We use cookies to make this site work. We'd also like to set optional cookies so we can understand how the site is used and improve it. We will not set optional cookies unless you accept them. You can change your choice at any time from the Cookie settings link in the footer.
Strictly necessary cookies
These cookies are required for the site to work. They store your cookie preferences and keep your session secure. They are exempt from consent under PECR Regulation 6(4) because they are essential to deliver the service you have requested.
Optional cookies
Optional cookies help us understand how the site is used and provide additional features such as analytics, accessibility tools and translation. We will only set them if you accept.
Privacy Notice
Operose Health Group Privacy Notice
1st April 2026 (Version 2.0)
Summary
Keeping your personal data safe is very important to us. This privacy notice will inform you of how we look after your personal data, tell you about your privacy rights and how to exercise your rights under legislation.
Your personal data is always stored securely, in our clinical and communication systems. Only authorised individuals who need access for the legal circumstances set out in the sections below can access your personal data.
We may share information about you with other General Practices (GPs), NHS acute or mental health Trusts, community health providers, pharmacists, ambulance services, social services and NHS commissioning organisations who are directly involved in providing or funding your care needs and for the purpose of indirect care (see secondary uses below). Your data will not be shared with anyone who is not listed in this privacy notice unless we are obliged by law.
We do not share your personal information with marketing and advertising companies, and we do not share your data with anyone who would take your data outside of the UK (GDPR) jurisdiction.
We will only share personal information about you with medical research organisations with your consent or as described in the section below, and you have the right withdraw your consent at any time by contacting the Practice/Service you are registered with. The national data opt-out allows people to opt out of their confidential information being used for research and planning.
Read more about it on the NHS website(opens in a new tab)
A full list of the organisations we share information with, and why, is provided in the later section of this Privacy Notice.
Who we are
Operose Health is the brand name for a number of companies that provide primary healthcare services across England. A full list can be found here:
What we do
At Operose Health, we are experts in working with complex health systems to provide the very best healthcare service to our patients and services users, and to transform their quality of healthcare experience. We are part of a national healthcare family with over 30 years’ experience of delivering high quality healthcare in the most simple and seamless way to our patients and service users, and we are committed to protecting and respecting their privacy.
Our portfolio of services includes primary care, improved access hubs and urgent treatment centres. We respect your right with regards to privacy and data protection when you communicate with us through our websites, events, telephone, or attend any of our face to-face consultation services.
Your personal data is stored in our secure clinical systems, only those who are involved in delivering your care have access to your personal data. Your data will not be shared with anyone else, unless we are obliged by law.
We store personal data within our secure communication systems to support staff training, service quality monitoring and operational improvements. Access to call recordings is strictly limited and will only occur where there is a clear and lawful purpose - for example, to investigate a complaint, review an incident, or fulfil regulatory requirements.
Sharing your personal information
We may share information about you with other General Practices (GPs), NHS acute or mental health Trusts, community health providers, pharmacists, ambulance services, social services and NHS commissioning organisations who are directly involved in providing or funding your care needs or for the purpose of indirect care (see secondary uses below). Your data will not be shared with anyone else, unless we are obliged by law.
We do not share your personal information with marketing and advertising companies. We hold your information securely in the UK at all times. Your information is not shared anywhere outside the UK.
We may use the NHS OpenSAFELY platform, a secure analytics environment managed on behalf of NHS England, to support approved research or analysis activities. OpenSAFELY enables authorised analysts to run code within secure data centres without moving patient data outside the GP or NHS systems. All information processed within OpenSAFELY is pseudonymised, meaning direct identifiers such as name, date of birth, address or NHS number are removed or replaced with non-identifying markers. Only aggregated, non-identifiable outputs leave the secure environment. This approach ensures that health data is used responsibly for public benefit while maintaining strong privacy safeguards.
For more information about OpenSAFELY’s transparency, pseudonymisation methods, and privacy protections, please refer to NHS England’s OpenSAFELY Privacy Notice and the OpenSAFELY documentation.
We will only share personal information about you with medical research organisations with your explicit consent, and you have the right withdraw your consent at any time.
A full list of the organisations we share information with, and why, is provided in the later section of this Privacy Notice.
What is this Privacy Notice about?
A privacy notice is a statement that describes how an organisation collects, use, retain and disclose personal data, or special categories of personal data. Different organisations sometimes use different terms, and it can be referred to as a privacy statement, a fair processing notice or a privacy policy.
Being transparent and providing accessible information to individuals about how an organisation will use their personal information is a key element of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. To ensure that we process your personal data fairly, lawfully and transparently we are required by law to provide you with the following information:
- What information we collect and process about you
- How we process your personal data
- The purpose of processing
- Recipients or categories recipients of your personal data
- The identity of our Data Protection Officer
- How long we retain personal information about you
- The lawful bases for processing
- Your rights – to view, request access copies of your personal information, or object to the processing of your personal information.
Identity data and contact details
Such as name, date of birth, gender, NHS number, telephone number, postal address, postcode, email address (if provided) etc.
Support contact details
Names, contact details of carers, relevant close relatives, next of kin and representatives.
Special categories of personal data concerning physical, social or mental health conditions
Such as medical history, diagnosis, treatments, test results, appointment data concerning physical, social attendances, referrals, care plans, care packages, medication, medical opinions, or mental health condition call recordings etc.
Special categories of personal with protected characteristics
Such as racial or ethnic origin, religious or philosophical beliefs, genetic data, with protected characteristics sexual life or sexual orientation data, child protection records, adoption records etc.
Aggregated data
A combination of personal data, and special categories of personal data for the purpose of business intelligence and analytical services to enable us to predict future trends and plan our services.
Usage data
Our websites use cookies to distinguish you from other user when you access our online services. A cookie is a small file of letters and numbers that we store on your browser when you consent to use of our online services. This helps us to provide you with a good experience when you browse our site and enable us to improve our site.
Types of personal information we process
At Operose Health, we process the following categories of personal information about our patients and service users:
What we process your personal information for
We process personal information about you in a number of ways. These include:
Primary uses
We process personal information concerning your health to enable our registered and regulated healthcare professionals who are directly involved in your care to provide you with the best possible direct care delivery.
Personal information concerning your health or social care is also made available to other health or social care provider organisations who are involved in your health or social care needs to enable them to make the best-informed decision about you when you use their service.
Secondary uses
We process your personal information for purposes of beyond direct care in the following ways:
- Reviewing the care we provide through clinical audit.
- Investigating your queries, complaints and legal claims.
- Ensuring we receive payment for the healthcare you receive.
- Preparing statistics on NHS performance.
- Auditing NHS accounts and services.
- Undertaking health research, and development (with your explicit consent, and you have the right choose whether or not to be involved). Learn more about Health Research
- For business intelligence and analytical services to enable us to predict future trends and plan our services.
- Training and educating our healthcare professionals (with your explicit consent, and you have the right choose whether or not to be involved).
Common Law Duty of Confidentiality
We comply with the Common Law Duty of Confidentiality. Your information will normally only be used for your direct care unless a legal requirement, court order or overriding public interest allows otherwise.
Lawful Basis for Processing (UK GDPR Article 6)
We rely on the following lawful bases:
- Article 6(1)(e) — Public task
- Article 6(1)(c) — Legal obligation
- Article 6(1)(d) — Vital interests
- Article 6(1)(a) — Consent (used only where appropriate)
- Article 6(1)(ea) — Recognised Legitimate Interests (introduced under the Data Use & Access Act 2025)
Lawful Basis for Special Category Data (UK GDPR Article 9)
We rely on:
- Article 9(2)(h) — Health or social care
- Article 9(2)(g) — Substantial public interest
- Article 9(2)(i) — Public health
- Article 9(2)(j) — Research (with safeguards)
Automated Decision-Making & Profiling
We do not use automated decision‑making or profiling that has legal or significant effects on you.
Joint Controller Arrangements
Where we jointly determine the purpose and mean of processing with other NHS bodies (e.g., Integrated Care Boards), we act as Joint Controllers. The allocation of responsibilities is defined in joint controller agreements and can be provided on request.
Retention Periods
We comply with the NHS Records Management Code of Practice for all retention and disposal schedules. Specific retention periods can be provided upon request.
Your Rights
You have the right to access, correct, erase, restrict or object to processing, withdraw consent (where used) and request data portability. You also have the right to complain to the Information Commissioner’s Office (ICO).
Data Protection Complaints Process (Data Use & Access Act 2025)
We operate a mandatory Data Protection Complaints Process, which must be used before complaints are escalated to the ICO. Details are available on request.
Our identity and contact details
Operose Health includes the entities listed in this Privacy Notice. We can be contacted at:
Operose Health, 108 High Street, Great Missenden, Buckinghamshire, HP16 0BG
Our Data Protection Officer
If you have any questions or concerns regarding how your data is being processed, please write to our Data Protection Officer who can be contacted at:
Data Protection Officer Operose Health
108 High Street
Great Missenden
Buckinghamshire
HP16 0BG
Telephone: 020 8678 5624
