PECR Statement (Service Messages)

What this covers

This statement explains how we and our clinic clients send service messages under PECR and UK GDPR.

Service vs marketing

Service messages relate directly to care operations: appointment reminders, confirmations, self-reschedule links, waitlist offers, no-show recovery, payment links, and instructions required to attend.

Marketing messages promote services or offers. We do not send marketing messages in our pilot or managed service.

Legal basis and consent

Clinics must have a lawful basis and explicit consent where required to send service SMS/WhatsApp/email.

We configure templates that include identity, purpose, and simple opt-out.

Patients can opt out at any time; opting out may limit reminders and rescheduling.

Channels we support

SMS / WhatsApp / Email / Voice (voicemail) for service messaging only. WhatsApp Business requires a verified business profile and template approval.

Content standards

• Identify the sender (clinic name).
• Only operational content; no clinical advice, no PHI.
• Clear action (confirm, reschedule, pay link), time and location if needed.
• Opt-out: e.g., “Reply STOP to opt out” (SMS), unsubscribe link (email), or WA opt-out instruction.

Data minimisation

We only process contact details and appointment metadata needed to deliver the message. No PHI.

Records and accountability

Consent and opt-out logs retained for 24 months. Message templates and timing kept in SOPs; weekly KPI review (DNA, FRT/TAT).

Your choices

You can opt out at any time via the channel used or by contacting the clinic directly. You may also contact dmytro@epicrose.co.uk for assistance.

Effective date

12.04.2022