Privacy Policy

Last updated: Tuesday 10th March 2026

Optimum Road Health Centre is committed to safeguarding your personal data and respecting your privacy in accordance with UK data protection law and healthcare confidentiality obligations.

1. Introduction

Optimum Road Health Centre is a trading name of 25 Eight Medical Group Limited. We are a private healthcare provider operating in the United Kingdom.

We are committed to protecting your personal data and handling it responsibly, transparently, and securely. This Privacy Policy explains how we collect, use, store, and share personal data when you access our services, whether in person, online, or via digital platforms.

We comply with:

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

  • Professional confidentiality guidance issued by bodies such as the General Medical Council (GMC), Royal Colleges, and the Nursing and Midwifery Council (NMC)

By using our services or providing your personal data, you acknowledge this Privacy Policy.

2. About Us (Data Controller)

Trading Name: Optimum Road Health Centre
Legal Entity: 25 Eight Medical Group Limited
Company Registration Number: 14484808
ICO Registration Reference: ZC079821
Email: dataprotectionlead@optimumhealthcentre.co.uk
CQC Registration Number: 1-22162806191

Registered Address:
Unit B1, Optimum Business Park
Optimum Road, Swadlincote
Derbyshire, DE11 0WT

Optimum Road Health Centre is a private medical centre and is not affiliated with the NHS.

In this policy, references to “we”, “us”, or “our” include our employees, clinicians, and authorised contractors involved in delivering healthcare services.

3. Personal Data We Collect

Personal data is information that identifies you directly or indirectly. Depending on your interaction with us, we may collect:

General Personal Data

  • Full name, date of birth, gender

  • Postal address, email address, telephone number

  • Emergency contact or next of kin details

  • Correspondence and communications with us

  • Payment and billing information

Special Category (Health) Data

  • Medical history and clinical notes

  • Test results, diagnoses, treatment plans

  • Medication information

  • ADHD, autism, and neurodevelopment assessment data

Other Information

  • Feedback, complaints, and incident reports

  • Recorded telephone calls (for quality, training, or safety)

We may receive information from authorised third parties such as GPs, referrers, insurers, family members, or other healthcare providers.

  • CCTV recordings captured at our premises for security, safety, and crime prevention purposes.

  • CCTV footage is normally retained for 28 days, after which it is automatically deleted or overwritten unless required for the investigation of an incident or legal obligation.

4. Children and Young People

For individuals under 18, we collect and process personal data only with appropriate parental responsibility or legal authority, unless otherwise permitted by law. Children’s data is handled with enhanced safeguards.

5. Automatically Collected Website Data

When you visit our website, we may collect:

  • IP address

  • Browser, device, and operating system information

  • Pages visited and interaction data

This information is collected using cookies and similar technologies. Please see our Cookie Policy for details.

Section 5.1 – Messaging Services

You may contact us through messaging platforms such as WhatsApp, where this option is provided on our website.

These services are operated by third-party providers, including Meta Platforms Inc. (operator of WhatsApp).

Messaging services are intended for general enquiries only. We ask that individuals do not send sensitive medical information through messaging applications.

Where personal or clinical information is received via messaging platforms, we may transfer relevant information into our secure clinical systems for the purpose of responding to your enquiry.

Use of messaging services is optional, and alternative contact methods such as telephone or email are always available.

6. Lawful Bases for Processing

We process personal data under the following lawful bases (Article 6 UK GDPR):

  • Contract (Art. 6(1)(b)) – to provide healthcare services

  • Legal obligation (Art. 6(1)(c)) – regulatory, tax, and safeguarding duties

  • Legitimate interests (Art. 6(1)(f)) – service improvement, administration, and security (balanced against your rights)

  • Consent (Art. 6(1)(a)) – where required, including certain communications

Special category (health) data is processed under:

  • Article 9(2)(h) – provision of health or social care

  • Article 9(2)(a) – explicit consent, where applicable

7. How We Use Your Information

You may provide personal data when you:

  • Register or book appointments

  • Use our online forms or assessments

  • Communicate with us by phone, email, or digital platforms

  • Are referred by another healthcare provider

  • Make payments

We use your personal data to deliver healthcare services, manage appointments, communicate with you, ensure patient safety, meet legal and regulatory obligations, and improve the quality and safety of our services.

8. ADHD Screening & Pathway Services – Privacy Notice

Purpose

We provide online ADHD screening and pathway tools to help individuals understand whether they may benefit from further clinical assessment. These tools are for screening and informational purposes only and do not provide a diagnosis.

Information Collected

Depending on the pathway, we may collect:

  • Screening questionnaire responses

  • Contact details (such as email address)

  • Consent and communication preferences

  • Limited demographic information (where optional)

We do not request full medical history through screening tools.

Platforms Used

  • Typeform – hosting screening questionnaires

  • Zapier – secure automation between systems

  • Squarespace Email Campaigns – sending service-related communications where consent has been provided

All platforms operate as GDPR-compliant data processors under appropriate agreements.

How We Use This Information

  • Provide indicative feedback or next steps

  • Contact you about relevant clinical services only where you have consented

  • Improve and monitor the quality of our screening tools

Screening data is not used for marketing without explicit consent.

Lawful Basis

  • Article 6(1)(a) – Consent

  • Article 9(2)(a) – Explicit consent (for limited health-related data)

Retention

  • Identifiable screening data: up to 12 months from submission

  • Aggregated, anonymised data may be retained for service improvement

Sharing

Data is not shared unless:

  • You proceed to a clinical assessment with us, or

  • Disclosure is required by law or safeguarding obligations

9. Data Sharing

We share personal data only where necessary, including with:

  • Clinicians and healthcare professionals involved in your care

  • Diagnostic or specialist service partners

  • Insurers (with your consent)

  • Regulators and professional bodies (e.g. CQC) where legally required

  • IT and system providers acting as data processors under strict confidentiality and data processing agreements

  • GoCardless – for Direct Debit payment plans

  • Klarna – for consumer credit and instalment payments

  • Messaging platform providers used for enquiry management (such as WhatsApp/Meta)

  • Security and monitoring providers responsible for CCTV, alarm, and security systems operating at our premises.

We do not sell, rent, or trade personal data to third parties.

10. Data Retention

We retain personal data in line with healthcare retention guidance. In most cases:

  • Adult health records: minimum 10 years from last treatment

  • Financial records: up to 7 years

  • Website enquiries: up to 12 months

11. Healthcare Professionals

Some clinicians associated with us may act as:

  • Independent data controllers, or

  • Joint controllers

All are subject to professional confidentiality and data protection obligations.

12. Your Rights

You have the right to:

  • Access your personal data

  • Request correction

  • Request erasure (where applicable)

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent at any time

To exercise your rights, contact us using the details below.

13. Data Security

We apply appropriate technical and organisational measures, including:

  • Encrypted systems and secure servers

  • Access controls and audit logging

  • Staff training and confidentiality agreements

  • Regular security reviews

We maintain internal information security and disaster recovery policies to protect patient data and ensure service continuity.
We also maintain internal policies covering data protection, incident response, IT disaster recovery, and information security governance.

14. Cookies

We use essential and optional analytics cookies. Non-essential cookies are used only with your consent. Full details are available in our Cookie Policy.

15. International Transfers

Some third-party service providers we use may store or process limited personal data outside the United Kingdom or the European Economic Area.

Where this occurs, appropriate safeguards are implemented, including UK International Data Transfer Agreements (IDTA) or UK-approved Standard Contractual Clauses, to ensure personal data remains protected.

16. Data Protection & Privacy Contact

We have appointed an internal Privacy and Data Protection Lead to oversee compliance with UK data protection law and healthcare confidentiality requirements.

Privacy & Data Protection Lead (Acting Data Protection Officer in training)
Email: yourprivacy@optimumhealthcentre.co.uk

The Privacy & Data Protection Lead is responsible for:

  • Advising on UK GDPR and Data Protection Act 2018 compliance

  • Supporting staff with data protection and confidentiality matters

  • Acting as the point of contact for patients, staff, and regulators (including the ICO and CQC)

While we are not legally required to appoint a registered Data Protection Officer under Article 37 UK GDPR, we have chosen to appoint a dedicated lead to ensure best practice governance and accountability.

Our Privacy & Data Protection Lead is currently undertaking formal DPO training and works under senior management oversight.

17. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

18. Contact Details & Complaints

25 Eight Medical Group Limited
Optimum Road Health Centre
Unit B1, Optimum Business Park
Optimum Road, Swadlincote
Derbyshire, DE11 0WT

Email: info@optimumhealthcentre.co.uk / yourprivacy@optimumhealthcentre.co.uk
Telephone: 01283 392 212
WhatsApp Help Desk 0800 688 9992

You have the right to lodge a complaint with the Information Commissioner's Office if you believe your personal data has been handled unlawfully.
We encourage individuals to contact us first so we can resolve concerns directly.
Information about how to complain to the ICO can be found at:
https://ico.org.uk/make-a-complaint/