We are medneo Diagnostics UK Limited, a company registered in England and Wales. Our company registration number is 11851997 and our registered office is at 10 Upper Berkeley Street, London, United Kingdom, W1H 7PE.
This privacy notice tells you how we will use your information when you use our service.
Our contact details
You can contact us by post or by phone.
Our postal address is:
10 Upper Berkeley Street
London, United Kingdom
T 030 0303 0906
We have appointed a Data Protection Officer.
Our DPO can be contacted by post or email:
10 Upper Berkeley Street
London, United Kingdom
Please mark all correspondence ‘Private and Confidential FAO Data Protection Officer’
What information will we collect about you
We want to provide you with the highest quality of health care. To do this we must keep records about you.
The records which we hold about you may include:
- Basic details about you, such as your name, address, date of birth, contact details and next of kin
- Contact we have had with you such as clinical visits
- Notes and reports about your health
- Details and records about your treatment and care
- Clinical images and reports
- Relevant information from people who care for you and know you well, such as health professionals and relatives
We collect this information in order to:
- Provide a good basis for all health decisions made by you and care professionals
- Make sure your care is safe and effective
- Work effectively with others who are providing you with care
You may choose to fund the cost of our services directly or through your private medical insurers. We will therefore hold:
- Information you give us when you make a payment to us, such as card payment information
- Details of your private medical insurer (where applicable)
How we receive your information
We will collect information directly from you through verbal conversations, in writing (such as correspondence, questionnaires) and through observations when you use our services.
Where it is necessary, we will receive information about you from other healthcare professionals and organisations who are also involved in your care and treatment. The Health and Social Care (Safety and Quality) Act 2015 requires healthcare organisations to share information with others where this will facilitate care or treatment for an individual.
If you are seeking the cost of your care and treatment through private medical insurance, we will receive information from your insurance company such as your authorisation number.
How we will use and share your information
We will only share relevant information with individuals/organisations on a need to know basis and in accordance with the law. The purposes for which we will use and share your information can be found below:
- We will share relevant information in your health record with other staff and organisations that are also involved in your care to support the provision of safe and effective care. This could include other healthcare professionals, Consultants and Radiologists involved in your care and/or the analysis and reporting of diagnostic tests
- Some components of direct care may be delivered by non-registered and non-regulated health and social care staff, for example a ‘system administrator’ inputting information from your referral form into our electronic record keeping system
- To communicate with you about your care and treatment
- Where you have provided permission, we will share relevant information about you with your friends, family and carers. We will retain certain information about these individuals such as their name and contact details
- To seek your feedback and respond appropriately about the service you have received from medneo. We do not usually need to collect data that identifies you for this purpose
- There may be situations whereby we are legally required to share your information in order to maintain the safety of you, another individual or for national public health reasons
- Where statutory permission exists (e.g. Section 251 of the NHS Act 2006) , we may share data with National Registries
- To evaluate the clinical performance of the quality of healthcare provided to you through clinical audits
- Management of untoward or adverse incidents to ensure that they do not happen again
- Communicate with your insurer (where applicable) about your treatment, its necessity and cost
- To ensure effective information technology, governance support and to investigate and respond to concerns and complaints
- In the event that medneo is subject to legal action or a claim, we will need to share information with our insurance company and legal advisors to manage and defend any claims
- We are legally require to support organisations with regulatory functions, for example the CQC. Where appropriate, we will share information about you to evidence compliance or to report an adverse or unexpected incident
Sometimes we may be required to share your information without your consent, for example:
- Disclosures in the public interest or to protect the public in order to prevent and support detection, investigation and punishment of a serious crime or to prevent abuse/serious harm
- Legal disclosures for example where we have received a court order instructing us to share information
You can find our lawful basis for processing your personal data in the table within the downloadable PDF at the bottom of this page.
Your right to object
As a patient, you will generally have the right to object to the use and disclosure of confidential information that identifies you. If you choose to prohibit information being disclosed to other health professionals involved in providing care, it might mean that the care that can be provided is limited and, in extremely rare circumstances, that it is not possible to offer certain services. You will be informed if your decision about disclosure have implications for the provision of care or treatment.
Retention and disposal of personal data
We have adopted national record retention guidelines. You can refer to our retention schedule within the downloadable PDF at the bottom of this page, which explains how long we keep the types of records which we hold, including records and documents containing personal data.
Once information that we hold has been identified for destruction it will be disposed of in the most appropriate way for the type of information it is.
Securing your information
We take the upmost care to secure your information. We will only collect and use personal data that is necessary and relevant. We will also ensure it is only accessible to individuals/organisations who have a legitimate need to access your information.
- We ensure that all of our contractors operate under contractual agreements which have appropriate regard to data protection, confidentiality and security
- Any card payments will be processed securely and in accordance with relevant standards
- Anyone working for or on behalf is bound by the Common Law Duty of Confidentiality through employment contracts and/or professional codes of conduct
- We use secure systems to store your information and ensure that your information is protected from unauthorised access
- We carry out regular auditing of our services to ensure that information is being protected and secured to the appropriate standard
- All of our staff receive regular training on how to handle information confidentially and securely
- We have adopted the Privacy by Design and Default approach and implement appropriate physical and technical security measures to our processes
International transfers of personal data
Where we transfer your personal data outside the European Economic Area, we will ensure adequate safeguards are in place by:
- Only transferring personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission
- Using specific contracts approved by the European Commission
- Using providers that have certified to the EU-US Privacy Shield
Under data protection law, you have a number of rights available to you. These include;
- Your right of access: You have the right to ask us for copies of your personal information
- Your right to rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete
- Your right to be informed: You have the right to be told about the collect and use of your information
- Your right to erasure: In certain circumstances, you have the right to ask us to erase your personal information
- Your right to restriction of processing: In certain circumstances, you have the right to ask us to restrict the processing of your information
- Your right to object to processing: In certain circumstances, you have the the right to object to the processing of your personal data
- Your right to data portability: In certain circumstances, you have the right to ask that we transfer the information you gave us to another organisation, or to you
In most circumstances, you will not be required to pay any charge for exercising your rights. If you make a request, we will respond to you within 28 days. If a situation occurs whereby we need to extend the timeframe or a fee is applicable, we will contact you and provide you with an explanation.
If you have any queries or wish to exercise a right, please contact:
155-157 Great Portland Street
London W1W 6QP
T 030 0303 0906
National Data Opt-Out
The national data opt-out is a service that enables that allows you to opt-out of your confidential patient information being used for research or planning. Where necessary, medneo will apply the national data optout to its data. Further information can be found here.
Complaining to the ICO
If you are not happy about the way your information is being handled, you can lodge a complaint with the ICO.
Information Commissioner’s Office
Water Lane, Wilmslow
Cheshire, SK9 5AF
Helpline number 030 3123 1113
The below describes some information on the cookies which we use on our website:
_ga: Google Analytics. This helps us count how many people visit the website by tracking if you’ve visited before. Expires: 2 years
_gat_UA_143995279_2: Google Analytics. This is used to throttle request rate. Expires: 1 min
_gid: Google Analytics. This is used to distinguish users. Expires: 24 hours
CookieControl: It controls the appearance of the cookies consent banner. Expires: 1 year
For further information can be found here about cookies and how to disable them.