Privacy Policy

  1. Introduction

    This privacy policy (Policy) governs your use of the Medic Bleep software mobile application (Application) that was created and is brought to you by Medic Creations Limited. The Application enables medical teams to communicate with each other and share information, including images, about patients in a secure environment.

    Medic Bleep regard your privacy and the handling of your personal data with the utmost importance. This Policy details how we collect, use and securely store any personal data submitted to us through use of our site (our Site) and the Application.

    Below is also an explanation of the various rights you can exercise as a data subject, as well as to how you can exercise those rights.

  2. Who we are (identity of the data controller)

    For the purposes of this Policy, MEDIC CREATIONS LIMITED (us, we, or our) is the data controller and operates the Medic Bleep Application and Site.

    Our registered office address is: Oakdale, Royal Oak Hill, Christchurch, Newport, Wales NP18 1JF.

    Our company number is: 09452339

    Our ICO registration is: ZA234286

  3. Legal basis for data processing

    Our users (User)

    We process your user data on the legal basis of explicit consent.

    Non-user contacts

    We process your data on the legal basis of explicit consent.


    Where a contract has been signed, we process your data on the legal basis of contract.

    Web submissions

    We process your data, your name, email that you enter and any additional personal data you send us on the legal basis of legitimate interest. On submission we give you the option to opt into further marketing, on the basis of explicit consent.

    User provided case information and Patient Data

    When you use the Application, you will have the ability to upload and share with your colleagues' messages, information and images, audio and visual, including information and images regarding specific patient cases (Patient Data)

    This Patient Data is considered to be a special category of data under the General Data Protection Regulation (EU) 2016/679 (GDPR) and is processed under section 6(1)(c) “necessary for compliance with a legal obligation to which the controller is subject” and 9(2)(h) “(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or member State law pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;”

    It should be noted that for patient’s data we are the processor and not the controller. Any queries in relation to patient data should be addressed to the hospitals/trusts as they remain the controllers of patient data.

    Giving your explicit consent for us to process your data does not affect your rights. Details of your rights and our data retention periods are further explained below in this Policy.

    For all individuals, users and non-user contacts we rely on separate, explicit consent for direct marketing. You may withdraw your consent for further processing, fully or for specific purposes at any time by emailing It is important to note that this may affect the services we are able to offer you, and we may need to continue to process data relating to your request to withdraw consent.

  4. Why do we need your User provided personal data?

    Providing us with your personal data is a requirement of using the Application. This is because your personal data is required to confirm your identity as a user, to maintain accurate clinical records for your patients or clients, and to identify you to other users who may need to contact you.

  5. What User provided personal data does the Application obtain and how is it used?

    When you register with us and use the Application, you will need to provide us with certain personal data that can be used to contact you or identify you and this includes:

    1. Your full name
    2. Your Username
    3. Your Password
    4. Your Institution Email Address
    5. Your place of work
    6. Country of residence
    7. Your Medical ID or Professional Registration Number
    8. Speciality
    9. Role and Grade

    In order to use Medic Bleep on a device, certain permissions in the Operating System are required for the safe operation of our software. These include the use of following permissions must be enabled on your device:

    • Notifications (Alerts)
    • Microphone & Phone (for voice recording and in-app voice calls)
    • Camera (image capture)
    • Files and Media (document import)
    • Location (GPS)

    Your location data will only be used to trigger geo-fencing rules to remind you to update your availability status within Medic Bleep (when arriving and leaving one or more designated sites). This location data will be collectedused both when the app is open on your device and in background mode (minimised) but will not be stored and/or retained within the app or on our servers for any other purpose. It is not possible for you or any other user of Medic Bleep to access or view your location data, either in realtime or historically.

    Your password is cryptographically hashed.

    We will also obtain personal information you provide when you contact us for any other reason by any medium, for example to send us feedback or report a problem with the Application.

    You will also be asked to provide us with information verifying you are a licensed healthcare professional, which we will cross-reference with publicly available data to ensure that you actually are a licensed healthcare professional.

    We collect and hold this information for the purpose of administering your use of the Application. We may also use this information to:

    • Maintain and improve the Application;

    • Contact individuals for the purposes of preventing or addressing service, security or technical issues; and

    • To answer queries from users directly.

    We may also collect information from individuals, users and non-users, who contact us, via email, telephone or web submission. This will include name, email address and in some cases telephone number, and details related to your place of work.

  6. Automatically collected information

    When you access the Application, we may collect certain information automatically such as the type of mobile device you use, the IP address of your mobile device, your mobile operating system and information about the way you use the Application in order to improve the Application and deliver the services.

    All information of this type stored on our servers will not be accessible by third parties. We do not collect user level search activity or viewing activity. This is only compiled at an aggregate in order to help us better understand how users are using the Application so that we can optimize your experiences.

  7. Sharing of information

    We do not share your information with anyone outside Medic Creations Limited without your express permission to do so.

    Under no circumstances will your information be sold or passed on to third parties for the purposes of marketing, sales or other commercial uses without express permission.

    We may disclose information to third parties where it is necessary, such as where there is a legal obligation, for the purposes of the prevention and/or detection of fraud or crime or where permitted under data protection legislation.

  8. Data Protection Officer (DPO)

    Medic Creations Limited has appointed Matthew Shakesheff as the Data Protection Officer (DPO). Should you need to contact Medic Creation Limited’s DPO directly, you can do so by email:

  9. Security measures and storage of personal data

    Where you communicate to us via our site, the nature of the Internet is such that we cannot guarantee or warrant the security of any information you transmit to us via the internet. No data transmission over the internet can be guaranteed to be 100 % secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your personal data.

  10. Cookies

    Our site uses “cookie” technology to enhance your user experience. A cookie is a small piece of text stored by your browser on your computer, at the request of our server.

    We may use cookies to deliver content specific to your interests and to save your personal preferences, so you don’t have to re-enter them each time you connect to the Internet or our site. You are always free to decline our cookies, if your browser permits, or to ask your browser to indicate when a cookie is being sent.

    You can also manually delete cookie files from your computer at your discretion. Note that if you decline our cookies or ask for notification each time a cookie is being sent, this may affect your ease of use of our site.

    To opt-out of personalized advertising from Medic Bleep, please visit DAA, NAI, and EDAA.

  11. Disclosure of your personal data to third parties

    We will disclose User provided personal data and automatically collected information as described above only in the following circumstances:

    • to the other members of your team who have downloaded the Application (User-provided information only);

    • as required by law, such as to comply with a summons, court order or similar legal or statutory process;

    • when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;

    • with our trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement; and

    • if we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of this information, as well as any choices you may have regarding this information.

  12. How long we retain your personal data

    We will not retain your personal data for longer than is necessary under the principle of data minimisation. User account details are stored for the duration of you maintaining an account. We store all clinically related data, including messages, tasks, patient details and time/date/user ID stamps for seven years. It is important that as part of the service of the Application we maintain accurate clinical records, for the purposes of any audit or legal enquiry.

  13. Data subject rights

    Under the General Data Protection Regulation (GDPR), data subjects whose data is processed by Medic Creations Limited are entitled to exercise certain rights against their personal data. These rights are designed to put Data Subjects in the driving seat when it comes to how their personal data is handled by organisations. These include:

    • The right to be informed

    Medic Creations Limited are obliged to ensure that any communications regarding our data processing activities between ourselves and any Data Subjects is provided is a clear and transparent manner. This is provided by this Policy.

    • The right of access

    You are entitled to request a copy of the all personal data currently held on you as well as the following information about your data:

    1. The purpose of processing;
    2. The categories of personal data concerned;
    3. The recipients to whom the personal data has been disclosed;
    4. The retention/envisioned retention period for that personal data;
    5. The source of the personal data if it has been collected from a third-party.

    • The right to rectification

    If you believe the personal data we hold on you is either inaccurate or incomplete, you may exercise this right to correct or complete this data. This right can be used with the right to restrict processing to ensure that any inaccurate or incomplete data is not processed until corrected.

    • The right to erasure (right to be forgotten)

    You may request erasure of any personal data we hold on you without undue delay where one of the following grounds apply:

    1. The personal data are no longer necessary in relation to the purposes they were collected or otherwise processed;
    2. The data subject withdraws consent and no other legal ground for processing exists;
    3. The data subject exercises the right to object and no overriding legitimate grounds for processing exist;
    4. The personal data has been unlawfully processed;
    5. The personal data has to be erased for compliance with an overriding legal obligation;
    6. The personal data have been collected in relation to the offer of information society services.

    • The right to restrict processing

    As an alternative to the right to erasure, you may ask us to cease processing your data, but not erase it entirely where one of the following grounds apply:

    1. The accuracy of the personal data is contested;
    2. Processing of the personal data is unlawful;
    3. Personal data is no longer needed for processing, but is still required as part of a legal process;
    4. The right to object has been successfully exercised and processing is temporarily halted pending a decision on the status of the processing.

    • The right to data portability

    You may request your personal data be transferred to another controller or processor in a commonly used, machine-readable format. This right can only be exercised when all of the following grounds apply:

    1. The processing was on the basis of consent
    2. The processing is by automated means
    3. The processing if for the fulfilment of a contractual obligation

    • The right to object

    You may exercise the right to object in instances where:

    1. Processing is based on either the performance of a public task or legitimate interest;
    2. Processing is for direct marketing purposes;
    3. Processing is for the purposes of scientific or historical research;
    4. Processing involves automated decision-making, including profiling.
  14. How to exercise your rights

    You may request to exercise any of the above rights, free of charge by contacting

    Any data subject request will be responded to within one month, however we reserve the right to refuse or charge an administrative fee for the furthering of any of the above requests if they are done so in a frivolous, vexatious or excessive manner. We will inform you if an administrative charge is being applied before fulfilling your request, so you can decide whether or not to proceed. Typically, in order to further one of the following requests, we will ask for you to provide a form of identification for verification purposes.

  15. Questions and Complaints

    Should you wish to discuss a complaint, please contact the DPO at the above email address, who will be happy to assist you. Alternatively, if you are unsatisfied with the DPO’s response to your concern, Under Article 77 of the GDPR you have the right to lodge a complaint directly with the Information Commissioner’s Office. Under Article 80, you may authorise certain third parties to make a complaint on your behalf (such as legal representation).

  16. Changes to this privacy notice

    We reserve the right to make changes to this Policy at any time without prior consultation. Any changes to this Policy will be posted on our site so that you are always aware of what personal data we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use personal data in a manner significantly different from that stated in this Policy, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail.

ICO Reference Number: ZA234286
Download App
  • Download on the App Store
  • Get it on Google play
  • Web App
  • Windows PC App
Follow Us