.

6. Data Retention

We keep personal data only as long as necessary for the purposes described above:

| Category | Typical Retention | | -------- | ----------------- | | Account and profile data | While your account is active and up to 24 months after last activity | | Orders, invoices, and tax records | 6 years from the end of the financial year (legal requirement) | | Support tickets | 24 months after resolution | | Marketing preferences | While subscribed; suppression lists kept indefinitely to honour opt-outs | | Analytics data | 12-26 months (depending on tool configuration) |

We may keep data longer if required by law or to establish, exercise, or defend legal claims.

7. Security Measures

We implement administrative, technical, and physical safeguards, including encryption in transit, access controls, and regular security reviews. No system is completely secure, so you should protect your account credentials and notify us of suspected breaches promptly.

8. Cookies and Similar Technologies

We use essential cookies to operate the website and, with your consent where required, analytics cookies to understand usage patterns. For detailed information on the types of cookies we use and how to manage your preferences, see our Cookie Policy.

9. Your Rights

Under UK data protection law, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data in certain circumstances.
  • Restrict or object to processing, including for direct marketing.
  • Data portability - receive a copy of your data in a portable format.
  • Withdraw consent at any time (where processing is based on consent).
  • Complain to the ICO (see section 12 below).

To exercise your rights, contact us at contact@mypracticemanager.co.uk. We may need to verify your identity before responding.

10. Third-Party Links

The website may contain links to third-party websites or content. We are not responsible for their privacy practices. Please review their privacy notices.

11. Children

This website is designed for professionals working in GP practices. It is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided information, contact us so we can delete it.

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in law or our practices. The "Effective date" at the top shows the latest revision. For material changes, we will provide reasonable notice (such as a banner, email, or in-product notice) where required by law.

13. Concerns and Complaints

If you have concerns, please contact us at contact@mypracticemanager.co.uk so we can address them. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
https://ico.org.uk
Telephone: 0303 123 1113