Môr Health Website and Privacy Notice
Introduction
Môr Health is committed to protecting your personal data and maintaining your confidentiality.
This notice explains how we collect, use, and protect your information when you use our website and services, in accordance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.
Who We Are
Môr Health is a private GP service based in Porthcawl.
We are the data controller for the personal data we process in connection with our services.
The Information We Collect
We may collect and process the following information:
a) Website and contact data
Name, email address, and any information submitted via contact forms.
b) Appointment and administrative data
Booking details, contact information, and communication records.
c) Clinical data
Where you become a patient, we will collect and process medical information necessary to provide safe and appropriate care.
d) Technical data
IP address, browser type, device information, and cookies or usage data.
How We Use Your Information
We use your information to respond to enquiries, manage appointments and communications, provide clinical care where applicable, issue prescriptions and referrals, comply with legal and regulatory obligations, and improve our website and services.
Lawful Basis for Processing
We process personal data under the following lawful bases:
Performance of a contract (providing services you request)
Legitimate interests (running and improving our service)
Consent (e.g. contact forms, optional communications)
For medical information (special category data), processing is necessary for the provision of healthcare and medical diagnosis under Article 9(2)(h) UK GDPR.
How We Store and Process Your Data
We use secure systems to manage your information, including Semble for medical records, bookings, and clinical documentation; Squarespace for website hosting; and Google Workspace for email communication.
Payments are processed securely via Semble Pay, with Stripe acting as a sub-processor within this system.
We take steps to ensure that any data transferred outside the UK is protected by appropriate safeguards in accordance with UK GDPR.
All third-party providers are subject to appropriate data processing agreements and are required to maintain confidentiality and comply with UK data protection law.
Sharing Your Information
We do not sell or rent your data.
We may share your information with laboratories or diagnostic providers where clinically required, pharmacies for prescriptions, specialist clinicians for referrals, and regulators or legal authorities where required.
Data Retention
We retain personal data only for as long as necessary.
Website enquiries are retained for up to 12 months.
Clinical records are retained in accordance with UK medical record retention guidelines.
Your Rights
You have the right to access your personal data, request correction of inaccurate data, request deletion where appropriate, restrict or object to processing, and withdraw consent where applicable.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are concerned about how your data is handled.
Security and Confidentiality
We take confidentiality seriously.
Your data is stored securely using appropriate technical and organisational measures, including encryption and access controls.
Access to clinical information is restricted to authorised personnel only.
We are registered with the Information Commissioner’s Office (ICO) as a data controller.
Cookies
Our website uses cookies to improve functionality and user experience.
You can manage cookie preferences through your browser settings.
Contact
If you have any questions or wish to exercise your rights, please contact:
Dr David Cooper
Môr Health
1 The Portway
Porthcawl
CF36 3XB
Email: hello@morhealth.co.uk