ICO Registered: ZB456892 | UK GDPR Compliant | NHS Framework Participant
Request Data Access
Legal

Privacy Policy

How MD DataVault collects, uses, and protects personal data.

Last updated: 14 October 2025

Data Controller: MD DataVault Ltd, 2nd Floor, 12 Finsbury Square, London EC2A 1AS

ICO Registration: ZB456892

1. Who We Are

MD DataVault Ltd (“we”, “us”, or “our”) is a medical data brokerage registered in England and Wales (Company No. 14927631). We act as a data controller for the personal data of website visitors, enquirers, and client contacts, and as a data processor for the anonymised health datasets we supply to clients.

2. Personal Data We Collect

When you use our website or contact us, we may collect:

  • Name, job title, and organisation
  • Work email address and telephone number
  • Information submitted via our contact form
  • Technical data: IP address, browser type, pages visited, referral source (via anonymised analytics)
  • Cookie data (see our Cookie Policy)

3. How We Use Your Personal Data

We process your data for the following purposes and on the following legal bases:

  • Responding to enquiries (legitimate interests / contract performance)
  • Providing our data brokerage services (contract performance)
  • Marketing communications (consent — you may withdraw at any time)
  • Improving our website (legitimate interests)
  • Legal compliance (legal obligation)

4. Data Sharing

We do not sell your personal data. We may share it with:

  • Service providers acting as data processors (e.g., CRM, email, cloud hosting) under appropriate data processing agreements
  • Professional advisers (legal, audit) under confidentiality obligations
  • Regulatory authorities where required by law

5. Retention

We retain personal data for as long as necessary for the purpose it was collected. Contact enquiry data is retained for 3 years. Client relationship data is retained for the duration of the contract plus 7 years.

6. Your Rights

Under UK GDPR you have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing and to withdraw consent where consent is the legal basis. To exercise any of these rights, contact our Data Protection Officer at dpo@mddatavault.co.uk.

7. Cookies

For information about the cookies we use, please see our Cookie Policy.

8. Changes to This Policy

We may update this policy from time to time. The current version will always be available at this URL with the date of last update shown above.

9. Contact Us

For any privacy-related queries, please contact our DPO at dpo@mddatavault.co.uk or write to us at the address above. You also have the right to lodge a complaint with the ICO at ico.org.uk.