Privacy & Policy


At Midland Women’s Health, safeguarding your privacy is paramount.

Recognizing the trust you place in us by sharing your personal information, Midland Women’s Health is dedicated to uphold the highest standards of privacy protection. We adhere strictly to the regulations outlined in the General Data Protection Regulation (GDPR) and the Data Protection Act applicable in the UK ("Data Protection Laws"). Additionally, we align with relevant clinical protocols and medical guidelines set forth by authoritative bodies including the General Medical Council, specific Royal Colleges, and the Nursing and Midwifery Council.

Scope of Our Privacy Statement

This privacy statement extends to all individuals who engage with us concerning our products and services, regardless of the mode of interaction (such as email, telephone, or post). It outlines the principles governing the collection, retention, and processing of your personal data by us. We detail our procedures concerning the acquisition, utilization, storage, and disclosure of personal data obtained from you and/or held about you, along with your associated rights.

Should you have inquiries regarding the contents of this statement or our interactions with you, please feel free to reach out to us at

We urge you to carefully review the following information to comprehend how we handle your personal data. By utilizing our website, providing us with your personal data, or engaging with our services, website, or any other online or digital platforms, you implicitly consent to the practices delineated in this Privacy Statement.

References to 'we', 'us', and 'our' denote Midland Women’s Health, whereas 'you' or 'your' pertain to any individual interacting with us regarding our products and services.

Our Personal Information Collection Practices

Within this statement, we refer to personal data as information that directly or indirectly identifies you as an individual. This information may be obtained directly from you or from third parties (such as family members, guardians, insurers, healthcare professionals, clinical referrers, etc.).

To deliver our services effectively, we may hold information about you acquired through various interactions. This could encompass your engagement with us as a customer, a patient, or an enquirer. For instance, when you visit our website, complete a digital or postal enquiry form, or communicate with us verbally.

Depending on the services you receive, this may entail sensitive personal data related to your health status.

The personal data we collect from you may comprise:

• Information provided by you when enquiring about our services, becoming a customer or patient, or applying for a job, including but not limited to your name, address, and contact details (such as email address and phone number).

• Contact details (including phone number) of your next of kin.

• It is your responsibility to ensure that your next of kin is aware of and consents to the terms outlined in this Privacy Statement if their details involve personal data.

• Details of referrals, quotes, and any other correspondence or interactions we've had with you.

• Information concerning services or treatment you've received from us, from referred doctors, or from third parties, including details of appointments, clinic and hospital visits, and medications administered.

• Data obtained from customer surveys, promotions, or competitions in which you've participated.

• Recordings of phone conversations between you and us.

• Notes and reports pertaining to your health, treatment, and care, including feedback on patient experiences and treatment outcomes provided by you.

• Information relating to complaints or incidents.

• Financial or credit card information provided when making payments to us.

We may obtain information about you from various sources, including:

• Family members or representatives acting on your behalf.

• Recordings of phone conversations between you and us.

• Healthcare professionals such as doctors, clinicians, hospitals, clinics, and other healthcare providers.

• NHS organizations commissioning our services or doctors to whom we refer you for your care.

• Service providers collaborating with us for your treatment, such as insurance companies or referring general practitioners/consultants/other doctors.

• Fraud detection and credit reference agencies.

• Publicly available sources like the edited electoral register or social media.

Regarding patients under 18 years of age, if we are requested to provide treatment to a child by their parent or guardian, we may need to collect and process personal data about the child. In such cases, we will obtain consent from the parent or guardian and only gather and process relevant and necessary data to facilitate treatment. We will not utilize the child's personal data for unrelated purposes without informing the parent or guardian, specifying the legal basis for processing, and obtaining consent. If there's a need to transfer the child's data to a third party assisting with treatment, we will ensure that the parent or guardian is informed beforehand, and appropriate security measures are in place.

When you visit our website, certain personal data may be collected automatically, including:

• Technical information such as IP address, browser type, time zone settings, browser plug-in details, operating system, and platform.

• Information about your visit, like full URLs, clickstream data, viewed or searched products, page response times, download errors, time spent on specific pages, page interactions (e.g., scrolling, clicks, mouse-overs), and methods used to navigate away from the page.

Legal Basis of Processing

We typically process personal data of customers and service recipients when under contract or in the process of negotiating a contract. Such processing is necessary for fulfilling contractual obligations or at the request of individuals before entering into a contract.

Additionally, we may process limited personal data of contacts for the legitimate interests of the company, such as maintaining communication with customers and contacts, which may involve sending targeted business-related emails. We have carefully weighed this legitimate interest against the rights of individuals, ensuring that individuals have the right to be forgotten and request deletion of their personal data at any time.

Categories of Personal Information

We handle two categories of personal information and data concerning you:

1. Standard personal demographic information (such as your name, contact details, and address).

2. Special categories of information (including gender, date of birth, medical history, clinical details, ethnicity for customized care, and information related to credit financing and crime for anti-fraud and credit rating checks).

When do we collect your personal data?

We may collect your personal data when:

• You visit our website.

• You inquire about our services or treatments (please note that calls to Midland Women’s Health Ltd and its agents may be monitored or recorded for training and service improvement purposes).

• You register to become a customer or patient with us, book services or treatments, or those provided by referred doctors.

• You fill out forms or surveys for us.

• You conduct transactions on our website.

• You participate in competitions, promotions, or other marketing activities.

• You make online payments.

• You contact us via email, telephone, or social media.

• You engage in interactive features provided through websites and digital media.

• You are referred to us for treatment by a third-party referrer (such as an insurance company, NHS organization, medical consultant, or GP).

Health information collected during the provision of treatment or services

Sensitive personal data, including health information, will only be shared with third parties involved in your treatment or care with your consent. If you become a patient, you will be asked to consent to the exchange of information with doctors, medical staff, and insurance companies.

Where applicable, this data may be disclosed to individuals or organizations responsible for covering your treatment expenses, external service providers, and regulatory bodies for clinical audit purposes, ensuring the highest standards of care and record-keeping are maintained.

Sharing with medical professionals, your GP, insurer, the NHS, and medical regulators

We share clinical information with medical professionals involved in your treatment, whether they are our employees, independent consultants, or NHS-employed consultants. Your GP may also receive information about your treatment if clinically advisable, unless you request otherwise, although this is strongly discouraged due to potential health risks.

Information about your treatment may also be shared with your medical insurer if they are covering part or all of your treatment costs. Similarly, if you are referred to us by the NHS, we will share treatment details with the referring NHS department.

We may also share personal data, including sensitive personal data, with medical regulators if requested or required by law, ensuring compliance with legal frameworks and respecting your privacy.

Participation in audits and initiatives

We participate in audits and initiatives to enhance patient outcomes. Your personal data will be handled with the utmost confidentiality in accordance with Data Protection Laws. Any publication of this data will be anonymized and presented in statistical form. Anonymous or aggregated data may be used for research or statistical purposes by us or disclosed to others.

How We Utilize Your Personal Data

Your personal data is handled with utmost confidentiality and security. Unless you explicitly agree otherwise, it will only be used for the purpose(s) for which it was collected, in alignment with this Privacy Policy, applicable Data Protection Laws, clinical records retention periods, and clinical confidentiality guidelines.

We process your personal information for several legitimate interests, including:

• Managing your care and treatment.

• Communication within our relationship with you.

• Marketing analysis.

• Clinical research and product/service development.

• Exercising rights to handle claims.

• Sensitive personal data regarding your health is disclosed only to those involved in your treatment or care, or in accordance with UK laws and professional guidelines. Details on how we utilize health-related personal data are provided below:

To fulfill our obligations arising from any contracts between you and us, including service provision, billing, and anti-fraud measures. Providing requested information, products, or services. Offering information about products or services we offer, if you have consented to receive electronic marketing communications from us. Informing you about changes to our products or services. Managing relationships with you, our business, and third-party service providers. Providing healthcare services on behalf of a third party, such as your employer. Efficient handling of claims and investigation of complaints. Keeping records updated. Providing marketing information as permitted by law. Developing and executing marketing activities based on your preferences. Contacting you for market research purposes. Monitoring performance against clinical and non-clinical expectations. Enforcing website terms of use, policy terms, or contracts, and protecting rights, property, or safety. Exercising rights, defending against claims, and complying with applicable laws and regulations. Participating in business transactions such as sales, purchases, mergers, or takeovers. Responding to legal or regulatory obligations. Ensuring accuracy of information and quality of treatment or care, including auditing medical and billing information. Supporting healthcare professionals. Assessing care quality and addressing concerns or complaints. Presenting website content effectively. Security Measures for Your Personal Data

We safeguard all personal data we hold by implementing appropriate organizational and technical security measures to prevent unauthorized access, unlawful processing, loss, destruction, or damage of personal data.

Any personal data you provide will be retained for as long as necessary, considering the purpose for which it was collected and in compliance with Data Protection Laws.

While data protection laws are standardized throughout the European Economic Area (EEA), countries outside the EEA may not offer the same level of protection for personal information. We do not anticipate the need to transfer your data outside the EEA, but if such a situation arises, we will inform you and establish procedures to ensure secure transfer.

Information provided to us is securely stored. Payment transactions on our website are processed securely by third-party payment processors. We do not retain any personal finance or payment information.

At your request, personal information may occasionally be transferred to you via email, or you may choose to transfer information to us via email. Please note that email is not a secure method of information transmission, and any such exchanges are done at your own risk.

Disclosure and Sharing of Your Personal Data

As part of our standard business operations, we may disclose your personal data, as necessary, to contracted organizations that support the delivery of our services. This may include:

• Contracted medical and clinical practice staff, business partners, suppliers, and subcontractors for service delivery.

• Organizations providing IT systems and support, as well as hosting services for storing your information.

• Third-party debt collectors for debt collection purposes.

• Third-party service providers for information storage and confidential destruction.

• Third-party marketing companies for digital and non-digital marketing related to our products and services.

When engaging third-party data processors, we ensure they operate under contractual obligations concerning confidentiality and security, in addition to their obligations under Data Protection Laws. We may also disclose your personal data to third parties in cases where we sell or acquire any business or assets, or when required by law.

We reserve the right to disclose information to legal authorities in instances where claims or evidence are required to support formal legal proceedings.

Retention Periods for Your Personal Information

We retain your personal information based on set periods determined by various criteria, including:

• Duration of your customer relationship with us and the extent of services provided.

• Reasonable retention periods to demonstrate compliance with contractual obligations.

• Time limits for filing claims.

• Legal requirements or recommendations by regulators, professional bodies, or associations.

• Ongoing legal proceedings.

Specific retention periods for certain information are outlined below:

• Patients: Personal Data necessary for contract compliance is retained for at least 6 years post-contract termination. Limited Personal Data, including contact details and transactional history, may be retained for longer periods to support our business interests.

• Enquiries: Limited Personal Data related to enquiries is retained for up to six months to address follow-up questions.

• Marketing: We seek your consent for receiving targeted marketing communications. You have the right to unsubscribe at any time.

• Recruitment: Personal Data related to job applications is retained for recruitment, correspondence, and equal opportunities monitoring, not exceeding 12 months if unsuccessful.

For further details on data retention, please contact us at

Non-Personal Information, Cookies, and Other Websites

Cookies on our website enable navigation, access to features, and information collection to understand customer behavior and improve our services. We may use third-party companies to set cookies and gather information on our behalf. Additionally, we may analyze Internet Protocol (IP) addresses or other anonymous data sources.

Cookies are text files containing small amounts of information stored on your device when visiting a website. They facilitate efficient page navigation, remember preferences, and improve user experience. By law, website operators must obtain user permission for certain types of cookies.

We categorize cookies as follows:

• Category 1: Essential cookies required for website functionality.

• Category 2 : Cookies for website performance enhancement, providing aggregated usage data.

• Category 3 : Cookies for user customization and personalized features.

• Category 4 : Cookies for targeted advertising, which we do not use on our website.

Please note that third-party websites linked from ours have their own privacy policies, and we accept no responsibility for their practices.


In line with our Privacy Policy, we may send you information about our products and services via mail, email, phone, or SMS if you've agreed to receive it. You have the right to opt-out of such communications at any time by contacting us at Please provide reasonable notice for system updates, generally at least 30 days.

Changes to Our Privacy Policy

Our Privacy Policy undergoes regular review and may be amended periodically without prior notice. Therefore, we advise you to regularly review this Privacy Policy.

Privacy Notice for Call Recording

This privacy notice outlines the usage of phone call recordings within Midland Women’s Health.

Personal Data

When recording a call, we collect:

• A digital recording of the telephone conversation

• The telephone numbers of both parties (internal and external)

Personal data disclosed during a call, such as name and contact details, is digitally recorded to facilitate the delivery of appropriate services.

On occasion, 'special category' personal information may be recorded if voluntarily disclosed by an individual, such as health, religious, ethnicity, or criminal information, to support their request for advice and/or services.

Collection of Personal Data

The recordings are stored on a secure server hosted by our phone provider (currently 3CX), accessible only by senior management members who are provided with unique login credentials.

Call recordings are utilized for:

• Quality monitoring of staff performance

• Investigation and resolution of complaints

• Identification of training needs

• Ensuring compliance with quality standards

Sharing Personal Data

We may share call recordings with an Investigating Officer to address complaints or issues.

Data Sharing under Data Protection Legislation

Under Data Protection legislation, we may be required or permitted to disclose a call recording, including personal data, without explicit consent, for purposes such as law enforcement, safeguarding investigations, regulation and licensing, criminal prosecutions, and court proceedings.

Legal Basis for Using Your Information

Under data protection legislation, we are only permitted to use your personal data if a legal basis exists. We process your personal data for the purpose of providing work-finding services, relying on legal bases such as consent, contractual obligation, legal obligation, or legitimate interests.

Retention of Personal Data

Recordings are securely and confidentially retained for no longer than 14 days unless required for investigation, legal reasons, or safeguarding concerns.

Your Rights Regarding Your Information

You have various rights concerning your personal data, including:

• Being informed about how your personal data is used

• Accessing your personal data held by us

• Requesting correction or erasure of your personal data

• Asking us to restrict data processing activities

• Requesting a copy of certain personal data in electronic format

• Objecting to our processing of your personal data

• Not being subject to automated decisions with legal effects

For exercising your rights or further inquiries, please contact

Your Rights

You possess the entitlement to access your information and request corrections, deletions, and restrictions on its use. Furthermore, you have the right to object to our utilization of your information, demand the transfer of provided information, revoke previously given permissions, and oppose automated decision-making affecting you. For more details, refer below.

You are entitled to the following rights (subject to certain exceptions).

Right of Access: You can submit a written request for details of your personal information and obtain a copy of it. Right to Rectification: You have the right to rectify or remove inaccurate information about yourself. Right to Erasure ("Right to Be Forgotten"): You can request the deletion of certain personal information about you. Right to Restriction of Processing: You may request that your personal information be used only for specific purposes. Right to Object: You can object to the processing of your personal information in cases where it's performed in the public interest or based on legitimate interests. You can also object to the use of your information for profiling related to direct marketing. Right to Data Portability: You have the right to request the transfer of your personal information to yourself or a third party in machine-readable formats. Right to Withdraw Consent: You can withdraw any previously given consent for the handling of your personal information. Withdrawal won't affect the legality of our previous use of your data, and we'll inform you if this affects our ability to provide your chosen product or service. Right in Relation to Automated Decisions: You have the right not to be subject to decisions based solely on automated processing, except when necessary for entering into a contract, authorized by law, or upon explicit consent. We'll inform you of such decisions, the lawful grounds, and your rights. Please Note: Except for your right to object to the use of your data for direct marketing, your rights are not absolute and may not always apply in all cases. We'll communicate with you regarding how we'll comply with your request in our correspondence. If you make a request, we may need you to confirm your identity and provide further details to understand your request better. If we cannot fulfill your request, we'll explain why. To exercise your rights, please contact

Data Protection Contacts

For any queries regarding our privacy policy, please email us at or send a letter to the Data Protection Officer at:

20 Calthorpe Road, Edgbaston, Birmingham, B15 1RP

You also have the right to lodge a complaint with your local privacy supervisory authority. As Midland Women’s Health Ltd is based in the UK, the local supervisory authority is the Information Commissioner:

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire, United Kingdom SK9 5AF Phone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)