Privacy Policy

Midland Health is committed to protecting and respecting your privacy.

Midland Health understands that your personal data is entrusted to us and appreciates the importance of protecting and respecting your privacy. To this end we comply fully with the General Data Protection Regulation (GDPR) and with the Data Protection Act in force in the UK (“Data Protection Laws”). We also adhere to relevant clinical and medical guidelines including those published from time to time by the General Medical Council, specified Royal Colleges and the Nursing and Midwifery Council.

Scope of our Privacy Policy

This privacy policy applies to anyone who interacts with us regarding our products and services in any way (including by email, telephone conversation or post). Its sets out the basis on which we collect, hold and process personal data about you. We will describe our practices regarding the collection, use, storage and disclosure of personal data that we collect from you and/or hold about you, and your rights in relation to that data.

If you have any questions about the information provided in this policy or how we work with you, please contact us at

We request that you read the following information carefully to understand how we process your personal data. By using our website, providing your personal data to us or by using our services, website or other online or digital platform(s) you are accepting or consenting to the practices as described or referred to in this Privacy Policy.

When we refer to ‘we’, ‘us’ and ‘our’, we mean Midland Health. Where we refer to ‘you’ or ‘your’ we mean anyone who interacts with us regarding our products and services.

Our collection of personal information

Within this policy, we refer to personal data, by which we mean information that can or has the potential to identify you as an individual. We may collect this information from you or from a third party (which could include family members, guardians, insurance companies, doctors or other medical professionals, clinical referrers, etc.)

In order to provide you with our services, we may hold information about you through your contact with us. We may hold and use personal data about you as a customer, a patient or as an enquirer. For example, when you visit our website, complete an enquiry form digitally or by post, or speak to us.

Depending on what services you receive from us this may include sensitive personal data such as information relating to your health.

Personal data we collect from you may include the following:

  • Information that you give us when you enquire or become a customer or patient of ours or apply for a job with us including name, address, contact details (including email address and phone number)
  • The name and contact details (including phone number) of your next of kin
  • Where next of kin details include personal data about that individual, it is your responsibility to ensure the person is aware of, and accepts the terms of this Privacy Policy
  • Details of referrals, quotes and other contact information and correspondence we may have had with you
  • Details of services and/or treatment you have received from us or from doctors to whom we have referred you (by making an appointment or otherwise) or which have been received from a third party and referred on to us
  • Information obtained from customer surveys, promotions and competitions that you have entered or taken part in
  • Recordings of phone calls with you that we receive or make
  • Notes and reports about your health and any treatment and care you have received and/or need, including about clinic and hospital visits and medicines administered
  • Patient feedback and treatment outcome information, you provide
  • Information about complaints and incidents
  • Information you give us when you make a payment to us, such as financial or credit card information

We may also collect information about you from:

  • A family member, or someone else acting on your behalf;
  • Doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers;
  • NHS organisations who are commissioning us or doctors to whom we refer you to provide your care
  • Any service providers who work with us in relation to your treatment, i.e. your insurance company or referring GP / Consultant< / other doctors.
  • Fraud-detection and credit-reference agencies; 
  • Sources which are available to the public, such as the edited electoral register or social media.
  • Patients under 18 years
  • There are occasions when will need to gather and process personal data regarding a child under 18 years of age, if we are asked to provide treatment to that child by their parent or guardian.  In gathering such personal data, we will ensure that we obtain consent from the parent or guardian of the child and will only obtain and process the personal data relevant and necessary to assist the Company in providing the treatment.  We will not use the child’s personal data for an unrelated purpose without telling the parent or guardian about it, the legal basis that we intend to rely on for processing it and obtain consent.  We may need to transfer the child’s personal data to a third party who is assisting with the treatment and will ensure that we explain this to the parent or guardian beforehand and make sure that the third-party processor adopts appropriate measures to keep the personal data secure.

When you use our website, we may automatically collect personal data about you including:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform,
  • Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
  • Lawful basis of Processing
  • We will generally process Personal Data regarding customers and people that we provide our services to when we are under contract and/or in the process of entering into a contract.  The processing of such Personal Data is necessary for the contract or when we have been asked to take specific steps before entering into a contract.
  • We may also process limited Personal Data of contacts for the purposes of the legitimate interests of the Company.  We have a legitimate interest in keeping in touch with our customers and contacts which may include sending targeted emails regarding news about our business.  We have balanced this legitimate interest of the Company against the rights of the individual and do not conclude this is unreasonable, as at all times the data subject has a right to be forgotten and their Personal Data to be deleted.

Categories of Personal Information

We process 2 categories of personal information and data about you:

  • Standard personal demographic information (i.e. your name, contact details, address); and
  • Special categories of information (i.e. gender, date of birth, medical history, clinical information and ethnicity which helps us tailor our care and also information about credit financing and crime which enable checks for anti-fraud and credit ratings).

When do we collect personal data about you?

We may collect personal data about you if you:

  • Visit our website
  • Enquire about our services or treatments (please note in the interests of training and continually improving our services, calls to Midland Health Ltd and its agents may be monitored or recorded)
  • Register to be a customer or patient with us or book to receive any of our services or treatments or those provided by doctors to whom we refer you
  • Fill in a form or survey for us
  • Carry out a transaction on our website
  • Participate in a competition or promotion or other marketing activity
  • Make online payments
  • Contact us, for example by email, telephone or social media
  • Participate in interactive features we provide through websites and digital media.
  • Are referred to us for treatment from a third-party referrer (insurance company, NHS organisation, medical consultant or GP)

Health information collected during provision of treatment or services

Sensitive personal data (including information relating to your health) will only be disclosed to third parties involved with your treatment or care if you consent to this. You will be asked to consent to our exchanging information with doctors, other medical staff and insurance companies if you become a patient.

Where applicable, it may be disclosed to any person or organisation who may be responsible for meeting your treatment expenses or their agents. It may also be provided to external service providers and regulatory bodies (unless you object) for the purpose of clinical audit to ensure the highest standards of care and record keeping are maintained.

  • Medical professionals working with us:  We share clinical information about you with our medical professionals as we think necessary for your treatment.  Medical professionals working with us might be our employees, or they might be independent consultants in private practice or consultants and clinical employed by the NHS.  In the case of independent consultants and other doctors or medical practitioners, they are the data controller of your personal data, either alone or jointly with us and will be required to maintain their own records in accordance with Data Protection Laws and applicable clinical confidentiality guidelines and retention periods.  Where that is the case, we may refer you to them in order to enable you to exercise your rights over your data.  Our contracts with consultants require them to cooperate with those requests.  In all circumstances, they will only process your personal data for the purposes set out in this Privacy Policy or as otherwise notified to you.
  • Your GP:  If the practitioners treating you believe it to be clinically advisable, we may also share information about your treatment with your GP.  You can ask us not to do this, in which case we will respect that request if we are legally permitted to do so, but you should be aware that it can be potentially very dangerous and/or detrimental to your health to deny your GP full information about your medical history, and we strongly advise against it.
  • Your insurer:  We share with your medical insurer information about your treatment, its clinical necessity and its cost, only if they are paying for all or part of your treatment with us.  We provide only the information to which they are entitled. If you raise a complaint or a claim we may be required to share personal data with your medical insurer for the purposes of investigating any complaint/claim.
  • The NHS:  If you are referred to us for treatment by the NHS, we will share the details of your treatment with the part of the NHS that referred you to us, as necessary to perform, process and report back on that treatment.
  • Medical regulators:  We may be requested – and in some cases can be required – to share certain information (including personal data and sensitive personal data) about you and your care with medical regulators such as the General Medical Council or the Nursing and Midwifery Council, for example if you make a complaint, or the conduct of a medical professional involved in your treatment is alleged to have fallen below the appropriate standards and the regulator wishes to investigate.  We will ensure that we do so within the framework of the law and with due respect for your privacy.

We participate in audits and initiatives to help ensure that patients are getting the best possible outcomes from their treatment and care.  The highest standards of confidentiality will be applied to your personal data in accordance with Data Protection Laws and confidentiality. Any publishing of this data will be in anonymised, statistical form. Anonymous or aggregated data may be used by us, or disclosed to others, for research or statistical purposes.

How do we use your personal data?

Your personal data will be kept confidential and secure and will, unless you agree otherwise, only be used for the purpose(s) for which it was collected and in accordance with this Privacy Policy, applicable Data Protection Laws, clinical records retention periods and clinical confidentiality guidelines.

We process your personal information for a number of legitimate interests which include:

  • Managing your care and treatment
  • Communications in our relationship with you
  • Marketing analysis
  • Clinical research and product / service development
  • Ability to exercise rights in order to handle claims

Sensitive personal data related to your health will only be disclosed to those involved with your treatment or care, or in accordance with UK laws and guidelines of professional bodies or for the purpose of clinical audits (unless you object). Further details on how we use health related personal data are given below:

To enable us to carry out our obligations to you arising from any contract entered into between you and us including relating to the provision by us of services or treatments to you and related matter such as, billing, accounting and audit, credit or other payment card verification and anti-fraud screening

  • Provide you with information, products or services that you request from us
  • Provide you with information about products or services we offer that we feel may interest you. Unless you have consented to receive marketing communications by electronic means from us, by ticking the relevant box on the form on which we collect your data, we will only contact you by electronic means (e-mail or SMS) with information about products and services similar to those which you previously purchased or enquired about from us
  • Notify you about changes to our products or services
  • To manage our relationship with you, our business and third parties who provide products or services for us (for example, to check that you have received a service that you’re covered for, to validate invoices and so on)
  • To provide health-care services on behalf of a third party (for example, your employer)
  • To make sure that claims are handled efficiently and to investigate complaints (for example, we may ask your consultant / practitioner for information to make sure we receive accurate information and to monitor the quality of your treatment and care)
  • To keep our records up to date
  • To provide you with marketing information as allowed by law
  • To develop and carry out marketing activities and to show you information that is of interest to you, based on our understanding of your preferences for statistical research and analysis so that we can monitor and improve products, services, websites and apps, or develop new ones
  • To contact you about market research we are carrying out
  • To monitor how well we are meeting our clinical and non-clinical performance expectations
  • To enforce or apply our website terms of use, our policy terms and conditions or other contracts, or to protect our (or our customers’ or other people’s) rights, property or safety
  • To exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with
  • To take part in, or be the subject of, any sale, purchase, merger or takeover of all or part of the Midland Health business
  • To respond to requests where we have a legal or regulatory obligation to do so
  • to check the accuracy of information about you and the quality of your treatment or care, including auditing medical and billing information for insurance claims as well as part of any claims or litigation process
  • To support your doctor, nurse or other healthcare professional
  • To assess the quality and/or type of care you have received (including giving you the opportunity to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated
  • To ensure that content from our website is presented in the most effective manner for you and for your computer.
  • The security of your personal data

We protect all personal data we hold about you by ensuring that we have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged.

Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all Data Protection Laws.

Data protection legislation is harmonised throughout the European Economic Area (‘EEA’) which comprises the EU member states, Norway, Iceland and Liechtenstein. Countries outside the EEA do not generally have the same level of protection for personal information as those within the EEA.  We do not anticipate the need to transfer your data in Europe and it is unlikely we will need to transfer data outside the EEA.  If there is an occasion we need to do this to for any reason, we will keep you informed and ensure we have procedures in place to do so.

All information you provide to us is stored securely. Any payment transactions on our website will be processed securely by third party payment processors. We will not retain any form of your personal finance or payment information ourselves.

At your request, we may occasionally transfer personal information to you via email, or you may choose to transfer information to us via email.  Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so at your own risk.

Disclosure and sharing of your personal data

In the usual course of our business we may disclose your personal data (to the extent necessary) to contracted organisations that we use to support the delivery of our services. This may include the following:

  • Contracted medical and clinical practice staff, business partners and suppliers and sub-contractors for the delivery of any contract we enter into with you,
  • Organisations providing IT systems and support and hosting in relation to the IT systems on which your information is stored,
  • Third party debt collectors for the purposes of debt collection,
  • Third party service providers for the purposes of storage of information and confidential destruction
  • Third party marketing companies for the purpose of delivering digital and non-digital marketing but only concerning products and services we provide.
  • Where a third-party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.

We may also disclose your personal data to third parties in the event that we sell or buy any business or assets or where we are required by law to do so.

We also reserve the right to disclose information, to the legal authorities in the case of any claim or requirement to provide evidence to support formal legal proceedings.

How long we keep your personal information

We keep your personal information in line with set periods calculated using the following criteria.

  • How long you have been a customer with us and the number of treatments and level of advice we have provided
  • How long it is reasonable to keep records to show we have met the obligations we have to you
  • Any time limits for making a claim
  • Any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations
  • Any relevant legal proceedings

Set out below are specific retention periods for certain types of information:

Patients: we need to keep your Personal Data to allow us to ensure compliance with the contract. We keep a record of your Personal Data for at least 6 years after the contract has ended to ensure compliance with that contract.  We will keep limited Personal Data of customers to include contact details and brief transactional history for longer than these 6 years period, as we have a legitimate business interest to keep such records, as many of our patients return to us several years later for our services and this assists our business to ensure that our patients are provided with the best possible service.

Enquiries: we will keep limited Personal Data to include your name, title and contact details when you make an enquiry about a treatment with us for up to six months in order to answer any follow up questions with you directly if you call back to discuss treatments.

Marketing: we will ask you at the time when you make an enquiry about our treatments and/or when you become a patient with us whether you consent to receiving targeted emails and/or phone messages from us regarding relevant treatment.  We will only send you information if you agree to receiving it from us and can choose which is the best way to contact you.  Of course, you have the right to unsubscribe at any time.

Recruitment: If you apply for a job with us, we may use your information for the purposes of recruitment and selection, corresponding with you and equal opportunities monitoring.  We will not store your Personal Data for more than 12 months if you are not successful.

If you would like more information about how long we will keep your information for, please contact us at

Non-Personal information and Cookies; other websites

When on our website, cookies enable you to search and access features and information. From these cookies’ information may be collected to enable us to understand our customers and make improvements to how we present information and describe / provide our services.

We may also use other companies to set cookies on our website(s) and gather cookie information for us. From time to time we may also analyse Internet Protocol (IP) addresses or other anonymous data sources.


Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.

Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving your user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.

Our websites use cookies to distinguish you from other users of our websites. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.

By law, website operators are required to ask for a website user’s permission when placing certain kinds of cookie on their devices for the first time.


These cookies are essential in order to enable you to move around our websites and use its features, such as accessing secure areas of the websites. Without these cookies, services you have asked for cannot be provided.

Your consent is not required for the delivery of those cookies which are strictly necessary to provide services requested by you.

We use these types of cookies.


These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All the information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.

Web analytics that use cookies to gather data to enhance the performance of a website fall into this category. For example, they may be used for testing designs and ensuring a consistent look and feel is maintained for the user. This category does not include cookies used for behavioural/ targeted advertising networks. We use these types of cookies. By using our website and online services you agree that we can place these types of cookies on your device.

These cookies allow our websites to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video. The information these cookies collect is generally anonymised and they cannot track your browsing activity on other websites.

We use these types of cookies. By using our websites these you agree that we can place these types of cookies on your device.


These cookies are used to deliver adverts more relevant to you and your interests They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.

We do not use these cookies on our website.

Definitions used above are consistent with those supplied by the International Chamber of Commerce ‘ICC UK Cookie Guide’ April 2012.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. For information on how to delete cookies, please refer to: use

Other websites: Our Website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of those websites, please note that those websites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any Personal Data to those websites.


In accordance with this Privacy Policy, we may send you information (via mail, email, phone or SMS) about our products and services which we consider may be of interest to you if you have agreed to receive such information.

You have the right to ask us not to process your information in this way at any time. If you no longer wish to receive web-based marketing information you can unsubscribe by emailing . We would ask you to give us a reasonable amount of notice to give us time to update our systems.  While the precise timings vary by department we generally ask that you give us at least 30 days’ notice.

Changes to our Privacy Policy

We keep our Privacy Policy under regular review and as a result it may be amended from time to time without notice. As a result, we encourage you to review this Privacy Policy regularly.

Privacy notice for call recording

This privacy notice explains how we use recordings of phone calls within Midland Health.

Personal data

When a call is recorded we collect:

  •  a digital recording of the telephone conversation
  • the telephone number of both parties (internal and external)

Personal data revealed during a telephone call will be digitally recorded for example name and contact details to deliver appropriate services.

Occasionally ‘special category’ personal information may be recorded where an individual voluntarily discloses health, religious, ethnicity or criminal information to support their request for advice and/or services.

Collecting personal data

The recordings will be stored on a secure server hosted by our phone provider (currently 3CX) which will only be accessible by senior members of the management team, who will be issued with a username and password.

Call recordings will be used:

  • to assist in the quality monitoring of staff performance
  • to investigate and resolve complaints
  • to identify training needs
  • to ensure the Company is able to monitor and adhere to quality standards

Sharing personal data

We may share a call recording with an Investigating Officer in order for them to respond to a complaint or issue.

Sharing data under Data Protection legislation

We may be required or permitted, under Data Protection legislation, to disclose a call recording including your personal data without your explicit consent, for example if we have a legal obligation to do so, such as for:

  • Law enforcement
  • Safeguarding investigations
  • Regulation and licencing
  • Criminal prosecutions
  • Court proceedings

What is the legal basis that permits us to use your information?

Under data protection legislation we are only permitted to use your personal data if we have a legal basis for doing so as set out in the data protection legislation. We will process your personal data for the purposes of providing you with work-finding services. The legal bases we rely upon to offer these services to you include at least one of the following:

  • Consent
  • Contractual obligation
  • Legal obligation
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests

Retaining personal data

Recordings are kept securely and confidentially. They will be held for no more than 14 days, unless required to be retained for an investigation, legal reasons or a potential safeguarding concern.

Your rights in relation to your information

You have a number of rights in relation to your personal data, these include the right to:

  • be informed about how we use your personal data;
  • obtain access to your personal data that we hold;
  • request that your personal data is corrected if you believe it is incorrect, incomplete or inaccurate;
  • request that we erase your personal data in the following circumstances:
    • if we are continuing to process personal data beyond the period when it is necessary to do so for the purpose for which it was originally collected;
    • if we are relying on consent as the legal basis for processing and you withdraw consent;
    • if we are relying on legitimate interest as the legal basis for processing and you object to this processing and there is no overriding compelling ground which enables us to continue with the processing;
    • if the personal data has been processed unlawfully (i.e. in breach of the requirements of the data protection legislation);
    • if it is necessary to delete the personal data to comply with a legal obligation.
  • ask us to restrict our data processing activities where you consider that:
    • personal data is inaccurate;
    • our processing of your personal data is unlawful;
    • where we no longer need the personal data but you require us to keep it to enable you to establish, exercise or defend a legal claim;
    • where you have raised an objection to our use of your personal data;
  • request a copy of certain personal data that you have provided to us in a commonly used electronic format. This right relates to personal data that you have provided to us that we need in order to take steps to enter into a contract with you and personal data where we are relying on consent to process your personal data;
  • object to our processing of your personal data where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful. If you raise an objection we will carry out an assessment to determine whether we have an overriding legitimate ground which entitles us to continue to process your personal data;
  • not be subject to automated decisions which produce legal effects or which could have a similarly significant effect on you.

If you would like to exercise any of your rights or find out more, please contact

Your rights

You have the right to access your information and to ask us to correct any mistakes and delete and restrict the use of your information. You also have the right to object to us using your information, to ask us to transfer information you have provided, to withdraw permission you have given us to use your information and to ask us not to use automated decision-making which will affect you. For more information, see below.

You have the following rights (certain exceptions apply).

  • Right of access: the right to make a written request for details of your personal information and a copy of that personal information
  • Right to rectification: the right to have inaccurate information about you corrected or removed
  • Right to erasure (‘right to be forgotten’): the right to have certain personal information about you erased
  • Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
  • Right to object: the right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interest. You can object to our use of your information for profiling purposes where it is in relation to direct marketing
  • Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable formats
  • Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of Midland Health Ltd use of your personal information prior to the withdrawal of your consent and we will let you know if we will no longer be able to provide you your chosen product or service
  • Right in relation to automated decisions: you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into a contract with you, it is authorised by law or you have given your explicit consent. We will let you know when such decisions are made, the lawful grounds we rely on and the rights you have.
  • Please note: Other than your right to object to the use of your data for direct marketing (and profiling to the extent used for the purposes of direct marketing), your rights are not absolute: they do not always apply in all cases and we will let you know in our correspondence with you how we will be able to comply with your request.
  • If you make a request, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. If we do not meet your request, we will explain why.

In order to exercise your rights please contact

Data Protection Contacts

If you have any questions in relation to our privacy policy, please email us at or write to the Data Protection Officer at:

Midland Health
23A Highfield Road 

You also have a right to make a complaint to your local privacy supervisory authority. Midland Health Ltd is in the UK, where the local supervisory authority is the Information 


Information Commissioner’s Office

Wycliffe House
Water Lane
Cheshire, United Kingdom

Phone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)