Privacy notice

New Medical Systems Limited (trading as “Newmedica”) collects personal information to support your health, care and treatment which allows us to deliver our core services to you and ensures you receive the highest standards of personalised care.

Newmedica is committed to being transparent about how we collect and use your data and to meeting our data protection obligations in line with the UK Data Protection Laws and the General Data Protection Regulation (GDPR).

For the purpose of this Privacy Notice, references to Newmedica, we, us or our, means the members of the group of companies that process your information, being New Medical Systems Limited, its subsidiaries and its holding companies (the “Newmedica Group”).This applies to any of our Eye Health Clinics and Surgical Centres where you receive treatment in addition to Newmedica’s Support Office.

Where references are made to you or your, this means the ‘person who the information is about’ whose personal information we collect, use and process.

This includes anyone who contacts us in connection with the products or services we provide or otherwise interacts with us, for example, via our website at www.newmedica.co.uk (the website), or in service.

What personal information is collected

We may collect and process information about you including:

  • your name

  • your date of birth

  • your ethnicity details

  • your contact telephone numbers (including mobile)

  • your email and postal address

  • your relevant health details including

    • (a) current and past eye conditions, general
      health condition and spectacles or contact lens;

    • (b) current medication details;

    • (c) correspondence between optometrist
      and your GP/ophthalmologist

  • your examination and test results

  • your payment details

  • your employment/lifestyle/driving information

  • details of any prescription supplied to you by your healthcare professional or medical practitioner

  • information that you provide by filling in forms on Newmedica's website details of your visit to the website and any transactions you carry out on the website

  • any other information voluntarily provided to us by you from time to time

This information will primarily be collected from you as voluntarily provided to us, but we may also collect it from other sources where it is lawful to do so, including but not limited to, the NHS or other health care providers, institutions or individuals you have authorised to provide information on your behalf (e.g. parents or guardians), third party service providers, government, tax or law enforcement agencies, and other third parties. Such information can also be combined with information from public sources.

How long is the information kept for?

Personal information will be retained by the Newmedica Group for as long as is reasonably necessary (or as defined under applicable healthcare laws and regulations) to provide products and services, including aftercare services, and to maintain records as required to satisfy tax and other legal or regulatory requirements, as well as to protect and defend against claims.

Who is personal information shared with?

We may disclose your personal information to other members of Newmedica for any of the purposes set out in this Privacy Policy. We may from time to time disclose your personal information to third parties, including in the following circumstances:

  • We use third parties to help us process personal information but they may not use it for other purposes. We may use the information we receive from third parties to supplement, improve and add to our databases of patient detailsli>

  • We may disclose personal information to health authorities, including NHS or national equivalent bodies, and we have a legal obligation to share specified data with the Private Healthcare Information Network (PHIN). Please see https://www.phin.org.uk/about/our-privacy-policy.

  • We may pass personal information to external agencies and organisations, including the police and other law enforcement agencies, for the prevention and detection of fraud (including fraudulent transactions) and criminal activity. These external agencies may check the information we give them against public and private databases and may keep a record of such checks to use in future security checks

  • We may pass personal information to our insurers in the event that a claim is made or could be made against us

  • If we or substantially all of our assets are acquired by a third party (or subject to a reorganisation within our corporate group), personal information held by us about patients will be one of the transferred assets

  • We may pass your personal information to third parties in order to comply with any legal obligation (including court orders), or to enforce or apply our website Terms and conditions of purchase, Terms and conditions of use of website or other agreements we have with you or to protect Newmedica's rights, property and safety or those of our patients, employees or other third parties

Common Law Duty of Confidentiality

In our use of health and care information, we satisfy the common law duty of confidentiality because:

  • You have provided us with your consent (we have taken it as implied to provide you with care or for the continuation of the existing services provided to you, or you have given it explicitly for other uses).

  • We have a legal requirement to collect, share and use the data.

  • For specific individual cases, we have assessed that the public interest to share the data overrides the duty of confidentiality (for example sharing information with the police to support the detection or prevention of crime). This will always be considered on a case-by-case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service.

What is the lawful basis for processing information?

Newmedica takes reasonable steps to ensure that your personal information is adequately protected and processed within the requirements of the UK General Data Protection Regulation.

Newmedica will process your personal data under one of the following lawful basis:

(a)  We have your consent – this must be freely given, informed and unambiguous. For example, your consent may be needed for website cookies, marketing or for purposes beyond ‘direct care’.

Newmedica does not require your consent to record details of your care and treatment, as keeping health records is required for medical and legal reasons.

We may rely upon consent to access certain NHS information or to access services through a health insurance provider, but consent to treatment (such as signing a consent form to agree to your operation) should not be confused with your individual rights under data protection law.

Consent can be implied or explicit. Implied consent is used for individual care where it is reasonable to expect that confidential information will be shared with those caring for you on a strict need to know basis. Should you wish to withdraw consent, you must let your clinician know or a member of the Newmedica team, as this may impact the care or treatment given.

Explicit consent is obtained for purposes beyond your care, such as research, where your information cannot be anonymised. This is a very clear and specific statement of consent that you can give in writing, verbally or through another form of communication.

(b) We have legal obligation – this means that the law requires us to take a particular action to share your information, such as the courts using their power to require the data to be given.

(c)  We need it to perform a public task – this means that a public body, such as an NHS organisation or Care Quality Commission requires us to undertake a particular activity that is regulated or required by law.

(d) We have a legitimate interest – this particularly applies to Newmedica as a Private / Independent Sector Healthcare Provider. This means that we will disclose your information to those involved in your treatment or to any other hospital that we consider to be in your best interests, including internally through the Newmedica Group.

Some of the information you provide is deemed ‘sensitive’ or defined as ‘special category’ data. This could be particularly sensitive health data or your equality monitoring information (for example, your ethnicity, religion etc.).

Newmedica will process your sensitive data under one of the following lawful basis:

(a)  We need it for employment, social security and social protection reasons (if authorised by law).

(b) We need for a legal claim or the courts require it.

(c)  There is a substantial public interest (with a basis in law).

(d) To provide and manage health or social care.

(e)  To manage public health (with a basis in law).

(f)   For archiving, research and statistics.

Common Law Duty of Confidentiality

In our use of health and care information, we satisfy the common law duty of confidentiality because:

  • You have provided us with your consent (we have taken it as implied to provide you with care or for the continuation of the existing services provided to you, or you have given it explicitly for other uses).

  • We have a legal requirement to collect, share and use the data.

  • For specific individual cases, we have assessed that the public interest to share the data overrides the duty of confidentiality (for example sharing information with the police to support the detection or prevention of crime). This will always be considered on a case-by-case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service.

How is your information stored, and how long is it kept for?

We use a variety of technologies and procedures to help protect your personal information from loss, unauthorised access and use. Information may be stored electronically, on paper, or both.

Newmedica uses an electronic patient record system to store a significant portion of health records. All computers and shared drives are protected by robust security measures, and the NHS secure email platform is used for transmitting patient information.

Paper records are securely stored at clinics, surgical centres or offsite at a secured archiving facility. All Newmedica colleagues receive training on handling confidential information, and annual audits ensure our systems remain effective.

As effective as modern security practices are, no physical or electronic security system can be entirely secure. We maintain the highest level of encryption standards in line with, or higher than, NHS England standards. However, we cannot guarantee that information you supply will not be intercepted whilst being transmitted to us over the internet. Any transmission is at your own risk.

In the event that there is an interception of your personal information or unauthorised access or use of information and databases, we will actively assess, mitigate any risk within our remit, and ensure that any breach is considered for reporting to the Information Commissioners Office.

We have no control over the contents of third-party sites or resources which are linked to our website, and we accept no responsibility or liability for them or the privacy practices they use or for any loss or damage that may arise from your use of such websites or resources.

To maintain privacy, colleagues typically do not leave telephone messages for routine matters and may only provide their first names. Newmedica uses general or team email addresses to ensure daily monitoring, as individual colleagues may be out of the office and unable to respond promptly.

Personal information will be retained by Newmedica for as long as reasonably required, or as defined under applicable law and regulation, to provide products and services, including aftercare services and to maintain records to satisfy tax and other legal or regulatory requirements, as well as to protect and defend against legal claims.

Each record is individually assessed according to the applicable retention schedule prior to disposal. Disposal of the record may include:

Securely shredding paperwork or utilising a trusted third-party shredding contractor to safely dispose of the record.

Ensure the secure disposal of electronic information by thoroughly erasing hard drives/servers in accordance with legal standards for data destruction and compliance. This applies to the disposal of all electronic equipment and medical devices that may contain personal information.

Information is archived in the designated electronic system or shared drive. Certain paper records are stored offsite at secure locations managed by third-party contractors, who have been evaluated by Newmedica and operate under formal contracts.

Deleting the record from Newmedica’s electronic patient record and/or cloud-based systems, where applicable.

Newmedica completes the NHS Data Security and Protection Toolkit every year, which is an assessment on our security practices surrounding patient data. To access Newmedica's Data Security and Protection Toolkit submission, please click here.

Newmedica stores information primarily within the United Kingdom (UK), European Union (EU) or European Economic Area (EEA). In certain situations, data may be stored internationally, including countries such as the United States of America (USA), when products or online systems with data centres located outside these regions are used.

Transfers of personal data to EU / EAA countries are covered by the UK Government adequacy decision, indicating that their data protection standards are considered equivalent to those of the UK and its relevant data protection laws.

When information is transferred outside of these areas, or we engage with third-party suppliers processing personal data, we ensure that it complies with UK Data Protection Law. We also ensure relevant organisation and technical safeguards are put in place, such as data sharing and processing agreements, standard contractual clauses and/or binding corporate rules with those third-party organisations.

Common Law Duty of Confidentiality

In our use of health and care information, we satisfy the common law duty of confidentiality because:

  • You have provided us with your consent (we have taken it as implied to provide you with care or for the continuation of the existing services provided to you, or you have given it explicitly for other uses).

  • We have a legal requirement to collect, share and use the data.

  • For specific individual cases, we have assessed that the public interest to share the data overrides the duty of confidentiality (for example sharing information with the police to support the detection or prevention of crime). This will always be considered on a case-by-case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service.

What rights do you have?

You have certain rights under the General Data Protection Regulation, including:

  • The right to be informed about how your data is used. This Privacy Notice is a way of informing you.

  • The right of access to your personal information. This is known as a Subject Access Request and allows you to ask for/see copies of your personal information that we hold.

  • The right to rectify your personal information if it is inaccurate or incomplete.

  • The right to erasure and to restrict processing in specific circumstances, and where there is no other lawful reason for continuing to retain and process that information. It is important to note that the right to erasure does not apply to your health records or information that has been provided by a health and care colleague by ‘their medical professional opinion’.

  • The right to object to processing of your personal information in specific circumstances. Should you object to the sharing of your health and care information to / from other health providers, and this information is essential for your eye care treatment, then your treatment may be impacted, and another service or department may not be able to see you.

  • The right to data portability. This allows you to move, transfer or ‘port’ your information to another organisation in certain circumstances.

Exercising your rights are free and you are not usually required to pay any charges. To request any of the above rights, please contact newmedica.governance@nhs.net

To ensure that you continue to receive excellent healthcare, we will send you information via a variety of communication channels, which can include post, telephone, email and SMS text messages, where you have provided your communication preferences.

Information can include details of your appointments / appointment reminders and treatment, pre-operative and post-operative questionnaires, patient satisfaction surveys, and notices to remind you such as when your prescription expires.

We may also send you information about further services we provide.

You may change your preferences for the way we communicate with you at any time by speaking to a Newmedica colleague or emailing newmedica.governance@nhs.net

National Data Opt Out

The National Data Opt Out (NDOO) applies to the disclosure of confidential patient information for purposes beyond individual care across the health and adult social care system in England, for example, research and planning purposes, and applies to information that originates within those systems.

The NDOO applies unless there is a mandatory legal requirement or an overriding public interest for the data to be shared. The NDOO does not apply when you have consented to the sharing of your data or where the data is anonymised.

The information collected about you when you use health and care services can also be used and provided to other organisations to help with:

  • Improving the quality and standards of care provided.

  • Research into the development of new treatments.

  • Preventing illness and diseases.

  • Monitoring safety.

  • Planning services.

Your confidential health and care information may only be used when allowed by law. Wherever possible, information used for research and planning is anonymised, so that you cannot be identified and your confidential information is not accessed.

You have a choice whether you want your confidential information to be use in this way. If you are happy with this use of information, you do not need to do anything. If you do choose to opt-out, your confidential information will still be used to support your care and treatment.

To find out more or to register your choice to opt out, please visit: www.nhs.uk/your-nhs-data-matters

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Contact us

If you have any questions about how Newmedica processes your information, would like to change any of your preferences, update or amend your information, seek to exercise an individual right, or wish to raise a concern, please contact us at newmedica.governance@nhs.net or you may write to us at:

Governance Team

Fora East Side

King’s Cross Station

London

N1C 4AX

If you have raised a concern with us but you are still unhappy with how we have used your data, you have a right to raise a complaint with the Information Commissioners Office (ICO).

The ICO’s address is:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

This Privacy Notice was last reviewed on 9th September 2025.

Newmedica reserves the right to update, amend and modify the Privacy Notice and Cookie Policy at any time and at regular intervals. We strongly encourage you to refer to the website for the most up to date version of both notices.

Newmedica Cookie Policy

Cookies are small text files, downloaded from websites to your computer or smartphone as you browse and use the Internet. Newmedica uses cookies to improve the operation of our website and to make our website easier for you to use by speeding up your browsing experience.

Contact us

If you have any questions about how Newmedica processes your information, would like to change any of your preferences, update or amend your information, seek to exercise an individual right, or wish to raise a concern, please contact us at newmedica.governance@nhs.net or you may write to us at:

Governance Team

Fora East Side

King’s Cross Station

London

N1C 4AX

If you have raised a concern with us but you are still unhappy with how we have used your data, you have a right to raise a complaint with the Information Commissioners Office (ICO).

The ICO’s address is:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

This Privacy Notice was last reviewed on 9th September 2025.

Newmedica reserves the right to update, amend and modify the Privacy Notice and Cookie Policy at any time and at regular intervals. We strongly encourage you to refer to the website for the most up to date version of both notices.

Functional Cookies

These cookies are used to recognise you when you return to our Website or keep track of your specified preferences, interests, or past items viewed. This enables us to personalise our content for you, greet you by name and remember your preferences.

Strictly Necessary Cookies

These cookies that are required for the operation of our website and which allow you access to our Services. They are required to identify irregular site behaviour, prevent fraudulent activity and improve security; or allow you to make use of our functions such as shopping-carts, saved search, or similar functions.

Targeting Cookies

These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and any advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.