MyScanHub
Legal

GDPR & Cookie Policy

Last updated: 25 November 2025

MyScanHub is committed to protecting your privacy and ensuring the security of your personal information. This GDPR & Cookie Policy explains how we collect, use, store, and protect your data.

MyScanHub is operated by Grove Hospitals Radiology Ltd (Company No. 15621894), Registered Office: 277–279 Chiswick High Road, London, W4 4PU.

1. Our Commitment to Data Protection

We comply fully with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • The Privacy and Electronic Communications Regulations (PECR)

We process personal information lawfully, transparently, and only for legitimate healthcare or administrative purposes.

2. What Personal Data We Collect

We collect different types of personal data depending on how you interact with MyScanHub:

2.1 Personal Identification

  • Full name
  • Date of birth
  • Contact information (email, address, telephone)

2.2 Health & Clinical Information

  • Medical history relevant to your scan
  • Referral details (if applicable)
  • Diagnostic imaging and scan results
  • Clinical notes and radiologist reports

2.3 Payment Information

  • Billing details
  • Transaction information

We do not store full card details — payments are handled by secure third-party providers.

2.4 Website & Technical Data

  • IP address
  • Device type
  • Browser information
  • Cookie identifiers
  • Usage patterns and website behaviour (analytics)

3. How We Use Your Personal Data

We use your personal information for:

3.1 Providing Clinical Services

  • Booking and managing appointments
  • Performing diagnostic scans
  • Generating radiology reports
  • Sharing results with you and (where applicable) your healthcare provider

3.2 Safety, Governance & Legal Requirements

  • Maintaining accurate clinical records
  • Ensuring safe imaging practice
  • Meeting regulatory requirements
  • Responding to clinical queries or safeguarding concerns

3.3 Customer Support & Communication

  • Answering enquiries
  • Sending appointment confirmations and reminders
  • Contacting you about results or follow-up care

3.4 Website Experience & Analytics

  • Improving website functionality
  • Monitoring site performance
  • Understanding user behaviour for service improvement

We do not sell, rent, or trade your personal information.

4. Legal Basis for Processing

We process personal data under the following lawful bases:

  • Provision of Healthcare – Article 9(2)(h)
  • Performance of a Contract – Article 6(1)(b)
  • Legitimate Interests – Article 6(1)(f)
  • Legal Obligations – Article 6(1)(c)
  • Consent – Article 6(1)(a) (for cookies, marketing, or optional communication)

5. How We Store & Protect Your Data

We maintain strict security systems, including:

  • Encrypted data storage
  • Secure diagnostic platforms
  • Role-based access controls
  • Regular cybersecurity audits
  • Secure clinical communication tools

Only authorised staff and radiologists involved in your care can access your clinical data.

6. Data Sharing

We may share your data only when necessary and lawful:

6.1 Healthcare Providers

  • With your GP, consultant, physiotherapist, or referrer
  • Only with your explicit consent

6.2 Third-Party Processors

These may include:

  • Secure imaging/reporting platforms
  • Cloud storage providers
  • Payment processors
  • IT security providers

All third parties must comply with the UK GDPR and act only on our instructions.

6.3 Legal or Regulatory Obligations

We may share information when required by:

  • Courts
  • Regulators
  • Safeguarding authorities
  • Professional bodies

We never share your data for marketing without your clear consent.

7. How Long We Keep Your Data

Healthcare records are retained in accordance with UK clinical guidelines:

  • Imaging & clinical data: typically 8 years
  • Children’s records: retained until age 25 or 26
  • Booking & administrative data: 2–7 years depending on purpose

When data is no longer required, it is securely deleted.

8. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion (in certain circumstances)
  • Restrict processing
  • Data portability
  • Withdraw consent (where consent is the lawful basis)
  • Object to specific uses of your data

To make a request, contact us at:

We will respond within one month.

9. Cookies Policy

Our website uses cookies to improve functionality, enhance user experience, and analyse traffic.

Types of cookies we use:

9.1 Essential Cookies

Required for the website to operate properly (e.g., security, booking tools).

9.2 Analytics Cookies

Help us understand how visitors use the site.

9.3 Functional Cookies

Enhance features like remembering preferences.

9.4 Marketing/Tracking Cookies (if used)

Used only with explicit consent.

Managing cookies

You can manage or disable cookies in your browser settings. Our cookie consent banner allows you to accept or refuse non-essential cookies at any time.

10. International Data Transfers

If your data is transferred outside the UK, we ensure safeguards such as:

  • UK adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Data processing agreements with strict protections

11. Contact Details

For GDPR, data protection, or privacy enquiries:

  • Data Protection Officer (or Privacy Lead)
  • MyScanHub / Grove Hospitals Radiology Ltd
  • 277–279 Chiswick High Road, London, W4 4PU
  • Email: [email protected]

If you’re not satisfied with our response, you have the right to contact the ICO – Information Commissioner’s Office.

12. Changes to This Policy

We may update this policy periodically. Any updates will be posted on this page with a new “Last updated” date.

Note: the data protection contact email ([email protected]) can be updated in this page as operational arrangements evolve.

Need clarification? Contact our team and we'll get back to you within one working day.