Privacy Policy

Privacy Policy

Coast Medic Ambulance Ltd

Last updated: 03/06/2026


Coast Medic Ambulance Ltd is committed to protecting your privacy and handling personal information lawfully, fairly and transparently. This Privacy Policy explains how we collect, use, store and share personal information when you use our website, submit an ambulance transfer or event medical booking enquiry, contact us, or receive care from us.


This policy applies to information collected through our website, online forms, email, telephone, social media, event medical services, ambulance transfer services and any other services provided by Coast Medic Ambulance Ltd.


1. Who we are


Coast Medic Ambulance Ltd is an independent ambulance provider.


Organisation: Coast Medic Ambulance Ltd
Registered office: [insert registered office address]
Company number: [insert company number]
ICO registration number: [insert ICO registration number, if applicable]
Email: [insert data protection email address]
Telephone: [insert telephone number]


For the purposes of UK data protection law, including the UK General Data Protection Regulation and the Data Protection Act 2018, Coast Medic Ambulance Ltd is the “controller” of the personal information it collects and uses, unless we are acting on behalf of another organisation under a specific contract.


2. Information we collect


We may collect and process the following types of personal information.


Website and enquiry information


When you use our website or contact us, we may collect:

  • your name;
  • organisation name;
  • email address;
  • telephone number;
  • postal address;
  • details of your enquiry;
  • information submitted through contact forms, ambulance booking forms, event medical booking forms or quote request forms;
  • website usage information, such as IP address, browser type, device information and pages visited;
  • correspondence sent to us by email, website form, telephone, post or social media.


Ambulance transfer and patient transport information


When you request or receive ambulance transport, we may collect:

  • patient name;
  • date of birth;
  • address and contact details;
  • next of kin or emergency contact details;
  • NHS number, hospital number or other reference numbers where provided;
  • GP, hospital, care home or referring organisation details;
  • pickup and destination details;
  • mobility, access and equipment requirements;
  • relevant medical history;
  • current condition, observations and clinical risks;
  • medication, allergies and treatment requirements;
  • safeguarding concerns where relevant;
  • notes made by our clinicians, ambulance crews or control staff;
  • details required to arrange, deliver, evidence and audit the service.


Event medical booking information


When you make an event medical booking enquiry, we may collect:

  • organiser name and organisation details;
  • event location, date, time and expected attendance;
  • event risk information;
  • site plans, risk assessments and operational information;
  • contact details for event organisers, safety officers and other key personnel;
  • information about previous incidents or anticipated medical risks;
  • billing and contract information.


Where we provide medical care at an event, we may also collect clinical information about patients treated at that event.


Medical and health information


Where we provide medical assessment, treatment or transport, we may collect information about your physical or mental health. This may include symptoms, injuries, diagnosis, observations, treatment provided, medication, allergies, capacity, consent, safeguarding concerns, hospital handover information and clinical notes.

Health information is treated as special category data and is subject to additional protection under data protection law.


Payment and financial information


If you purchase services from us, we may collect billing details, invoice details, payment status and transaction references. We do not normally store full card details. Card payments, where used, are usually processed by third-party payment providers.


Recruitment, staff and contractor information


If you apply to work with us or provide services to us, we may collect information relating to your employment, qualifications, professional registration, identity, right to work, DBS checks, training, health declarations, references and availability. Staff and recruitment data may be covered by a separate workforce privacy notice.


3. How we collect information


We may collect information directly from you when you:

  • complete a form on our website;
  • request an ambulance transfer;
  • request event medical cover;
  • contact us by email, telephone, post or social media;
  • receive medical care from us;
  • make a complaint, compliment or information request;
  • enter into a contract with us.


We may also receive information from third parties, including:

  • hospitals, GP practices, care homes or other healthcare providers;
  • NHS services, private healthcare providers or referring organisations;
  • event organisers, safety advisory groups or local authorities;
  • family members, carers or representatives;
  • police, ambulance, fire, coastguard or other emergency services;
  • commissioners, insurers or legal representatives where appropriate;
  • regulators or public bodies, including the Care Quality Commission.


4. Why we use your information


We use personal information for the following purposes:

  • to respond to enquiries;
  • to provide quotes for ambulance transfers, event medical cover and related services;
  • to assess whether we can safely provide a requested service;
  • to plan and deliver ambulance transfers;
  • to provide event medical services;
  • to assess, treat, monitor and safeguard patients;
  • to create and maintain clinical records;
  • to communicate with hospitals, care homes, event organisers and other relevant parties;
  • to manage bookings, contracts, invoices and payments;
  • to handle complaints, incidents, investigations and safeguarding concerns;
  • to meet legal, regulatory, insurance and clinical governance obligations;
  • to support audit, training, quality improvement and service development;
  • to protect the health, safety and welfare of patients, staff and the public;
  • to maintain the security and functionality of our website and IT systems;
  • to send service-related communications;
  • to send marketing communications only where we have a lawful basis to do so.


5. Lawful bases for processing


We only use personal information where we have a lawful basis under data protection law. Depending on the circumstances, we may rely on one or more of the following lawful bases:

  • Consent: where you have given clear consent for a specific purpose, such as optional marketing.
  • Contract: where processing is necessary to provide a service you have requested or to take steps before entering into a contract.
  • Legal obligation: where we must process information to comply with the law, including regulatory, tax, accounting, safeguarding or health and safety obligations.
  • Vital interests: where processing is necessary to protect someone’s life or safety, particularly in urgent medical situations.
  • Public task: where we perform functions in the public interest or work with public authorities, where applicable.
  • Legitimate interests: where processing is necessary for our legitimate business, clinical governance, security, administrative or operational interests, provided those interests are not overridden by your rights and freedoms.


6. Special category data and medical information


Medical and health information is special category data. We will only process this information where we have a lawful basis under Article 6 of the UK GDPR and a separate special category condition under Article 9.


Where relevant, we may process health information because it is necessary for:

  • the provision of health or social care;
  • medical diagnosis, assessment, treatment or transport;
  • protecting vital interests in an emergency;
  • safeguarding;
  • legal claims;
  • reasons of substantial public interest;
  • meeting regulatory and professional obligations;
  • clinical audit, governance and service improvement.


We do not use medical information for marketing purposes.


Medical information is accessed only by staff, clinicians, managers, contractors or professional advisers who need it for a legitimate purpose. We expect all staff and clinicians to maintain confidentiality.


7. Ambulance and event booking forms


When you submit an ambulance booking form, event medical booking form or quote request form through our website, we use the information to:

  • assess your request;
  • provide a quote or response;
  • determine staffing, vehicle and equipment requirements;
  • assess clinical, operational or event risk;
  • communicate with you about the booking;
  • create records of the enquiry, booking or contract;
  • meet legal, regulatory, insurance and governance requirements.


Please avoid submitting unnecessary medical information through general enquiry forms. Where medical information is required for an ambulance transfer or clinical service, only provide information that is relevant to the safe planning and delivery of that service.


8. Patient confidentiality


Clinical and patient information is confidential. We will not share patient medical information unless there is a lawful reason to do so.


We may share patient information where necessary with:

  • receiving hospitals, clinics, care homes or healthcare professionals;
  • NHS ambulance services or other emergency services;
  • referring organisations;
  • event organisers, but only where appropriate and normally limited to operational or incident information rather than detailed confidential medical records;
  • safeguarding agencies where there is a concern about risk or harm;
  • regulators, including the Care Quality Commission, where required;
  • insurers, legal advisers or courts where necessary;
  • police or other public authorities where required or permitted by law;
  • family members, carers or representatives where the patient has consented, where they are authorised to act, or where there is another lawful basis.


Where possible, we will respect patient wishes about who information is shared with. However, in emergencies, safeguarding situations, legal investigations or serious incidents, we may need to share information without consent where the law allows or requires this.


9. Children’s information


We may process personal and medical information about children where we provide care, treatment, transport or event medical services.

Where a child has sufficient understanding, we will consider their rights and wishes. Where appropriate, we may also communicate with parents, guardians, carers, schools, healthcare providers or safeguarding agencies.

We take additional care when handling children’s information and will only collect and share what is necessary.


10. Call recordings, emails and communications


We may keep records of telephone calls, emails, letters, website form submissions and other communications for service, contractual, clinical, safety, complaint-handling and legal purposes.

If calls are recorded, this will normally be for training, audit, safety, dispute resolution or evidence purposes. Where call recording is used, we will aim to make this clear.


11. Cookies and website analytics


Our website may use cookies and similar technologies to operate effectively, improve user experience, understand website traffic and support security.

Cookies may collect information such as IP address, device type, browser type, pages visited and time spent on the website.

Where required, we will ask for your consent before placing non-essential cookies. You can usually manage cookies through your browser settings or our website cookie banner.

A separate Cookie Policy may provide more detail about the cookies used on our website.


12. Marketing


We may contact existing customers or enquirers about similar services where permitted by law. We will only send electronic marketing where we have consent or another lawful basis.

You can opt out of marketing at any time by using the unsubscribe link in an email or by contacting us.

We will not sell your personal information to third parties for marketing purposes.


13. Who we share information with


We may share personal information with:

  • healthcare providers;
  • NHS bodies;
  • private hospitals, clinics, care homes and referring organisations;
  • event organisers and site safety teams;
  • emergency services;
  • local authorities and safeguarding bodies;
  • regulators and professional bodies;
  • insurers and legal advisers;
  • IT, website, email, booking, electronic patient record and cloud service providers;
  • payment processors;
  • accountants and auditors;
  • debt recovery providers where invoices remain unpaid;
  • courts, tribunals, police or public authorities where required or permitted by law.


We only share information where necessary and lawful. Where third-party service providers process information on our behalf, we expect them to protect it and use it only in accordance with our instructions.


14. International transfers


Some of our service providers may store or process information outside the United Kingdom.

Where personal information is transferred outside the UK, we will take steps to ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses or other lawful transfer mechanisms.


15. How long we keep information


We keep personal information only for as long as necessary for the purpose for which it was collected, including legal, clinical, regulatory, insurance, accounting and safeguarding requirements.

Retention periods may vary depending on the type of information. For example:

  • general website enquiries may be kept for a shorter period;
  • booking and contract records may be kept for accounting, insurance and dispute purposes;
  • clinical records may be kept for the period required by applicable healthcare, legal, insurance and professional standards;
  • safeguarding, incident and complaint records may need to be kept for longer where necessary;
  • financial records are usually kept for at least six years.


When information is no longer required, we will securely delete, anonymise or archive it.


16. Security of your information


We take reasonable technical and organisational measures to protect personal information against loss, misuse, unauthorised access, disclosure, alteration or destruction.


These measures may include:

  • access controls;
  • password protection;
  • staff confidentiality obligations;
  • staff training;
  • secure electronic systems;
  • audit trails;
  • encryption where appropriate;
  • secure disposal of records;
  • limiting access to those who need the information.


No method of transmission over the internet is completely secure. However, once information is received, we use appropriate measures to protect it.


17. Your data protection rights


Depending on the circumstances, you may have the following rights:

  • the right to be informed about how we use your information;
  • the right of access to your personal information;
  • the right to rectification if information is inaccurate or incomplete;
  • the right to erasure in certain circumstances;
  • the right to restrict processing in certain circumstances;
  • the right to object to processing in certain circumstances;
  • the right to data portability in certain circumstances;
  • the right not to be subject to solely automated decision-making that has legal or similarly significant effects;
  • the right to withdraw consent where we rely on consent.


These rights are not absolute. For example, we may need to keep certain information for legal, clinical, safeguarding, regulatory or insurance reasons.


18. Subject access requests


You have the right to ask for a copy of personal information we hold about you. This is called a subject access request.


You can make a subject access request verbally or in writing, but we recommend sending it in writing so that we can identify and respond to it properly.

Please send subject access requests to:


Email: [insert SAR/data protection email address]
Post: Data Protection Request, Coast Medic Ambulance Ltd, [insert postal address]


To help us respond efficiently, please include:

  • your full name;
  • your date of birth, if requesting medical records;
  • your current contact details;
  • any previous names or contact details we may know you by;
  • details of the information you are requesting;
  • relevant dates, bookings, events, incidents or services;
  • proof of identity, if requested.


If you are making a request on behalf of someone else, we may ask for evidence of your authority to act for them.


We will respond without undue delay and normally within one month. If the request is complex or you have made multiple requests, we may extend the response period where the law allows. We will tell you if this applies.


We do not normally charge a fee for responding to a subject access request. However, we may charge a reasonable fee or refuse to act on a request where the law allows, such as where a request is manifestly unfounded or excessive.


In some cases, we may withhold or redact information where an exemption applies, for example where disclosure would adversely affect another person’s rights, reveal confidential third-party information, prejudice an investigation, or create a serious risk of harm.


19. Requests to correct or delete information


If you believe information we hold about you is inaccurate, you can ask us to correct it.

If you ask us to delete information, we will consider the request. However, we may not be able to delete information where we need to keep it for legal, clinical, safeguarding, regulatory, insurance, contractual or accounting reasons.


Where we cannot comply fully with a request, we will explain why.


20. Complaints


If you are unhappy with how we have handled your personal information, please contact us first so that we can investigate and try to resolve the issue.


Email: [insert data protection complaints email]

Post: Data Protection Complaint, Coast Medic Ambulance Ltd, [insert postal address]


Please include:

  • your name and contact details;
  • a clear description of your concern;
  • relevant dates, services, bookings, events or correspondence;
  • what outcome you are seeking.


We will acknowledge and respond to data protection complaints in accordance with applicable data protection law.


You also have the right to complain to the Information Commissioner’s Office.

Information Commissioner’s Office
Website: www.ico.org.uk
Telephone: 0303 123 1113


21. Links to other websites


Our website may contain links to other websites. We are not responsible for the privacy practices, content or security of those websites. You should read their privacy policies before submitting personal information to them.


22. Changes to this Privacy Policy


We may update this Privacy Policy from time to time. Any changes will be posted on this page. The date at the top of the policy will show when it was last updated.


23. Contact us


Questions, comments and requests about this Privacy Policy or how we handle personal information should be sent to:

Coast Medic Ambulance Ltd
Address: [insert address]
Email: [insert email]
Telephone: [insert telephone number]