top of page

Privacy Notice

Privacy Notice 

Effective Date: 1st January 2025
Last Updated: 29th October 2025

1. Who We Are

Docstudies Ltd (“we”, “us”, “our”) is a market research company conducting surveys and interviews with healthcare professionals and patients to gather insights on medical and healthcare-related topics.

Controller: Docstudies Ltd
Registered Address: 85 Great Portland Street, First Floor, London, England, W1W 7LT
Email: info@docstudies.com
 

2. What Data We Collect

We collect only the data necessary to manage our research projects and invite you to relevant studies:

  • Identification: Name, job title, specialty, workplace, professional registration number.

  • Contact details: Email address.

  • Research participation details: Survey responses, feedback, honorarium/payment details.

  • Technical data: IP address and device information (for fraud prevention).

  • Special category data: Health-related information or patient experience data, collected only when explicitly required for a study and only with your explicit consent.

3. How We Use Your Data

We process your personal data to:

  • Invite you to participate in relevant research studies.

  • Manage your participation, communication, and incentives.

  • Maintain and update our research participant panel.

  • Comply with our legal obligations (e.g., accounting and tax).

We do not sell or share your data with third parties for marketing purposes.

4. Legal Basis for Processing

We rely on the following legal bases:

  • Legitimate interest – to invite you to participate in relevant market research.

  • Consent – when you agree to participate in a specific study or provide information for payment.

  • Legal obligation – for financial, tax, and accounting compliance.

5. Data Retention

We retain your data:

  • As long as you are part of our research panel.

  • Until you opt out, or request deletion.

You can withdraw your consent and request deletion of your data at any time by contacting info@docstudies.com.

6. Sharing of Data

We may share data with:

  • Secure online survey platforms and cloud hosting providers.

  • Clients, but only in aggregated or anonymized form.

  • Payment providers for distributing incentives via bank transfer or voucher.

All third parties are bound by Data Processing Agreements (DPAs) and are required to comply with GDPR.

7. International Transfers

We do not transfer or store any personal data outside the UK or EEA.

8. Your Rights

You have the right to:

  • Access your data

  • Correct inaccuracies

  • Request deletion

  • Restrict processing

  • Object to processing

  • Request data portability

To exercise these rights, please email info@docstudies.com.

9. Contact & Complaints

If you have concerns about your data, please contact our Data Protection Lead:
Email: info@docstudies.com

You can also lodge a complaint with the Information Commissioner’s Office (ICO) in the UK.

2. Record of Processing Activities (ROPA)

SectionDetails

ControllerDocstudies Ltd, 85 Great Portland Street, First Floor, London, England, W1W 7LT, info@docstudies.com

Purpose of Processing Recruitment and management of healthcare professional and patient panels; conducting paid surveys and interviews.

Data SubjectsHealthcare professionals and patients.

Categories of DataName, contact details, job title, professional credentials, health-related data (with consent), payment details, survey responses.

Lawful BasesLegitimate Interest (panel management), Consent (participation), Legal Obligation (payments).

RecipientsSurvey platforms, payment processors, data hosting providers.

Transfers Outside EEA/UKNone.

Retention PeriodUntil opt out or withdrawal of consent.

Security MeasuresEncryption, restricted access, DPAs with vendors, pseudonymization of survey data.

3. Data Breach Policy

Purpose

To define how Docstudies Ltd identifies, assesses, reports, and responds to personal data breaches under GDPR.

1. Definition

A data breach is any incident leading to unauthorized access, loss, alteration, or disclosure of personal data.

2. Detection & Reporting

All staff must immediately report suspected breaches to the Data Protection Lead at info@docstudies.com.
Incident details must be logged (date, nature, systems affected, data involved).

3. Assessment

Within 24 hours of detection, the Data Protection Lead must:

  • Assess risk to data subjects.

  • Determine if reporting to the ICO is required.

4. Notification

If a breach is likely to result in a risk to rights/freedoms:

  • Notify the ICO within 72 hours.

  • If high risk, notify affected individuals promptly, describing:

    • What happened

    • Likely consequences

    • Steps taken and advice for protection

5. Containment & Recovery

  • Secure affected systems immediately.

  • Change any compromised credentials.

  • Implement technical fixes to prevent recurrence.

6. Documentation

All breaches, regardless of severity, must be recorded in the Incident Register, including:

  • Description

  • Cause

  • Resolution

  • Lessons learned

7. Review

The Data Protection Lead will review and update this policy annually.

bottom of page