Epsomedical – Website Privacy Statement

 

Last updated: 1st December 2025

ABOUT EPSOMEDICAL

The website and online platforms operated by Epsomedical (the “Site”) are owned by Epsomedical Limited (“we”, “us”, “our”), a company registered in England and Wales.

Company registration number: 03286288
Registered office: Cobham Hospital, 168 Portsmouth Road, Cobham, Surrey, KT11 1HS
VAT number: Not Applicable

Epsomedical Limited is the data controller for all personal data collected through the Site.

Our Site may use third-party services (for example, website hosting, email communication tools, or analytics platforms). These providers will process your data only under our instructions and in compliance with UK Data Protection Legislation.

ABOUT THIS PRIVACY NOTICE

We are committed to protecting and respecting your personal data.
Your privacy matters to us, and we will never sell your personal information or release it to any external organisation for their own marketing purposes.

This Privacy Notice explains:

  • what personal data we collect through our Site,

  • how we use it,

  • how we keep it secure, and

  • your rights under data protection law.

By using our Site, you acknowledge and agree to the practices described in this notice.

You may withdraw consent for certain uses of your personal data at any time by contacting us.
If you are unhappy with how we process your personal data, you may lodge a complaint with the Information Commissioner’s Office (ICO).

INFORMATION WE MAY COLLECT ABOUT YOU

We may collect and process the following types of data:

1. Information you provide to us directly

For example, when you:

  • complete an enquiry form

  • subscribe to newsletters or marketing updates

  • contact us by email or telephone

  • request information from us

  • submit information through interactive features on the Site

This may include:

  • name

  • postal address

  • email address

  • telephone number

  • any other information you choose to submit

2. Information we collect automatically

When you visit the Site, we may collect:

  • IP address

  • browser type and version

  • device type

  • pages visited, links clicked and navigation behaviour

  • traffic data, location data (approximate), weblogs

  • access dates and times

3. Information we receive from third parties

We may receive information from:

  • analytics or advertising partners

  • website hosting and email service providers

  • third-party tools that support our Site’s functionality (e.g., spam protection, performance monitoring)

DEVICE PERMISSIONS

If the Site uses browser-based tools or optional interactive features, you may be asked for permission to:

  • enable notifications

  • access your camera or microphone (for example, if you choose to upload images or use a contact feature)

  • access device storage (for uploading documents or images)

These permissions are always optional and controlled via your device or browser settings.

COOKIES

Cookies are used to personalise and improve your browsing experience and to help us understand how visitors use our Site.

Details about the cookies we use and how to manage them are provided in our Cookie Policy.

You may continue to use the Site if you reject non-essential cookies, but some features may not work as intended.

HOW WE USE YOUR INFORMATION

We use your information to:

  • respond to your enquiries and correspondence

  • send information you have requested

  • manage and operate the Site

  • monitor Site performance and usage

  • provide personalised content and improve user experience

  • carry out data analysis, testing and research

  • send marketing communications, if you have consented

  • comply with legal obligations

We do not use your personal data for automated decision-making or profiling that produces legal or significant effects.

DISCLOSURE OF YOUR INFORMATION

We may share your personal data with:

  • website hosting and IT service providers

  • email marketing or communication providers

  • analytics providers (e.g., Google Analytics, where used)

  • security and spam prevention tools

  • regulators or authorities where legally required

  • third parties in the event of a business transfer, acquisition or restructuring (subject to safeguards)

All third-party processors must:

  1. process data only on our instructions,

  2. maintain confidentiality, and

  3. comply with UK GDPR and the Data Protection Act 2018.

We will never sell your data or provide it to third parties for their own marketing.

STORAGE AND SECURITY OF YOUR PERSONAL DATA

Your personal data is stored on secure servers using appropriate technical and organisational measures.

Some data may be transferred outside the UK/EEA. In these cases, we ensure appropriate safeguards such as:

  • UK International Data Transfer Agreements (IDTAs),

  • Standard Contractual Clauses (SCCs), or

  • UK Government adequacy regulations.

Although we take all reasonable steps to protect your data, internet transmission is never fully secure and is at your own risk.

We retain your data only for as long as necessary for:

  • the purpose for which it was collected,

  • compliance with legal obligations, and

  • maintaining accurate records.

Different categories of data may have different retention periods.

YOUR RIGHTS

Under UK Data Protection Law, you have the right to:

  • access your personal data

  • rectify inaccurate or incomplete data

  • erase your data in certain circumstances

  • restrict processing

  • object to processing

  • data portability

  • withdraw consent at any time (where we rely on consent)

  • object to direct marketing

To exercise any of these rights, please contact us.

Our Site may contain links to external websites. We are not responsible for their content or privacy practices, and you should review their privacy notices before providing any personal data.

ACCESS TO INFORMATION

You may request a copy of the personal data we hold about you at any time by contacting us.

CHANGES TO THIS PRIVACY NOTICE

We may update this Privacy Notice periodically.
Changes will appear on this page, and we encourage you to review it regularly.

CONTACT

Questions or requests regarding this Privacy Notice should be sent to:

Data Protection Lead
Epsomedical Limited
Cobham Hospital168 Portsmouth RoadCobhamSurreyKT11 1HS
eg.dpo@nhs.net

01932 588400

You may also contact the Information Commissioner’s Office (ICO):
www.ico.org.uk

DEFINITIONS

“UK Data Protection Legislation” means the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any laws amending or replacing these.