Privacy Policy
Last updated: February 2026
1. Who we are
Dopa Clinic Ltd (“Dopa”, “we”, “us”) is a CQC-registered healthcare provider offering ADHD assessment and treatment services. We are the data controller for the personal information we collect about you.
2. What data we collect
We collect information you provide directly (name, email, date of birth, medical history), data generated through our services (assessment results, clinical notes), and technical data (IP address, browser type, cookies). We process special category health data under explicit consent and for healthcare purposes.
3. How we use your data
To deliver clinical services, manage appointments and prescriptions, communicate about your care, process payments, comply with legal and regulatory requirements, and improve our services.
4. Data sharing
We share data with your GP (with consent), pharmacies (for prescriptions), payment processors (Stripe), and hosting providers (Supabase). We never sell your data. Clinical data is stored within the UK/EEA.
5. Your rights
You have the right to access, correct, delete, or port your data. You can withdraw consent at any time. To exercise these rights, contact us at privacy@dopa.co.uk.
6. Data retention
Medical records are retained for a minimum of 8 years in line with NHS guidelines. Non-clinical data is retained for as long as necessary and deleted upon request.
7. Contact
For privacy enquiries, contact our Data Protection Officer at privacy@dopa.co.uk. You also have the right to lodge a complaint with the ICO at ico.org.uk.