Preparing your healthcare experience...
Protecting your information, respecting your privacy: A commitment we take seriously
222 Healthcare Ltd is a private GP service based in the UK. We are a registered company in England and Wales (Company No. 13736366), with our registered office at 2nd Floor Grove House, 55 Lowlands Road, Harrow HA1 3AW. Our clinic operates at Stokenchurch Medical Centre, Oxford Road, Stokenchurch, Bucks, HP14 3SX.
We are registered with the Information Commissioner’s Office (ICO) as a data controller (Registration number: ZB290536)..
If you have any questions about this policy or how we handle your data, please contact us:
By phone: 0333 242 2107
We abide by the following data protection principles, as stipulated in the UK General Data Protection Regulation (UK GDPR), in all of our dealings with your personal data:
We may collect and process the following types of personal data:
We are 222 Healthcare Services Ltd, a company incorporated in England and Wales with company number 13736366 and whose registered office is at 2nd Floor Grove House, 55 Lowlands Road, Harrow HA1 3AW, England (“we”, “us”, or “our”). We are a private GP service offering GP services in the United Kingdom including localised in-person services in the Thames Valley area and remote GP services nationwide.
We are registered as a data controller with the Information Commissioner’s Office (registration number ZB290536). As a controller of your personal data (i.e. any information about an individual from which that individual can be identified), we are committed to protecting and respecting your privacy.
This Privacy Policy (and any other documents referred to on it, including our Cookie Policy) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Our website and services are not intended for children under the age of 16 years old and we do not permit children to open accounts or register with us. However, we do permit children under 16 years of age to use our services where an individual with parental responsibility registers a child in association. In such cases, we reserve the right to make enquiries to satisfy ourselves that such individuals hold appropriate parental responsibility to be able to give clear informed consent for the child concerned. We do not knowingly collect data relating to children under the age of 16 without appropriate consent.
Our website includes links to third-party websites and applications. We do not control these third-party websites and are not responsible for their privacy statements, notices, or policies. When you leave our website, we encourage you to read the privacy notice of every website you visit. We do not accept any responsibility or liability for the privacy policies or notices on third-party websites. Please check these policies before you submit any personal data to such third-party websites.
We collect personal data:
We process your personal data under one or more of the following legal bases:
Legitimate interests: e.g. managing our business, keeping records, or notifying patients of similar services they’ve previously booked
We use your personal data to:
We only share your personal data when necessary and with:
We do not sell or share your data with third parties for marketing purposes.
If you have used our services before, we may contact you occasionally by email with updates about services that are similar to those you have previously booked - such as seasonal vaccination clinics or new appointment types.
This is known as the “soft opt-in”, which is permitted under the Privacy and Electronic Communications Regulations (PECR). It applies where:
We keep these messages infrequent, relevant, and non-intrusive. You can unsubscribe using a link in the email or by contacting us.
We do not send general marketing unless you’ve opted in separately, and we never share your information with third parties for their marketing.
We use trusted third-party providers to process data securely, including:
Each processor is bound by strict data protection agreements.
We retain personal data only for as long as necessary to comply with legal, clinical, and regulatory requirements.
These periods may be extended where clinically appropriate or required by law.
Financial records (e.g. invoices, payment logs) are retained for at least 6 years to comply with HMRC requirements.
Under UK data protection law, you have the right to:
More information is available from the ICO: www.ico.org.uk
We use cookies to enhance your experience on our website, monitor performance, and understand user behaviour. You can manage cookie preferences in your browser.
We may update this Privacy Policy from time to time. The latest version will always be available on our website, and we will notify you of any significant changes.
Version: 2.0
Effective from: 26 May 2025
Version 1: 01 Nov 2021 - By Oiver Large - Initial release of Privacy Policy
Version 1.1: 22 May 2022 - By Oliver Large - Revised to reflect operational focus on COVID-19 testing and core GP services
Version 2.0: 26 May 2025 - By Oliver Large - Updated to provide greater transparency regarding data processors (IT, finance, communications); clarified marketing communications approach under PECR; introduced version control table