Statica Research Ltd t/a PEP Health Privacy Notice

1. Our Contact Details

Data Controller:

Statica Research Ltd t/a PEP Health

7 Bell Yard, London, England, WC2A 2JR

Data Protection Officer (DPO):

Michael Doyle

Both the company and the DPO can be contacted via:

Email: enquiries@pephealth.ai

2. Introduction

This Privacy Notice explains how we collect, use, store, and share personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU GDPR.

3. What Information We Collect

3.1 Publicly Available Feedback Data

We collect publicly available online feedback concerning healthcare providers from review sites and social media. This includes:

  • The text of comments regarding healthcare providers
  • The date the comments were posted
  • The self-chosen username of the commenter

We do not collect any additional personal information beyond what users have made public.

3.2 Information You Provide Directly

When downloading reports or engaging with our website, we may collect:

  • Your name
  • Your job title
  • Your email address

This allows us to understand interest in our services and to follow up where appropriate.

4. How We Collect Information

We collect information in two ways:

  • Automatically from publicly available review sites and social media sources
  • Directly from users when they voluntarily enter personal details (e.g., to access reports)

5. Legal Bases for Processing

5.1 Legitimate Interests (UK GDPR Article 6(1)(f))

We process data because it is necessary for our legitimate interests in:

  • Monitoring and analyzing healthcare provider performance
  • Identifying trends, strengths, and areas for improvement
  • Communicating insights to healthcare organisations and stakeholders

We balance these interests against individuals’ rights and reasonable expectations.

5.2 Consent (Article 6(1)(a))

Non-essential cookies and analytics tools operate only with your explicit consent.

You may withdraw consent at any time.

6. How We Use the Information

We use the information collected to:

  • Analyze and track healthcare provider performance
  • Identify themes and aspects of care mentioned in feedback
  • Determine whether comments relate to care quality
  • Provide insights to healthcare providers, regulators, commissioners, and insurers

We may share individual comments as part of our analysis.

UK data is not shared outside the UK or EU.

(US-region data is processed exclusively within the United States.)

We do not sell personal data.

7. How We Store Your Information

Data is stored securely in region-appropriate databases:

  • UK data is stored in an EU-based database located in Ireland
  • US data is stored in a US-based database

Encrypted backups are maintained.

Access is restricted to trained employees who require it for legitimate purposes.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law.

  • Publicly available review data is retained as part of our ongoing monitoring of healthcare performance.
  • Contact information provided for downloading reports is retained only while there is an active business need.

9. Your Data Protection Rights

Under the UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request erasure of your personal data (this does not extend to general public review content or operational data unrelated to you)
  • Restrict processing
  • Object to processing carried out under legitimate interests
  • Request data portability (where applicable)

To exercise these rights, contact us at enquiries@pephealth.ai

10. International Transfers

  • UK data is processed within the UK and EU and is not transferred outside these regions.
  • US data is processed solely within the United States.

11. How to Complain

If you have concerns about how we handle your personal data, please contact us using the details above.

If you remain unsatisfied, you may lodge a complaint with the UK Information Commissioner’s Office (ICO):

https://ico.org.uk

12. Cookies Used on This Site

12.1 Essential Cookies

Used for core website functionality, such as:

  • Session management
  • Authentication via AWS Cognito

These do not require consent.

12.2 Non-Essential Cookies (Requires Consent)

Activated only after you provide explicit consent via our cookie banner. These may include:

  • Google Analytics – to understand website usage
  • Microsoft Clarity & Microsoft Advertising – for behavioral insights, heatmaps, and session replay

You may withdraw consent at any time via browser settings.

Declining non-essential cookies does not impact essential website functionality.