The short version: Medical Ocean LTD does not sell, rent, or trade personal data — not website visitor data, not customer data, and never patient data. Because we do not sell data, there is nothing you need to opt out of. This page exists so that you can verify that commitment, understand your choices, and exercise your rights easily.
1. Our commitment
Medical Ocean LTD (“Medical Ocean”, “we”, “us”) builds healthcare software for clinics, hospitals, laboratories, and pharmacies. Trust is the foundation of everything we do, so we want to be unambiguous:
- We do not sell personal data to anyone, for any purpose, in any country where we operate;
- We do not share personal data with third parties for their own marketing or cross-context behavioural advertising;
- Patient Data entered into our products by healthcare organisations is processed only on their documented instructions as their processor — it is never sold, never used for advertising, and never monetised in any form;
- We do not use personal data for automated decision-making that produces legal or similarly significant effects on individuals.
The only sharing we do is described in our Privacy Policy: vetted service providers who help us run our business under strict contracts, professional advisers, regulators where the law requires it, and corporate transactions — none of which constitutes a sale of your data.
2. Your privacy choices
Even though we do not sell data, you stay in control of how we use what you share with us:
- Marketing emails — every marketing message we send contains an unsubscribe link, or you can email us and we will stop immediately. Opting out of marketing never affects service communications your organisation needs (such as security or billing notices);
- Cookies — non-essential cookies (analytics and marketing) run only with your consent where the law requires it. You can change or withdraw your choices at any time through our cookie banner or your browser settings;
- Global Privacy Control (GPC) — where our Website detects a GPC signal from your browser, we honour it for that browser by disabling non-essential tracking;
- Data subject rights — you can request access, correction, deletion, restriction, portability, or object to processing, as described below.
3. How to exercise your rights
You can submit a privacy request in whichever way suits you:
- Email: privacy@medicalocean.co — tell us who you are, your relationship with us (website visitor, customer staff member, patient of a customer, job applicant), and what you would like us to do;
- Post: Medical Ocean LTD, 86-90 Paul Street, London EC2A 4NE, United Kingdom;
- Phone: 0787 226 979 — if you cannot use email or post.
Verification. To protect your data, we verify your identity before acting on a request, normally by matching the details you give us against our records. For sensitive requests we may ask for additional proof. We only use verification information for that purpose.
Authorised agents. Someone may submit a request on your behalf if they provide written proof of your authorisation (or hold a power of attorney). We may still contact you directly to confirm.
Timescales. We respond within one month, in line with the UK GDPR, or any shorter period required by the law that applies to you (equivalent statutory periods apply under the data protection laws of Bahrain, Saudi Arabia, the UAE, and Jordan). Exercising your rights is free of charge, and we will never discriminate against you for doing so.
4. If you are a patient
Your medical records are controlled by your healthcare provider — the clinic, hospital, laboratory, or pharmacy that treats you — not by Medical Ocean. If your request concerns your medical records, please contact your provider directly; they are best placed to respond, and we support them in doing so. If you contact us first, we will refer your request to your provider and let you know.
5. A note on the laws that apply to you
- United Kingdom & EEA — your rights arise under the UK GDPR / EU GDPR. You may complain to the ICO (ico.org.uk) or your local supervisory authority;
- Bahrain, Saudi Arabia, UAE, Jordan — your rights arise under the personal data protection laws of each Kingdom/State, as set out in the country-specific notices in our Privacy Policy, with complaints to the competent authority in your country;
- California and other US states — although we are a UK company primarily serving the UK, the Gulf, and Jordan, if a US state privacy law applies to you: we do not sell or share personal information as those terms are defined in the California Consumer Privacy Act, and we treat requests from state-law residents with the same rights process described above;
- Everywhere else — we honour the data protection rights granted by the law of your country. Contact us and we will explain how your request will be handled.
6. Questions
Anything unclear, or anything you would like us to explain about how your data is handled? Contact our privacy team at privacy@medicalocean.co or our Data Protection Officer at dpo@medicalocean.co. Our full practices are described in our Privacy Policy.