Privacy Policy

1. Introduction

1.1 During your visit to NUMA, we collect and process personal and clinical information about you. All data is handled in compliance with applicable data protection laws, including the UK GDPR and Data Protection Act 2018.

1.2 This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data. A copy of this policy is available on our website or upon request at our clinic.

2. Who We Are

2.1 NUMA Limited (“we”, “us”, or “our”) operates the Hyperbaric Oxygen Clinic (“NUMA”), a private clinic offering hyperbaric oxygen treatment. Our clinic is located at 6 York Street, London, W1U 6QD.

2.2 NUMA is the data controller responsible for processing your personal data. We are registered with the UK Information Commissioner's Office (ICO) under registration number ZA828748.

2.3 For any questions regarding this Privacy Policy, you can contact us at info@numaoxygen.co.uk or telephone on +44 (0)20 3823 1212.

3. Personal Information We Collect & How We Use It

3.1 We collect personal data when you:

  • Contact us or book an appointment
  • Visit our clinic and receive treatment
  • Interact with our website or digital services

3.2 Types of personal data we collect:

  • Basic Information: Name, contact details, date of birth
  • Medical & Clinical Data: Health history, treatment records
  • Payment & Billing Data: If applicable for paid services
  • Website & Online Data: IP address, browsing behaviour (via cookies and analytics)

3.3 We use your data for:

  • Providing medical treatment and services
  • Communicating appointment details and clinic updates
  • Processing payments and insurance claims
  • Improving our website and services (via Google Analytics)
  • Running targeted advertising (via Google Ads)

3.4 Our lawful basis for processing your personal data includes:

  • Performance of a contract (providing treatment)
  • Legal obligation (medical record retention)
  • Legitimate interest (marketing and service improvement)
  • Consent (where required for marketing or tracking cookies)

4. Special Category Data (Health-Related Information)

4.1 Some personal data we collect is special category data (e.g., medical history, treatment details). We process this only when:

  • It is necessary for medical diagnosis or treatment
  • You have given explicit consent
  • We are legally required to do so

4.2 We do not share special category data with third parties, except where necessary for medical, legal, or safeguarding purposes.

5. Who We Share Your Data With

We may share your personal data with:

  • Healthcare providers – If referred by another professional or as part of your treatment plan
  • Medical insurance companies – If required for policy claims
  • Regulatory authorities – If legally required (e.g., public health reporting)
  • Analytics & advertising partners – Google Analytics, Google Ads (see Section 6 below)
  • IT service providers – For secure data storage and website management
  • Successors in business transfers – If NUMA is acquired or merged

6. Digital Tracking & Marketing (Google Ads & Analytics)

6.1 We use Google Analytics to track website performance and Google Ads for targeted advertising. This means:

  • Google may collect information like your IP address, device type, and browsing activity
  • We use this data to improve user experience and marketing efforts
  • You can opt-out via Google’s opt-out tool

6.2 For details on how we use cookies, see our Cookie Policy.

7. Your Rights

You have the right to:

  • Access – Request a copy of the personal data we hold about you
  • Rectify – Correct inaccurate or incomplete information
  • Erase – Request deletion of data (subject to legal obligations)
  • Restrict Processing – Limit how we use your data in certain cases
  • Object – To marketing or processing based on legitimate interests
  • Data Portability – Transfer your data to another provider

How to exercise your rights: Email info@numaoxygen.co.uk with your request.

8. Complaints & ICO Contact

If you are unhappy with how we handle your data, you can:

  1. Contact us directly (we will aim to resolve your concern)
  2. File a complaint with the ICO:

9. Data Storage & International Transfers

9.1 Your personal data is stored securely in the UK and EEA.

9.2 In some cases, data may be processed outside the UK/EEA. When this happens, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the ICO/EU
  • Risk assessments for secure data handling

10. Data Security

10.1 We use encryption, secure servers, and access controls to protect your data.

10.2 Email & Internet Security: While we take precautions, email transmissions are not 100% secure. Be cautious when sending sensitive information electronically.

11. Cookies & Tracking Technologies

11.1 We use cookies to improve functionality, personalise content, and analyse traffic.

11.2 You can manage cookie preferences through your browser settings. See our Cookie Policy for full details.

12. Third-Party Websites

Our website may link to third-party sites. We are not responsible for their privacy policies. Always review their terms before providing personal data.

13. Data Retention

We keep personal data only as long as necessary, based on:

  • Medical records8 years (or until age 21 for minors)
  • Marketing preferences – Until you opt out
  • Other records – In line with NHS retention schedules

14. Changes to This Policy

We review this policy regularly and update it as needed. The latest version will always be available on our website.

Last updated: 7 Feb 2025