Effective Date: 9 May 2025
We're Qanzak Global, the team behind Serenica, your trusted clinic management app.
Business Address: 16–18 Chapel Street, Glossop, Derbyshire, SK13 8AT, United Kingdom
Email: info@serenica.clinic
Phone: +971 50 785 7279
For most patient data, the clinic or healthcare provider is the data controller. We act as the data processor, meaning we securely handle data on behalf of clinics.
We only collect what's necessary to provide you with a smooth, secure, and useful experience.
If you're a healthcare provider:
- Name and contact details
- Clinic name and address
- Professional credentials
- Login activity and app usage data
If you're a patient: (All patient data is processed securely on behalf of clinics.)
- Name, date of birth, contact information
- Medical records and psychometric assessments
- Appointment history
- Billing and payment details
We process data based on your consent, our contractual obligations, and our legitimate interest in providing healthcare services.
We also comply with the UK GDPR Article 6(1) and, when handling sensitive health data, Article 9(2).
We use your data to:
- Schedule and manage appointments
- Store and access medical or assessment records
- Send reminders and confirmations
- Handle billing and payment processes
- Improve app performance with anonymized analytics
- Meet our legal and regulatory obligations
You have full control over your personal data. Under UK GDPR, you can:
- Request access to your data
- Ask us to correct inaccurate information
- Request data deletion (right to be forgotten)
- Restrict or object to processing
- Transfer your data elsewhere (data portability)
- File a complaint with the Information Commissioner's Office (ICO)
We take security seriously and use:
- End-to-end encryption
- Pseudonymisation for sensitive health data
- Role-based access controls
- Regular security audits and penetration tests
- Staff training in data protection practices
We follow NHS guidelines for storing health records:
- Adult records: Kept for at least 8 years after treatment
- Other data is kept only as long as needed for our services or legal requirements
When the time comes, we securely delete or anonymise your data.
We work with carefully selected partners to deliver our services, including:
- Cloud storage providers
- Payment processors
- SMS and email delivery services
All our partners are GDPR-compliant and held to strict privacy standards.
If we ever need to transfer data outside the UK, we'll make sure it's protected by:
- UK-approved adequacy decisions, or
- Standard Contractual Clauses (SCCs) or equivalent safeguards
We've got systems in place to detect and respond to data breaches quickly. If there's a serious risk to your rights, we'll:
- Notify the ICO within 72 hours
- Contact affected individuals, where appropriate
If required, we appoint a Data Protection Officer (DPO) to oversee privacy compliance and liaise with regulators.
We carry out Data Protection Impact Assessments (DPIAs) for high-risk activities like:
- Large-scale health data processing
- Launching new features that affect privacy
We ask for clear, explicit consent before collecting sensitive data. You can withdraw your consent at any time by:
- Adjusting your in-app settings
- Contacting your clinic directly
- Emailing us at info@serenica.clinic
If we make changes, we'll let you know via the app or email — especially if the changes are important.
Last updated: 9 May 2025
If you have any concerns or want to exercise your rights, feel free to contact us:
Qanzak Global
16–18 Chapel Street, Glossop, Derbyshire, SK13 8AT
Email: info@serenica.clinic
Phone: +971 50 785 7279