Privacy Policy

Vishal’s Ultrasound Diagnostic Centre Limited – Customer Privacy Notice

This privacy notice explains what to expect us to do with your personal information.

Contact Details

Post
Wembley Park Medical Centre,
2 Humphry Repton Lane,
Wembley, Middlesex,
HA9 0GL, GB

Telephone
07352077463

Email
contact@vishalultrasound.co.uk

What Information We Collect, Use, and Why

We collect or use the following information to provide patient care, services, pharmaceutical products and other goods:

• Name, address and contact details

• Gender

• Pronoun preferences

• Date of birth

• Next of kin details including any support networks

• Emergency contact details

• Photographs

• Health information (including medical conditions, allergies, medical requirements and medical history)

• Information about care needs (including disabilities, home conditions, medication and dietary requirements and general care provisions)

• Test results (including psychological evaluations, scans, bloods, x-rays, tissue tests and genetic tests)

• Payment details (including card or bank information for transfers and direct debits)

• Insurance policy details

• Records of meetings and decisions

Special Category Information (For Patient Care)

We also collect the following sensitive information:

• Health information

Information We Collect for Safeguarding or Public Protection

• Name, address and contact details

• Emergency contact details

• Health information

• Information about care needs

• Relevant information from previous investigations

• Test results

• Records of meetings and decisions

Special category (sensitive) information:

• Health information

Information We Collect to Comply with Legal Requirements

• Name

• Contact information

• Identification documents

• Health and safety information

• Any other information required by law

• Safeguarding information

Special category information:

• Health information

Information We Collect for Queries, Complaints or Claims

• Names and contact details

• Addresses

• Purchase or service history

• Witness statements

• Relevant information from previous investigations

• Health and safety information

• Correspondence

Special category information:

• Health information

Lawful Bases and Data Protection Rights

Under UK GDPR, we must rely on lawful bases to collect and use your information. Your rights depend on which lawful basis applies.

Your Rights Include:

• Right of access

• Right to rectification

• Right to erasure

• Right to restrict processing

• Right to object

• Right to data portability

• Right to withdraw consent

We must respond within one month.

Our Lawful Bases

For patient care, services, and products:

• Contract

• Legal obligation

• Vital interests

For safeguarding/public protection:

• Legal obligation

• Vital interests

• Public task

For legal compliance:

• Legal obligation

For complaints/queries/claims:

• Contract

• Legal obligation

• Legitimate interests

Where We Get Personal Information From

• Directly from you

• Family members or carers

How Long We Keep Information

[Paste your retention schedule here.]

For more details on retention periods, contact us using the details above.

Who We Share Information With

Data Processors

Amazon Web Services (AWS)
This data processor does the following activities for us:
Amazon Web Services (AWS) provides secure cloud storage and hosting services for our ultrasound clinic. They store, manage, and back up patient records, ultrasound images, reports, and other related data, ensuring data security, availability, and compliance with applicable data protection regulations.

Others We Share Personal Information With

• Other health providers (e.g., GPs and consultants)

• Insurance companies, brokers and other intermediaries

• Emergency services

• Professional advisors

• External auditors or inspectors

• Organisations we’re legally obliged to share personal information with

Duty of Confidentiality

We are subject to a common law duty of confidentiality. However, there are circumstances where we will share relevant health and care information. These include:

• You’ve provided us with your consent (implied for care purposes, or explicit for other uses)

• We have a legal requirement (including court orders)

• On a case-by-case basis, where the public interest to collect, share or use the data outweighs the duty of confidentiality
  (e.g., sharing with the police to prevent or detect serious crime)

• If in England or Wales – sharing meets the requirements of The Health Service (Control of Patient Information) Regulations 2002

• If in Scotland – sharing authority is provided by the Chief Medical Officer for Scotland, Chief Executive of NHS Scotland, the Public Benefit and Privacy Panel for Health and Social Care, or other approved governance body

Sharing Information Outside the UK

Where necessary, our data processors may share personal information outside of the UK. When doing so, they comply with the UK GDPR and ensure appropriate safeguards are in place.

For further information or to obtain a copy of the relevant safeguard, please contact us using the details at the top of this privacy notice.

Organisation name: Amazon Web Services (AWS)
Category of recipient: Cloud storage and hosting provider / IT services
Country the personal information is sent to: Various countries where AWS data centres are located (e.g., US, EU)
How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs)

How to Complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve handled your data, you can also complain to the ICO.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint