Cookie Policy

This Cookie Policy explains how FASTCLINIC LIMITED("Fastclinic," "we," "us," or "our") uses cookies and similar technologies on fastclinic.xyz, on our FastLogin identity site at idms.fastclinic.xyz, and in authenticated product sessions (collectively, the "Sites"). Read it alongside our Privacy Policy.

Cookies are small text files placed on your device when you visit a website. They often include an identifier, expiry date, and information about the issuing domain. We also use comparable technologies such as local storage, session storage, pixels, and software development kits in mobile contexts, which this Policy refers to collectively as "cookies" unless we specify otherwise.

Cookies may be first-party (set by us) or third-party (set by another domain, such as an analytics or advertising partner). They may be session cookies (deleted when you close your browser) or persistent cookies (remaining for a defined period or until deleted).

We use cookies in four categories:

• Strictly necessary — required for the Sites to function. Maintain sign-in, route requests, carry CSRF tokens, and enforce security boundaries. These are always on; blocking them prevents core features from working.
• Security and fraud prevention — help us recognise devices you have previously used so unusual sign-in activity (for example, a new device on a provider account) can be challenged with an additional verification step. Lawful basis: legitimate interest.
• Analytics and performance — understand how visitors use our Sites so we can improve performance and content. Reduced-identifiability settings are applied where feasible. Lawful basis: consent where required; otherwise legitimate interest.
• Marketing and personalisation — tailor content, measure campaigns, and support remarketing. Lawful basis: consent only, and only where you opt in through our cookie banner or preference centre.

The following first-party cookies are set on authenticated FastLogin sessions and on authorised product sessions. Lifetimes are typical — a session cookie is cleared when you close your browser; a persistent cookie expires on the date shown or when you revoke the underlying session.

Enterprise product deployments may set additional session and preference cookies described in the product's own documentation. Where we act as processor for a hospital customer, those customers may also set cookies on your device through their own configuration; those are governed by the customer's privacy notice.

These cookies help us understand how visitors interact with our marketing and documentation sites — pages viewed, approximate geography, device type, and referral sources — so we can improve performance, information architecture, and content. We configure first-party or third-party analytics tools to reduce identifiability where feasible (for example, IP truncation or aggregation).

Where NDPA 2023 requires consent for non-essential analytics on your device, we obtain it through our cookie banner or preference centre before activating such cookies, unless another lawful basis clearly applies under current regulatory guidance.

These cookies support tailored content, social features, remarketing, and measurement of advertising campaigns. They may track your visits across sites or sessions to build a profile of interests. We deploy marketing cookies only where permitted by law — typically after you opt in through our consent mechanism, or where a narrow legitimate-interest basis is available and balanced against your rights.

Enterprise customers' use of our software to communicate with their own patients is governed by those customers' notices and consents, not by this Cookie Policy alone.

Third parties such as analytics providers, advertising networks, or embedded video hosts may set their own cookies when you interact with their content on our Sites. We do not control those technologies. Their use is subject to the third party's privacy policy. We require subprocessors that process personal data on our behalf to meet obligations consistent with NDPA 2023 and our vendor standards.

You can control cookies through:

• Our cookie banner or preference centre to accept, reject, or customise non-essential cookies;
• Your dashboard for the device-binding cookie — revoking a device in your FastLogin dashboard removes its binding and forces a fresh verification on its next sign-in;
• Browser settingsto block or delete cookies — consult your browser's help documentation;
• Industry opt-out tools where applicable for interest-based advertising;
• Do Not Track: there is no uniform standard; we currently do not respond to DNT signals as a standalone legal basis for processing.

Blocking strictly-necessary cookies will prevent you from signing in or using authenticated features. Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal.

Under NDPA 2023, personal data obtained through cookies must be processed lawfully, fairly, and transparently. We rely on legitimate interest for strictly-necessary and security cookies (keeping you signed in, preventing account takeover) and consent for non-essential cookies (analytics and marketing, where current regulatory guidance requires opt-in). You may contact us at contact@fastclinic.xyz to exercise rights such as access or objection where applicable, or to ask how we balance legitimate interests for specific tools.

We may update this Policy to reflect changes in technology, law, or our practices. The "Last updated" date at the top of this page will change accordingly. For material changes to consent-based processing, we will refresh consent where required.