UK/EEA Privacy Policy and Data Protection

Effective Date: 18 September 2025

InventAsia Limited (trading as Prescribe Digital), its subsidiaries and other related entities (collectively referred to as the Prescribe Group, “we”, “our” or “us”), are committed to protecting your privacy. We comply with applicable data protection laws in the regions in which we operate, including:

  • the UK GDPR and the Data Protection Act 2018 (United Kingdom),

  • the Australian Privacy Principles under the Privacy Act 1988 (Cth),

  • the EU GDPR,

  • the Privacy Act 2020 (New Zealand),

The purpose of this policy is to inform individuals about the manner in which Prescribe Group collects, discloses and manages personal information. This policy appears on our website and we will also provide a copy of this policy to anyone who makes a request, free of charge.

1. About Us

Prescribe Digital is an internationally recognised group operating in the United Kingdom, Australia, New Zealand, Ireland, Hong Kong, and the Philippines. We provide healthcare technology solutions tailored to regional needs. Our UK operations are supported by on-shore Microsoft Azure data centres (South and West).

2. What is Personal Information

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, “personal data” means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to identifiers such as a name, identification number, location data, online identifier, or factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

Certain categories of personal data are given additional protection, referred to as special category data. This includes information relating to:

  • racial or ethnic origin;

  • political opinions;

  • religious or philosophical beliefs;

  • trade union membership;

  • genetic data;

  • biometric data (where used for identification purposes);

  • health data;

  • sex life or sexual orientation;

  • Information about criminal convictions and offences is also subject to specific protections under the UK Data Protection Act 2010.

3. Information We Collect

We may collect, hold and process the following personal and organisational data:

  • identification information – name, job title, date of birth, current or previous address; 

  • organisation name / trade references – name of entity, contact name, telephone number, fax number, email address, years trading with you;

  • business contact details (email address, phone number, address);

  • account login details and authentication information;

  • data submitted via our website (e.g., enquiry forms, job applications);

  • uploaded audio recordings and dictations relating to clinical notes, summaries, treatment plans etc;

  • information contained within the notes and summaries relating to clinical documentation and patient specific information;

  • information relevant to your account or application, such as CVs or interview notes; and

  • technical information such as IP addresses, browser types, and usage logs (see section on Cookies).Not all information that we collect from you is personal information. 

    4. How we collect personal information

    While we will usually collect information directly from you, personal information may be collected in a number of different ways including:

    • information which you have uploaded to the platform;

    • documentation provided to us;

    • interviews;

    • our website or applications;

    • emails and written correspondence that you send us;

    • our mailing lists;

    • third party service providers that provide commercial financial information and market research organisations;

    • your representatives; and

    • from publicly available sources.

If you supply us with information about another person, you should ensure you are authorised to do so. You must inform that person who we are, that we will use and disclose their personal information as outlined in this Privacy Policy from time to time.

5.How We Use Your Information

We only collect personal information that is necessary for us to provide our products and services to you, to develop and promote our products and services, to manage our business and to assist us with complying with our legal and regulatory obligations. This includes:

  • contacting and communicating with you;

  • as a necessary part of providing the products or services (e.g., audio-to-text transcription) that you have requested;

  • administering and managing the supply of our products and services including customer support and service improvement;

  • assessing your suitability for employment where you are a job applicant;

  • enabling our related entities and contractors to assist you with related services as required;

  • researching, developing and enhancing our products and services;

  • maintaining and developing our business systems;

  • internal record-keeping and account management;

If we do not collect personal information from you, or if the information provided is incomplete or inaccurate, we may not be able to provide our products or services, or our products or services may be compromised.  As well as using your personal information for the primary purposes for which you provided it to us, we may also use your personal information for related secondary purposes, although we will endeavour to contact you for your express consent should the secondary purpose be one which we consider you may not reasonably expect.

With your consent or where permitted by law, we may also send promotional communications related to our products or services.

6. Direct Marketing

We will never use or disclose any special category data (such as health data, or information about race, religion, or sexual orientation) for marketing or advertising purposes.

We may use your personal data to provide you with information about our own products and services, where we have a lawful basis to do so (for example, where you have given your consent, or where we rely on our legitimate interests to keep you informed about similar services you use). We do not share your personal data with third parties for their marketing purposes.

You have the right to object at any time to the use of your personal data for direct marketing. If you do not wish to receive marketing communications from us, please contact us or use the unsubscribe option provided in our communications, and we will promptly remove your details from our marketing database.

7. Disclosure of your Personal Information

The people/organisations to which we may disclose your personal information to include:

  •  other companies in the Prescribe Group;

  • our staff members;

  • third parties that provide services to us or through us, or who assist us provide, manage or administer our products or services;

  • our website host or software application providers;

  • personnel involved with the operation of our website including sales, marketing and system administration;

  • our related entities, agents, associates and business partners;

  • our lawyers, accountants and other professional advisers;

  • contractors and outsourced service providers including but not limited to:

    • information technology service providers; and

    • market research organisations;

    • your authorised representatives;

    • our professional advisers, including our accountants, and auditors;

    • government and regulatory authorities and other similar organisations; and

    • other parties as required or authorised by law.

We will not sell your personal data. If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction, but we will notify you before it is transferred or becomes subject to a different privacy policy.

We will only disclose special category data (for example, health data, biometric data, or information relating to race or religion) with your explicit consent, or where permitted or required by law.

8. Disclosure Overseas

We may transfer your personal data to members of the Prescribe Group located outside the United Kingdom.

Where we transfer personal data outside the UK or the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect it, as required by the UK GDPR. These may include:

  • Transfers to countries that have been recognised by the UK Government as providing an adequate level of protection for personal data;

  • Use of standard contractual clauses approved by the UK Government, which impose contractual obligations to ensure your data is protected; or

  • Other lawful safeguards recognised under applicable data protection laws.

We will take steps to ensure that your personal data continues to be protected to the same standard required under UK law, even when it is processed in another country.

We do not disclose credit information to entities that do not have a lawful basis under UK law.

9. Government Related Identifiers

We may collect certain government-issued identifiers (such as NHS numbers, hospital numbers or national insurance numbers) where necessary for verification, compliance, or contractual purposes.

We will not use these identifiers as our own internal means of identifying you, and we will only process or disclose such identifiers where we have a lawful basis to do so under the UK GDPR and the Data Protection Act 2018 for example, where required by law, for fraud prevention, or where necessary to provide our services to you.

10. Data Integrity

We take reasonable steps to ensure that all personal data we hold is accurate, complete, and kept up to date. To assist us, you should contact us if your details change or if you believe that any personal data we hold about you is inaccurate or incomplete.

We will not retain personal data for longer than is necessary for the purposes for which it was collected, unless a longer retention period is required by law or to meet regulatory, contractual, legal, or governance obligations.

When personal data is no longer required, we will securely delete or anonymise it. We may retain limited information in backups where strictly necessary for business continuity, fraud prevention, or legal compliance.

11. Cookies

Our website may use “cookies” or similar technologies to enhance your browsing experience, analyse traffic, and deliver relevant content. A cookie is a small file placed on your device when you access our website or applications.

Cookies we use may include:

  • Strictly necessary cookies – required for the website to function (e.g., login, security, load balancing).

  • Functional cookies – to remember your preferences and improve your experience.

  • Analytics cookies – to help us understand how visitors use our website and improve performance.

  • Advertising/targeting cookies – to deliver relevant content and measure campaign effectiveness.

For users in the UK and EU:

  • We will only place non-essential cookies (analytics and advertising cookies) on your device if you provide your consent.

  • You can manage or withdraw your consent at any time through our cookie banner or cookie settings on our website.

  • You can also manage cookies through your browser settings, but this may affect the functionality of our site.

12. Security Measures

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encrypted data storage and transmission (TLS/SSL)

  • Firewalls, access controls, and multi-factor authentication (MFA)

  • Regular third-party penetration testing

  • Ongoing employee data protection and security training

  • Continuous monitoring for threats or breaches

  • Business continuity and disaster recovery measures to maintain service availability and resilience

While we take reasonable steps to protect the personal data that we hold from misuse, loss, unauthorised access, alteration, or disclosure, you should be aware that no system is completely secure against cyber attack.

The open nature of the internet means that information exchanged online may be accessed and used by people other than those for whom it is intended. Any information sent via the internet is transmitted at your own risk.

If you believe that there has been unauthorised access to, or disclosure of, any personal data that we hold about you, please contact us immediately.

13. Access and Correction

Individuals have the right under the UK GDPR to request access to their personal data and to request its correction (rectification). To do so, please contact our Privacy Officer using the details below.

We encourage you to let us know promptly if your personal data requires correction or updating. Prescribe Group will not charge a fee for providing access or for correcting your data, unless a request is manifestly unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or refuse the request.

Before granting access or making corrections, we may require you to verify your identity.

In line with Article 12(3) of the UK GDPR, we will respond to your request without undue delay and within one month of receipt, and we will always endeavour to respond earlier where possible.

If we deny your request, we will provide you with written reasons for the refusal and information about how you can lodge a complaint with the relevant supervisory authority.

If we accept your request, we will take all reasonable steps to correct or update your personal data, having regard to the purpose for which it is processed.

Please note that you may also have other rights under the UK GDPR, including the right to erasure, restriction, portability, and objection. For more details, see the “Your Rights” section of this policy.

14. Automated Decision Making Systems

We use artificial intelligence (AI) technologies, such as AISA®, to support transcription and documentation processes (for example, converting audio from patient encounters into clinical notes). These tools assist users but do not make decisions about individuals.

We do not use personal data for decisions based solely on automated processing (including profiling) that would produce legal effects or similarly significantly affect an individual. All outputs from our AI systems are subject to human review and oversight.

If in the future we introduce systems that involve automated decision-making of this kind, we will ensure such processing complies with the UK GDPR, and that individuals are informed in advance and given appropriate safeguards, including the right to human intervention, to express their views, and to contest any decision.

16. Complaints

If you believe that we have breached this Privacy Policy or our obligations under applicable data protection laws (such as the UK GDPR), you may make a complaint. A written complaint can be emailed or posted to us using the contact details set out below. Please include your contact details so that we can respond to you regarding your complaint.

We will consider your complaint and respond as soon as reasonably possible, and in any event within 14 days of receiving it.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority. For UK residents, this is the Information Commissioner’s Office (ICO):

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Telephone: 0303 123 1113

Website: www.ico.org.uk

17. Contact Us

If you wish to:

  • gain access to your personal data;

  • correct, update or delete your personal data;

  • make a complaint about a breach of your privacy rights;

  • ask a question about how your personal data is collected, held, used, or disclosed; or

  • contact us regarding any other matter concerning this policy,

you can speak directly with our staff, who will do their best to resolve your issue as quickly as possible. Alternatively, you can write to or email our Privacy Officer. We will respond to you as soon as reasonably possible.

Privacy Officer Contact Details

Email: dataprotection@prescribe-digital.com

Attention: “Privacy Officer”

18. Changes to this Policy

From time to time, it may become necessary for us to review or amend this policy. Any changes will be made as and when required, and we will advise you of any changes by posting an updated version of our policy on our website, https://www.prescribe-digital.com/. An up-to-date copy of this policy will be available in hard copy at all times at our office.