Privacy Policy

Effective Date: April 18, 2025

Last Updated: April 18, 2025

Fleur Trail Ltd. ("North*", "we", "us", or "our") operates the website www.northstar-physicians.com and the associated services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Service after the date such revised Privacy Policy is posted.

This Privacy Policy is incorporated into and subject to our Terms of Service.

1. Definitions

Terms used in this Privacy Policy have the same meanings as in our Terms of Service, unless otherwise defined herein.

Personal Data: Means any information relating to an identified or identifiable natural person.
Usage Data: Refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies: Are small files stored on your device (computer or mobile device).
Data Controller: For the purpose of the UK GDPR and other applicable data protection laws, Fleur Trail Ltd. is the Data Controller of your Personal Data.

2. Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the Service depends on the content and materials you use, and includes:

A. Personal Data You Provide to Us

We collect Personal Data that you voluntarily provide to us when you register for an account, create or modify your profile, post jobs, apply for jobs, respond to surveys, contact us, or otherwise use the Service. This information may include:

Account Information: Your name (first and last for Doctors, clinic name for Clinics), email address, password, role (Doctor or Clinic).
Doctor Profile Information: Phone number, GMC number and status, qualifications, years of experience, professional bio, languages spoken, medical specialties, contact preferences, onboarding questionnaire responses (including location details, move timeframe, licensure status, etc.), and profile privacy settings.
Clinic Profile Information: Phone number, contact email, clinic address (street, city, region, postal code, country, coordinates), practice details (years operating, hiring needs, team size, etc.), job preferences, clinic description, images, social media links, and onboarding questionnaire responses (including location details).
Job Posting Information (Clinics): Job title, contract type, salary range and currency, job description.
Application Information (Doctors): Cover letter text, CV/resume (including filename and stored file URL), information about whether you reviewed your profile before applying.
Communications: Information you provide when you contact us for support or provide feedback.

B. Usage Data Collected Automatically

When you access and use the Service, we may automatically collect certain information about your device and usage patterns. This Usage Data may include:

Log and Device Information: Your Internet Protocol (IP) address, browser type and version, operating system, device type, unique device identifiers, pages viewed, links clicked, time spent on pages, the referring URL, and dates and times of access.
Interaction Data: Information about your interactions with the Service, such as jobs viewed, saved, or applied for, searches performed, filters used, profiles viewed, and features used.

We use Firebase Analytics to collect and analyze Usage Data. Firebase Analytics may use cookies and similar technologies to collect information about Service usage and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google's practices by going to www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout. Analytics data collection is subject to your consent choices managed via our Cookie Consent Banner.

C. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (like localStorage) to track the activity on our Service and store certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

Essential Technologies: We use technologies necessary for the operation of the Service, such as maintaining your login session and ensuring security. These cannot be disabled.
Preferences Technologies: Subject to your consent, we use technologies like localStorage to remember your preferences and various settings (e.g., your preferred theme - light/dark).
Analytics Technologies: Subject to your consent, we use cookies associated with Firebase Analytics (as described above) to help us understand how our Service is used.

You can manage your preferences for non-essential cookies and technologies through our Cookie Consent Banner and the "Cookie Settings" link in the footer. You can also instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept essential cookies, you may not be able to use some portions of our Service.

3. How We Use Your Information

Having accurate information permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Service to:

Create and manage your account.
Provide, operate, and maintain the Service and its features.
Facilitate the connection between Doctors and Clinics, including displaying profiles and job postings, and processing job applications.
Personalize your experience (e.g., showing relevant jobs or candidates, remembering your theme preference subject to consent).
Communicate with you, including responding to your comments, questions, and requests; providing customer service and support; and sending you technical notices, updates, security alerts, and administrative messages.
Send you notifications related to your account activity (e.g., application status updates, new job matches), based on your preferences where applicable.
Monitor and analyze usage and trends to improve the Service and user experience (subject to analytics consent).
Detect, investigate, and prevent fraudulent transactions, unauthorized access to the Service, and other illegal activities.
Ensure compliance with our Terms of Service and applicable legal requirements.
Compile anonymous statistical data and analysis for use internally or with third parties (data will be aggregated and anonymized so you cannot be identified).
Process feedback and suggestions you provide.

4. Disclosure of Your Information

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

A. By Law or to Protect Rights

If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.

B. Third-Party Service Providers

We may share your information with third parties that perform services for us or on our behalf, including data storage (Google Cloud/Firebase), analytics (Google Analytics via Firebase), email delivery (SendGrid), mapping services (Mapbox), customer service, and hosting services. These third-party service providers will have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Google Cloud / Firebase: Provides hosting, database, authentication, and analytics services. Their privacy policy can be found at https://policies.google.com/privacy.
SendGrid: Used for sending transactional emails and notifications. Their privacy policy can be found at https://www.twilio.com/legal/privacy.
Mapbox: Used for geocoding addresses and displaying maps. Their privacy policy can be found at https://www.mapbox.com/legal/privacy.

To the maximum extent permitted by applicable law, NorthStar shall not be liable for any loss, misuse, disclosure, modification, or unavailability of User Data caused by or resulting from the actions or inactions of Third-Party Service Providers, provided that NorthStar has exercised commercially reasonable efforts in selecting reputable providers and has entered into agreements with them that include obligations regarding the protection and confidentiality of User Data. Users acknowledge and agree that their interactions with these Third-Party Service Providers are subject to the terms and privacy policies of those providers.

C. Interactions with Other Users

The core function of our Service involves connecting Doctors and Clinics. Therefore, certain information is shared between users:

Doctor Profiles: If your Doctor profile is set to public (not private), registered Clinics may be able to view your profile information, including your name, qualifications, bio, specialties, and location preferences, to assess suitability for job openings. Doctors can manage their profile visibility in their account settings.
Clinic Profiles and Job Postings: Information about registered Clinics (name, location, description) and their job postings (title, description, salary range) is visible to registered Doctors to allow them to search for and evaluate opportunities.
Job Applications: When a Doctor applies for a job, the Personal Data included in their application (such as name, contact information, CV, cover letter) is shared with the specific Clinic that posted the job.

We are not responsible for the actions of other users with whom you share personal or sensitive data, and we have no authority to manage or control the solicitations of other users.

D. Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will notify you before your Personal Data is transferred and becomes subject to a different Privacy Policy. We will not sell your Personal Data as a standalone asset.

E. With Your Consent

We may disclose your Personal Data for any other purpose with your explicit consent.

5. Data Security

We use administrative, technical, and physical security measures to help protect your Personal Data. We leverage the security capabilities of Google Cloud Platform and Firebase (including Firestore database security rules and Firebase Authentication) to store and protect your data. While we have taken reasonable steps to secure the Personal Data you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide Personal Data.

6. Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Typically, account information is retained as long as your account is active and for a reasonable period thereafter in case you decide to re-activate the Service, unless you request deletion.

Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.

7. Your Data Protection Rights (UK GDPR)

If you are a resident of the United Kingdom or European Economic Area, you have certain data protection rights covered by the UK General Data Protection Regulation (UK GDPR). We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

Your principal rights under UK GDPR are:

The right to access - You have the right to request copies of your personal data.
The right to rectification - You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete. Most profile information can be updated directly through your account settings.
The right to erasure - You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing - You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing - You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability - You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The right to withdraw consent - You also have the right to withdraw your consent at any time where Fleur Trail Ltd. relied on your consent to process your personal information (e.g., for non-essential cookies or marketing communications).

If you wish to exercise any of these rights, please contact us using the details provided on our Contact Page. We may need to verify your identity before responding to such requests. We will respond to your request within one month.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO).

Additional Information for Canadian Residents (PIPEDA)

If you are a resident of Canada, this section provides additional details about the personal information we collect and your rights under Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA).

Your rights under PIPEDA include:

The right to access: You have the right to request access to the personal information we hold about you.
The right to correction (rectification): You have the right to request correction of inaccurate or incomplete personal information.
The right to withdraw consent: You have the right to withdraw your consent to our collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice.
The right to lodge a complaint: You have the right to lodge a complaint about the processing of your personal information with the relevant authorities.

To exercise these rights, please contact us using the details provided on our Contact Page. We will respond to your request in accordance with applicable Canadian privacy laws. You may also contact the Office of the Privacy Commissioner of Canada (OPC) if you have concerns about our handling of your personal information.

8. International Data Transfers

Your information, including Personal Data, may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction (such as the United Kingdom and the United States). Our Service is hosted using Google Cloud Platform (Firebase), which has data centers globally. By using the Service, you consent to the transfer of your information to these locations.

Fleur Trail Ltd. will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information, such as reliance on Standard Contractual Clauses or adequacy decisions where applicable.

9. Children's Privacy

Our Service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us via our Contact Page.