Privacy Policy
Last updated: 8 July 2026
1. Introduction
GetYourGP Limited ("we", "us", "our") is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our online healthcare services.
We are registered in Ireland and comply with the General Data Protection Regulation (GDPR), the Data Protection Acts 1988-2018, and all applicable Irish and EU data protection legislation.
2. Data Controller
GetYourGP Limited is the data controller for the personal data we process. Our contact details are:
- Email: privacy@getyourgp.ie
- Address: Dublin, Ireland
3. Information We Collect
3.1 Personal Information
- Full name, date of birth, and gender
- Contact details (email address, phone number, postal address)
- PPS Number (for prescription purposes only)
- Payment information (processed securely via Stripe)
- Account login credentials
3.2 Health Information
- Medical history and current conditions
- Medications and allergies
- Consultation notes and clinical assessments
- Prescriptions issued
- Test results and referral information
3.3 Technical Information
- IP address and browser type
- Device information
- Usage data and cookies
- Audio and video consultation recordings
4. Consultation Recording (Audio & Video)
4.1 Purpose of Recording
All consultations (audio and video) are recorded. Recording is a condition of using the service: as a telemedicine platform we record every consultation to maintain a complete clinical record and to establish, exercise, or defend legal claims (GDPR Article 9(2)(f)), alongside our medical record-keeping obligations. Recordings are made for the following purposes:
- Quality assurance: To maintain high standards of care and review consultations for training purposes
- Clinical records: To supplement written clinical notes and provide a complete record of your consultation
- Dispute resolution: To assist in resolving any concerns or complaints about your care
- Regulatory compliance: To meet requirements set by the Irish Medical Council and other regulatory bodies
4.2 Your Rights Regarding Recordings
- You are always informed: Every consultation is recorded; there is no unrecorded consultation option. If you do not wish to be recorded, please do not book a consultation and contact your own GP practice instead
- Access recordings: You can request access to recordings of your consultations at any time
- Request deletion: You can request deletion of recordings; because recordings form part of your medical record, deletion is subject to the legal retention period (minimum 7 years under Irish law)
- Restricted use: Recordings are used only for the purposes listed above and are never shared for marketing or sold to third parties
4.3 Recording Security
- Recordings are encrypted in transit and at rest
- Access is strictly limited to authorised healthcare professionals
- Recordings are stored securely within the EEA
- Recordings are retained for the same period as medical records (minimum 7 years as per Irish law)
- All access to recordings is logged for audit purposes
5. How We Use Your Information
We process your data for the following purposes:
- Healthcare provision: To provide medical consultations, prescriptions, and healthcare services
- Legal obligations: To comply with medical record-keeping requirements (minimum 7 years retention in Ireland)
- Communication: To send appointment reminders, prescription updates, and important health information
- Payment processing: To process payments for our services
- Service improvement: To improve our platform and services (using anonymised data)
- Safety: To ensure patient safety and identify potential drug interactions or contraindications
6. Legal Basis for Processing
We process your data based on:
- Contract: Processing necessary to provide our healthcare services
- Legal obligation: Compliance with healthcare regulations and medical record requirements
- Vital interests: In emergency situations to protect your health
- Consent: For marketing communications and optional data uses
- Legitimate interests: For fraud prevention and service improvement
7. Data Sharing
We may share your information with:
- Healthcare professionals: GPs, specialists, and pharmacies involved in your care
- Pharmacies: To fulfil prescriptions (with your consent)
- Payment processors: Stripe for secure payment processing
- Regulatory bodies: Irish Medical Council, HIQA, or other authorities as required by law
- Emergency services: In case of medical emergencies
7.1 Service Providers (Data Processors)
We use a small number of carefully selected service providers to operate the platform. All processing takes place within the EU/EEA, and each provider is bound by a GDPR-compliant data processing agreement:
- Hetzner Online GmbH (Germany): Secure hosting of our platform and encrypted storage of health records, documents, and consultation recordings
- Stripe Payments Europe Ltd (Ireland): Payment processing — we never store your card details
- Whereby (Norway/EEA): Video consultation infrastructure
- Telnyx (EU): Phone consultation infrastructure
- Resend (EU — Frankfurt): Transactional email delivery (appointment confirmations, reminders)
- PostHog (EU Cloud): Product analytics with health information masked
- New Relic (EU region): Platform performance and error monitoring
We will never sell your personal data to third parties.
8. Data Security
We implement robust security measures to protect your data:
- End-to-end encryption for all data transmission
- Encrypted storage of all personal and health data
- Regular security audits and penetration testing
- Strict access controls and authentication
- Staff training on data protection
- GDPR-compliant data processing agreements with all service providers
9. Data Retention
We retain your data for the following periods:
- Medical records: Minimum 7 years (as required by Irish law), or 8 years for minors after they reach 18
- Payment records: 6 years for tax purposes
- Account information: Until you request deletion (subject to legal retention requirements)
- Marketing consent: Until withdrawn
10. Your Rights
Under GDPR, you have the following rights:
- Right of access: Request a copy of your personal data
- Right to rectification: Correct inaccurate personal data
- Right to erasure: Request deletion of your data (subject to legal requirements)
- Right to restrict processing: Limit how we use your data
- Right to data portability: Receive your data in a portable format
- Right to object: Object to certain types of processing
- Right to withdraw consent: Withdraw consent at any time
To exercise these rights, contact us at privacy@getyourgp.ie.
11. Cookies
We use cookies to improve your experience on our website. For detailed information, please see our Cookie Policy.
12. International Transfers
Your data is primarily stored within the European Economic Area (EEA). Where we use service providers outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
13. Children's Privacy
Our services are available to patients of all ages. For patients under 16, parental or guardian consent is required. We take additional care to protect the privacy of minors.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our platform. The date of the last update is shown at the top of this policy.
15. Complaints
If you have concerns about how we handle your data, please contact us first at privacy@getyourgp.ie. You also have the right to lodge a complaint with the Data Protection Commission:
- Website: www.dataprotection.ie
- Phone: +353 (0)1 765 0100 / 1800 437 737
- Email: info@dataprotection.ie
16. Contact Us
For any questions about this Privacy Policy or our data practices, please contact: