Legal
Privacy policy
Last updated: May 2026. This page will be updated with the full privacy notice before launch.
1. Who we are
Blip Healthcare Ltd (trading as blip) is the data controller for the purposes of UK GDPR. We are registered with the Information Commissioner's Office (ICO registration: [pending]). Our registered address is [pending]. Contact our Data Protection Officer at dpo@blip.org.uk.
2. What personal data we collect
We collect information you provide when submitting an enquiry or referral form, including name, contact details, and health information about the child. We also collect standard server logs (IP address, browser type, page visits) for security and operational purposes. We use Plausible Analytics, which does not use cookies and does not collect personally identifiable information.
3. Why we process your personal data
We process personal data to respond to enquiries and referrals, to deliver clinical services, to comply with our legal and regulatory obligations (including under the Health and Social Care Act 2008 and UK GDPR), and to improve our service. Special category health data is processed under the basis of explicit consent and for the purposes of preventive or occupational medicine.
4. Who we share data with
We do not sell personal data. We share data with: Resend (email delivery), hosted in the EU and US with Standard Contractual Clauses; Vercel (hosting), US-based with UK/EU data transfer mechanisms in place; our clinical platform provider, with UK/EU data residency and a signed Data Processing Agreement. We share clinical information with your GP and other professionals only with your explicit consent.
5. How long we keep data
Enquiry and referral records are retained for 7 years in line with NHS Records Management Code of Practice guidance. You may request deletion of non-clinical correspondence data at any time.
6. Your rights
Under UK GDPR, you have the right to: access your personal data (subject access request); correct inaccurate data; erasure in limited circumstances; restriction of processing; data portability; and to object to processing. To exercise any right, contact enquiries@blip.org.uk. Full details of how to make a subject access request, including the one-month response timescale and identity verification process, are on our subject access request page. You may also complain to the ICO at ico.org.uk.
7. Cookies
This website uses no tracking cookies. We use Plausible Analytics, which is cookieless. We may set a single session cookie for basic authentication purposes during our pre-launch phase.
To request a copy of your personal data, see our subject access request page.
To raise a concern about how we handle your data, contact enquiries@blip.org.uk or contact the ICO at ico.org.uk.