Obtain Your Report
Back to Doctorum

Privacy Policy

Doctorum Limited — ICO Registration Number: ZC089076

Doctorum Limited
ICO Registration Number: ZC089076
Registered Address: T3601 One The Elephant, 1 St Gabriel Walk, London SE1 6FF
Website: doctorum.co.uk

At Doctorum Limited, we are committed to protecting your personal information and handling all personal data securely, lawfully and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store and protect your personal data when you use our radiology reporting and second opinion services.

1. Who We Are

Doctorum Limited provides private radiology reporting and second opinion services to patients seeking formal radiology reports or specialist review of imaging, including MRI, CT, Mammography, Nuclear Medicine including PET CT, Ultrasound and X-Ray reports.

For data protection purposes, Doctorum Limited is the data controller when collecting and processing personal data directly from patients, customers, referrers or healthcare providers using our services.

Where Doctorum provides reporting services through third-party clinics, referrers or healthcare providers, Doctorum may also act as a data processor where required under contractual arrangements.

For privacy-related queries, contact: info@doctorum.co.uk

2. What Information We Collect

We may collect:

  • Full name
  • Date of birth
  • Contact details including email address and telephone number
  • Imaging records and DICOM files
  • Existing radiology reports
  • Relevant clinical history supplied by you
  • Referral details where applicable
  • Payment and transaction details
  • Website usage and technical data

This may include special category personal data concerning health.

3. How We Use Your Information

We use personal data to:

  • Obtain and securely process imaging files relating to MRI, CT, Mammography, Nuclear Medicine including PET CT, Ultrasound and X-Ray examinations
  • Arrange radiology reporting by consultant radiologists
  • Provide formal radiology reports and second opinions
  • Communicate with you about your case
  • Maintain clinical governance and quality assurance
  • Manage complaints and service queries
  • Comply with legal and regulatory obligations

4. Lawful Basis for Processing

We process personal data under:

  • Article 6(1)(b) UK GDPR — performance of a contract
  • Article 6(1)(f) UK GDPR — legitimate interests in operating a secure healthcare service
  • Article 6(1)(c) UK GDPR — compliance with legal obligations

Health data is processed under:

  • Article 9(2)(h) UK GDPR — provision of health care
  • Article 9(2)(f) UK GDPR — establishment, exercise or defence of legal claims where required

5. Sharing Personal Information

Your data may be shared only where necessary to support reporting and review of MRI, CT, Mammography, Nuclear Medicine including PET CT, Ultrasound and X-Ray examinations, including with:

  • UK consultant radiologists engaged by Doctorum Limited
  • Secure imaging technology providers
  • Referring clinicians where authorised
  • Regulators or public authorities where legally required
  • Professional advisers where necessary for legal, governance or insurance purposes

All third-party providers are subject to confidentiality and data protection obligations.

6. Technology Providers and Secure Processing

Doctorum uses secure digital systems and contracted technology providers to facilitate image transfer, storage and reporting.

Technical providers may include secure imaging and cloud infrastructure suppliers operating under contractual data protection controls, including Google Workspace and Biotronics3D where applicable.

Where infrastructure involves international hosting arrangements, appropriate UK GDPR safeguards are applied.

7. Data Retention

Personal data is retained only for as long as necessary for:

  • Clinical governance
  • Medico-legal obligations
  • Complaint handling
  • Regulatory compliance

Retention periods may follow UK healthcare record retention expectations where applicable.

8. Data Security

We apply technical and organisational security measures including:

  • Encrypted file transfer
  • Secure access controls
  • Password-protected systems
  • Restricted role-based access
  • Audit trails
  • Confidentiality obligations for clinicians and authorised personnel

9. Automated Decision-Making

Doctorum does not use automated decision-making for clinical reporting.

All reports are produced or reviewed by qualified radiologists.

10. Your Rights

Under UK data protection law you have the right to:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request restriction of processing
  • Object where lawful grounds apply
  • Request erasure where legally permitted
  • Lodge a complaint with the Information Commissioner's Office

11. Complaints

If you have concerns regarding how your personal data is handled, contact: info@doctorum.co.uk

You may also complain to the Information Commissioner's Office.

12. Policy Review

This policy will be reviewed periodically and updated when legal, regulatory or operational requirements change.

Back to Doctorum

Last reviewed: April 2026