Privacy Policy
- Who we are and what we do
Last updated: 18/11/24
Harmonic Medical Sonography
Registered number: 07634829
Registered office: Ground Floor – Parkway One, Parkway Business Centre, Princess Road, Manchester, M14 7LU
Email: Admin@harmonicmedicalsonography.com
Privacy notice
www.harmonicmedicalsonography.com (‘Website’) is provided by Harmonic Medical Sonography Limited (‘we’/’us’/’our’). In doing so, we may be in a position to receive and process personal information relating to you. As the controller of this information, we’re providing this Privacy Notice (‘Notice’) to explain our approach to personal information. This Notice forms part of our Terms of use for a website, which governs the use of this Website.
We intend only to process personal information fairly and transparently as required by data protection law including the General Data Protection Regulation (GDPR). In particular, before obtaining information from you we intend to alert you to this Notice, let you know how we intend to process the information and (unless processing is necessary for at least one of the 5 reasons outlined in clause 2 below) we’ll only process the information if you consent to that processing. The GDPR also defines certain ‘special categories’ of personal information that’s considered more sensitive. These categories require a higher level of protection, as explained below.
Of course, you may browse parts of this Website without providing any information about yourself and without accepting cookies. In that case, it’s unlikely we’ll possess and process any information relating to you. We’ll start this Notice by setting out the conditions we must satisfy before processing your data. However, you may wish to skip to clause 4, which summarises what we intend to collect. The Notice also explains some of the security measures we take to protect your personal information, and tells you certain things we will or won’t do.
You should read this Notice in conjunction with the Terms of use for a website. Sometimes, when you take a new service or product from us, or discuss taking a new service or product but decide against, we might wish to provide you with further information about similar services or products by email or other written electronic communication. In that situation, we will always give you the opportunity to refuse to receive that further information and if you change your mind please let us know. We’ll endeavour to remind you of your right to opt-out on each occasion that we provide such information.
- How do we collect data
We may collect personal information about you from a number of sources, including the following:
- From you when you agree to take a service or product from us, in which case this may include your contact details, date of birth, medical history, how you will pay for the product or service and your bank details solely for the purpose of providing medical services and enhancing patient care.
- From you when you contact us with an enquiry or in response to a communication from us, in which case, this may tell us something about how you use our services.
- From documents that are available to the public, such as the electoral register.
- From third parties to whom you have provided information with your consent to pass it on to other organisations or persons – when we receive such information we will let you know as soon as is reasonably practicable.
- If you refuse to provide information requested, then if that information is necessary for a service we provide to you we may need to stop providing that service.
- What we collect
- Basic personal data – (required in order to provide the services stipulated in a contract)
- Contact details – (required in order to provide the services stipulated in a contract)
- Record of communications – (required in order to provide the services stipulated in a contract)
- Digital behavioural and usage data. (Anonymised and aggregated data use to optimise the website and your preferences.
- How and why we use your data
When we’re allowed to collect information from you, we will only collect personal information relating to you if one of the following conditions have been
satisfied:
- You have clearly told us that you are content for us to collect that information for the certain purpose or purposes that we will have specified.
- The processing is necessary for the performance a contract that we have with you.
- The processing is necessary so that we can comply with the law.
- The processing is necessary to protect someone’s life.
- The processing is necessary for performance of a task that’s in the public interest.
- The processing is necessary for our or another’s legitimate interest – but in this case, we’ll balance those interests against your interests.
At the time of collecting information, by whichever method is used, we’ll endeavour to alert you and inform you about our purposes and legal basis for processing that information, as well as whether we intend to share the information with anyone else or send it outside of the European Economic Area. If at any point you think we’ve invited you to provide information without explaining why, feel free to object and ask for our reasons.
Data protection, privacy and security are important to us, and we shall only use your personal information for specified purposes and shall not keep such personal information longer than is necessary to fulfil these purposes. The following are examples of such purposes. We have also indicated below which GDPR justification applies, however it will depend on the circumstances of each case. At the time of collecting, we will provide further information, and you may always ask for further information from us. Listed are the reasons we will use your data:
- To help us to identify you when you contact us. This will normally be necessary for the performance our contract.
- To help us to identify accounts, services and/or products which you could have from us or selected partners from time to time. We may do this by automatic means using a scoring system, which uses the personal information you’ve provided and/or any information we hold about you and personal information from third party agencies (including credit reference agencies). We will only use your information for this purpose
if you agree to it.
- To help us to administer and to contact you about improved administration of any accounts, services and products we have provided before, do provide now or will or may provide in the future. This will often be necessary, but sometimes the improvements will not be necessary in which case we will ask whether you agree.
- To allow us to carry out marketing analysis and customer profiling (including with
transactional information), conduct research, including creating statistical and testing information. This will sometimes require that you consent but will sometimes be exempt as market research.
- To help to prevent and detect fraud or loss. This will only be done in certain
circumstances when we consider it necessary, or the law requires it.
- To allow us to contact you by written electronic means (such as email, text or
multimedia messages) about products and services offered by us where; these products are similar to those you have already purchased from us, you were given the opportunity to opt out of being contacted by us at the time your personal information was originally collected by us and at the time of our subsequent communications with you, and you have not opted out of us contacting you, To contact you about products and services, we require your explicit consent. You will always have the option to opt out of marketing communications. No health-related data will be used for marketing or advertising purposes, and any consent for marketing is separate from consent for medical services. - We may monitor and record communications with you (including phone conversations and emails) for quality assurance and compliance.
Before doing that, we will always tell you of our intentions and of the
specific purpose in making the recording. Sometimes such recordings will
be necessary to comply with the law. Alternatively, sometimes the recording
will be necessary for our legitimate interest, but in that case we’ll only
record the call if our interest outweighs yours. This will depend on all the
circumstances, in particular the importance of the information and whether
we can obtain the information another way that’s less intrusive.
If we think the recording would be useful for us but that it’s not necessary
we’ll ask whether you consent to the recording, and will provide an option
for you to tell us that you consent. In those situations, if you don’t consent, the call will either automatically end or will not be recorded
- Do we share your data
When it’s required by law, we’ll check your details with fraud prevention agencies. If you provide false or inaccurate information and we suspect fraud, we intend to record this. We will not disclose your personal information to any third party except in accordance with this Notice, and in these circumstances:
- They will be processing the data on our behalf as a data processor (where we’ll be the data controller). In that situation, we’ll always have a contract with the data processor as set out in the GDPR. This contract provides significant restrictions as to how the data processor operates so that you can be confident your data is protected to the same degree as provided in this Notice
- Sometimes it might be necessary to share data with another data controller. Before doing that we’ll always tell you. Note that if we receive information about you from a third party, then as soon as reasonably practicable afterwards we’ll let you know; that’s required by the GDPR
- Alternatively, sometimes we might consider it to be in your interest to send your information to a third party. If that’s the case, we’ll always ask whether you agree before sending
- Where you give us personal information on behalf of someone else, you confirm that you have provided them with the information set out in this Notice and that they have not objected to such use of their personal information
- In connection with any transaction which we enter with you
- If you provide false or inaccurate information to us and we suspect fraud, we will record this and may share it with other people and organisations. We, and other credit and insurance organisations, may also use technology to detect and prevent fraud
- We may need to transmit the payment and delivery information provided by you during the order process for the purpose of obtaining authorisation from your bank
- We may allow other people and organisations to use personal information we hold about you in the following circumstances
- If we, or substantially all our assets, are acquired or are in the process of being acquired by a third party, in which case personal information held by us, about our customers, will be one of the transferred assets
- If we have been legitimately asked to provide information for legal or regulatory purposes or as part of legal proceedings or prospective legal proceedings
- We may employ companies and individuals to perform functions on our behalf and we may disclose your personal information to these parties for the purposes set out above, for example, for fulfilling orders, delivering packages, sending postal mail and email, removing repetitive information from customer lists, analysing data, providing marketing assistance, providing search results and links (including paid listings and links) and providing customer service. Those parties will be bound by strict contractual provisions with us and will only have access to personal information needed to perform their functions, and they may not use it for any other purpose. Further, they must process the personal information in accordance with this Notice and as permitted by the GDPR.
We do not sell or rent your personal data to third-party advertisers. However, we will never share sensitive health data with third-party advertisers or use it for marketing. Any data shared with third-party service providers is anonymised and aggregated, ensuring no personally identifiable health information is shared. But under no circumstances will any sensitive health data be shared or used for advertising. This includes personal health information such as medical history or diagnosis. We do not allow third-party advertisers to use any sensitive data for ad targeting.Data collected for marketing is retained only for 180 days to analyse campaign performance and is anonymised where possible.
We do not use any sensitive medical information for advertising purposes. This data is solely used for providing medical services, and it is stored securely in compliance with GDPR and other applicable data protection laws.
- Do we transfer your personal data abroad?
Currently, we do not transfer your personal data outside the European Economic Area (EEA). If this changes in the future, we will ensure that appropriate safeguards are in place to protect your data and notify you accordingly. Your personal data is used to facilitate your appointment booking, communicate with you/your referrer and carry out our service to an extent that is relevant and necessary. Our organisation utilises security measures to guarantee your data is protected at rest and during these processes.
- How long do we store your data
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, in compliance with legal and regulatory requirements. The retention periods vary depending on the type of data:
Medical Records – Retained for a minimum period of 8 years after your last appointment as mandated the NHS Records Management Code of Practice (5 December 2023).
Marketing and Analytical Data – Marketing and analytical data may be retained for up to 24 months for business analysis and improvement of service offerings. However, specific marketing data related to campaign performance will be retained for 180 days, after which it will be anonymised or deleted.
- How do we protect your data
- We have strict security measures to protect personal information.
- NHS Smartcards & role based access and keeping record of who accesses data when
- Pseudonymisation, aggregation and anonymisation
We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software to encrypt information you input.]
- We reveal only the last five digits of your credit card numbers when confirming an order. Of course, we transmit the entire credit card number to the appropriate credit card company during order processing.
- We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
- It is important for you to protect against unauthorised access to your password and to your computer. Be sure to sign off when you finish using a shared computer.
- We protect your personal data by only using it to facilitate your appointment booking, communicate with you/your referrer and to carry out our service to an extent that is relevant and necessary. Our organisation utilises security measures to guarantee that your data is protected at rest and during these processes.
- Cookies and Advertising
At Harmonic Medical Sonography, we use cookies to enhance your experience on our website. Cookies are small text files stored on your device that help us recognise your browser and capture certain information.
The Types of cookies we use;
- Essential Cookies: These cookies are necessary for the website to function properly. They enable basic features like page navigation and access to secure areas of the site. Without these cookies, our website cannot operate efficiently.
- Performance Cookies: These cookies collect information about how visitors use our website, such as which page are visited most often. This data helps us improve the performance and usability of the site. The information collected is aggregated and anonymous.
- Functional Cookies: These cookies allow our website to remember choices you make (e.g. your language preference) and provide enhanced, more personalised features.
- Analytics and Tracking Cookies: We use analytics cookies to tracks user behaviour on our site to understand usage patterns and improve user experience. These cookies may collect anonymised data, such as your IP address, and may be provided by third-party analytics services (e.g. Google Analytics).
- Advertising Cookies: These cookies are used to optimise our marketing efforts by measuring the performance of our ad campaigns. We do not use cookies or tracking technologies to serve personalised advertisements based on sensitive health data. Any data used for marketing or analytics purposes will be anonymised and aggregated, ensuring no personally identifiable health information is shared or used. Any data shared with advertising partners is anonymised and used solely for aggregated analytics.
Our website uses Google Analytics to collect anonymised data about user interactions, which helps us improve our services.
- You can opt out of Google’s use of non-essential cookies and personalised advertising by adjusting your settings in the Google Ads Settings. We ensure that no sensitive health information is used for ad targeting.
Meta (Facebook) Pixel & Meta Audience:
- We use the Meta Pixel to track interactions on our website, allowing us to measure the effectiveness of our Meta ads and optimise future campaigns.
- The Meta Pixel collects anonymised data on user interactions for the purpose of measuring ad effectiveness. We do not use this data to target ads based on any sensitive health information.
- To control the information Meta uses to show you ads, you can adjust your settings on Facebook Ad Preferences.
Managing Cookies
You have the option to accept, reject or manage cookies through your browser settings. Most browsers automatically accept cookies, but you can modify cookies your settings to decline cookies if you prefer. Please note that if you choose to disable cookies, some features of our website may not function properly.
- You can manage your cookie preferences to accept or reject non-essential cookies, including those used for analytics and marketing. You have the right to opt-out of any cookies used for advertising or tracking purposes.
- For Google Ads, you may opt out of personalised advertising through the Google Ads Settings.
- For Meta Ads, you can adjust your ad preferences via Facebook’s Ad Preferences.
Compliance with GDPR & Data Protection Regulations
- Data is collected and processed only for specified, explicit, and legitimate purposes.
- We implement appropriate security measures to protect your data against unauthorised access, alteration, or deletion.
- Website
If you communicate with us using the internet, we may occasionally email you about our services and products. When you first give us personal information through the Website, we will normally give you the opportunity to say whether you would prefer that we don’t contact you by email. You can also always send us an email (at the address set out below) at any time if you change your mind. Please remember that communications over the internet, such as emails and webmail’s (messages sent through a website), are not secure unless they have been encrypted. Your communications may go through a number of countries before they are delivered – this is the nature of the internet. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control. The Website may include links to third-party websites. We do not provide any personally identifiable customer personal information to these third-party websites unless you’ve consented in accordance with this privacy notice. We exclude all liability for loss that you may incur when using these third-party websites.
- Your rights and how to exercise them
If you would like any more information or you have any comments about this Notice, please either write to us at Data Protection Manager, Harmonic Medical Sonography Limited, Ground Floor – Parkway One, Parkway Business Centre, Princess Road, Manchester, M14 7LU, or email us at Admin@harmonicmedicalsonography.com.
- Access: Request details of the personal data we hold about you.
- Rectify: Correct any inaccuracies in your personal information.
- Delete: Request the deletion of your data where it is no longer necessary for the purposes for which it was collected.
- Opt-Out: You can opt out of receiving personalised ads through the links provided above for Google and Meta platforms.
Please note that we may have to amend this Notice on occasion, for example if we change the cookies that we use. If we do that, we will publish the amended version on the Website. In that situation we will endeavour to alert you to the change, but it’s also your responsibility to check regularly to determine whether this Notice has changed. You can ask us for a copy of this Notice by writing to the above address or by emailing us at Admin@harmonicmedicalsonography.com. This Notice applies to personal information we hold about individuals. It does not apply to information we hold about companies and other organisations. If you would like access to the personal information that we hold about you, you can do this by emailing us at Admin@harmonicmedicalsonography.com or writing to us at the address noted above. There is not normally a fee for such a request, however if the request is unfounded, repetitive or excessive we may request a fee or refuse to comply with your request. You can also ask us to send the personal information we hold about you to another controller. We aim to keep the personal information we hold about you accurate and up to date. If you tell us that we’re holding any inaccurate or incomplete personal information about you, we will promptly amend, complete or delete it accordingly. Please email us at Admin@harmonicmedicalsonography.com or write to us at the address above to update your personal information. You have the right to complain to the Information Commissioner’s Office if we don’t do this. You can ask us to delete the personal information that we hold about you if we relied on your consent in holding that information or if it’s no longer necessary. You can also restrict or object to our processing of your personal information in certain circumstances. You can do this by emailing us at Admin@harmonicmedicalsonography.com or writing to us at the address noted above. We will tell you if there is a breach, or a likely breach, of your data protection rights. ‘Just-in-time’ notices Privacy notice about necessary information We have asked for personal information from you. This information is necessary for one of the reasons specified in the General Data Protection Regulation. For more information, please read our full privacy notice at
If you have any concerns about our privacy policy, please contact us using the email address below:
Admin@harmonicmedicalsonography.com