Koncept Digital

    Data Protection

    GDPR Compliance

    Our commitment to protecting your data rights under UK data protection law.

    Last updated: 9 February 2026

    Our Commitment to Data Protection

    Koncept Digital is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a digital marketing agency specialising in the healthcare sector, we understand the critical importance of data protection—particularly when handling sensitive information related to medical and healthcare businesses.

    This page outlines our approach to GDPR compliance and the measures we take to protect your personal data.

    Data Protection Principles

    We adhere to the six key principles of the UK GDPR in all our data processing activities.

    Lawfulness, Fairness & Transparency

    We process personal data lawfully, fairly, and in a transparent manner. We always inform individuals about how their data is being used.

    Purpose Limitation

    We collect personal data only for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.

    Data Minimisation

    We ensure that personal data collected is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

    Accuracy

    We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.

    Storage Limitation

    We keep personal data in a form that permits identification of individuals for no longer than is necessary for the purposes for which it is processed.

    Integrity & Confidentiality

    We process personal data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage.

    Your Rights Under UK GDPR

    As a data subject, you have the following rights under the UK GDPR. We are committed to facilitating the exercise of these rights:

    Right to Be Informed

    You have the right to know how your personal data is being collected and used. Our Privacy Policy provides this information in a clear and accessible manner.

    Right of Access (Subject Access Request)

    You can request a copy of the personal data we hold about you. We will respond to your request within one calendar month, free of charge in most cases.

    Right to Rectification

    If the personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected.

    Right to Erasure ("Right to Be Forgotten")

    You can request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected, or when you withdraw consent.

    Right to Restrict Processing

    You can request that we limit the way we use your data in certain circumstances, for example while we verify the accuracy of data you have contested.

    Right to Data Portability

    You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible.

    Right to Object

    You have the right to object to certain types of processing, including processing for direct marketing purposes. We will stop processing your data for marketing immediately upon receiving your objection.

    Rights Related to Automated Decision-Making

    You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. We do not currently use automated decision-making.

    Healthcare-Specific Considerations

    As a digital marketing agency exclusively serving the healthcare sector, we take additional care with data protection:
    No patient data: We do not process, store, or have access to patient health records or medical data belonging to our clients’ patients
    Marketing compliance: All marketing campaigns we create comply with GDPR consent requirements, ensuring proper opt-in mechanisms are in place
    CQC awareness: We understand CQC requirements and ensure marketing materials do not compromise regulatory compliance
    ASA compliance: All advertising content adheres to the Advertising Standards Authority’s CAP Code, including specific rules for healthcare advertising
    Staff training: Our team receives regular training on data protection best practices relevant to healthcare marketing

    Data Protection Measures

    We implement comprehensive technical and organisational measures to protect personal data:
    Encryption: Data is encrypted both in transit (TLS/SSL) and at rest where appropriate
    Access controls: Strict role-based access controls limit data access to authorised personnel only
    Regular audits: We conduct regular reviews of our data processing activities and security measures
    Breach procedures: We have robust data breach detection, reporting, and investigation procedures in place, ensuring the ICO is notified within 72 hours where required
    Data Protection Impact Assessments: We carry out DPIAs where processing is likely to result in a high risk to individuals’ rights and freedoms
    Vendor management: We ensure all third-party processors we engage provide sufficient guarantees regarding GDPR compliance through appropriate contractual arrangements

    Data Breach Notification

    In the event of a personal data breach, we will:
    • Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, where the breach is likely to result in a risk to individuals' rights and freedoms
    • Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms
    • Document all breaches, including the facts, effects, and remedial action taken

    Exercising Your Rights

    To exercise any of your data protection rights, or if you have any questions or concerns about how we handle your personal data, please contact us:
    • Email: hello@konceptdigital.co.uk
    • Phone: 0121 461 8782
    • Post: 107-111 Princess Road East, Leicester, LE1 7LA
    We will respond to your request within one calendar month. In exceptional circumstances, we may extend this period by a further two months, but we will inform you of any such extension within the first month.

    Supervisory Authority

    If you are not satisfied with our response or believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
    • Website: ico.org.uk
    • Phone: 0303 123 1113
    • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF