Privacy Policy

Last updated: 29 September 2025 (v3.2)

This notice explains what personal information we collect, when we collect it and how we use this. During the course of our activities, we will process personal data (which may be held on paper, electronically, or otherwise) about you and we recognise the need to treat it in an appropriate and lawful manner. The purpose of this notice is to make you aware of how we will process your information.

Who are we?

Target Healthcare Group (“we”, “us” or the “Group”) takes the issues of security and data protection very seriously. We comply with all relevant data protection laws, including the UK General Data Protection Regulation, the Data Protection Act 2018, the Data (Use and Access) Act 2025, and the Privacy and Electronic Communications Regulations 2003.

This notice applies to patients and visitors of, and suppliers to, the Group, which includes:

We are notified as a Data Controller with the Information Commissioner’s Office (ICO) under the registration numbers above and we are the data controller of any personal data that you provide to us.

Our Data Protection Officer (DPO) is RGDP LLP, who can be contacted by email at info@rgdp.co.uk. Any questions relating to this notice and our privacy practices should be sent to our DPO.

How we collect information from you & what information we collect

We process the following information about you, as a patient, for the stated purposes below:

• Your name, age, and contact details.
• Details of your appointments and centre visits.
• Records about your health, treatment and care.
• Results of your imaging investigations.
• Information from other health professionals.
• Details of your credit/debit cards or banking information.
• Patient experience feedback and surveys.
• Information about complaints and incidents.

We process the following information about visitors and suppliers for the stated purposes below:

• Information relating to your visit (e.g., your company or organisation’s name, arrival and departure time, vehicle number plate number).
• Information about any access arrangements you may need.
• CCTV footage captured on our premises for security and safety purposes.
• Entries in our Visitors Register, including your name, organisation, time of entry and departure, and the person you are visiting.

Why we need this information about you and how it will be used

We need your information and will use your information:

• To undertake and perform our obligations and duties to you in accordance with the terms of our contract or potential contract with you, your insurance company or other organisation making payment for the services which we provide to you.
• To enable us to supply you with the services and information which you have requested.
• To enable us to respond to any surveys or complaints made.
• To analyse the information we collect so that we can administer, support and improve and develop our business and the services we offer.
• To contact you in order to send you details of any changes to our service provision which may affect you.
• For all other purposes consistent with the proper performance of our operations and business.
• To contact you for your views on our products and services.

What are the lawful bases for us processing your personal data?

Under the UK General Data Protection Regulation, the lawful bases which we rely on for processing this information are:

• We have your consent.
• We have a contractual obligation, including pre-contractual negotiations.
• We have a legal obligation.
• We have a vital interest.
• We have a legitimate interest (including conducting surveys and the usage of CCTV imagery).
• Where we are undertaking a public task.
• Where there is a redefined legitimate interest, as defined under the Data (Use and Access) Act 2025 and by the relevant Secretary of State.

Sharing of your information

From time to time, we may lawfully share your personal data with other data controllers and data processors. We may disclose your information to other third parties who act for us for the purposes set out in this notice or for purposes approved by you, including the following:

• To other third-party organisations who provide services on our behalf.
• If we enter into a joint venture with, are merged with, or are acquired by another business entity, your information may be disclosed to our new business partners or owners.
• If we are updating your details, your information may be disclosed to relevant third parties (such as health providers) to ensure accuracy and continuity of service.
• If we are investigating payments, your information may be disclosed to authorised payment processors.
• If we are conducting a survey of our products and/or services, your information may be disclosed to third parties assisting in the compilation and analysis of the survey results.
• To enable us to conduct the day-to-day management of your agreement or potential agreement with us.

Other than where required to do so by law, we will not otherwise share, sell, or distribute any of the information you provide to us without your consent.

Transfers outside the UK

Your information will only be stored within the UK, other than where international transfers of personal data may legally take place, in accordance with Chapter V of the UK General Data Protection Regulation.

Security

When we process your personal data, we take steps to make sure that your personal information is kept secure and safe. This includes ensuring there is adequate IT and physical security for all locations that data is stored, and we ensure that these measures are tested on a regular basis to ensure compliance.

How long we will keep your information

We review our data retention periods regularly and will only hold your personal data for as long as is necessary for the relevant activity, or as required by law (we may be legally required to hold some types of information), or as set out in any relevant contract we have with you.

Your rights

Under data protection law, you have certain data subject rights, including:

• Your right of access – You have the right to ask us for copies of your personal information.
• Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
• Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
• Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. If you would like to exercise any of your rights above please contact our DPO at info@rgdp.co.uk in the first instance. Please note that your rights under the UK GDPR and Data Protection Act 2018 are not absolute and are subject to qualification.

Queries and concerns

If you would like to find out more about how we use your personal data or want to see a copy of information about you that we hold or wish to exercise any of your above rights, please contact our DPO at info@rgdp.co.uk.

You have the right to complain to the Information Commissioner’s Office (ICO) in relation to our use of your information. The ICO’s contact details are noted below:

• Information Commissioner’s Office
• Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• Telephone: 0303 123 1113
• Website: ico.org.uk

Updating your information

The accuracy of your information is important to us. Please help us keep our records updated by informing us of any changes to your personal and contact details.

v3.2 (September 2025)