Legal

Privacy Policy

Last updated: 18 March 2025

1. Who we are

MediBooking is a product of Stratoworks Ltd, a company registered in the United Kingdom. When we say "MediBooking", "we", "us", or "our" in this policy, we mean Stratoworks Ltd.

For questions about this Privacy Policy, contact us at hello@medibooking.site.

2. What data we collect

We collect the following types of personal data:

  • Practice account data: Name, email address, practice name, services offered, practitioner details, and other information provided during onboarding.
  • Patient booking data: Name, email address, phone number, appointment details, and any information patients voluntarily provide when making a booking.
  • Usage data: How you interact with MediBooking's dashboard and widget, including pages visited, features used, and session duration.
  • Technical data: Browser type, device information, IP address, and cookies (see our Cookie Policy).

3. How we use your data

We use your personal data to:

  • Provide and maintain the MediBooking service
  • Process and manage bookings on your behalf
  • Send booking confirmations and reminders to patients
  • Communicate with you about your account and service updates
  • Improve our products and user experience
  • Comply with legal obligations

4. Legal basis for processing

We process personal data on the following legal bases under UK GDPR:

  • Contract performance: To provide the MediBooking service you have signed up for.
  • Legitimate interests: To improve our products and communicate relevant information about the service.
  • Consent: Where you have given us explicit consent, such as for marketing communications.
  • Legal obligation: Where we are required to process data to comply with the law.

5. Data sharing

We do not sell your personal data. We may share data with:

  • Service providers: Hosting, email delivery, and analytics partners who help us operate MediBooking. These providers are bound by data processing agreements.
  • Practice owners: Patient booking data is shared with the relevant practice to fulfil the appointment.
  • Legal requirements: If required by law, regulation, or legal process.

6. Data retention

We retain your data for as long as your account is active or as needed to provide the service. When you cancel your account, we delete your data within 90 days unless we are required to retain it for legal purposes.

7. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Request data portability
  • Withdraw consent at any time

To exercise any of these rights, email us at hello@medibooking.site.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption in transit (SSL/TLS) and secure hosting infrastructure.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes via email or through the MediBooking dashboard. The "last updated" date at the top of this page reflects the most recent revision.