At City Ultrasound, we believe in giving our patients the best possible care. And a big part of that means taking care of their privacy. Our privacy notice tells you what personal data we collect and why and explains your rights and the types of data we might share about you.
- Welcome to City Ultrasound
- What is personal data?
- When do we collect your data?
- How we use your data
- Who do we share your data with?
- How long do we hold your data for?
- Where is your data stored and what about security?
- What are your rights?
- Changes to our privacy notice
- Contact details
- Cookie notice
WELCOME TO CITY ULTRASOUND
‘City Ultrasound’ a trading name of Ultrasound Link Ltd. We are registered in England and Wales under company number 12147431. Our registered office and trading address is 1st Floor, 36 Spital Square London E1 6DY.
We are registered with and regulated by the Care Quality Commission (CQC), the independent regulator of health and social care in England. This body makes sure that healthcare providers, such as City Ultrasound, offer a safe service.
We are what is known as a ‘data controller’ in most aspects of our relationship with you. In terms of the Data Protection Act 2018, that means we are trusted to look after and deal with your personal information in accordance with the present policy defining what data we are processing and for what purpose.
To help you understand how we treat your personal data, please read the following information carefully. If you still have any questions, you can email us at: firstname.lastname@example.org and we will get back to you as soon as possible. The fastest way to contact us is by calling us on 020 3687 2939. Alternatively, you can email us on email@example.com or write to 36 Spital Square, London E1 6DY.
Please do not use our services until you are completely happy with the service we offer and the management of your data under this privacy notice.
WHAT IS PERSONAL DATA?
Personal data is any information that is related to a person that can be either directly or indirectly identified, i.e. any information related to you like your name, surname or address. We will call this type of information ‘data’. Your images, reports and test results are also part of your personal data, but are a bit more specific, therefore we might call it “patient data”.
The types of data we collect and use, may include:
- Your name, address, email address, home and/or mobile telephone numbers;
- Date of birth;
- Your previous and current medical health records whether provided by you, by us or third parties on your behalf. This data may include Visual images/scans, where ultrasound scan is used as part of our services;
- Your bank details or the details of company or individual who is responsible for the payment of invoices/bills relating to your care (e.g. insurer, sponsor or Guarantor). We do not keep these details. All payments will be made via our payment service provider Stripe;
- Information about your marital status, next of kin and nominated or emergency contacts;
- Information about your nationality and entitlement to treatment in the UK in case you come from abroad;
- Information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments;
- Information about medical or health conditions of your family;
- Information received in response to any surveys, complaints, claims;
- Information about how you use our website.
If you are employed by City Ultrasound we will also hold and process other information relating to your employment (You can obtain a copy of the Employee Privacy Notice from our Head of Staff).
If you are a Consultant/Doctor/Midwife or other healthcare provider, not employed by City Ultrasound, we might still hold and process your information relating to the clinical services you carry out (you can obtain further information from our Privacy manager).
WHEN DO WE COLLECT YOUR DATA?
We collect it when you:
- fill in forms and medical questionnaires on our website and/or in the Centre
- order diagnostic and screening services from us
- report a problem with our site
- contact our customer support team (we make a record of this)
- take part in a voluntary research survey
- subscribe to a specific newsletter
- write a review about our service
We will tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, we need you to provide your personal data so we can provide care and treatment to you and receive payment for these services.
We will collect most of this directly during the registration process but there may be sources of personal data collected indirectly as set out later in this document.
Data we receive from other sources
We are working with third parties such as sub-contractors in medical, technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies which may give us information about you.
Your medical service provider, e.g. your GP, may give us information about you.
If you use our test kits service, we will be sent your test results by the laboratory we are working with.
Data we collect from your computer, mobile phone or other device
When you use City Ultrasound website, (and our advertisers and/or other similar services described in the paragraph ‘who do we share your data with’) we may collect information about how you use our website. This lets us improve our site to give you an even better experience. Types of information we collect include:
- technical device information
- the device you use (for example Apple, Samsung, Asus)
- network information (for example 3 network, BT Broadband)
- your IP address and HTTP referrer information
- your location (UK or outside)
- your login information (this only concerns your account, once you have created it) this is for when we start linking images to our website
- the browser type you are using (for example Chrome, Safari, IE)
- your time zone (for example GMT, EST)
Information about your visit to our website
- Services you looked at or searched for
- How long it took for content to load and download, the length of time you spent on certain pages, how you browse away from the page, and how you interact with our site (scrolling, clicks, and mouse-overs)
Cookies, pixels and other similar technologies
Cookies are small pieces of information that are stored on your computer, mobile phone or other device. We use them to get to know you better and to improve our service.
You can read all about cookies and your rights in our Cookie Notice (HYPERLINK).
HOW WE USE YOUR DATA
We take your privacy seriously and will never ever sell your data to anyone.
We use your personal information to:
- deliver our service to you
- support the provision of your healthcare
- allow us to receive payment for those services
- take steps at your request during the course of our relationship with you
- keep your records up to date
- monitor and improve our service
- send you information we think you’ll be interested in
- research purposes
- legal, compliance, and regulatory reasons
- allow you to follow our social media sites, such as Facebook and Instagram, when you choose to
And we use your data in different ways:
Delivering our service(s) and your report/results to you
We use your personal information to:
- make the consultation and check your suitability for your preferred type of diagnostic
- recommend an appropriate scan if you have not chosen one, based on the information you are giving our doctors in the medical questionnaire
- deliver your report or test results to your chosen address (if applicable)
- provide laboratory testing services to you
- check your identity and access your medical data when you call our customer support team
- offer advice and useful information about the condition you are looking to treat
Based on your consent to:
- communicate with your next of kin or other nominated contacts;
- if you ask us to disclose your personal data to other people or organisations such as your health care provider, a company handling a claim on your behalf, etc, or otherwise agree to disclosures;
- use your data for scientific research with third parties including universities and other research bodies.
Monitor and improve our service
We use your personal information to:
- make improvements to our services (range of scans and tests, etc)
- make improvements to our website, tailoring the content to suit your interests and to adapt it to the phone, computer or other devices you are using
PLEASE NOTE that when you write reviews of our service on Trustpilot, the reviews will include the name you choose in your Trustpilot settings (which means your full name might show on the website).
We use your personal information to:
- give you information to help you manage the condition you are seeking treatment for
- tell you about our company
- let you know about our latest services that we think you’ll be interested in, based on the information given in the medical assessment. We’ll only do this if you have asked us to do so.
- send you offers and promotions. The information provided in this context will only be used to send the selected notifications (for example information on a medical condition or discounts and offers for Scans’ packages)
We will only send you marketing information you will find useful or interesting, and even then, only if you have asked us to. And you can ask to stop receiving all or part of this information at any time by sending us email or clicking on an “unsubscribe” link at the bottom of each marketing email you may receive.
If you do receive marketing materials from us, we would love to know what you think of them, please feel free to contact us anytime.
We use your personal information to:
- analyse individual and collective data
- carry out scientific and market researches
- identify and make improvements to our services or to make an input to the medical professional knowledge
- offer you interactive tools and services on our website
- send you surveys and request for outcome-delivery (for audit purposes)
We will always ask you for consent, unless the information we are using for the research purposes could not identify you in any way (for example: a woman from London, between 28 and 35 years old).
Legal, compliance, security, and regulatory reasons
We use your personal information to:
- comply with any applicable law, regulation, legal process or public authorities request
- defend our rights, property and safety, as required or permitted by law
- detect and prevent fraud. We need to make sure that you are who you say you are to deliver our services to you safely, and we also need to ensure that no fraud is happening on our website like payment with a stolen payment card
WHO DO WE SHARE YOUR DATA WITH?
We work with trusted professionals to bring you safe, convenient healthcare.
This means sharing your personal and medical data with doctors and a limited number of persons at City Ultrasound. For instance, our customer support team needs to access your data to assist you.
Other healthcare providers including your General Practitioner (GP), where we believe this will enhance the quality of your care, will receive your personal data. Let us know if you do not wish us to share information with your GP.
We may share your personal data with our sub-contractors and other persons who help us provide services to you, e.g. Trice, the automated medical images management provider and specialised cloud service: https://triceimaging.com/.
It also means sharing your data with third parties to deliver our service to you such as hospitals, laboratories, or payment providers or for other purposes described below.
Our nominated NIPT test providers, the Doctors Laboratory Limited (“TDL”), will also need access to your details to provide you with the results of your tests: https://tdlpathology.com/about-tdl/terms-and-conditions/ .
For your payments we use automated payment service provider Stripe. No card details are recorded by the City Ultrasound. You can find more information about STRIPE here: https://stripe.com/gb/privacy#personal-data-definition
Rest assured, we only share information that is absolutely necessary, and we go to great lengths to make sure everyone we work with takes your privacy as seriously as we do.
To deliver our service to you, we are working with third parties to:
- provide you with the required blood tests
- send you emails, post and SMS about your visit/s, reports or results of your tests
- have your test kits analysed
- process payment
- store your data securely
To help us improve our services and for marketing reasons, we use third party products and services to:
- collect and analyse information about the use of our website
- send marketing emails to you
- collect reviews of our services
If you’d rather we didn’t use your data for marketing reasons, you can unsubscribe by sending us email to firstname.lastname@example.org or a letter to 1st Floor, 36 Spital Square London E1 6DY, or by clicking the unsubscribe link at the bottom of our emails.
Please note that when you subscribe to notifications such as newsletters, discounts, or other offers directly on our website, you can only unsubscribe via the unsubscribe link enclosed in the email.
So that we can get your reports, images or tests to you safely and securely, you will not be able to unsubscribe from our service emails (emails relating to your diagnostics services).
Finally, we may need to share your information for legal reasons:
- should we sell or buy any business or assets, we may need to share your data with the future seller or buyer
- if we are asked to share your personal data as a result of a court order, legal processing or any other legal obligation
- to protect the rights, property, or safety of City Ultrasound, our patients, suppliers and partners, or others. This includes exchanging information for fraud protection, reducing credit risk and verifying your identity by a third-party provider
From time-to-time, our website may contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link, please be aware that every website has its own privacy notice, which City Ultrasound has no responsibility or liability for. Please check their privacy notice before you send any personal data to these websites.
HOW LONG DO WE HOLD YOUR DATA FOR?
We only hold your personal data for as long as it is necessary or in consistence with the legal requirements.
For medical purposes, we are legally required to keep your medical data for the foreseeable future. Currently, the minimum retention requirement for maternity records (your “patient data”, including your name, date of birth, address, medical history, report of a scan, images and tests’ results) is 25 years after the birth of the child, including stillbirths.
We have an internal retention policy in place which sets out how we use your data, other than patient data (delivery of services, marketing, improvement of our service), which includes the associated retention periods. For example, for marketing purposes, we only keep your data while you give your consent to receive communications from us.
We keep anonymous data about our patients for an indefinite period of time. This type does not contain personal information that could be used to identify you.
Differential retention requirements will require differential storage periods and capacity.
When we are to delete your data, we fully abide by the duty to ensure confidentiality is maintained during the destruction of health records, including when the task is given to a third-party contractor.
WHERE IS YOUR DATA STORED AND HOW DO WE KEEP IT SECURE?
Any medical data you give us is stored safely on a private database. This database is only used by our doctors, customer support team, and a small number of other employees on a need-to-know basis, such as IT support. This platform is hosted on our servers or third party’s server, based in the EU. These providers are ISO 27001 certified which is the international standard that describes best practice for information security management.
- Our security measures protect you against unauthorised access, changes, disclosure, or destruction of your data.
- We regularly review our security measures, including how we collect, process and store data. Part of this means encrypting data and putting in place physical and organisational security measures to protect our storage systems.
- Your payment transaction and your personal data are encrypted using SSL technology
- Every member of our staff signs and agrees to a confidentiality agreement when they start working for us and are trained on data-protection regulations.
- Access to your data is only given to employees on a need-to-know basis.
- All our suppliers have to abide to privacy undertakings, in accordance with the applicable data protection laws and regulations.
- Some countries may not offer the same level of personal data protection as in the EEA in which case we will have a specific agreement with our suppliers to ensure adequate safeguards are in place for transferring data, that meet the standards of the EU model.
Although we do everything we can to protect your personal data, sending information over the internet is never completely secure.
If you know of any security problem, please tell us as soon as possible.
WHAT ARE YOUR RIGHTS?
- The right to be informed about processing of your personal data
- Correcting your personal data if it is inaccurate and to have incomplete data completed
- Object to the processing of your data, e.g. the right to ask us not to use your personal data for marketing purposes. We will inform you before collecting your data for this purpose and if we intend to disclose your information to any third party. You can deny this use of data from the time you register with us and you can also change your mind later by changing your preferences by informing us via email email@example.com or click the unsubscribe link that you will find at the bottom of every email we send to you.
Note that you do not have the option to unsubscribe of the emails regarding the provision of our services to you as this is necessary to provide you with such services.
- Deleting your data. We will delete your data if you ask us to, unless we have a valid business or professional reason not to delete, or it is a legal requirement, for example, we need to store your medical data, your identity, and any communications.
Such data cannot therefore be deleted but, if you want to stop using our services, you can ask us to suspend your account by writing to us.
- Accessing your data: you have the right to see any information we hold about you at any time. Just send your request to our Privacy manager or email: firstname.lastname@example.org. You can also request it by calling us, although you will need to confirm your request in writing. Please tell us what information you wish to see and send it along with two types of approved identification (a passport or driving license and any official document showing your name and address of less than 3 months old, for example a utility bill).
You can also exercise some other rights at any time by contacting us, noting that not all of them apply in all circumstances. Our contact details are at the end of this notice.
Changes to our privacy notice
Any changes we may make to this privacy notice in the future will be posted on this page, and for any major changes, we’ll notify you by email.
We have a privacy manager who is responsible for enforcing our policy and making sure everyone at City Ultrasound respects it. If you have any questions, comments or suggestions, they will be happy to hear from you. You can email them at: email@example.com or write to Privacy Manager, 1st Floor, 36 Spital Square London E1 6DY. Should you wish to file a complaint, please contact us via the methods listed above. We aim to acknowledge complaints within three working days and will try to do our best to resolve them.