Privacy Policy

Privacy policy

This policy is drafted to comply with UK Data Protection Legislation, including the UK GDPR and the Data Protection Act 2018, as Tesla Radiology Solutions Ltd is a UK-based provider of diagnostic services.

Privacy Policy for Tesla Radiology Solutions Ltd

Last Updated: 22/01/2020

  1. Introduction and Data Controller

Tesla Radiology Solutions Ltd (referred to as “We,” “Us,” or “Our”) is a highly skilled, independent provider of CT and MRI mobile and clinic-based scanning services primarily for Public and Private Sector hospital sites, Clinical Commissioning Groups (CCGs), and self-pay patients throughout the UK.

For the purposes of applicable Data Protection Legislation, Tesla Radiology Solutions Ltd is the Data Controller of the Personal Data you provide to us or that we collect about you.

Contact Details:

  

Registered Office:

57 Olympia Avenue, Choppington, NE62 5DU (and 39C Newcastle Quays Retail Park, NE29 6DW)

Email:

info@teslaradiologysolutions.com

Telephone:

033 3303 4557

  1. Data We Collect About You

We may collect, use, store, and transfer different kinds of Personal Data about you. In the context of providing diagnostic services, this data will necessarily include Special Categories of Personal Data (Health Data).

Data Category

Examples of Data Collected

Identity Data

Name, date of birth, gender, marital status.

Contact Data

Billing address, delivery address, email address, telephone numbers.

Financial Data

Payment card details, bank account details (collected by third-party payment providers).

Usage & Technical Data

IP address, web browser type and version, operating system, and information on how you use our website/services (automatically collected via cookies/trackers).

Special Categories (Health Data)

Medical history, referral letters, patient safety questionnaire responses, diagnostic imaging results (MRI/CT scans), radiographer reports, and any related clinical information necessary for your direct care.

  1. How and Why We Use Your Data

We use your data primarily to provide safe, efficient, and clinically-led diagnostic scanning services.

Purpose of Processing

Legal Basis for Processing (UK GDPR)

Providing Diagnostic Services

Performance of a Contract with you (e.g., processing an order for a scan). Explicit Consent for the processing of Special Categories of Personal Data (Health Data) necessary for your direct care.

Screening & Clinical Review

Performance of a Contract (to assess clinical appropriateness of the service). Legitimate Interests (ensuring safety and service quality).

Internal Record Keeping

Legitimate Interests (business management, statistical purposes, and service improvement). Legal Obligation (statutory record keeping requirements).

Compliance & Regulation

Legal Obligation (e.g., complying with CQC requirements, data protection law, and court orders).

Sending Marketing

Consent (if required) or Legitimate Interests (sending relevant communications regarding your browsing or purchasing activity, if applicable).

  1. How We Share Your Data

We will share your Personal Data only when necessary and where legally permitted.

  • For Direct Care: We share your clinical data (including scan images and reports) with our highly skilled radiographers and consultant radiologists/cardiologists for reporting and diagnostic accuracy. We may also share data with the referring clinician or your general physician based on your implied consent for direct care.
  • Service Providers (Data Processors): We use third parties for IT infrastructure, secure data storage, payment processing, and administrative support (e.g., Zendesk for chat). These providers only process data on our specific instructions.
  • Regulatory Bodies: We may share data with regulators such as the Care Quality Commission (CQC) and the Information Commissioner’s Office (ICO) as part of our legal and regulatory compliance.
  • NHS/CCGs: When processing referrals or services for the NHS, data is shared with the relevant NHS bodies or CCGs.
  1. Data Security and Retention

Data Security

We implement technical and organisational measures to safeguard your Data.

  • Data is stored on secure servers.
  • Access to patient portals/accounts is controlled by a unique username and password.
  • We use industry-standard techniques like pseudonymisation/anonymisation to de-identify data where possible and appropriate.

Data Retention

Personal Data is processed and stored only for as long as required for the purpose for which it was collected or as required by law. Personal Data collected for contract performance is retained until the contract has been fully performed. Due to the sensitive nature of clinical records, retention periods may be longer as required by NHS and private healthcare standards. Once the retention period expires, data shall be deleted.

  1. Your Rights Under UK GDPR

You have the following rights in relation to your Personal Data:

  1. Right to Access: The right to request copies of the information we hold about you.
  2. Right to Rectification: The right to have your data corrected if it is inaccurate or incomplete.
  3. Right to Erasure (Right to be Forgotten): The right to request that we delete or remove your data from our systems (note: this right is not absolute, especially for medical records where a legal obligation may apply).
  4. Right to Restrict Processing: The right to ‘block’ us from using your data or limit the way we use it.
  5. Right to Data Portability: The right to request that we move, copy, or transfer your data to you or another controller.
  6. Right to Object: The right to object to our use of your data, including where we process it based on our legitimate interests.
  7. Right to Withdraw Consent: The right to withdraw consent at any time where you have previously given your consent to the processing of your Personal Data.

You can exercise these rights by contacting us using the contact details provided in Section 1.