UK GDPR compliant

Privacy Policy

Last updated: 1 April 2026

Contents

  1. 1. Information We Collect
  2. 2. How We Use Your Information
  3. 3. Data Sharing
  4. 4. Data Security
  5. 5. Your Rights
  6. 6. Cookies
  7. 7. Contact Us

GPRN Ltd ("we", "our", "us") is committed to protecting the privacy of all users of the GPRN platform. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and services. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

We collect the following types of information when you register for and use the GPRN platform:

  • Account information: Name, email address, phone number, and password.
  • Professional details (Locum GPs): GMC number, medical school, year of qualification, performer list status, clinical system proficiency, and professional biography.
  • Practice details (Practice Managers): Practice name, address, health board, contact details, patient list size, and clinical system used.
  • Uploaded documents: Indemnity certificates, DBS checks, performer list confirmations, and CVs.
  • Booking and session data: Session preferences, availability, booking history, rates, and invitation details.
  • Usage data: Browser type, IP address, pages visited, and time spent on the platform.

2. How We Use Your Information

We use your personal data to:

  • Create and manage your account on the platform.
  • Match locum GPs with practices seeking session cover.
  • Facilitate the booking and confirmation process between locums and practices.
  • Display relevant profile information to the other party when a booking is made or an invitation is sent.
  • Send notifications about session updates, booking confirmations, and platform activity.
  • Calculate and display booking reliability scores.
  • Improve our platform, services, and user experience.
  • Comply with legal and regulatory obligations.

3. Data Sharing

We do not sell your personal data to third parties. We may share your information in the following circumstances:

  • Between platform users: When a practice sends an invitation to a locum, relevant professional details are shared between both parties. Practice details are visible to locums who receive invitations.
  • Service providers: We may use third-party providers for hosting, email delivery, and analytics. These providers process data on our behalf under strict contractual obligations.
  • Legal requirements: We may disclose data where required by law, regulation, or legal proceedings.
  • Health boards and NHS bodies: Where required for regulatory compliance or performer list verification.

4. Data Security

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it, including:

  • Encryption of data in transit using TLS/SSL.
  • Secure storage of passwords using industry-standard hashing.
  • Regular security reviews and vulnerability assessments.
  • Access controls limiting data access to authorised personnel only.
  • Regular backups and disaster recovery procedures.

While we take all reasonable precautions, no system is completely secure. We encourage you to use strong, unique passwords and to keep your login details confidential.

5. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct any inaccurate or incomplete data.
  • Right to erasure: You can request the deletion of your personal data, subject to legal obligations.
  • Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.
  • Right to data portability: You can request your data in a structured, machine-readable format.
  • Right to object: You can object to the processing of your data for certain purposes, including direct marketing.

To exercise any of these rights, please contact us using the details in Section 7 below. We will respond to your request within 30 days.

6. Cookies

GPRN uses cookies and similar technologies to improve your experience on our platform. Cookies we use include:

  • Essential cookies: Required for the platform to function, such as authentication and session management.
  • Analytics cookies: Help us understand how users interact with the platform so we can make improvements.
  • Preference cookies: Remember your settings and preferences for future visits.

You can manage your cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the platform.

7. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

GPRN Ltd

Data Protection Officer

Email: privacy@gprn.wales

Cardiff, Wales

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled improperly.