• Ultrasound Scanning: We are open 8am - 10pm
Click here
Book Scan
  • Ultrasound Scanning Available 24/7
    Live Support: 8am - 5pm Daily
Booking Now

Privacy Policy

Home/Privacy Policy

1. Introduction and Who We Are

Welcome to the Privacy Policy for Call To Scan Ltd. This policy explains how we collect, use, store, and protect your personal data when you interact with our website or use our mobile diagnostic and screening services.
Call To Scan Ltd. is committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).
  • Data Controller: Call To Scan Ltd. (Company Registration Number: 16881512).
  • Registered Office: 198 Horsenden Lane South, London, UB6 7NU. For data protection law, Call To Scan Ltd. is the Data Controller responsible for your personal data.

2. The Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data, which we have grouped as follows:

A. Personal Data

Category Description
Identity Data Name, title, date of birth, gender, and photographic identification (for verification).
Contact Data Residential address (for mobile service delivery), email address, and telephone number.
Financial Data Payment details (processed securely by third-party payment providers; we do not store full card details).
Technical Data Internet protocol (IP) address, browser type and version, time zone setting and location, operating system, and platform.
Usage Data Information about how you use our website and services (e.g., website clicks, appointment booking times).
Marketing & Communications Data Your preferences in receiving marketing from us and your communication preferences.

B. Special Category Data (Health Data)

As a CQC-regulated healthcare provider offering diagnostic and screening procedures, we routinely collect and process sensitive health information, which is classed as Special Category Data under UK GDPR.
Category Description
Health Data Medical history, clinical notes, ultrasound images/scans, diagnostic reports, and details of any symptoms or treatments.
Biometric Data The ultrasound images themselves may be considered biometric data when used to identify a natural person.

3. How Is Your Personal Data Collected?

We use different methods to collect data from and about you, including:

⦁ Direct Interactions:You provide us with your Identity, Contact, and Health Data when you:

⦁ Book an appointment (online or by phone).

⦁ Fill out consent forms or health questionnaires.

⦁ Communicate with our Sonographers or administrative staff.

⦁ Give us feedback or make a complaint.

  • Third Parties: We may receive Health and Identity Data from third parties, such as:
  • Your referrer (e.g., GP or Consultant).
  • The NHS (if services are commissioned or funded by them).
  • Automated Technologies or Interactions (Website): As you interact with our website, we may automatically collect Technical and Usage Data using cookies and similar technologies.

4. How and Why We Use Your Data

We will only use your personal data when the law allows us to. For Special Category Data (Health Data), we must meet a minimum of two legal bases.

4.1 Lawful Basis for Processing General Personal Data

We rely on the following legal bases for general processing:
Purpose of Processing Type of Data Lawful Basis
To register you as a new service user. Identity, Contact Performance of a contract with you.
To deliver the mobile ultrasound service and diagnostic report. Identity, Contact, Health Performance of a contract with you.
To manage payments and accounting. Identity, Financial Necessary for our legitimate interests (payment recovery); Legal obligation.
To manage our relationship with you, including service changes, complaints, and feedback. Identity, Contact, Usage Necessary to comply with a legal obligation (CQC Regulation 16); Necessary for our legitimate interests (service improvement).

4.2 Dual Lawful Basis for Processing Special Category Data (Health Data)

For your Health Data, we rely on the following bases, as required by UK GDPR:

⦁ Article 6 Basis: Performance of a contract (as detailed above).

Article 9 Condition: Processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services (Article 9(2)(h)).

This means we are legally permitted to process your health data as a medical diagnosis provider without requiring your explicit consent for the core function of delivering your scan and report.

5. Disclosure of Your Personal Data (Data Sharing)

We may have to share your personal data with the parties set out below for the purposes outlined in Section 4.
Third Party Purpose Data Shared
Referrers/Clinicians Sharing the final diagnostic report with your referring GP, Consultant, or other healthcare professional for continuity of care. Identity, Contact, Health (Diagnostic Reports/Images).
CQC Providing access to records, including Health Data, to comply with our regulatory duties (e.g., during inspections). Identity, Contact, Health
IT & Data Storage Providers Hosting clinical records and maintaining our secure electronic systems (e.g., cloud storage services). All data types (processed under strict data processing agreements).
Payment Processors Processing payments securely (e.g., Stripe, PayPal). Identity, Financial
Legal/Regulatory Bodies When we are legally required to do so, for example, under a court order or during a safeguarding investigation (Local Authority). Identity, Contact, Health (as necessary)

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered, or disclosed.

⦁ Technical Measures: Our systems use encryption, firewalls, and secure access controls (e.g., multi-factor authentication) to protect clinical and administrative data.

⦁ Organisational Measures: Access to your Health Data is strictly limited to clinical and administrative staff who require it to perform their duties. All staff are required to undergo mandatory training in data protection and clinical governance.

⦁ Mobile Operations: Data transported in mobile units (e.g., ultrasound machine storage) is encrypted and password-protected.

7. Data Retention

We will only retain your personal data, including clinical records, for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, or reporting requirements.
In line with standard NHS and private healthcare record-keeping requirements, clinical records (including ultrasound reports and images) are typically retained for a minimum of:

⦁ Adults: 8 years after the conclusion of treatment or death.

⦁ Children and Young People: Up to the person’s 25th birthday, or 26th birthday if the last entry was made when they were 17. After the mandatory retention period has elapsed, your data will be securely destroyed or anonymised.

8. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

⦁ Request access to your personal data (commonly known as a “data subject access request”).

⦁ Request correction of the data that we hold about you.

⦁ Request erasure of your personal data (where there is no good reason for us to continue processing it, noting that legal requirements often override this for clinical data).

⦁ Object to processing of your personal data.

⦁ Request restriction of processing  of your personal data.

⦁ Request the transfer of your personal data to another party.

⦁ Right to withdraw  consent (where consent is the legal basis for processing).

If you wish to exercise any of the rights set out above, please contact the Data Protection Contact listed in Section 10.

9. Cookies

Our website uses cookies (small text files placed on your device) to collect Usage and Technical Data. This helps us analyse website traffic and improve user experience.

⦁ Necessary Cookies: Essential for the website to function (e.g., managing a booking session).

⦁ Analytical/Performance Cookies: Allow us to recognise and count the number of visitors and see how they move around the website.
You can set your browser to refuse all or some browser cookies, but note that some parts of the website may become inaccessible or not function properly.

10. Contact Details and Complaints

Data Protection Contact

If you have any questions about this privacy policy or our data protection practices, please contact us using the following details:

⦁ Name Director (Data Protection Lead)

⦁ Email: scan@calltoscan.co.uk

⦁ Postal Address: 198 Horsenden Lane South, London, UB6 7NU

Information Commissioner's Office (ICO)

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues.

⦁ ICO Contact Information: You can find their contact details on the ICO website at: www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Call To Scan LTD, Registered in England and Wales. Company Registration Number: 16881512. Registered Office: 198 Horsenden Lane South, London, UB6 7NU. Regulated by the Care Quality Commission (CQC) for Diagnostic and screening procedures.