Privacy Policy of uk.scan.com

This Website collects some Personal Data from its Users.

Personal Data processed for the following purposes and using the following services:

    • Advertising

      • Meta ads conversion tracking (Meta pixel), Microsoft Advertising, Google Ad Manager, Google Ads conversion tracking, Meta Lookalike Audience, 360 E-Com, Google Ads Similar audiences and 3Q

        Personal Data: Trackers; Usage Data

      • LinkedIn conversion tracking (LinkedIn Insight Tag)

        Personal Data: device information; Trackers; Usage Data

    • Analytics

      • Google Analytics (Universal Analytics) and Meta Events Manager

        Personal Data: Trackers; Usage Data

      • Heap Analytics

        Personal Data: financial information; Trackers; Usage Data

    • Collection of privacy-related preferences

      • iubenda Consent Database

        Personal Data: Data communicated while using the service; IP address; Trackers

      • iubenda Privacy Controls and Cookie Solution

        Personal Data: IP address; Trackers

    • Commercial affiliation

      • Awin

        Personal Data: Trackers; Usage Data

    • Content performance and features testing (A/B testing)

      • Google Optimize

        Personal Data: Trackers; Usage Data

    • Displaying content from external platforms

      • Google Maps widget and Google Fonts

        Personal Data: Trackers; Usage Data

      • Trustpilot

    • Handling payments

      • Stripe and PayPal

        Personal Data: various types of Data as specified in the privacy policy of the service

      • Splitit

    • Heat mapping and session recording

      • Hotjar Heat Maps & Recordings

        Personal Data: Trackers; Usage Data; various types of Data as specified in the privacy policy of the service

    • Hosting and backend infrastructure

      • Cloudinary

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Infrastructure monitoring

      • New Relic

        Personal Data: Trackers; Usage Data; various types of Data as specified in the privacy policy of the service

    • Interaction with online survey platforms

      • Hotjar Poll & Survey widgets

        Personal Data: Trackers; Usage Data; various types of Data

    • Interaction with support and feedback platforms

      • Zendesk Widget

        Personal Data: email address; first name; last name; phone number

    • Managing data collection and online surveys

      • Hotjar surveys

        Personal Data: email address; first name; last name; phone number

    • Remarketing and behavioral targeting

      • Google Ads Remarketing, Facebook Remarketing and LinkedIn Website Retargeting

        Personal Data: Trackers; Usage Data

    • Tag Management

      • Google Tag Manager

        Personal Data: Trackers

Information on opting out of interest-based advertising

In addition to any opt-out feature provided by any of the services listed in this document, Users may learn more on how to generally opt out of interest-based advertising within the dedicated section of the Cookie Policy.

Further information about the processing of Personal Data

    • Direct Care & Onward Referrals

      We share your personal data with other health and social care providers who provide 'direct care' to you and others, such as administrative staff, who support this care. We will only share your personal data with such parties where we are satisfied that they will handle your data confidentially and in compliance with data protection legislation (UK GDPR & the UK Data Protection Act 2018).

      'Direct care' refers in this context to any activities that support the diagnosis, care or treatment of your condition. The primary instances in which we share your personal data for direct care purposes are:

      (1) where we share your personal data with the scan provider named in your booking so that they may perform the imaging procedures that you have ordered;

      (2) where you submit an online request on uk.scan.com or otherwise for Scan.com to identify and onwardly refer you to a third-party provider or specialist for further advice or treatment, in which case we may share your personal data with any third-party provider or specialist that we identify for these purposes;

      Examples of other persons or bodies with whom we may share your personal data for direct care purposes include:

      -Your NHS GP
      -Onward referral specialists
      -Physiotherapists
      -Therapists
      -Pharmacists
      -Hospitals
      -Accident and emergency services
      -Testing service providers
      -Other health and care bodies

      We will only share your personal data with such bodies or persons where can do so in compliance with both the common law duty of confidentially (the CLDC) and applicable UK data protection legislation.

      For the purposes of the common law duty of confidentiality, we will share your personal data for the purposes of supporting your direct care on the basis of your "implied consent." This means that we will only share your data with third parties for these purposes where the surrounding circumstances mean that you would reasonably expect us to share your data with these parties i.e. it would not be a 'surprise' to you that we've shared your data with these parties.

      In the event that we need to share your data with a provider or specialist who we suspect you would be surprised to learn has access to your data, we will ask for your express consent before sharing any information with them. Please note that this will not apply to any disclosure of your data to a third-party provider or specialist that we make pursuant to your request for an onward referral on uk.scan.com or otherwise. In such instances, we will deem that we have your implied consent to share your basic personal data (name, contact details) with such third-parties, provided that we will not share any special category data (i.e. your medical data, scan results, diagnoses etc) as part of the onward referral without your express consent under both the CLDC and Article 9(2)(a) UK GDPR.

      In addition to requiring your 'implied consent' under the CLDC, we will only share your data for direct care purposes (including onward referrals) where we are have a lawful basis to do so under UK GDPR.

      In this regard, we will share personal data such as your name, contact details, NHS number (or other unique identifier) and appointment date & time with third parties for direct care purposes on the legal basis of Article 6(1)(b) whereby we may process your data for the purposes of performing our contract with you. We may also rely on Article 6(1)(d) (protecting your vital interests) or 6((1)f) (exercising our legitimate interest in providing you with healthcare services).

      Where any of the personal data we wish to share for direct care purposes is 'special category data'- data that reveals particularly sensitive information about things such as your physical or mental health, genetic or biometric make-up or racial or ethnic origin- we will only share your data where we have legal bases to do so under both Article 6(1) and Article 9(2) UK GDPR.

      In particular, we will share your special category data for direct care purposes where, in accordance with Article 9(2)(a) UK GDPR we have your express consent to make the transfer in question. This is without prejudice to our right to rely on other legal bases under Article 9(2) from time to time, including where processing is needed to protect your vital interests, for reasons of public interest in the area of health or for preventive or occupational health reasons.

      Please note that where you place a booking on uk.scan.c

      You may object to any or all of your data being shared by Scan.com with such direct care providers by emailing help@uk.scan.com. If you object to such data being shared, we will not disclose it unless it is justified in the public interest or we deem that it is for your overall benefit in circumstances where you lack capacity to make such a decision.

    • Processing your Medical Images & Radiologist Report

      We collect copies of the medical images and radiologist report produced in connection with your booking from the third-party scan provider that services your appointment.

      We process this data for a number of purposes as described in greater detail in our Remote Viewing Service T&Cs, which you can access at the following URL: https://uk.scan.com/docs/remote-image-and-report-viewing-service-terms.pdf

      These purposes include:


      • to upload a copy of your medical images and radiologist report on a secure, NHS-approved cloud imaging platform operated by the third-party service party Cimar UK LTD, so that you can remotely access and view a copy of your images and report online (the "Remote Image Viewing Service")

      • to process a copy of your radiologist report using the third-party patient imaging software provided by the third-party Scanslated Inc., so that we can provide you on the Remote Image Viewing Service with am interactive, patient-friendly version of your report with clickable plain-language explanations and graphical illustrations

      • to process a de-identified (i.e. anonymised) copy of your medical images that we may later share with certain third-parties with whom we have we a suitable data sharing agreement in place for purposes including teaching, training and/or research purposes, service delivery planning, and improving healthcare related products and services. Examples of the categories of third-party that we may share such de-identified image datasets with include (without limitation and for illustrative purposes): Public Health England, NHS Trusts, universities and public research institutes, data aggregators and brokers, health insurers and underwriters and digital diagnostics companies.



      The scan provider who services your appointments shares your medical images and reporting radiologist report with us in accordance with the legal requirements imposed on them both under the common law duty of confidentiality ("CLDC") and UK data protection laws.

      For the purposes of the CLDC, they share your images and radiologist report with us on the basis of your "implied consent" so that we can support your care by making your results remotely available to you online as soon as they are made available. Your "implied consent" is given where the surrounding circumstances mean that you would reasonably expect these scan providers to share your images and results with us i.e. it would not be a 'surprise' to you that they've shared this data with us.

      In the present context, you are informed as part of the booking process on uk.scan.com that your images and report will be shared with us by the relevant scan provider so that we can upload them on to the Remote Viewing Service for you to view. On this basis, it would not be a surprise to you that the scan providers are sharing this data with us for direct care purposes, with the result that your implied consent is therefore established.

      In addition to requiring your 'implied consent' under the CLDC, scan providers will only share your scan images and radiologist report with us where they have a lawful basis to do so under UK GDPR.

      In this regard, as the information shared as part of your medical imaging and radiologist report is a particularly sensitive form of data called 'special category data'- medical images and radiologist reports can reveal information about your health, genetic or biometric make-up or racial or ethnic origin- scan providers will only share your data with us where they have lawful basis to do so under both Article 6(1) and Article 9(2) UK GDPR.

      In respect of Article 6 UK GDPR, our scan providers rely on Article 6(1)(b) whereby they may share your images and report with us for the purposes of performing their contract with you, under whose terms they have agreed to share your results with you via our cloud-based Remote Viewing Service. They may also rely on Article 6(1)(d) (protecting your vital interests) or 6((1)f) (exercising their legitimate interest in providing you with healthcare services).

      In respect of Article 9 UK GDPR, scan providers rely on Article 9(2)(a) UK GDPR whereby they share your images and report with us on the basis of your express consent to this transfer. We collect this consent on their behalf as part of our check-out process on uk.scan.com where we ask you to indicate your consent to scan providers sharing your images with us.

      This is without prejudice to scan providers' right to rely on other legal bases under Article 9(2) from time to time, including where processing is needed to protect your vital interests, for reasons of public interest in the area of health or for preventive or occupational health reasons.

      To the extent that we share copies of your medical images and radiologist report with third parties, such as Scanslated Inc. and the other categories of third parties listed above, we only do so once these images and reports have been fully "de-identified".

      "De-identified" here means all elements in the images and report that could be used to directly or indirect identify you have been removed with the result that there is no reasonable prospect that you could be identified from the resulting images and reports (even when advanced techniques such as machine learning, surface rendering and algorithmic re-identification techniques are applied).

      To allow for this level of de-identification, Scan.com requires that each diagnostic imaging scan centre that services patient’s procedures de-identifies patient’s scan images at source and provides a copy of the de-identified scan image to Scan.com. Scan.com further treats the de-identified images using a DICOM tag, pixel and HL7 report anoynimisation software provided by Ambra Health, a business name of Interelad UK LTD (“Ambra”), before sharing them with third-parties.

      As data protection legislation applies only to information that identifies or could be used to identify you, the de-identified scan images and reports that we share with third parties are not subject to UK GDPR.

Contact information

    • Owner and Data Controller

      National MRI Scan Ltd, The Department Store Studios, 19 Bellefields Road, London, SW9 9UH

      Owner contact email: info@uk.scan.com

Latest update: March 13, 2024

iubenda hosts this content and only collects the Personal Data strictly necessary for it to be provided.

Show the complete Privacy Policy