Privacy & Cookies Policy

How we collect, use and protect your personal data when you visit our site.

Data controller

The Keep Clinic is a trading name of MSK DOCTORS & ASSOCIATES LIMITED (“we”, “us”, “our”), a company registered in England and Wales (company number 12301444) at Msk House London Road, Silk Willoughby, Sleaford, England, NG34 8NY.

Our Data Protection Officer is Chengke Sun, who can be contacted at chengke@mskdoctors.com.

This policy (together with our terms of use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller.

Lawful bases for processing

We rely on the following lawful bases under Article 6(1) of the UK GDPR for processing your personal data:

Processing activity	Lawful basis
Booking and consultation enquiries	Contractual necessity (Article 6(1)(b)). Processing is necessary to take steps at your request prior to entering into a contract, or to perform a contract with you
Cookie-based analytics	Consent (Article 6(1)(a))
Session recording	Consent (Article 6(1)(a))
Privacy-preserving analytics after cookie rejection	Legitimate interest (Article 6(1)(f)). We have a legitimate interest in understanding site usage in aggregate to improve our services. This processing uses a daily rotating hash that cannot identify you personally or track you across days, and we consider the impact on your privacy to be minimal

Information we collect

We may collect and process the following data about you:

Information you provide. When you fill in forms on our site or correspond with us by phone, email, or otherwise, you may provide your name, email address, phone number, and details relating to your enquiry. We process this on the basis of contractual necessity (Article 6(1)(b)).
Technical information. When you visit our site, we may collect technical information including your IP address, browser type and version, operating system, time zone setting, and information about your visit such as pages viewed, time spent on pages, and navigation paths. The lawful basis depends on your consent choice; see the Analytics section below.

Health data

When booking a consultation, you may provide health-related information such as symptoms, medical history, or details of your condition. This constitutes special category data under Article 9 of the UK GDPR.

We process this data on the basis of your explicit consent (Article 9(2)(a)), which you provide when submitting your booking or enquiry. You may withdraw this consent at any time by contacting us, although this will not affect the lawfulness of processing carried out before withdrawal.

Analytics

We use PostHog, a product analytics platform, to understand how visitors use our site so we can improve it. PostHog data is processed and stored in the European Union.

No analytics data of any kind is collected until you make a consent choice. How analytics works after that depends on your choice:

If you accept analytics cookies. PostHog uses cookies to recognise you across pages and visits, giving us a fuller picture of how the site is used. The lawful basis for this processing is your consent (Article 6(1)(a)).
If you reject cookies. We collect privacy-preserving analytics that cannot identify you personally. Your IP address and browser information are combined with a daily rotating salt to create a temporary hash. This hash changes every day, meaning we cannot track you across days or link activity back to you. Individual events are stored with this pseudonymous hash but contain no persistent identifier. The lawful basis for this processing is our legitimate interest in understanding site usage (Article 6(1)(f)).

Session recording

With your explicit consent (Article 6(1)(a)), we use PostHog Session Replay to record how you interact with our site. This captures mouse movements, clicks, scrolling, and page content to help us identify and fix usability issues.

Session recordings are only captured when you have explicitly opted in via the cookie consent panel. No recordings are made without your consent. Recordings are stored securely in the EU and automatically deleted after 1 month.

Booking attribution

When you click a link to our booking system (hosted on a subdomain of mskdoctors.com), we append UTM parameters to the URL so we can understand which pages led you to book. Because the booking system shares the same domain, your existing analytics cookies carry over automatically. No additional identifiers are needed for this.

Cookies

A cookie is a small text file placed on your device by a website. We use cookies for the purposes described below. You can manage your cookie preferences at any time using the cookie settings panel on our site.

Cookie categories

Category	Purpose	Default
Strictly necessary	Stores your consent preferences. These cookies are essential for the site to function and cannot be switched off.	Always on
Analytics	PostHog cookies that help us understand how visitors use our site, including pageviews, navigation paths, and engagement.	Off until consented
Session recording	PostHog session replay cookies that allow us to record site interactions to improve usability. Treated separately from analytics as screen recordings of health-related browsing are considered personal data.	Off until consented

Data sharing and international transfers

We share personal data with the following third-party processors:

PostHog Inc. For analytics and session recording. Data is processed and stored in the EU region. No international transfer is involved.
Stripe Inc. For payment processing, where applicable. Stripe processes data in the United States. This transfer is protected by Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner.
Postmark (ActiveCampaign LLC). For transactional email delivery. Postmark processes data in the United States. This transfer is protected by Standard Contractual Clauses (SCCs).

We may also share your information where required by law, or to enforce our terms of use and protect the rights, property, or safety of our users or others.

Data retention

Analytics events. Retained for 12 months, then automatically deleted.
Session recordings. Retained for 1 month, then automatically deleted.
Booking and consultation data. Retained for 7 years from your last interaction, in line with medical record-keeping guidance and limitation periods for clinical negligence claims.
Contact form submissions. Retained for 2 years from your last correspondence.

Data storage and security

Analytics and session recording data is stored in PostHog's EU data centres. Personal data submitted through our site is stored on secure servers. Payment transactions are encrypted. While we take all reasonable steps to protect your data, no transmission over the internet is completely secure.

Your rights

Under the UK GDPR, you have the right to:

Access. The personal data we hold about you
Rectify. Inaccurate or incomplete personal data
Erase. Your personal data in certain circumstances
Restrict. The processing of your personal data
Data portability. To receive your data in a structured, commonly used format
Object. To processing based on legitimate interest, including the privacy-preserving analytics described above
Withdraw consent. At any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal

To exercise any of these rights, contact us at team@mskdoctors.com or our Data Protection Officer at chengke@mskdoctors.com.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Changes to this policy

Any changes to this privacy policy will be posted on this page. Please check back periodically to stay informed of any updates.

Contact

Questions, comments, and requests regarding this privacy policy should be addressed to team@mskdoctors.com.