Privacy Policy

Last updated: Saturday 17th January 2026

Optimum Road Health Centre is committed to safeguarding your personal data and respecting your privacy in accordance with UK data protection law and healthcare confidentiality obligations.

1. Introduction

Optimum Road Health Centre is a trading name of 25 Eight Medical Group Limited. We are a private healthcare provider operating in the United Kingdom.

We are committed to protecting your personal data and handling it responsibly, transparently, and securely. This Privacy Policy explains how we collect, use, store, and share personal data when you access our services, whether in person, online, or via digital platforms.

We comply with:

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

  • Professional confidentiality guidance issued by bodies such as the General Medical Council (GMC), Royal Colleges, and the Nursing and Midwifery Council (NMC)

By using our services or providing your personal data, you acknowledge this Privacy Policy.

2. About Us (Data Controller)

Trading Name: Optimum Road Health Centre
Legal Entity: 25 Eight Medical Group Limited
Company Registration Number: 14484808
ICO Registration Reference: ZC079821
CQC Registration Number: 1-22162806191

Registered Address:
Unit B1, Optimum Business Park
Optimum Road, Swadlincote
Derbyshire, DE11 0WT

Optimum Road Health Centre is a private medical centre and is not affiliated with the NHS.

In this policy, references to “we”, “us”, or “our” include our employees, clinicians, and authorised contractors involved in delivering healthcare services.

3. Personal Data We Collect

Personal data is information that identifies you directly or indirectly. Depending on your interaction with us, we may collect:

General Personal Data

  • Full name, date of birth, gender

  • Postal address, email address, telephone number

  • Emergency contact or next of kin details

  • Correspondence and communications with us

  • Payment and billing information

Special Category (Health) Data

  • Medical history and clinical notes

  • Test results, diagnoses, treatment plans

  • Medication information

  • ADHD, autism, and neurodevelopmental assessment data

Other Information

  • Feedback, complaints, and incident reports

  • Recorded telephone calls (for quality, training, or safety)

We may receive information from authorised third parties such as GPs, referrers, insurers, family members, or other healthcare providers.

4. Children and Young People

For individuals under 18, we collect and process personal data only with appropriate parental responsibility or legal authority, unless otherwise permitted by law. Children’s data is handled with enhanced safeguards.

5. Automatically Collected Website Data

When you visit our website, we may collect:

  • IP address

  • Browser, device, and operating system information

  • Pages visited and interaction data

This information is collected using cookies and similar technologies. Please see our Cookie Policy for details.

6. Lawful Bases for Processing

We process personal data under the following lawful bases (Article 6 UK GDPR):

  • Contract (Art. 6(1)(b)) – to provide healthcare services

  • Legal obligation (Art. 6(1)(c)) – regulatory, tax, and safeguarding duties

  • Legitimate interests (Art. 6(1)(f)) – service improvement, administration, and security (balanced against your rights)

  • Consent (Art. 6(1)(a)) – where required, including certain communications

Special category (health) data is processed under:

  • Article 9(2)(h) – provision of health or social care

  • Article 9(2)(a) – explicit consent, where applicable

7. How We Use Your Information

You may provide personal data when you:

  • Register or book appointments

  • Use our online forms or assessments

  • Communicate with us by phone, email, or digital platforms

  • Are referred by another healthcare provider

  • Make payments

We use your data to deliver healthcare services, manage appointments, communicate with you, ensure patient safety, meet legal obligations, and improve our services.

8. ADHD Screening & Pathway Services – Privacy Notice

Purpose

We provide online ADHD screening and pathway tools to help individuals understand whether they may benefit from further clinical assessment. These tools are for screening and informational purposes only and do not provide a diagnosis.

Information Collected

Depending on the pathway, we may collect:

  • Screening questionnaire responses

  • Contact details (such as email address)

  • Consent and communication preferences

  • Limited demographic information (where optional)

We do not request full medical history through screening tools.

Platforms Used

  • Typeform – hosting screening questionnaires

  • Zapier – secure automation between systems

  • Squarespace Email Campaigns – sending service-related communications where consent has been provided

All platforms operate as GDPR-compliant data processors under appropriate agreements.

How We Use This Information

  • Provide indicative feedback or next steps

  • Contact you about relevant clinical services only where you have consented

  • Improve and monitor the quality of our screening tools

Screening data is not used for marketing without explicit consent.

Lawful Basis

  • Article 6(1)(a) – Consent

  • Article 9(2)(a) – Explicit consent (for limited health-related data)

Retention

  • Identifiable screening data: up to 12 months from submission

  • Aggregated, anonymised data may be retained for service improvement

Sharing

Data is not shared unless:

  • You proceed to a clinical assessment with us, or

  • Disclosure is required by law or safeguarding obligations

9. Data Sharing

We share personal data only where necessary, including with:

  • Clinicians and healthcare professionals involved in your care

  • Diagnostic or specialist service partners

  • Insurers (with your consent)

  • Regulators and professional bodies (e.g. CQC) where legally required

  • IT and system providers under strict confidentiality and data processing agreements

We do not sell personal data.

10. Data Retention

We retain personal data in line with healthcare retention guidance. In most cases:

  • Adult health records: minimum 10 years from last treatment

  • Financial records: up to 7 years

  • Website enquiries: up to 12 months

11. Healthcare Professionals

Some clinicians associated with us may act as:

  • Independent data controllers, or

  • Joint controllers

All are subject to professional confidentiality and data protection obligations.

12. Your Rights

You have the right to:

  • Access your personal data

  • Request correction

  • Request erasure (where applicable)

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent at any time

To exercise your rights, contact us using the details below.

13. Data Security

We apply appropriate technical and organisational measures, including:

  • Encrypted systems and secure servers

  • Access controls and audit logging

  • Staff training and confidentiality agreements

  • Regular security reviews

14. Cookies

We use essential and optional analytics cookies. Non-essential cookies are used only with your consent. Full details are available in our Cookie Policy.

15. International Transfers

We do not routinely transfer personal data outside the UK. Where transfers occur, appropriate safeguards such as UK-approved Standard Contractual Clauses are used.

16. Data Protection & Privacy Contact

We have appointed an internal Privacy and Data Protection Lead to oversee compliance with UK data protection law and healthcare confidentiality requirements.

Privacy & Data Protection Lead (Acting Data Protection Officer in training)
Email: yourprivacy@optimumhealthcentre.co.uk

The Privacy & Data Protection Lead is responsible for:

  • Advising on UK GDPR and Data Protection Act 2018 compliance

  • Supporting staff with data protection and confidentiality matters

  • Acting as the point of contact for patients, staff, and regulators (including the ICO and CQC)

While we are not legally required to appoint a registered Data Protection Officer under Article 37 UK GDPR, we have chosen to appoint a dedicated lead to ensure best practice governance and accountability.

Our Privacy & Data Protection Lead is currently undertaking formal DPO training and works under senior management oversight.

17. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

18. Contact Details & Complaints

25 Eight Medical Group Limited
Optimum Road Health Centre
Unit B1, Optimum Business Park
Optimum Road, Swadlincote
Derbyshire, DE11 0WT

Email: info@optimumhealthcentre.co.uk
Telephone: 01283 392 212
WhatsApp Help Desk 0800 688 9992

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
https://ico.org.uk