Privacy Policy

Last updated: 15 June 2026

1. Introduction

Quantum Men's Health ("we", "our", "us") respects your right to privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you visit our website (the "Site"), when you contact us, when you book or attend a video consultation, when you purchase products or services, and when a prescription is issued on your behalf.

We comply with the EU General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018, the ePrivacy Regulations, and our professional obligations as registered medical practitioners in Ireland.

The data controller is Romandie Ltd, trading as Quantum Men's Health, registered in Ireland (CRO 514263). Our registered office will be confirmed before launch.

2. What information we collect

We may collect and process the following categories of personal data:

• Identity & contact details: name, date of birth, gender, address, postcode/Eircode, phone number, email address.
• Account & verification data: username, password (hashed), photo ID where required to verify identity for prescribing.
• Health information (special category data): medical history, presenting symptoms, lifestyle information, examination findings, blood test and laboratory results, treatment records, prescriptions issued, follow-up notes and any clinical correspondence.
• Payment data: billing address and partial card details. Full card numbers are processed by our PCI-DSS compliant payment service provider (Stripe) and are never stored on our servers.
• Order & subscription data: products purchased, delivery address, repeat-prescription status.
• Technical data: IP address, device and browser type, operating system, referring URLs, pages viewed, session duration and other analytics data.
• Communication data: messages, appointment requests, chat transcripts, call recordings (where you have been informed) and enquiries submitted via our contact forms, email or phone.
• Marketing preferences where you have opted in.

3. How we use your information

We use your personal data to:

• provide medical video consultations, diagnosis, prescribing and follow-up care;
• verify your identity before issuing a prescription or controlled-drug therapy;
• manage appointments, patient records, repeat orders and correspondence;
• process payments, refunds and subscription billing;
• respond to your queries, complaints and requests for records;
• meet our legal, regulatory, clinical-governance and tax obligations as a healthcare provider and online retailer;
• improve our website, services and clinical pathways;
• send service messages (appointment reminders, prescription updates) and, only with your consent, marketing communications.

4. Legal basis for processing

We rely on the following lawful bases under GDPR:

• Article 9(2)(h): provision of healthcare, medical diagnosis and the management of health services, on the basis of professional confidentiality.
• Article 6(1)(b): performance of a contract with you (consultation, prescription, product purchase, subscription).
• Article 6(1)(c): compliance with our legal obligations (including record-retention duties under applicable medical and medicines law).
• Article 6(1)(a) / 9(2)(a): your explicit consent (e.g. marketing, sharing records with your GP, recording calls).
• Article 6(1)(f): our legitimate interests in operating, securing and improving the Site, provided your rights and freedoms do not override those interests.

5. How we store and protect your data

We take all reasonable steps to ensure your information is stored securely, including:

• encrypted digital storage and TLS-encrypted transmission;
• access restricted to authorised clinical and administrative staff on a need-to-know basis;
• audit logging of all access to clinical records;
• multi-factor authentication for staff accounts;
• regular security reviews, vulnerability scanning and staff data-protection training;
• written data-processing agreements with all sub-processors.

We retain your personal data only for as long as necessary. Clinical records are retained for 8 years from the last entry, in line with prevailing medical-records guidance (longer where the patient is a minor or where retention is otherwise required by law).

6. Sharing your data

We share data only when necessary and lawful, including:

• with prescribing doctors and other clinicians involved in your care, and the pharmacy that dispenses any prescription;
• with accredited laboratories that process your blood or pathology samples;
• with your nominated GP or hospital, with your consent;
• with our IT, hosting, video-consultation, communications and analytics providers under written processing agreements;
• with payment processors (Stripe) and delivery couriers;
• where required by law, regulation, court order or a request from a competent authority.

We never sell your personal data and we never share it for third-party marketing.

7. International transfers

Our primary servers are located within the EEA. Where a sub-processor is located outside the EEA (for example certain analytics or AI providers in the United States), we rely on Standard Contractual Clauses and additional safeguards as required by law.

8. Your data protection rights

Under GDPR you have the right to:

• access your personal data and obtain a copy;
• request correction of inaccurate data or completion of incomplete data;
• request erasure ("right to be forgotten"), subject to our legal duty to retain clinical records;
• restrict or object to certain processing;
• request data portability in a structured, machine-readable format;
• withdraw consent at any time, where processing is based on consent;
• lodge a complaint with your supervisory authority, in Ireland, the Data Protection Commission (www.dataprotection.ie).

To exercise any of these rights, contact our Data Protection Officer using the details in section 11.

9. Cookies and website tracking

The Site uses cookies and similar technologies to enable core functionality, remember your preferences, measure traffic and (with consent) deliver marketing. Strictly necessary cookies are set on the basis of legitimate interest; all other cookies are set only after you give consent through our cookie banner. You can withdraw consent at any time via your browser settings.

Full details, including the categories of cookies we use and their retention periods, are set out in our separate Cookie Policy.

10. Children

Our Site and services are intended for users aged 18 or over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Contact us

If you have any questions or wish to exercise your rights:

Data Protection Officer
Quantum Men's Health (Romandie Ltd)
Email: contact@quantummenshealth.ie

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the most recent revision. Material changes will be notified via the Site or by email where appropriate.