Skip to main content

Privacy Policy

Last updated: February 23rd, 2026

At My Practice Manager Ltd ("we," "our," or "us"), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.mypracticemanager.co.uk (the "Website") or use our services. Please read this policy carefully to understand our views and practices regarding your personal data and how we treat it.

By using the Website, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please discontinue use of the Website.

1. Information We Collect

We collect different types of personal data depending on how you interact with our Website and services. The types of personal data we collect may include:

  • Personal Identification Information: Name, email address, phone number, and other contact details.
  • Technical Information: IP address, browser type, operating system, and other usage details.
  • Usage Data: Pages you visit on the Website, time spent on each page, and other user behavior data.
  • Payment Information: If you make a purchase or use paid services, we may collect payment card details, billing address, and transaction data.
  • Staff Scheduling Data: When using the Rota feature, practice managers may input staff names, email addresses, working patterns, skills and qualifications, contracted hours, and availability periods. This data is entered by practice administrators about their staff and is processed solely for the purpose of workforce scheduling. We do not store absence reasons, health data, or other special category data within the rota system.
  • Staff Compliance Data: When using the Compliance Document Manager, practice managers may input staff names and email addresses for the purpose of tracking document acknowledgment and compliance.

2. How We Use Your Information

We use the information we collect for various purposes, including:

  • To provide and maintain our services
  • To communicate with you regarding inquiries, customer support, or updates
  • To process transactions
  • To improve the performance of our Website and services
  • To ensure the security and integrity of our Website
  • To send marketing communications, newsletters, or promotions (you can opt-out at any time)
  • To generate workforce schedules, fairness reports, and related operational outputs based on staff scheduling data you provide
  • To comply with legal obligations

3. Staff Data and Special Category Data

Important: Permitted and Prohibited Data

Certain features of My Practice Manager — including the Rota, Compliance Document Manager, and Poster Library — are designed to process limited, non-sensitive staff data such as names, email addresses, working patterns, and professional skills. This processing is necessary for the operation of these features and is carried out in accordance with applicable data protection laws.

You must not input the following types of data into the platform:

  • Patient data: No patient-identifiable information, medical records, or clinical data of any kind.
  • Special category data: No data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person's sex life or sexual orientation (as defined by Article 9 of UK GDPR).
  • Absence reasons: While you may record periods of staff unavailability in the Rota, you must not record the reason for any absence (e.g. sickness, compassionate leave, disciplinary matters). The platform is deliberately designed not to capture this information.

By using our Website and services, you acknowledge and agree that:

  • You are solely responsible for ensuring compliance with data protection regulations, including UK GDPR, when entering staff data into My Practice Manager.
  • You act as the data controller for any staff personal data entered into the platform. We act as a data processor on your behalf, as set out in our Data Processing Addendum.
  • You must not input patient data, special category data, or absence reasons into the platform. Doing so is entirely at your own risk.
  • We are not liable for any consequences resulting from the entry of prohibited data into My Practice Manager.

4. How We Share Your Information

We may share your personal data with:

  • Service Providers: Third-party vendors who help us with business operations, such as payment processing, email marketing, and hosting services. These parties are bound by confidentiality agreements and cannot use your data for any other purpose. For more details about how we process data as a service provider, please refer to our Data Processing Addendum.
  • Staff Members via Secure Links: When using the Rota feature, scheduling data (including staff names and assigned shifts) may be shared with individual staff members via cryptographically signed, time-limited links. These links provide access to personal schedule views and calendar feeds without requiring a login. Link access is logged, and links can be revoked by the practice administrator at any time. Links expire after 90 days unless renewed.
  • Legal Requirements: We may disclose your information if required by law or in response to valid legal requests, such as court orders or subpoenas.
  • Business Transfers: In the event of a merger, acquisition, or sale of company assets, your personal data may be transferred to a third party involved in the transaction.

We do not sell or rent your personal data to third parties.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Website. Cookies are small files stored on your device that help us improve functionality and track usage patterns.

Types of cookies we may use:

  • Essential Cookies: Required for the Website to function properly.
  • Analytical/Performance Cookies: Help us understand how users interact with the Website.
  • Marketing Cookies: Used to show relevant advertisements to visitors.

You can manage or disable cookies through your browser settings, but doing so may impact your experience on our Website.

6. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to safeguard it from unauthorized access, alteration, disclosure, or destruction. However, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete information.
  • Right to Erasure: You can request that we delete your personal data, under certain conditions.
  • Right to Restriction of Processing: You can request that we limit the processing of your data.
  • Right to Data Portability: You can request a copy of your data in a structured, commonly used format.
  • Right to Object: You have the right to object to our processing of your personal data.

To exercise these rights, please contact us at contact@mypracticemanager.co.uk.

If you are a GP practice using our services, we recommend reviewing our Sample Data Protection Impact Assessment to help you understand and assess the data protection risks associated with using our platform.

If your staff members wish to exercise their data protection rights in relation to data held within My Practice Manager, they should contact you (as the data controller) in the first instance. We will assist you in responding to such requests in accordance with our Data Processing Addendum.

8. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, regulatory, tax, accounting, or reporting requirements. When the data is no longer required, we will securely delete or anonymize it.

Specific retention periods for feature-related data include:

  • Rota schedules: Published rotas are retained for the duration of your subscription and may be retained beyond cancellation where required for regulatory compliance (e.g. CQC evidence). Draft rotas are deleted when superseded or upon account closure.
  • Staff satisfaction and fairness data: Satisfaction scores are retained on a 12-week rolling basis. Quarterly fairness summaries are retained for the duration of the subscription.
  • Staff access links: Magic links for personal schedule views and calendar feeds expire after 90 days. Access logs are retained for audit purposes for the duration of the subscription.
  • Compliance Document Manager: Documents and acknowledgment records are retained for the duration of your subscription and deleted upon account closure unless otherwise required by law.

9. Third-Party Links

Our Website may contain links to third-party websites, plugins, or services. Please be aware that we are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. The "Last Updated" date at the top of this page will be revised accordingly. We encourage you to review this policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at:

My Practice Manager Ltd
contact@mypracticemanager.co.uk