We are committed to protecting the privacy and data of patients, healthcare professionals, and website visitors. This Privacy & Cookie Policy explains how we collect, use, and safeguard your data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable NHS data protection standards.

What Information We Collect

We may collect and process the following types of personal data:

• Basic contact details (e.g. name, email address, phone number)
• Professional identifiers (e.g. GMC number if applicable)
• Technical data (e.g. IP address, browser type, operating system)
• Website usage information collected through cookies and analytics tools
• Pseudonymised or anonymised medical imaging data, where applicable and permitted under data-sharing agreements

We do not collect identifiable patient data via this website unless explicitly arranged through a secure and regulated workflow.

Use of Cookies

Cookies are small text files stored on your device that help us improve your browsing experience and understand how our website is used. These do not give us access to your computer or any information beyond what you voluntarily share.

Cookies help us to:

• Operate essential website features
• Analyse site traffic and performance
• Understand how visitors interact with content

For more information or to manage cookies, visit: www.allaboutcookies.org/manage-cookies

Types of Cookies We Use

• Necessary Cookies: Essential for website operation. These do not require user consent.
• Functional Cookies: Enhance user experience by remembering preferences and past interactions.
• Analytics Cookies: Provide anonymised usage data that helps us improve performance.

Lawful Basis for Processing

We process personal data in accordance with Article 6 and Article 9 of the UK GDPR. The lawful bases we rely on include:

• Consent – when you explicitly agree to us processing your data
• Contract – when processing is necessary for service provision
• Legal obligation – to comply with legal or regulatory requirements
• Legitimate interest – where it does not override your rights

In the context of medical imaging, we only process health data under strict agreements and ethical approval when applicable.

Data Storage and Security

We take appropriate organisational and technical measures to safeguard all personal data. These include:

• Encryption at rest and in transit
• Access controls and two-factor authentication
• Regular security audits and penetration testing
• ISO 27001 aligned security practices

Data is stored within secure UK-based or NHS-approved cloud environments wherever possible.

Third-Party Services

We may use trusted third-party providers to deliver services such as hosting, analytics, and secure email. All such providers are subject to data processing agreements and undergo due diligence to ensure compliance with UK data protection standards.

We do not sell or trade your personal information to third parties. We do not allow advertising cookies or unauthorised data sharing.

Your Data Protection Rights

Under the UK GDPR, you have the right to:

• Access your personal data
• Request correction or deletion of data
• Object to processing or request restriction
• Withdraw consent at any time
• Complain to the Information Commissioner's Office (ICO)

If you wish to exercise any of these rights, please contact our Data Protection Officer (DPO) using the contact details below.

Medical Imaging and Patient Data

When processing radiology data for AI research or diagnostic purposes, we do so under strict ethical, legal, and clinical governance. Data is pseudonymised or anonymised where possible, and we collaborate with NHS Trusts or data controllers under data-sharing agreements.

Our platform is not designed to collect identifiable patient data directly from the public, and we never commercialise such data.