EMED Group respects your rights to data privacy and data protection when you communicate (online or offline) with us through our website, Contact Centre of Operations and our frontline staff as they complete their work.
Contact Information
If you have a question about this Privacy Policy or how we use your personal information, please email info@emedgroup.co.uk or write to us at EMED Group Angels Wing 1, Whitehouse Street, Hunslet, Leeds LS10 1AD.
What is a Privacy Policy?
A privacy policy is a statement that describes how EMED Group collects, uses, retains and discloses personal information. Different organisations sometimes use different terms and it can be referred to as a privacy statement, a fair processing notice or a privacy notice.
To ensure that we process your personal data fairly and lawfully we are required to inform you:
- Why we need your data;
- How it will be used and;
- Where it will be stored;
- Who it will be shared with.
This information also explains what rights you have to control how we use your information.
The law determines how organisations can use personal information. The key laws are: The Data Protection Act (DPA), the Human Rights Act (HRA), relevant health service legislation, and the common law duty of confidentiality.
EMED Group is a ‘Data Processor’ and depending on the data a ‘Data Controller’, for the purposes of the Data Protection Act.
EMED Group recognises the importance of protecting all personal and confidential information in all that we do, and takes care to meet its legal duties.
This part of the fair processing notice outlines the management of the notice, contact details and other access to information legislation.
Complaints About how we Process Your Personal Information
In the first instance, you should contact the EMED Group on 0333 240 4999 or by filling out the contact form on this website.
What Information EMED Group collects about you.
We only collect and use your information for the lawful purposes of administering the business of EMED Group. These purposes include:
- Planning and booking patient ambulance journeys and the continuation of care;
- Accounting and Auditing;
- Accounts and records;
- Advertising, marketing and public relations;
- Crime prevention and prosecution of offenders;
- Education;
- Health administration and services;
- Information and databank administration;
- Sharing and matching of personal information for the NHS national fraud initiative;
- Staff administration.
What types of personal data does EMED Group handle?
We process personal information to enable us to support the provision of healthcare services to patients, maintain our own accounts and records, promote our service, and to support and manage our employees. We also process personal information about health care workers that deliver services throughout EMED Group.
We also use information to support and monitor commissioned health services in England and Scotland to enable us to deliver high quality healthcare. This type of information will usually be provided by and to the NHS in an aggregate or anonymised form, so that we cannot identify an individual.
The types of personal information we use include:
- Personal details such as names, addresses, telephone numbers;
- Family details for example next of kin details;
- Education and training records of our staff;
- Employment details, for example for those that work for us either directly or are commissioned by us to provide a service on our behalf;
- Financial details, where we provide a service for payment;
- Lifestyle and social circumstances;
- Visual images, personal appearance and behaviour, for example if CCTV images are used as part of building security;
- Details held in the patient’s record required for the safe planning and transportation of our service users;
- Responses to surveys, where individuals have responded to surveys about healthcare issues.
We may also process sensitive classes of information that may include:
- Racial and ethnic origin;
- Offences (including alleged offences), criminal proceedings, outcomes and sentences;
- Trade union membership;
- Religious or similar beliefs;
- Employment tribunal applications, complaints, accidents, and incident details.
This information will generally relate to our staff. In terms of patient information, information may include, but not be limited to:
- Clinical information such as diagnoses of medical conditions;
- Infectious status;
- Allergies;
- Medications prescribed and currently being administered;
- Height and weight;
- Mobility or service users and details of any special instructions or equipment required;
- Physical or mental health details including any behavioural issues or triggers.
How will EMED Group use information about you?
Your information is used to run and improve EMED Group. It may be used to:
- Check and report on how effective EMED Group is;
- Ensure that money is used properly for services it is commissioned to provide;
- Investigate complaints, legal claims or important incidents;
- Make sure that EMED Group gives value for money;
- Make sure services are planned to meet patients’ needs in the future;
- Review the care given to make sure it is of the highest possible standard;
- To improve the efficiency of healthcare services, by sharing information with NHS and sometime other organisations for a specific, justified purpose and approved by the EMED Group Caldicott Guardian.
We may keep your information in written form or on a computer. Whenever possible all information that identifies you will be removed.
Storing and Protecting your Information
EMED Group only stores Personal Identifiable Information (PII) within the United Kingdom. Physical records are stored in EMED Group premises which all have security monitoring systems in place. Digital records are secured and encrypted, for protection on EMED Group designated servers only. We do not share our storage facilities with other organisations. This service is managed and monitored, for EMED Group, by our contracted IT provider.
Sharing your Information
There are many reasons why we share information. This can be due to:
- Our obligations to comply with current legislation;
- In the best interest of a vulnerable person;
- Our duty to comply with a Court Order;
- You have consented to disclosure in a transparent.
We do not share your data with bodies outside of the European Economic Area. We are aware of the requirements to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.
Retaining information
EMED Group will only retain information for as long as necessary. Records are maintained in line with our internal retention schedule which determines the length of time records should be kept.
Protecting your information
We take our duty to protect your personal information and confidentiality seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.
We have appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a ‘Caldicott Guardian’ who is responsible for the management of patient information and patient confidentiality.
All staff are required to undertake annual information governance training.
Under the EMED Group Handbook and Code of Conduct, all our staff are also required to protect your information, and inform you of how your information will be used. This includes, in most circumstances, allowing you to decide if and how your information can be shared.
Everyone working for EMED Group is subject to the common law duty of confidentiality. Information provided in confidence will only be used for the purposes advised and consented to by the service user, unless it is required or permitted by the law.
Your Rights
You have the following rights in relation to the personal data we hold on you:
- The right to be informed about the data we hold on you and what we do with it;
- The right of access to the data we hold on you. We operate a separate Subject Access Request policy and all such requests will be dealt with accordingly;
- The right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
- The right to have data deleted in certain circumstances. This is also known as ‘erasure’;
- The right to restrict the processing of the data;
- The right to transfer the data we hold on you to another party. This is also known as ‘portability’;
- The right to object to the inclusion of any information;
- The right to regulate any automated decision-making and profiling of personal data.
In addition to the above rights, you also have the unrestricted right to withdraw consent, that you have previously provided, to our processing of your data at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please contact the Data Protection Officer at EMED Group. Please email info@emedgroup.co.uk or write to us at EMED Group, Angels Wing 1, Whitehouse Street, Hunslet, Leeds LS10 1AD.
Processing of Special Categories of Personal Data
Article 9 of the EU GDPR provide some special considerations for certain types of data. EMED Group reserves the right to use these special provisions, especially Section H or Article 9, which states an exemption to the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person’ sex life or sexual
orientation shall be prohibited.
Section H: Processing is necessary for the purpose or preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnoses, the provision of health or social care or treatment or the management of health and social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3 of article 9.
How to Access Your Information
The Data Protection Act and the General Data Protection Regulations (GDPR) gives you the right to see the information that EMED Group or any organisation holds about you and why.
Right of Access (Subject Access Request)
The Data Protection Act and the General Data Protection Regulations (GDPR) gives you the right to see the information that EMED Group holds about you and why. These are commonly referred to as Subject Access Requests and these requests must be made in writing to EMED Group and you will need to provide us with:
- Adequate information (for example your full name, address, date of birth, NHS number, employee number, etc) so that your identity can be verified and your information located.
- We will also require specifics of what information you are requesting to enable us to locate this in an efficient manner.
Where a fee is applicable under the terms of the Data Protection Act and subsequent legislation, we will inform you in writing. In due course our disbursement scheme (which outlines these fees) will be available.
We aim to comply with requests for access to personal data as quickly as possible. We will endeavour to deal with all requests within 1 month of receipt, unless the request is highly complex, where we may need to extend this period out. If this occurs we will contact the applicant and explain the why the extension is necessary.
We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know through or Contact Centre of Operations (CCO) on 0333 240 4999 or by accessing our webpage at: www.emedgroup.co.uk/contact-us
Right to complain
If you are unhappy with the way we have handled your personal data, you have the right to make a complaint directly to us. We will acknowledge your complaint within 30 days and will investigate it and tell you the outcome without undue delay. In submitting a complaint, ID may be requested, and if a complaint is being made on someone’s behalf, we may require proof of authorisation to do so (e.g. power of attorney or signed letter of authority).
To make a complaint to us, please email info@emedgroup.co.uk or write to us at:
EMED Group Angels Wing 1, Whitehouse Street, Hunslet, Leeds LS10 1AD.
If you remain dissatisfied with our response, or if we have not responded within 30 days of receiving your complaint, you then have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
The ICO’s contact details are:
Website: www.ico.org.uk/make-a-complaint
Telephone: 0303 123 1113
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Right to complain – recent legislation changes – Data (Use and Access) Act 2025
The Data (Use and Access) Act 2025 (DUAA) is a new piece of legislation that amends the UK GDPR, the Data Protection Act 2018, and related privacy laws, while maintaining high standards of data protection. The Act is designed to make data use easier and more efficient, support innovation, improve services, and strengthen certain rights for individuals. Introduced in June 2026, the result of this this means that EMED Group must follow a set of new rules for handling complaints in relation to data protection.
Under the Act, EMED, in acting as data controllers must:
- Provide a clear method for people to submit data protection complaints
- Acknowledge receipt of complaints within 30 days
- Investigate complaints appropriately and without undue delay
- Keep complainants informed during the process
- Communicate the outcome of the complaint without undue delay
One of the most significant changes for individuals is the introduction of a formal right to complain directly to EMED group about its handling of personal data before escalating concerns to the Information Commissioner’s Office (ICO). This means that individuals have the right to raise concerns about how we handle their personal information.
If an individual believes their personal information has been mishandled, they can:
Raise a Complaint Directly with the Organisation about:
- How their personal data has been collected.
- How it has been used or shared.
- Data security concerns.
- Delays or issues with responding to data rights requests.
- Any suspected breaches of data protection law.
The Act introduces a set procedure for EMED Group to adhere to, and this is as follows:
Acknowledge – Within 30 Days
EMED Group will send a written acknowledgement within 30 days (in letter or by email). We will tell the complainant that we have received their complaint, who is handling it, and that we will keep them informed. If the complaint came by phone or in person, we will make a written record and still follow up in writing. All complaints will be logged and recorded on our internal systems.
Investigate – Without Undue Delay
EMED Group will investigate as soon as possible. In doing so, we will review at all the facts thoroughly and fairly. We will speak to relevant departments and staff and compare the complaint with the personal data we hold. If the complaint is unclear, we will ask for clarification quickly. We may also ask what outcome the complainant is looking for. Thereafter we will keep the complainant updated, including when we expect to finish the investigation and respond.
Communicate the Outcome – Without Undue Delay
EMED Group will tell the complainant the outcome as soon as possible. We will do our best to address each point of a complaint individually, explaining clearly how we reached our conclusion and what we have done as a result. We will advise on the complainant’s rights to complaint directly to the ICO if they are not satisfied with the outcome.
Review and Improve
Once the complaint is resolved, EMED Group will review what happened, identifying any lessons we can learn or areas we can improve to prevent the same issue arising again.
Cookie Policy
A cookie consists of information sent by a web server to a web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We use ‘session’ cookies on the website. We will use the session cookies to: maintain a logged in user’s session and for order processing. Session cookies will be deleted from your computer when you close your browser.
We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google’s privacy policy is available
at: http://www.google.com/privacypolicy.html.
Most browsers allow you to reject all cookies, while some browsers allow you to reject just third-party cookies. For example, in Internet Explorer you can refuse all cookies by clicking ‘Tools’, ‘Internet Options’, ‘Privacy’, and selecting ‘Block all cookies’ using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including this one.