Privacy Policy

Suffolk Diagnostic Centre
Effective Date: 24 August 2025
Last Updated: 24 August 2025

1. Introduction

Suffolk Diagnostic Centre (“we,” “our,” or “us”) is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services or visit our website at suffolkdiagnosticcentre.com.

We are registered with the Information Commissioner’s Office (ICO) under registration number [Insert ICO Registration Number] and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controllers:

• Daniel Piper
• Ian C. Nothling
• Suffolk Diagnostic Centre
• 43 North Street, Sudbury, Suffolk,
  CO10 1RD, United Kingdom
• Email: info@suffolkdiagnosticCentre.com
• Phone: +44 7888 864958

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

Patient Information:

• Name, date of birth, and contact details (address, phone, email)
• Medical history and current health conditions
• Symptoms and reason for consultation
• Previous test results and medical records
• GP details and healthcare provider information
• Emergency contact information
• Insurance or payment information

Website Information:

• IP address and browser information
• Pages visited and time spent on our website
• Cookies and similar tracking technologies
• Form submissions and contact inquiries

Special Category Data (Sensitive Personal Data):

• Health information and medical records
• Diagnostic test results
• Treatment plans and clinical notes
• Ultrasound images and reports

2.2 How We Collect Information

• Directly from you during appointments or consultations
• Through our website contact forms and online booking system
• From healthcare professionals with your consent
• From previous medical records you provide
• Through diagnostic tests and examinations

3. How We Use Your Information

3.1 Lawful Basis for Processing

We process your personal data under the following lawful bases:

• Consent: For marketing communications and optional services
• Contract: To provide healthcare services you have requested
• Legal Obligation: To comply with healthcare regulations and record-keeping requirements
• Vital Interests: In emergency medical situations
• Legitimate Interests: To improve our services and ensure patient safety

3.2 Purposes of Processing

We use your personal information to:

• Provide diagnostic and treatment services
• Maintain accurate medical records
• Communicate test results and follow-up care
• Schedule appointments and send reminders
• Process payments and insurance claims
• Comply with healthcare regulations and professional standards
• Improve our services and patient care
• Send relevant health information and service updates (with consent)
• Protect against fraud and ensure clinic security

4. Sharing Your Information

We may share your personal information with:

4.1 Healthcare Professionals

• Your GP or referring healthcare provider
• Specialist consultants for onward referrals
• Accredited laboratories for blood testing
• Private medical imaging services for MRI/CT scans
• Emergency services if medically necessary

4.2 Service Providers

• Secure healthcare IT systems and data processors
• Payment processing services
• Appointment scheduling platforms
• Accredited medical laboratories
• Professional indemnity insurers

4.3 Legal Requirements

• Healthcare regulators (CQC, GMC, HCPC)
• Law enforcement agencies when legally required
• Courts and legal representatives when ordered
• Public health authorities in cases of notifiable diseases

We ensure all third parties have appropriate data protection measures in place and only share the minimum information necessary.

5. Data Security

We implement robust security measures to protect your personal information:

• Encrypted storage and transmission of all medical data
• Secure, password-protected IT systems
• Regular security audits and updates
• Staff training on data protection and confidentiality
• Physical security measures at our clinic premises
• Secure disposal of paper records and electronic data

6. Data Retention

We retain your personal information in accordance with healthcare regulations:

• Medical Records: 8 years from last consultation (adults), 25 years (children)
• Diagnostic Images: 7 years from creation date
• Billing Records: 6 years for tax and accounting purposes
• Website Data: 2 years unless longer retention is required

Records may be retained longer if:

• Ongoing treatment or follow-up is required
• Legal proceedings are pending
• You specifically request extended retention

7. Your Rights

Under UK GDPR, you have the following rights:

7.1 Right of Access

Request copies of your personal data and information about how it’s processed

7.2 Right to Rectification

Request correction of inaccurate or incomplete personal data

7.3 Right to Erasure

Request deletion of your personal data (subject to legal and medical record requirements)

7.4 Right to Restrict Processing

Request limitation of how your data is processed

7.5 Right to Data Portability

Request transfer of your data to another healthcare provider

7.6 Right to Object

Object to processing based on legitimate interests or for marketing purposes

7.7 Rights Related to Automated Decision Making

We do not use automated decision-making or profiling for medical decisions

Note: Some rights may be limited due to healthcare regulations and the need to maintain medical records for patient safety and legal compliance.

8. Cookies and Website Technology

Our website uses cookies and similar technologies to:

• Remember your preferences and improve user experience
• Analyze website traffic and usage patterns
• Enable appointment booking functionality
• Ensure website security

You can control cookies through your browser settings. Some website functionality may be limited if you disable cookies.

9. International Transfers

Your personal data is primarily processed within the UK. If we need to transfer data outside the UK/EEA, we ensure:

• Adequate data protection measures are in place
• Appropriate safeguards such as Standard Contractual Clauses
• Your explicit consent where required

10. Children’s Privacy

We treat all patients under 18 as children. For children’s appointments:

• Parental/guardian consent is required for most services
• We maintain confidentiality appropriate to the child’s age and capacity
• Extended retention periods apply to children’s medical records

11. Marketing Communications

With your consent, we may send you:

• Health tips and wellness information
• Updates about new services
• Appointment reminders and follow-up care information

You can unsubscribe from marketing communications at any time by:

• Clicking the unsubscribe link in emails
• Contacting us directly
• Updating your preferences during your visit

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will:

• Notify you of significant changes via email or website notice
• Post the updated policy on our website
• Obtain new consent where required by law

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights:

Data Protection Officer: 43 North Street, Sudbury, Suffolk,
CO10 1RD, United Kingdom
Email: info@suffolkdiagnosticcentre.com
Phone: +44 7888 864958

For complaints about data processing: Information Commissioner’s Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113

14. Consent

By using our services, you acknowledge that you have read and understood this Privacy Policy. For sensitive health data processing, we will obtain your explicit written consent during your first appointment.

This Privacy Policy was last updated on 24 August 2025 and is reviewed annually to ensure compliance with current regulations.