Privacy Policy

Last updated: 26 April 2026

1. Who We Are

This website (medicalcert.co.uk) is operated by Nobel Medical LLC, a limited liability company registered in the State of Delaware, United States, with its registered office at 131 Continental Dr, Suite 305, Newark, DE 19713, USA.

Nobel Medical LLC (“we”, “us”, “our”) acts as the data controller for personal data collected through this website.

MedicalCert operates as a digital service connecting patients with GMC-registered doctors for private medical consultations and the issuance of medical documentation where clinically appropriate.

2. UK Representative

As Nobel Medical LLC is established outside the United Kingdom, we have appointed a UK Representative under Article 27 of the UK GDPR.

UK-based individuals and the Information Commissioner’s Office (ICO) may contact our UK Representative directly regarding any matter relating to the processing of their personal data:

GDPRLocal Ltd. Attn: Adam Brogden 1st Floor Front Suite, 27-29 North Street Brighton, England, BN1 1EB United Kingdom

Email: contact@gdprlocal.com Privacy request submission page: https://nobelmedicalllc.gdprlocal.com/uk

You may contact our UK Representative as an alternative to contacting us directly. They will forward your enquiry to us and we will respond as required by law.

3. What Information We Collect

We collect the following categories of personal data:

• Identity information: name, date of birth
• Contact information: email address, postal address, telephone number where provided
• Medical information: symptoms, medical history, and other clinical details you provide during the consultation process, together with any supporting documents or images you upload
• Consultation records: details of the consultation, clinical decisions made, and any documentation issued
• Technical data: IP address, browser type, device information, and usage data
• Payment information: processed directly by Stripe; we do not store full card details

Medical information constitutes special category health data under UK GDPR and is handled with enhanced safeguards.

4. Lawful Basis for Processing

We process personal data under the following lawful bases:

• Performance of a contract (Article 6(1)(b) UK GDPR) — to provide the consultation service you have requested
• Legal obligation (Article 6(1)(c) UK GDPR) — where we are required to retain or disclose data by law
• Legitimate interests (Article 6(1)(f) UK GDPR) — for service improvement, fraud prevention, and security, balanced against your rights

For special category health data, we additionally rely on:

• Article 9(2)(h) UK GDPR — processing necessary for the provision of health care and medical diagnosis, in conjunction with Schedule 1, Part 1 of the UK Data Protection Act 2018

5. How Your Information Is Used

We use your information to:

• Connect you with a GMC-registered doctor for clinical review
• Facilitate the issuance of medical documentation where the doctor determines it is clinically appropriate
• Process payments securely via Stripe
• Communicate with you about your consultation
• Maintain the security and integrity of our service
• Comply with applicable legal, regulatory, and professional obligations
• Maintain accurate clinical records as required by professional standards

6. Clinical Confidentiality

Medical information is accessed only by the GMC-registered doctor assigned to your consultation and authorised personnel involved in delivering the service. All clinicians are subject to professional confidentiality obligations and UK regulatory standards as GMC-registered practitioners.

7. Sharing of Information

We do not sell your personal data. We share personal data only with:

• GMC-registered doctors providing your consultation
• Stripe, our payment processor
• Our hosting and infrastructure providers, who process data on our behalf under appropriate data processing agreements
• Our UK Representative (see Section 2), where contacted by you or the ICO
• Regulatory or law enforcement authorities, where legally required

8. International Transfers

Nobel Medical LLC is established in the United States. Personal data collected from UK data subjects is transferred outside the UK to the United States and to our hosting infrastructure located in the Asia/Pacific region.

Where personal data is transferred outside the UK, we rely on appropriate safeguards as required under Articles 44–49 UK GDPR, including standard contractual clauses or equivalent legally recognised mechanisms with our processors.

You may request further information about the specific safeguards in place by contacting us using the details below.

9. Data Retention

We retain personal and medical information only for as long as necessary to:

• Deliver the consultation service
• Maintain clinical records in line with professional and regulatory standards (typically a minimum of 8 years for adult medical records, longer where required by applicable guidance)
• Comply with legal, tax, and accounting obligations
• Resolve disputes and enforce agreements

Once retention periods expire, data is securely deleted or anonymised.

10. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Rectification of inaccurate or incomplete data
• Erasure of your data, subject to legal and clinical retention obligations
• Restrict or object to processing in certain circumstances
• Data portability where applicable
• Withdraw consent at any time, where processing is based on consent
• Not be subject to decisions based solely on automated processing

To exercise any of these rights, you can:

• Email us at help@medicalcert.co.uk
• Submit a request via our UK Representative at https://nobelmedicalllc.gdprlocal.com/uk
• Contact our UK Representative directly using the details in Section 2

We will respond within one month.

11. Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, secure authentication, and regular review of our security practices.

While no system can guarantee absolute security, we apply commercially reasonable safeguards proportionate to the sensitivity of the data we process.

12. Data Breaches

In the event of a personal data breach affecting your rights and freedoms, we will notify the ICO within 72 hours where required, and notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights.

13. Complaints

If you believe your data protection rights have been breached, we encourage you to contact us first so we can address your concerns.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113
• Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

14. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent version. Material changes will be notified through the website or by direct communication where appropriate.

15. Contact

Nobel Medical LLC 131 Continental Dr, Suite 305 Newark, DE 19713, USA Email: help@medicalcert.co.uk

UK Representative: see Section 2 above.