We are committed to protecting your data and privacy when dealing with your personal information. We are continuously analysing our policies and undertaking the necessary steps to ensure we remain fully compliant with the GDPR by 25 May 2018.
This privacy notice provides details about the information we collect about you, how we use and protect it. It also provides information about your rights. If you have any questions about how we handle your information, please contact us.
The European Scanning Centre is registered with the Information Commissioners Office, registration number Z8564277.
Information about European Scanning Centre
In this privacy notice, 'we', 'us', 'our' and 'ESC' mean the European Scanning Centre.
Depending on which location and services you ask us about, purchase or use, different companies within our organisation will process your information. These are:
European Scanning Centre (Harley Street) Limited
68 Harley Street
Registered in England and Wales No. 4932642
European Scanning Centre (MSK) LLP
68 Harley Street
Registered in England and Wales No. OC380078
European Scanning Centre (Manchester) LLP
20 Bailey Lane
Registered in England and Wales No. OC399214
European Scanning Centre (No2) LLP
68 Harley Street
Registered in England and Wales No. OC417722
European Scanning Centre (Cardiff) LLP
Cardiff Gate Business Park
Registered in England and Wales No. OC414655
Scope of our privacy notice
This privacy notice applies to anyone who interacts with us about our products and services (‘you’, ‘your’), in any way (for example, by email, through our website or by telephone). We will give you further privacy information if necessary for specific contact methods or in relation to specific products or services.
This privacy notice applies to you if you ask us about, buy or use our products and services. It describes how we handle your information, regardless of the way you contact us (for example, by email, through our website, by phone, through our app and so on). We will provide you with further information or notices if necessary, depending on the way we interact with each other.
How we collect personal information
We collect personal information from you and from third parties (anyone acting on your behalf, for example referring doctors and so on). Please see below for more information.
Where you provide us with information about other people, you must make sure that they have seen a copy of this privacy notice and are comfortable with you giving us their information.
We collect personal information from you:
through your contact with us, including by phone (we may record or monitor phone calls to make sure we are keeping to legal rules, codes of practice and internal policies, and for quality assurance purposes), by email, through our websites, by post, by filling in application or other forms, through social media or face-to-face (for example, in medical consultations, diagnosis).
We also collect information from other people and organisations.
For all our customers, we may collect information from:
your parent or guardian, if you are under 18 years old;
a family member, or someone else acting on your behalf;
doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers;
any service providers who work with us in relation to your product or service, if we don’t provide it to you direct, such as providing you with apps, medical treatment, dental treatment or health assessments;
organisations, such as SurveyMonkey, CACI or Binleys, who carry out customer-satisfaction surveys or market research on our behalf, or who provide us with statistics and other information (for example, about your interests, purchases and type of household) to help us to improve our products and services;
fraud-detection and credit-reference agencies; and
sources which are available to the public, such as the edited electoral register or social media.
Categories of personal information
We process two categories of personal information about you and (where this applies) your dependants:
standard personal information (for example, information we use to contact you, identify you or manage our relationship with you); and
special categories of information (for example, health information).
For more information about these categories of information, see below.
Standard personal information includes:
contact information, such as your name, username, address, email address and phone numbers;
the country you live in, your age and your date of birth;
details of any contact we have had with you, such as any complaints or incidents;
financial details, such as details about your payments, your bank or credit/debit card details or health insurance policy details;
information about how you use our products and services, such as insurance claims; and
information about how you use our website, apps or other technology, including IP addresses or other device information (please see our Cookies Policy for more details).
Special category information includes:
information about your physical or mental health, including genetic information or biometric information (we may get this information from application forms you have filled in, from notes and reports about your health and any treatment and care you have received or need, or it may be recorded in details of contact we have had with you such as information about complaints or incidents, and referrals from your existing insurance provider, referring physician, quotes and records of medical services you have received);
What we use your personal information for
We process your personal information for the purposes set out in this privacy notice. We have also set out some legal reasons why we may process your personal information (these depend on what category of personal information we are processing). We normally process standard personal information if this is necessary to provide the services set out in a contract, it is in our or a third party’s legitimate interests or it is required or allowed by any law that applies. Please see below for more information about this and the reasons why we may need to process special category information.
By law, we must have a lawful reason for processing your personal information. We process standard personal information about you if this is:
necessary to provide the services set out in a contract − if we have a contract with you, we will process your personal information in order to fulfil that contract (that is, to provide you and your dependants with our services);
in our or a third party’s legitimate interests − details of those legitimate interests are set out in more detail below;
required or allowed by law.
We process special category information about you because:
it is necessary for the purposes of preventive or occupational medicine, to assess whether you are able to work, medical diagnosis, to provide health or social care or treatment, or to manage health-care or social-care systems (including to monitor whether we are meeting expectations relating to our clinical and non-clinical performance);
it is necessary to establish, make or defend legal claims (for example, claims against us, medicolegal);
it is necessary for a purpose designed to protect the public against dishonesty, malpractice or other seriously improper behaviour (for example, investigations in response to a safeguarding concern, a patients complaint or a regulator (such as the Care Quality Commission or the General Medical Council) telling us about an issue);
it is in the public interest, in line with any laws that apply;
it is information that you have made public; or
we have your consent. As is best practice, we will only ask you for consent to process your personal information if there is no other legal reason to process it. If we need to ask for your consent, we will make it clear that this is what we are asking for, and ask you to confirm your choice to give us that consent. If we cannot provide a service without your consent (for example, we can’t manage and run a diagnostic scanning centre without health information), we will make this clear when we ask for your consent. If you withdraw your consent prior to any service commencing, we will no longer be able to provide you with a service/scan that relies on having your consent.
We process your personal information for a number of legitimate interests, including managing all aspects of our relationship with you, for marketing, to help us improve our services and products, and in order to exercise our rights or handle insurance claims. More detailed information about our legitimate interests is set out below.
Legitimate interest is one of the legal reasons why we may process your personal information. Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:
to manage our relationship with you, our business and third parties who provide services for us;
to provide health-care services on behalf of a third party (for example, your employer);
to make sure that diagnostic imaging services are handled efficiently and to investigate complaints (for example, we may ask your referrering doctor/consultant for information to make sure we receive accurate information and to monitor the quality of your treatment and care);
to keep our records up to date and to provide you with marketing as allowed by law;
to develop and carry out marketing activities and to show you information that is of interest to you, based on our understanding of your preferences (we combine information you give us with information we receive about you from third parties to help us understand you better);
for statistical research and analysis so that we can monitor and improve products, services, websites and apps, or develop new ones;
to contact you about market research we are carrying out;
to monitor how well we are meeting our clinical and non-clinical performance expectations;
to exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with.
Marketing and preferences
We may use your personal information to send you marketing by post, by phone, through social media, by email and by text.
We can only use your personal information to send you marketing material if we have your permission or a legitimate interest as described above.
If you don’t want to receive emails from us, you can click on the ‘unsubscribe’ link that appears in all emails we send. If you don’t want to receive texts from us you can tell us by contacting us at any time. Otherwise, you can always contact us here to update your contact preferences.
You have the right to object to direct marketing and profiling (the automated processing of your information to help us evaluate certain things about you, for example, your personal preferences and your interests) relating to direct marketing. Please see the section about your rights for more details.
Sharing your information
We share your information within the ESC Group of companies, with relevant policyholders (including your employer if they are covering the costs of our services under an employment scheme), with referrers arranging services on your behalf, with people acting on your behalf (for example, parent/guardian, health insurer and other agents) and with others who help us provide services to you (for example, health-care providers and medical-assistance providers) or who we need information from to allow us to handle insurance claims or entitlements. We also share your information in line with the law. For more information about who we share your information with, please see below.
We sometimes need to share your information with other people or organisations for the purposes set out in this privacy notice.
For all our patients, we share your information with:
other members of the ESC Group;
other organisations you belong to, or are professionally associated with, in order to confirm your entitlement to claim discounts on our services;
your employer (or their broker or agent), for service administration purposes if your employer is paying for the services we are providing or if you are a member or beneficiary under your employer’s group scheme;
doctors, clinicians and other health-care professionals, hospitals, clinics and other health-care providers;
suppliers who help deliver services on our behalf;
those paying for the services we provide to you, including insurers, public-sector commissioners and embassies;
those providing your treatment and other benefits;
national registries such as the Cancer Registry;
national screening databases;
government authorities and agencies, including the Health Protection Agency (for infectious diseases such as TB and meningitis); and
organisations who provide your treatment and other benefits, including travel-assistance services.
people or organisations we have to, or are allowed to, share your personal information with by law (for example, for fraud-prevention or safeguarding purposes, including with the Care Quality Commission);
the police and other law-enforcement agencies to help them perform their duties, or with others if we have to do this by law or under a court order;
other third parties we work with to provide our services, such as agents working on our behalf, other insurers and reinsurers, actuaries, auditors, solicitors, translators and interpreters, tax advisers, debt-collection agencies, credit-reference agencies, fraud-detection agencies (including health-insurance counter-fraud groups), regulators, data-protection supervisory authorities, health-care professionals, health-care providers and medical-assistance providers; and
organisations that carry out patient surveys on our behalf (for example, SurveyMonkey).
Anonymised and research information
We support ethically approved clinical research. We may use anonymised information (with all names and other identifying information removed) or information that is combined with other people’s information, or reveal it to others, for research or statistical purposes. You cannot be identified from this information and we will only share the information in line with legal agreements which set out an agreed, limited purpose and prevent the information being used for commercial gain.
How long we keep your personal information
We are under a legal and ethical obligation to maintain records safely and securely for a minimum period as set out by the Department of Health (2006) Records management: NHS code of practice. The minimum retention period is currently 8 years.
You have the right to access your information and to ask us to correct any mistakes and delete and restrict the use of your information. You also have the right to object to us using your information, to ask us to transfer of information you have provided, to withdraw permission you have given us to use your information. For more information, see below.
You have the following rights (certain exceptions apply).
Right of access: the right to make a written request for details of your personal information and a copy of that personal information
Right to rectification: the right to have inaccurate information about you corrected or removed
Right to erasure ('right to be forgotten'): the right to have certain personal information about you erased
Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
Right to object: the right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interests. You can object to our use of your information for profiling purposes where it is in relation to direct marketing
Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable formats
Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of ESC’s use of your personal information prior to the withdrawal of your consent and we will let you know if we will no longer be able to provide you your chosen services
Right in relation to automated decisions: you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into a contract with you, it is authorised by law or you have given your explicit consent. We will let you know when such decisions are made, the lawful grounds we rely on and the rights you have.
Please note: Other than your right to object to the use of your data for direct marketing (and profiling to the extent used for the purposes of direct marketing), your rights are not absolute: they do not always apply in all cases and we will let you know in our correspondence with you how we will be able to comply with your request.
If you make a request, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. If we do not meet your request, we will explain why.
Patients attending the European Scanning Centre independent healthcare service will have access to a complaints procedure in the event they are unhappy with any aspect of the service being provided.
Patients’ complaints and comments will be listened to and acted upon.
This policy outlines the different stages of the complaints procedure and includes arrangements to identify, receive, record, handle and respond to any complaint.
The European Scanning Centre will take all reasonable steps to ensure that its staff are aware of and comply with this policy and procedure.
Making a complaint
The European Scanning Centre is committed to providing a high quality independent healthcare service. However, if any patient is unhappy with any aspect of the healthcare service being provided, they will be invited to make a complaint.
Complaints can be made to any member of European Scanning Centre staff, either verbally or in writing.
If a patient wishes to make a complaint whilst they are in the clinic premises, then the Operations Director and/or Medical Director will attempt to resolve the issue immediately.
No patient, or person acting on their behalf, will be discriminated against for making a complaint.
No person's investigation, care and treatment will be affected in any way if a complaint is made by them or on their behalf.
Information given to patients about how to complain
Written information on the complaints procedure will be available for patients within the European Scanning Centre premises.
Information on how to make a complaint will be available as a separate patient information leaflet.
Patients will be assured that they will not be discriminated against for making a complaint.
Receiving and recording a complaint
Complaints can be made by a patient, a former patient, or someone acting on a patient's behalf.
If the complaint is from a child patient i.e. someone under 18 years old, the complaint may be made by the child, either parent of the child, the legal guardian, or other adult who is legally responsible for the care of the child.
All received complaints, whether written or verbal, will be recorded.
Recorded details will include:
the date and time the complaint was received
a description of the complaint
details of the investigation carried out
any actions taken, and
whether or not the complaint was upheld.
Where a complaint is received anonymously, the European Scanning Centre will carry out an investigation as far as it reasonably can, depending on the content of the complaint.
The European Scanning Centre will maintain a complete record of all complaints received and copies of all related correspondence. These records will be kept separately from patients' healthcare records.
Handling a complaint
All complaints received will be treated in the strictest confidence.
All complaints, written or verbal, will be investigated.
All complainants will receive a written acknowledgement of their complaint within two (2) working days, unless a full reply can be sent within five (5) working days.
The written acknowledgement will include the name and contact details of the person investigating the complaint on behalf of the European Scanning Centre.
The European Scanning Centre will offer to meet with the complainant in order to discuss the manner in which the complaint is to be handled and how the issue/s might be resolved.
At this meeting, the following information will be obtained and/or provided (as far as is reasonably possible):
How the complainant wishes to be addressed e.g. Miss, Ms, Mr, Mrs or their first name.
How the person wishes to be kept informed e.g. in writing by letter or email, by telephone, or through an agreed third party representative or advocate.
Confirm with the person if they give their consent to access healthcare records (where appropriate) for the purposes of investigating the complaint.
Confirm if the person has any disabilities that need to be taken into account during the investigation.
Advise the person that they can have a representative to support them through the complaints process.
Ask the person what they are seeking as an outcome to the complaints investigation e.g. an apology, new appointment, reimbursement for costs or loss of personal belongings, or an explanation.
Agree a plan of action, including when and how the complainant will hear back from the European Scanning Centre.
In the event that the complainant does not accept the offer of a meeting as set out above, the European Scanning Centre will itself determine the response period and notify the complainant in writing of that period.
The European Scanning Centre will carry out an investigation of the nature of the complaint and provide a full written response to the complainant within twenty (20) working days of the complaint being received.
If a full response cannot be given within twenty (20) working days of receiving the complaint, the European Scanning Centre will write to the complainant to explain the reason for the delay.
A full written response will be made within five (5) days of a conclusion and outcome being reached.
If a complainant is not satisfied after a complaint has been investigated by the European Scanning Centre and a response provided, the Centre will provide further information to the complainant in terms of potentially escalating the complaint to an external body such as the Care Quality Commission or General Medical Council or other appropriate regulatory body.
This will be done on an individual complaint specific basis depending on the nature of the complaint.
The European Scanning Centre will co-operate with any independent review of a complaint that has been escalated.
A 'cookie' is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that site to recognise your browser. Cookies may store user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies.
The cookies we use are "analytical" cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
We use Google Analytics to help us understand the use of our website and to try and make the site a more useful resource for our visitors. Google Analytics uses ‘cookies’ to anonymously collect visitor information and to transmit that information (including your IP address) to Google. This information is used by us to help us understand how visitors use our site and to help us improve the website, as well as producing statistical reports for ESC. Neither ESC nor Google will seek to associate an IP address with the identity of a visitor to this site. We do not share any of this information with any 3rd parties.
Cookies do not harm your computer and do not enable us or any third party to view any information on your computer’s hard drive. You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.