Privacy Policy

United Open MRI Ltd is committed to protecting and respecting your privacy. This privacy notice will inform you as to how we look after your personal data when you use our services, and tell you about your privacy rights and how the law protects you.

Who we are

UNITED OPEN MRI LIMITED – trading as The London Upright MRI Centre, The Leeds Upright MRI Centre, and The Birmingham Upright MRI Centre – is the data controller and is therefore responsible for your personal data (collectively referred to as “we”, “us”, or “our” in this privacy notice).

We have appointed a data protection office (DPO) who is responsible for any questions in relation to this privacy notice. If you have any questions regarding this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details below.

Contact details

Company Name: United Open MRI Ltd

Postal address: FKS House, 40-44 Newman Street, London, W1T 1QD.

Name and title of DPO: Guy Timmis, Group Operations Manager

Email address:

What information we hold about you:

The type of personal data that we may collect and process includes:

  • Your name and title.
  • Your date of birth.
  • Your gender.
  • Your address.
  • Your contact details – primarily your email address and telephone number(s).
  • Your private medical insurance information or NHS identifier information

The types of special category data that we may collect and process are all health related, and will include:

  • Your imaging request form.
  • The diagnostic images that we obtain when you attend your appointment.
  • The clinical report authored in relation to these diagnostic images.
  • A document that assesses your safety to undergo MRI..

Further data may be collected if you choose to share it, such as previous medical imaging for the sake of comparison purposes, previous clinical reports, previous clinical letters or other related medical documents that will assist our consultant radiologists in authoring a fully comprehensive clinical report.

How we collect this information

The methods by which we collect this information include:

  • You contact us directly to make an enquiry, to self-refer or with a referral from a clinician or GP
  • You are referred to us directly by a clinician, your GP, or the NHS.
  • You are referred to us directly by another medical professional, such as a physiotherapist.

Lawful Basis

The lawful basis under which we collect and process this data is ‘legitimate interest’, as it is necessary for the provision of healthcare.

How your personal information is used:

We may use your personal information in the following ways:

  • For the purpose of contacting you in regards to your appointment.
  • For the purposes of identifying you as a patient of the centre.
  • For your imaging request form to be protocolled by a consultant radiologist.
  • For your diagnostic images and any other related information you choose to share with us to be reviewed by a consultant radiologist for the purposes of authoring a clinical report.
  • For your diagnostic images and any other related information you choose to share with us to be reviewed by a secondary consultant radiologist for the purposes of a clinical audit.
  • To invoice you, your insurance companyor the NHS for the cost of the MRI scan you have with us.

Who your data is shared with:

We will not share your personal information with any third parties other than those explicitly necessary for us to perform our duties, and we will not use any of your contact information for marketing purposes.

Medical imaging requires two separate systems to be processed – a Radiology Information System (RIS), which is a networked software system for managing medical imagery and associated data, and a Picture Archive and Communication System (PACS), which is used to store and view the diagnostic imaging files. The providers that we use for each of these services, and with whom we will share your relevant data, are as follows:

Product Supplier Contact
RIS Aptvision Limited
PACS Biotronics3D Limited

We will sometimes transfer your medical imaging report and diagnostic images to your referring consultant or hospital via the Image Exchange Portal (IEP), operated by Sectra AB –

UOMRI has GDPR compliant contracts with all the processors with whom data is shared.

Your medical imaging report and diagnostic images will be shared with your referring consultant, or, if you self-referred, your GP. If your referral is for medico-legal purposes, your medical imaging report and diagnostic images will be shared with your solicitor.

We may on occasion be required to share certain information with healthcare regulators, primarily the Care Quality Commission (CQC), General Medical Council (GMC), and the Health and Care Professions Council (HCPC). This will only occur when necessary – such circumstances may include, but are not limited to, an investigation involving a clinician who has been involved in your care, or if you were to make a complaint to one of these bodies that required further investigation.

If you are insured, we will share with your insurance company the relevant and required information to facilitate the invoicing process. We will only share the information to which they are entitled.

On rare occasions, we may share your personal information with a third-party debt collection agency if your account is not settled and our own efforts to contact you for this purpose are unsuccessful.

Other ways we may use your personal information:

If a third party contact us requesting access to your personal information without providing evidence of explicit consent, we will contact you to confirm that you have authorised for this information to be provided to a third party, and request that you complete an ‘Access to Health Records – Third Party’ document if you wish for this data to be shared.

Keeping your data secure:

We are committed to ensuring that any information you provide to us is secure. In order to prevent unauthorized access or disclosure and to prevent personal date being destroyed or lost, we have put in place suitable organisational and technical security measures and procedures to safeguard and secure the information that we collect. These range from internal policies and procedures relating to data security, to software designed to prevent/restrict access or backup/protect data.

Data retention:

Any personal data you provide will be held for as long as is necessary to facilitate the purpose for which it was collected, and in strict accordance with the appropriate guidance and all applicable data protection laws.

We follow the guidance of the Royal College of Radiologists in regards to the data retention period, which is in turn based on the NHS Records Management Code of Practice for Health and Social Care 2016:

  • For imaging and report records of adults, that these should be retained for eight years since discharge.
  • For imaging and report data for children, that these should be retained until the child’s 26th birthday or eight years since the child was last seen – whichever is later.

Automated decision making:

We do not employ any automated decision-making.

Your rights:

You have the following rights regarding your personal information. If you wish to exercise any of these rights, please contact us directly by emailing

Right of Access

You have a right to access the personal data we hold about you or obtain a copy of it.

Right to Rectification

If you believe that the information we hold for you is incomplete or inaccurate, you may contact us to ask us to complete or correct that information.

Right to Erasure

The General Data Protection Regulation allows you the right to request the erasure of your personal data – however, this does not apply to what is considered special category data. Some of the information that we may hold falls under one of these two categories:

‘If the processing is necessary for the purposes of preventative or occupational medicine (e.g. where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This only applies where the data is being processed by or under the responsibility of a professional subject to a legal obligation of professional secrecy (e.g. a health professional).’

If you wish for us to erase personal data that does not fall under special category data, please contact us directly.

Right to Withdraw Consent

You have the right to withdraw the consent you have provided us to handle your personal information.

Right to Data Portability

The right to request the personal information that we hold to be transferred to you or a third party in a readable format.

Right to Lodge a Complaint

You have the right to complain to the Information Commissioner’s Office (ICO) if you believe there is a problem with the way in which we are handling or proceed to handle your data. You can contact the ICO by phoning 0303 123 1113, or by visiting

Frequency of Update

This privacy notice will be updated annually, or prior to that if necessary. The most recent version will always be available on our website: