Privacy Policy

Last updated: 21/08/2025

Optimise Healthcare Group (“we”, “our”, “us”) is committed to protecting your privacy and ensuring that any personal information you provide is handled in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws.

You can access this policy at the bottom of every page on our website or request a paper copy by post (see contact details below).

This notice explains:

  • What personal data we collect
  • How we use it
  • Who we share it with
  • Your legal rights
  • How we keep your data secure

1. Personal Information We Collect

When you contact us — in person, by phone, or online — we typically collect:

  • Name, address, date of birth, telephone number, and email address
  • Details of your enquiry or request

If you are receiving or have received treatment from us, your record may also include:

  • Basic details such as your name, address, and date of birth
  • Contact details of close relatives or carers
  • Information about your health, daily living abilities, and home situation
  • Assessment notes, treatment plans, and support records
  • Information shared by other organisations (e.g., GP, hospital teams) relevant to your care
  • Names of other professionals or support services involved in your care

Special Category Data
We may collect sensitive personal information (e.g., race, ethnicity, religion, sexual orientation, physical or mental health status) to ensure tailored care and equality of access to our services.

NHS Number
Your NHS number may be shared with us to coordinate your care with NHS services, where applicable.

Website and Communication Data
We may collect:

  • Technical data (e.g., IP address, browser type, location)
  • Records of service enquiries, transactions, or registrations
  • Completed online forms, surveys, or interactive submissions
  • Details of offline correspondence via phone, email, post, or fax

2. Use of Cookies

Cookies are small text files stored on your device to enhance website functionality and gather usage data. You can manage cookies in your browser settings.

For more information:

  • www.aboutcookies.org
  • www.allaboutcookies.org
    To opt out of Google Analytics tracking: Google Analytics Opt-Out

3. How We Use Your Personal Information

We use your data for the following purposes:

Healthcare Delivery

  • Assess your needs and plan suitable treatment or support
  • Deliver and document care and support services
  • Monitor service quality and gather feedback
  • Manage complaints and incident reporting
  • Comply with legal and safeguarding obligations
  • Produce anonymised statistics for service evaluation

Website and Communication

  • Personalise your online experience
  • Respond to enquiries and service requests
  • Process payments and service transactions
  • Send agreed communications (e.g., newsletters, updates) with your consent
  • Provide anonymised reports for service development

We do not sell or share your data for third-party marketing.

4. Lawful Basis for Processing

We only process your data where there is a legal basis to do so:

Purpose of Processing Legal Basis under UK GDPR
Delivering health or social care Article 6(1)(e) – Public task; Article 9(2)(h) – Health/social care
Managing contracts with service users Article 6(1)(b) – Contract
Sending marketing communications Article 6(1)(a) – Consent
Safeguarding or emergency disclosures Article 6(1)(d) – Vital interests
Legal or regulatory compliance Article 6(1)(c) – Legal obligation

We may process data without consent where it is necessary for the delivery of care, legal duties, or vital interests (e.g., safeguarding or emergencies).

5. Sharing Your Information

We may share your personal data securely with:

  • Optimise Healthcare Group staff and MDTs (multi-disciplinary teams)
  • Your GP, consultant, or other healthcare professionals
  • NHS trusts, local authorities, or care agencies involved in your support
  • Emergency services or safeguarding authorities
  • Regulatory bodies (e.g., Care Quality Commission)
  • Legal representatives, courts, or auditors (when required by law)

6. Third-Party Service Providers

We use trusted third-party systems to help us deliver safe and effective services. These providers are contractually bound to UK GDPR standards and cannot use your data for their own purposes.

1. SignWell – Digital Document Signing

  • Purpose: To send, sign, and manage shared care agreements or consent forms.
  • Data Shared: Name, contact details, and information within the signed documents.
  • Data Location: United States (on secure servers).
  • Safeguards: Standard Contractual Clauses (SCCs) are in place to lawfully protect international data transfers.
  • Your Acknowledgement: By engaging in services requiring care agreements, you acknowledge and accept the secure processing and storage of personal data outside the UK.

Consent is not the legal basis for transfer — we rely on SCCs and appropriate safeguards.

2. HEIDI AI – Medical Scribe Service

  • Purpose: To assist clinicians with documenting patient consultations.
  • Data Shared: Audio recordings of your consultation (which may include sensitive health data).
  • Data Processing: Recordings are securely captured, transcribed, and then deleted.
  • Data Location: All processing is conducted in the United Kingdom.
  • Safeguards: HEIDI AI is contractually required to comply with UK data protection laws and undergoes regular due diligence checks.

General Protections for Third Parties

  • Minimum necessary data is shared for the service purpose.
  • All vendors are contractually required to comply with UK GDPR and DPA 2018.
  • Data is deleted or returned when no longer needed or at contract end.
  • Transfers outside the UK use SCCs or other ICO-approved mechanisms.

7. How Long We Keep Your Data (Retention)

We retain your personal data only as long as necessary for care delivery, legal, safeguarding, and record-keeping obligations.
Retention periods vary by data type and purpose and are aligned with NHS and social care best practices. You may request further details.

8. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data
  • Request corrections to inaccurate data
  • Request deletion (where no longer necessary)
  • Object to or restrict certain processing
  • Request transfer of your data (data portability)
  • Withdraw consent at any time (where consent is the basis for processing)
  • Complain to the Information Commissioner’s Office (ICO): www.ico.org.uk

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data. While no system is entirely immune to risk, we follow recognised best practices for healthcare data security.

In the event of a data breach, we will notify the ICO and affected individuals where required by law.

10. Contact Us

For questions, access requests, or complaints:

Email: info@optimisehcg.co.uk

Post:
Optimise Healthcare Group
Oakwood House, Taylor Business Park
Risley, Warrington WA3 6WP

11. Updates to This Privacy Notice

We may update this privacy notice from time to time to reflect legal or operational changes. The most recent version will always be available on our website.