Privacy notice

New Medical Systems Limited (trading as “Newmedica”) collects personal information to support your health, care and treatment which allows us to deliver our core services to you and ensures you receive the highest standards of personalised care.

Newmedica is committed to being transparent about how we collect and use your data and to meeting our data protection obligations in line with the UK Data Protection Laws and the General Data Protection Regulation (GDPR).

For the purpose of this Privacy Notice, references to Newmedica, we, us or our, means the members of the group of companies that process your information, being New Medical Systems Limited, its subsidiaries and its holding companies (the “Newmedica Group”).This applies to any of our Eye Health Clinics and Surgical Centres where you receive treatment in addition to Newmedica’s Support Office.

Where references are made to you or your, this means the ‘person who the information is about’ whose personal information we collect, use and process.

This includes anyone who contacts us in connection with the products or services we provide or otherwise interacts with us, for example, via our website at www.newmedica.co.uk (the website), or in service.

Information about Newmedica:

New Medical Systems Limited (trading as “Newmedica”) is a company registered in England and Wales with company number 06211226. Our registered office is Newmedica, Forum 6, Parkway, Solent Business Park, Whiteley, Fareham, PO15 7PA.

We provide specialist NHS and Private eyecare that focuses on protecting sight though the treatment of advanced eye conditions.

You have trusted us to take care of your eyes, and you can also trust us to take care of your personal information. We respect the personal information you provide to us, or that we ascertain from your interactions with us, or that we may receive from other health and care providers.

Newmedica are ‘Data Controllers’ of your personal data for the purposes of applicable data protection law. This means that we decide why and how your personal information is used and shared.

Newmedica appoints a Data Protection Officer (DPO) who is responsible for monitoring compliance with data protection requirements. You can contact them with queries or concerns relating to the use of your personal data – please refer to the ‘contact us’ section of this Privacy Notice for further details.

What Information does Newmedica collect about you?

We may collect, use, and store, a range of information about you including (but not limited to):

  • Your name

  • Your date of birth

  • Your ethnicity details

  • Your contact telephone number/s (including mobile phone)

  • Your postal and email addresses

  • Your relevant health details including:

(a) general health condition, including any past or current medical history that may be relevant to your treatment with us;

(b) current and past eye conditions, including information on spectacles and contact lens;

(c) current medication details, including details of any prescription supplied to you by your healthcare professional or medical practitioner;

(d) correspondence between your Optometrist and your GP/Ophthalmologist;

  • Your examination and test results;

  • Your payment details (such as your banking information and finance options / agreements) for private patients;

  • Your employment / lifestyle / driving information;

  • Information that you provide by completing forms on Newmedica’s website, details of your visit to the website and any transactions that you carry out on the website;

  • Any other information you have voluntarily provided to us.

How do we get this information and what do we have it for?

The information we collect is primarily collected from you directly. This could be for several reasons:

  • You plan to receive treatment or are currently receiving treatment, whether NHS funded or privately funded care. This information is used directly for your care, to manage the services we provide, to clinically audit our services, investigate complaints or use as evidence as part of an investigation into care.

  • You have expressed an interest in paying privately for your treatment (either directly or via a finance option) or have funded your own care.

  • You have signed up to receive information about other services or products that we provide, or you have signed up to receive our newsletter or attended an event and agreed for us to contact you with further communication materials.

  • You have made an enquiry, submitted a subject access request or made a complaint.

  • You have provided feedback, given a compliment or review for one of our Services / Colleagues (in writing, in person, or online).

We may also collect information from other sources, where it is lawful to do so, including but not limited to, your referring organisation, the NHS or other healthcare providers (including Private Healthcare), institutions or individuals you have authorised to provide information on your behalf (e.g. parent, guardian, power of attorney, Solicitor), third party service providers, government, tax or law enforcement agencies, or a combination of information from publicly available sources.

How is that information used?

We may use your personal information for the purposes of:

  • Your eye care treatment. We collect and use your personal information to deliver our core services to you, including the eye care treatment that you have been referred for, and expect us to provide to you.

  • Letting you know when your next appointment is due and reminding you to book an appointment if you’ve not had one for a while. This may be undertaken via a range of communication methods from the contact details that you have provided.

  • Undertaking pre-operative and post-operative assessments which form part of your overall eye care / treatment pathway.

  • Undertaking customer service / patient satisfaction surveys to ensure we continue to improve our services to you.

  • Helping us review, develop and improve the products and services we offer, for example, through research, analysis, training and planning.

  • Notifying you about changes to our products and services.

  • Responding to queries from you (including the processing and retaining the information) relating to your credit/debit card to enable the processing of your payment and to deal with any queries or refunds of payment.

  • Carrying out security checks to protect against fraudulent transactions during or following any payment you make, to prevent and detect criminal activity. For example, we may undertake verification checks to identify any discrepancies with your payment details.

  • Responding to, and addressing, any claims made against us.

  • Using cookies and traffic data (See ‘cookies’ policy).

  • Maintaining records for tax, compliance with law, defence of litigation and legal claims or other corporate purposes (i.e. data relating to criminal or suspected criminal offences where committed on Newmedica premises / CCTV recordings etc.).

  • Managing and administering insurance claims.

  • Photographic Identification (photo ID) where we need to confirm authority when submitting a subject access request or for our website.

In order to provide you with the products and services described above, we hold copies of your personal information at New Medical Systems Limited and in some cases, the clinic or surgical centre where you received treatment which are part of the Newmedica Group.

If you contact us through the website, you will be providing us with personal information, including your email address, name and contact details. This may also include medical information where voluntarily given by you.

If you are simply browsing our website, we will not collect any information which will identify you by name. However, we will collect information using cookies and/or traffic data which uses the IP address or other numerical identifiers from the device that you are using, which analyse navigation and use of the website. More information on cookies is set out in our cookie policy.

Newmedica is an innovative organisation that is always considering ways in which we can modernise, improve and develop our services using technology, which includes the use of Artificial Intelligence (AI).

This may mean that your information may be processed by an AI tool, or you may interact with a ‘digital colleague’, such as an automated telephone service. Newmedica utilises AI and automation technologies to enhance the quality of your care and treatment pathway, as well as to increase the efficiency of our frontline services and support office teams.

The use of this technology is not intended to remove the personalised care that you know and expect from us, or impact the quality of treatment that you receive, and should not lead to any disadvantages for you.

Who do we share your personal information with?

Your information may be disclosed to other members of the Newmedica Group for purposes set out in this Privacy Notice. We may also disclose your personal information to third parties, including in the following circumstances:

  • Health authorities including the NHS or national equivalent bodies. We have a legal obligation to share specified data with the Private Healthcare Information Network (PHIN). Please see https://www.phin.org.uk/about/our-privacy-policy

  • Medical Devices Outcome Registry (Medical Devices Outcomes Registry (MDOR) - NHS England Digital) for purposes of safety recalls, such as for implantable medical devices (i.e. lenses).

  • The Royal College of Ophthalmologists for the National Ophthalmology Database (NOD) Audit. Please see https://nodaudit.org.uk/ / https://www.rcophth.ac.uk/privacy-information-notice/ This is collected for NHS and Private Patients, and includes those patients that undergo Refractive Lens Exchange (RLE), as well as privately funded cataract surgery.  

  • Third parties that help us process personal information, but they may not use it for other purposes. For example, a third-party IT provider to help manage our electronic patient records. We may also use information we receive from third parties to supplement, improve and add to our database of patient details.

  • Planners of health and care services, such as your local Integrated Care Board.

  • External agencies and organisations, including the Police and other law enforcement agencies, for the prevention and detection of crime (including fraudulent transactions). These external agencies may check the information we give them against public and private databases and may keep a record of such checks to use in future security assessments.

  • We may provide personal information to our insurers if a claim is made, or could be made, against us.

  • We may provide your personal information to third parties to comply with any legal obligation (including a court order), or to enforce or apply terms and conditions of purchase, use of our website, or other agreements that we have with you, or to protect Newmedica’s rights, property and safety (of patients, employees and others).

  • If some or all our assets are acquired by a third party (or subject to a reorganisation within our Corporate Group), personal information will be one of the transferred assets.

 Newmedica is legally obliged to share information in some circumstances, including:

  • Where required by Regulatory bodies such as NHS England or the Care Quality Commission (CQC).

  • When required by NHS England to collect and analyse information for the improvement of safety and quality of national health and care services.

We may also share information with NHS England where it is not required by law to help improve the quality and safety of national health and care services. The law allows us to do this. If you would not like your information to be shared with NHS England where it is not required by law, please contact us on [insert contact email] to find out about how you can opt out.

  • A Court orders us to provide information.

  • In the ‘public interest’, such as a public inquiry.

Newmedica may also share information if the public good outweighs your rights to confidentiality, such as where a serious crime has been committed, where there are serious risks to patients or colleagues, and for safeguarding of vulnerable individuals.

Wherever possible, Newmedica will anonymise your information so that we can use it for purposes beyond your eye care / treatment whilst continuing to maintain your confidentiality. For example, assessing the quality of care and care records (such as a clinical audit), keeping track of spending, teaching and training colleagues, research and statistical purposes, or investigating concerns made by you or your representative.

Where personal information cannot be anonymised to enable effective and valuable research or audits to be undertaken, we will inform you and ask for your permission before the information is used.

What is the lawful basis for processing information?

Newmedica takes reasonable steps to ensure that your personal information is adequately protected and processed within the requirements of the UK General Data Protection Regulation.

Newmedica will process your personal data under one of the following lawful basis:

(a)  We have your consent – this must be freely given, informed and unambiguous. For example, your consent may be needed for website cookies, marketing or for purposes beyond ‘direct care’.

Newmedica does not require your consent to record details of your care and treatment, as keeping health records is required for medical and legal reasons.

We may rely upon consent to access certain NHS information or to access services through a health insurance provider, but consent to treatment (such as signing a consent form to agree to your operation) should not be confused with your individual rights under data protection law.

Consent can be implied or explicit. Implied consent is used for individual care where it is reasonable to expect that confidential information will be shared with those caring for you on a strict need to know basis. Should you wish to withdraw consent, you must let your clinician know or a member of the Newmedica team, as this may impact the care or treatment given.

Explicit consent is obtained for purposes beyond your care, such as research, where your information cannot be anonymised. This is a very clear and specific statement of consent that you can give in writing, verbally or through another form of communication.

(b) We have legal obligation – this means that the law requires us to take a particular action to share your information, such as the courts using their power to require the data to be given.

(c)  We need it to perform a public task – this means that a public body, such as an NHS organisation or Care Quality Commission requires us to undertake a particular activity that is regulated or required by law.

(d) We have a legitimate interest – this particularly applies to Newmedica as a Private / Independent Sector Healthcare Provider. This means that we will disclose your information to those involved in your treatment or to any other hospital that we consider to be in your best interests, including internally through the Newmedica Group.

Some of the information you provide is deemed ‘sensitive’ or defined as ‘special category’ data. This could be particularly sensitive health data or your equality monitoring information (for example, your ethnicity, religion etc.).

Newmedica will process your sensitive data under one of the following lawful basis:

(a)  We need it for employment, social security and social protection reasons (if authorised by law).

(b) We need for a legal claim or the courts require it.

(c)  There is a substantial public interest (with a basis in law).

(d) To provide and manage health or social care.

(e)  To manage public health (with a basis in law).

 (f)   For archiving, research and statistics.

Common Law Duty of Confidentiality

In our use of health and care information, we satisfy the common law duty of confidentiality because:

  • You have provided us with your consent (we have taken it as implied to provide you with care or for the continuation of the existing services provided to you, or you have given it explicitly for other uses).

  • We have a legal requirement to collect, share and use the data.

  • For specific individual cases, we have assessed that the public interest to share the data overrides the duty of confidentiality (for example sharing information with the police to support the detection or prevention of crime). This will always be considered on a case-by-case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service.

How is your information stored, and how long is it kept for?

We use a variety of technologies and procedures to help protect your personal information from loss, unauthorised access and use. Information may be stored electronically, on paper, or both.

Newmedica uses an electronic patient record system to store a significant portion of health records. All computers and shared drives are protected by robust security measures, and the NHS secure email platform is used for transmitting patient information.

Paper records are securely stored at clinics, surgical centres or offsite at a secured archiving facility. All Newmedica colleagues receive training on handling confidential information, and annual audits ensure our systems remain effective.

As effective as modern security practices are, no physical or electronic security system can be entirely secure. We maintain the highest level of encryption standards in line with, or higher than, NHS England standards. However, we cannot guarantee that information you supply will not be intercepted whilst being transmitted to us over the internet. Any transmission is at your own risk.

In the event that there is an interception of your personal information or unauthorised access or use of information and databases, we will actively assess, mitigate any risk within our remit, and ensure that any breach is considered for reporting to the Information Commissioners Office.

We have no control over the contents of third-party sites or resources which are linked to our website, and we accept no responsibility or liability for them or the privacy practices they use or for any loss or damage that may arise from your use of such websites or resources.

To maintain privacy, colleagues typically do not leave telephone messages for routine matters and may only provide their first names. Newmedica uses general or team email addresses to ensure daily monitoring, as individual colleagues may be out of the office and unable to respond promptly.

Personal information will be retained by Newmedica for as long as reasonably required, or as defined under applicable law and regulation, to provide products and services, including aftercare services and to maintain records to satisfy tax and other legal or regulatory requirements, as well as to protect and defend against legal claims.

Each record is individually assessed according to the applicable retention schedule prior to disposal. Disposal of the record may include:

  • Securely shredding paperwork or utilising a trusted third-party shredding contractor to safely dispose of the record.

  • Ensure the secure disposal of electronic information by thoroughly erasing hard drives/servers in accordance with legal standards for data destruction and compliance. This applies to the disposal of all electronic equipment and medical devices that may contain personal information.

  • Information is archived in the designated electronic system or shared drive. Certain paper records are stored offsite at secure locations managed by third-party contractors, who have been evaluated by Newmedica and operate under formal contracts.

  • Deleting the record from Newmedica’s electronic patient record and/or cloud-based systems, where applicable.

Newmedica completes the NHS Data Security and Protection Toolkit every year, which is an assessment on our security practices surrounding patient data. To access Newmedica's Data Security and Protection Toolkit submission, please click here.

Newmedica stores information primarily within the United Kingdom (UK), European Union (EU) or European Economic Area (EEA). In certain situations, data may be stored internationally, including countries such as the United States of America (USA), when products or online systems with data centres located outside these regions are used.

Transfers of personal data to EU / EAA countries are covered by the UK Government adequacy decision, indicating that their data protection standards are considered equivalent to those of the UK and its relevant data protection laws.

When information is transferred outside of these areas, or we engage with third-party suppliers processing personal data, we ensure that it complies with UK Data Protection Law. We also ensure relevant organisation and technical safeguards are put in place, such as data sharing and processing agreements, standard contractual clauses and/or binding corporate rules with those third-party organisations.

What rights do you have?

You have certain rights under the General Data Protection Regulation, including:

  • The right to be informed about how your data is used. This Privacy Notice is a way of informing you.

  • The right of access to your personal information. This is known as a Subject Access Request and allows you to ask for/see copies of your personal information that we hold.

  • The right to rectify your personal information if it is inaccurate or incomplete.

  • The right to erasure and to restrict processing in specific circumstances, and where there is no other lawful reason for continuing to retain and process that information. It is important to note that the right to erasure does not apply to your health records or information that has been provided by a health and care colleague by ‘their medical professional opinion’.

  • The right to object to processing of your personal information in specific circumstances. Should you object to the sharing of your health and care information to / from other health providers, and this information is essential for your eye care treatment, then your treatment may be impacted, and another service or department may not be able to see you.

  • The right to data portability. This allows you to move, transfer or ‘port’ your information to another organisation in certain circumstances.

Exercising your rights are free and you are not usually required to pay any charges. To request any of the above rights, please contact newmedica.governance@nhs.net

To ensure that you continue to receive excellent healthcare, we will send you information via a variety of communication channels, which can include post, telephone, email and SMS text messages, where you have provided your communication preferences.

Information can include details of your appointments / appointment reminders and treatment, pre-operative and post-operative questionnaires, patient satisfaction surveys, and notices to remind you such as when your prescription expires.

We may also send you information about further services we provide.

You may change your preferences for the way we communicate with you at any time by speaking to a Newmedica colleague or emailing newmedica.governance@nhs.net

National Data Opt Out

The National Data Opt Out (NDOO) applies to the disclosure of confidential patient information for purposes beyond individual care across the health and adult social care system in England, for example, research and planning purposes, and applies to information that originates within those systems.

The NDOO applies unless there is a mandatory legal requirement or an overriding public interest for the data to be shared. The NDOO does not apply when you have consented to the sharing of your data or where the data is anonymised.

The information collected about you when you use health and care services can also be used and provided to other organisations to help with:

  • Improving the quality and standards of care provided.

  • Research into the development of new treatments.

  • Preventing illness and diseases.

  • Monitoring safety.

  • Planning services.

Your confidential health and care information may only be used when allowed by law. Wherever possible, information used for research and planning is anonymised, so that you cannot be identified and your confidential information is not accessed.

You have a choice whether you want your confidential information to be use in this way. If you are happy with this use of information, you do not need to do anything. If you do choose to opt-out, your confidential information will still be used to support your care and treatment.

To find out more or to register your choice to opt out, please visit: www.nhs.uk/your-nhs-data-matters

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Contact us:

If you have any questions about how Newmedica processes your information, would like to change any of your preferences, update or amend your information, seek to exercise an individual right, or wish to raise a concern, please contact us at newmedica.governance@nhs.net or you may write to us at:

Governance Team

Fora East Side

King’s Cross Station

London

N1C 4AX

If you have raised a concern with us but you are still unhappy with how we have used your data, you have a right to raise a complaint with the Information Commissioners Office (ICO).

The ICO’s address is:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

This Privacy Notice was last reviewed on 4th February 2026.

Newmedica reserves the right to update, amend and modify the Privacy Notice and Cookie Policy at any time and at regular intervals. We strongly encourage you to refer to the website for the most up to date version of both notices.

Newmedica Cookie Policy

Cookies are small text files, downloaded from websites to your computer or smartphone as you browse and use the Internet. Newmedica uses cookies to improve the operation of our website and to make our website easier for you to use by speeding up your browsing experience.

Contact us

If you have any questions about how Newmedica processes your information, would like to change any of your preferences, update or amend your information, seek to exercise an individual right, or wish to raise a concern, please contact us at newmedica.governance@nhs.net or you may write to us at:

Governance Team

Fora East Side

King’s Cross Station

London

N1C 4AX

If you have raised a concern with us but you are still unhappy with how we have used your data, you have a right to raise a complaint with the Information Commissioners Office (ICO).

The ICO’s address is:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

This Privacy Notice was last reviewed on 9th September 2025.

Newmedica reserves the right to update, amend and modify the Privacy Notice and Cookie Policy at any time and at regular intervals. We strongly encourage you to refer to the website for the most up to date version of both notices.

Functional Cookies

These cookies are used to recognise you when you return to our Website or keep track of your specified preferences, interests, or past items viewed. This enables us to personalise our content for you, greet you by name and remember your preferences.

Strictly Necessary Cookies

These cookies that are required for the operation of our website and which allow you access to our Services. They are required to identify irregular site behaviour, prevent fraudulent activity and improve security; or allow you to make use of our functions such as shopping-carts, saved search, or similar functions.

Targeting Cookies

These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and any advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.