Privacy Policy
This Privacy Policy explains how Visure Digital Ltd (trading as The Clinical Collection, referred to as we, us, or our) collects, uses, and protects your personal data when you use our platform. We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data controller: Visure Digital Ltd, company number 14403646, registered office at 120 John Aird Court, W2 1UU, London.
You can contact us about any data protection matter through our contact page.
1. What Data We Collect
We collect the following categories of personal data:
- Account data: name, email address, password (stored encrypted), and account creation date, collected when you register for a free account.
- Purchase data: course purchase history, transaction amounts, and order dates. Card and payment details are collected and processed directly by our payment processor, Stripe; we do not store your full card details ourselves.
- Usage data: course progress, lesson completion, and login activity, collected to operate the platform and deliver certificates.
- Marketing preference data: whether you have opted in to marketing emails, recorded against your account.
- Communications data: any information you provide when you contact us through the contact page.
- Technical data: IP address, browser type, and device information, collected automatically through standard web server logs and through analytics as described in Section 5.
2. How We Use Your Data and Our Legal Basis
| Purpose | Legal basis |
|---|---|
| Creating and managing your account | Performance of a contract |
| Processing course purchases and issuing certificates | Performance of a contract |
| Sending transactional emails (purchase confirmation, certificate delivery, account notices) | Performance of a contract |
| Sending marketing and nudge emails | Consent |
| Detecting fraud and enforcing our Terms and Conditions, including unauthorised account sharing | Legitimate interest |
| Maintaining accounting and tax records | Legal obligation |
| Site analytics | Legitimate interest, or consent where cookie based tools are used |
3. Who We Share Your Data With
We share personal data with the following third party processors, each engaged under a data processing agreement:
- Stripe, to process payments.
- Supabase, for account, database, and authentication infrastructure. Our Supabase project is hosted in the EU region.
- Resend, to send transactional and marketing emails.
- Gumlet, to host and stream course video content.
- Amazon Web Services (AWS), for platform hosting infrastructure.
- Cloudflare, for domain name resolution and content delivery.
- Plausible Analytics, for privacy focused, cookieless website analytics.
We do not sell your personal data. We do not share your data with third parties for their own marketing purposes.
4. International Data Transfers
Some of our processors may process personal data outside the United Kingdom, including in the European Union and the United States. Where this occurs, we rely on the UK International Data Transfer Addendum, EU Standard Contractual Clauses, or an equivalent safeguard recognised under UK GDPR.
5. Cookies and Analytics
We use Plausible Analytics, which does not use cookies or collect personal identifiers, and does not require your consent under the Privacy and Electronic Communications Regulations (PECR). We use only cookies that are strictly necessary for the platform to function, such as those required to keep you signed in.
If we introduce tools in the future that use non essential cookies or similar technologies, we will update this policy and obtain your consent before they are activated.
6. Data Retention
We retain account data for as long as your account remains active. If you close your account, we will delete or anonymise your personal data within a reasonable period, except where we are required to retain certain records, for example transaction and invoicing records, which we retain for six years to meet HMRC and accounting obligations.
7. Your Rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Request erasure of your data, subject to our legal retention obligations
- Restrict or object to certain processing
- Receive your data in a portable format
- Withdraw consent at any time where processing is based on consent, without affecting processing carried out before withdrawal
To exercise any of these rights, contact us through our contact page. We will respond within one month as required by law.
You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been mishandled.
8. Data Security
We use appropriate technical and organisational measures, including encrypted password storage and access controls, to protect your personal data against unauthorised access, loss, or misuse.
9. Children
The platform is intended for healthcare professionals and is not directed at children. We do not knowingly collect personal data from anyone under eighteen.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Where changes are material, we will take reasonable steps to notify you, for example by email or a notice on the platform.
Last updated: 2 July 2026