Legal

Privacy Policy

How Optimus Medical collects, uses, stores, and protects your personal data.

Data Controller: Optimus Medical Ltd, Innovation Hub, 42 King Street, London, EC2V 8EQ, United Kingdom

Contact Email: privacy@optimusmedical.uk

Last Updated: 20 April 2026

1. Introduction

Optimus Medical Ltd ("Optimus Medical", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website at optimusmedical.uk, interact with our services, or engage with our Optimus AI product.

This policy is issued in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). By using our website or services, you acknowledge that you have read and understood this policy.

2. Data Controller

Optimus Medical Ltd is the data controller responsible for your personal data. If you have any questions about this policy or our data practices, please contact our Data Protection Officer at privacy@optimusmedical.uk or write to us at the address listed above.

3. Information We Collect

3.1 Information You Provide to Us

We may collect the following personal data that you voluntarily provide when interacting with our website or services:

  • Name, email address, telephone number, and company or organisation name when you submit a contact form, request a demo, or make an enquiry
  • Job title and professional details when you apply for a position or register for events
  • Correspondence and communication records when you contact us by email, telephone, or other means
  • Feedback and survey responses if you choose to participate in research or provide product feedback

3.2 Information Collected Automatically

When you visit our website, we may automatically collect certain technical data, including:

  • IP address, browser type, operating system, and device information
  • Pages visited, time spent on pages, referral source, and navigation paths
  • Cookie data and similar tracking technologies (see our Cookie Policy for more details)

3.3 Health and Medical Data

Optimus AI is designed to process health and biometric data collected by medical devices. It is important to note that all health data used to train and improve the Optimus AI model is fully anonymised — all personally identifiable information (PII) is permanently removed before the data enters our systems. We do not collect, store, or process identifiable patient health data on our website or through direct interactions with users. For further details on how we process anonymised health data, please see our Data Processing Policy.

4. How We Use Your Information

We use the personal data we collect for the following purposes:

  • To respond to enquiries: processing your contact form submissions, demo requests, and other communications
  • To provide and improve our services: understanding how our website and products are used so that we can improve functionality, performance, and user experience
  • To send relevant communications: providing updates about our products, services, events, or research where you have opted in to receive such communications
  • To comply with legal obligations: meeting our regulatory, legal, and compliance requirements under UK law
  • To protect our legitimate interests: ensuring the security of our website and systems, preventing fraud, and enforcing our terms of service

5. Lawful Basis for Processing

Under the UK GDPR, we rely on the following lawful bases for processing your personal data:

  • Consent: where you have given clear consent for us to process your data for a specific purpose, such as subscribing to communications
  • Contractual necessity: where processing is necessary to fulfil a contract with you or to take steps at your request prior to entering a contract
  • Legitimate interests: where processing is necessary for our legitimate business interests, provided these are not overridden by your rights and freedoms
  • Legal obligation: where processing is necessary to comply with a legal obligation to which we are subject

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties. We may share your data in the following limited circumstances:

  • Service providers: trusted third-party providers who assist us in operating our website, conducting business, or providing services to you, subject to strict confidentiality agreements
  • Legal requirements: where we are required to disclose data to comply with a legal obligation, regulatory request, or court order
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, with continued protection under this policy
  • Research partners: anonymised, aggregated data may be shared with NHS-affiliated research partners and academic institutions for clinical validation purposes — no identifiable personal data is ever shared

7. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom and the European Economic Area (EEA). Where we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the Information Commissioner's Office (ICO), or transfers to countries with an adequacy decision.

8. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law. General enquiry data is typically retained for 24 months from the date of last contact. Where you have opted in to marketing communications, we retain your contact details until you unsubscribe or request deletion.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and staff training on data protection. Whilst we take every reasonable precaution, no method of transmission over the internet is entirely secure, and we cannot guarantee absolute security.

10. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: to request a copy of the personal data we hold about you
  • Right to rectification: to request correction of any inaccurate or incomplete data
  • Right to erasure: to request deletion of your personal data where there is no compelling reason for its continued processing
  • Right to restrict processing: to request that we limit the processing of your data in certain circumstances
  • Right to data portability: to request a copy of your data in a structured, commonly used, machine-readable format
  • Right to object: to object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time

To exercise any of these rights, please contact us at privacy@optimusmedical.uk. We will respond to your request within one month, as required by law.

11. Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete that data as soon as practicable.

12. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those external sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact the ICO at ico.org.uk or by telephone on 0303 123 1113.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. Any material changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

  • Email: privacy@optimusmedical.uk
  • Post: Data Protection Officer, Optimus Medical Ltd, Innovation Hub, 42 King Street, London, EC2V 8EQ, United Kingdom
  • Telephone: +44 (0)20 7946 0958