Privacy Policy

We abide by the following data protection principles, as stipulated in the UK General Data Protection Regulation (UK GDPR), in all of our dealings with your personal data:

• Lawfulness, fairness, and transparency: We will only handle your personal data lawfully, fairly, and in a transparent manner in relation to you.

• Purpose limitation. Your personal data will only be collected for specified, explicit, and legitimate purposes (which are explained in further detail below) and not further processed in a manner that is incompatible with those purposes.

• Data minimisation. Your personal data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

• Accuracy. We will endeavour to keep your personal data accurate and up to date at all times.

• Storage limitation. We will retain your personal data for no longer than is necessary for the purposes for which it is used.

• Integrity and confidentiality. Your personal data will be handled in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

We may collect and process the following types of personal data:

• Identification details: name, date of birth, NHS number (if relevant)

• Contact information: address, email address, phone number

• Health information: medical history, medications, consultations, test results

• Payment information: billing address, card details (via secure payment processors)

• Technical data: IP address, browser type, cookies, and usage data on our website

• Marketing preferences

We are 222 Healthcare Services Ltd, a company incorporated in England and Wales with company number 13736366 and whose registered office is at 2nd Floor Grove House, 55 Lowlands Road, Harrow HA1 3AW, England (“we”, “us”, or “our”). We are a private GP service offering GP services in the United Kingdom including localised in-person services in the Thames Valley area and remote GP services nationwide.

We are registered as a data controller with the Information Commissioner’s Office (registration number ZB290536). As a controller of your personal data (i.e. any information about an individual from which that individual can be identified), we are committed to protecting and respecting your privacy.

This Privacy Policy (and any other documents referred to on it, including our Cookie Policy) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Our website and services are not intended for children under the age of 16 years old and we do not permit children to open accounts or register with us. However, we do permit children under 16 years of age to use our services where an individual with parental responsibility registers a child in association. In such cases, we reserve the right to make enquiries to satisfy ourselves that such individuals hold appropriate parental responsibility to be able to give clear informed consent for the child concerned. We do not knowingly collect data relating to children under the age of 16 without appropriate consent.

Our website includes links to third-party websites and applications. We do not control these third-party websites and are not responsible for their privacy statements, notices, or policies. When you leave our website, we encourage you to read the privacy notice of every website you visit. We do not accept any responsibility or liability for the privacy policies or notices on third-party websites. Please check these policies before you submit any personal data to such third-party websites.

We collect personal data:

• When you register with us or book an appointment

• When you attend a consultation or service

• When you complete a form or contact us

• From medical professionals (with your consent)

• Through payment and invoicing systems

• When you browse our website or interact with our emails

We process your personal data under one or more of the following legal bases:

• Consent: where you have explicitly given permission (e.g. for sharing records)

• Contract: to provide healthcare services you have requested

• Legal obligation: to comply with legal or regulatory requirements

• Vital interests: in emergency situations to protect your life or health

Legitimate interests: e.g. managing our business, keeping records, or notifying patients of similar services they’ve previously booked

We use your personal data to:

• Provide healthcare consultations and treatment

• Manage appointments and communication

• Send medical reports, prescriptions, or referrals

• Collect payments and manage finance

• Respond to your queries or concerns

• Send occasional updates about services you have previously used or enquired about (see Marketing section)

We only share your personal data when necessary and with:

• Medical professionals involved in your care (with your consent or in your vital interest)

• Our trusted service providers and data processors (e.g. for secure records, payments, or communication)

• Regulators or legal authorities where required

We do not sell or share your data with third parties for marketing purposes.

If you have used our services before, we may contact you occasionally by email with updates about services that are similar to those you have previously booked - such as seasonal vaccination clinics or new appointment types.

This is known as the “soft opt-in”, which is permitted under the Privacy and Electronic Communications Regulations (PECR). It applies where:

• We obtained your email during the course of providing a service, and

• The marketing relates to our own, similar services, and

• You are given the option to opt out at any time

We keep these messages infrequent, relevant, and non-intrusive. You can unsubscribe using a link in the email or by contacting us.

We do not send general marketing unless you’ve opted in separately, and we never share your information with third parties for their marketing.

We use trusted third-party providers to process data securely, including:

• Semble - clinical records management

• Google Workspace - email and document storage

• Aircall - phone system

• Mailchimp - newsletter and update distribution

• Stripe / Tyl by NatWest - payment processing

• Hubdoc / Xero - financial record-keeping

Each processor is bound by strict data protection agreements.

We use cookies to enhance your experience on our website, monitor performance, and understand user behaviour. You can manage cookie preferences in your browser.

We may update this Privacy Policy from time to time. The latest version will always be available on our website, and we will notify you of any significant changes.

 Version: 2.0

Effective from: 26 May 2025

Version Control

Version 1: 01 Nov 2021 - By Oiver Large - Initial release of Privacy Policy

Version 1.1: 22 May 2022 - By Oliver Large - Revised to reflect operational focus on COVID-19 testing and core GP services

Version 2.0: 26 May 2025 - By Oliver Large - Updated to provide greater transparency regarding data processors (IT, finance, communications); clarified marketing communications approach under PECR; introduced version control table