Privacy and Cookies Policy
Data controller
AMSK is a trading name of MSK DOCTORS & ASSOCIATES LIMITED (“we”, “us”, “our”), a company registered in England and Wales (company number 12301444) at Msk House London Road, Silk Willoughby, Sleaford, England, NG34 8NY.
Our Data Protection Officer is Chengke Sun, who can be contacted at [email protected].
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller.
Lawful bases for processing
We rely on the following lawful bases under Article 6(1) of the UK GDPR for processing your personal data:
| Processing activity | Lawful basis |
|---|---|
| Booking and consultation enquiries | Contractual necessity (Article 6(1)(b)). Processing is necessary to take steps at your request prior to entering into a contract, or to perform a contract with you |
| Cookie-based analytics | Consent (Article 6(1)(a)) |
| Session recording | Consent (Article 6(1)(a)) |
| Privacy-preserving analytics after cookie rejection | Legitimate interest (Article 6(1)(f)). We have a legitimate interest in understanding site usage in aggregate to improve our services. This processing uses a daily rotating hash that cannot identify you personally or track you across days, and we consider the impact on your privacy to be minimal |
| Cross-domain booking attribution | Consent (Article 6(1)(a)) |
Information we collect
We may collect and process the following data about you:
- Information you provide. When you fill in forms on our site or correspond with us by phone, email, or otherwise, you may provide your name, email address, phone number, and details relating to your enquiry. We process this on the basis of contractual necessity (Article 6(1)(b)).
- Technical information. When you visit our site, we may collect technical information including your IP address, browser type and version, operating system, time zone setting, and information about your visit such as pages viewed, time spent on pages, and navigation paths. The lawful basis depends on your consent choice; see the Analytics section below.
Health data
When booking a consultation, you may provide health-related information such as symptoms, medical history, or details of your condition. This constitutes special category data under Article 9 of the UK GDPR.
We process this data on the basis of your explicit consent (Article 9(2)(a)), which you provide when submitting your booking or enquiry. You may withdraw this consent at any time by contacting us, although this will not affect the lawfulness of processing carried out before withdrawal.
Analytics
We use PostHog, a product analytics platform, to understand how visitors use our site so we can improve it. PostHog data is processed and stored in the European Union.
No analytics data of any kind is collected until you make a consent choice. How analytics works after that depends on your choice:
- If you accept analytics cookies: PostHog uses cookies to recognise you across pages and visits, giving us a fuller picture of how the site is used. The lawful basis for this processing is your consent (Article 6(1)(a)).
- If you reject cookies: We collect privacy-preserving analytics that cannot identify you personally. Your IP address and browser information are combined with a daily rotating salt to create a temporary hash. This hash changes every day, meaning we cannot track you across days or link activity back to you. Individual events are stored with this pseudonymous hash but contain no persistent identifier. The lawful basis for this processing is our legitimate interest in understanding site usage (Article 6(1)(f)).
Session recording
With your explicit consent (Article 6(1)(a)), we use PostHog Session Replay to record how you interact with our site. This captures mouse movements, clicks, scrolling, and page content to help us identify and fix usability issues.
Session recordings are only captured when you have explicitly opted in via the cookie consent panel. No recordings are made without your consent. Recordings are stored securely in the EU and automatically deleted after 1 month.
Booking attribution
When you click a link to our booking system, we append UTM parameters to the URL so we can understand which of our sites led you to book.
Because our booking system is hosted on a different domain, analytics cookies from this site are not automatically available there. If you have granted marketing consent (Article 6(1)(a)), we also append a pseudonymous identifier to the booking link. This allows us to link your visit on this site to your booking session across domains. This identifier does not contain your name, email, or any directly identifying information.
Cookies
A cookie is a small text file placed on your device by a website. We use cookies for the purposes described below. You can manage your cookie preferences at any time using the cookie settings panel on our site.
Cookie categories
| Category | Purpose | Default |
|---|---|---|
| Strictly necessary | Stores your consent preferences. These cookies are essential for the site to function and cannot be switched off. | Always on |
| Analytics | PostHog cookies that help us understand how visitors use our site, including pageviews, navigation paths, and engagement. | Off until consented |
| Session recording | PostHog session replay cookies that allow us to record site interactions to improve usability. Treated separately from analytics as screen recordings of health-related browsing are considered personal data. | Off until consented |
| Marketing | A pseudonymous identifier shared with our booking system to attribute bookings to the originating site visit. Only used when the booking system is on a different domain. | Off until consented |
Data sharing and international transfers
We share personal data with the following third-party processors:
- PostHog Inc for analytics and session recording. Data is processed and stored in the EU region. No international transfer is involved.
- Stripe Inc for payment processing, where applicable. Stripe processes data in the United States. This transfer is protected by Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner.
- Postmark (ActiveCampaign LLC) for transactional email delivery. Postmark processes data in the United States. This transfer is protected by Standard Contractual Clauses (SCCs).
We may also share your information where required by law, or to enforce our terms of use and protect the rights, property, or safety of our users or others.
Data retention
- Analytics events: retained for 12 months, then automatically deleted.
- Session recordings: retained for 1 month, then automatically deleted.
- Booking and consultation data: retained for 7 years from your last interaction, in line with medical record-keeping guidance and limitation periods for clinical negligence claims.
- Contact form submissions: retained for 2 years from your last correspondence.
Data storage and security
Analytics and session recording data is stored in PostHog's EU data centres. Personal data submitted through our site is stored on secure servers. Payment transactions are encrypted. While we take all reasonable steps to protect your data, no transmission over the internet is completely secure.
Your rights
Under the UK GDPR, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete personal data
- Erase your personal data in certain circumstances
- Restrict the processing of your personal data
- Data portability, to receive your data in a structured, commonly used format
- Object to processing based on legitimate interest, including the privacy-preserving analytics described above
- Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal
To exercise any of these rights, contact us at [email protected] or our Data Protection Officer at [email protected].
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
Changes to this policy
Any changes to this privacy policy will be posted on this page. Please check back periodically to stay informed of any updates.
Contact
Questions, comments, and requests regarding this privacy policy should be addressed to [email protected].