What we collect, what we do with it, and what we'll never do. Written in plain English — no legal sleight of hand.
ClinicGrow is a trading name operated by Malki Web Design, providing front-desk automation and CRM services to dental practices, aesthetics clinics, and medical professionals across the United Kingdom.
For the purposes of UK GDPR, ClinicGrow is the data controller for personal data collected through this website (clinicgrow.co.uk).
For any data protection questions, requests, or concerns:
We try to collect the absolute minimum needed to give you what you asked for. Here's the complete list:
We do NOT collect: patient health information, financial account details, payment card numbers (handled directly by Stripe), or any "special category" personal data under UK GDPR Article 9.
Under UK GDPR, we need a lawful basis for every type of processing. Here's ours:
We don't sell your data. We do share it with specific third-party services that help us run ClinicGrow. Each one is contractually bound to protect your data and use it only for the purposes we instruct. These are our sub-processors:
Automation platform that receives calculator form submissions and triggers your report email.
Their privacy policyCRM and email delivery platform — sends your report email and any follow-up communication.
Their privacy policyEmail infrastructure (hello@ inbox) and website analytics.
Their privacy policyAdvertising platform — only if you arrived via a Meta ad and only with cookie consent.
Their privacy policyPayment processing for clients only. We never see your full card details.
Their privacy policyWebsite hosting and SSL certificates. Standard log retention (30 days).
Details on requestInternational transfers: Some sub-processors are based outside the UK or EEA. Where this happens, we rely on UK-approved transfer mechanisms (UK International Data Transfer Agreement, EU Standard Contractual Clauses with the UK Addendum, or Adequacy Decisions). You can request the specific safeguards used for any transfer.
We don't keep data longer than necessary. Here's our retention schedule:
Under UK GDPR, you have eight statutory rights over your personal data. You can exercise any of these for free by emailing hello@clinicgrow.co.uk — we'll respond within one calendar month.
This policy is part of that. Ask if anything's unclear.
Request a copy of everything we hold on you.
Tell us to correct any inaccurate data.
"Right to be forgotten" — ask us to delete everything.
Tell us to pause processing while a dispute is resolved.
Get your data in a machine-readable format to take elsewhere.
Object to processing based on legitimate interests, including marketing.
We don't make solely automated decisions about you. The ROI calculator is illustrative, not a binding judgement.
You have the right to complain to the UK's data protection authority, the Information Commissioner's Office (ICO). Visit ico.org.uk or call 0303 123 1113. We'd appreciate the chance to put things right first — but it's your call.
We take reasonable, proportionate measures to protect your data:
No system is completely secure, and if a personal data breach affects you, we'll notify you and the ICO within 72 hours where required by law.
This site and our services are not directed at children under 18. We don't knowingly collect data from anyone under 18. If you believe we have, please email us and we'll delete it.
We may update this policy from time to time — to reflect new features, legal changes, or improvements to how we explain things. The "Last updated" date at the top will always reflect the latest version. Material changes will be notified by email to active subscribers and clients.
Any question about this policy, your data, or how to exercise your rights:
We aim to respond to all data protection enquiries within 5 working days, and to formal rights requests within one calendar month as required by UK GDPR.