Last updated: 28/09/2025
This Privacy Policy explains how Lanthorn Diagnostics Ltd (“Lanthorn Clinic”, “we”, “us”, “our”) collects, uses, stores, and protects your personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using our website, booking system, or clinical services, you agree to the terms of this Privacy Policy.
1. Who We Are
Lanthorn Diagnostics Ltd is a private medical clinic registered with the Care Quality Commission (CQC). We provide diagnostic ultrasound and related imaging services.
Trading name: Lanthorn Clinic
Companies house registered: Lanthorn Diagnostics Ltd
Email: [email protected]
Clinic address: 59 Mount Pleasant, London, WC1X0AY
Registered office address: FIRST 244 EDGEWARE ROAD, LONDON, W2 1DS
2. What Information We Collect
We may collect and process the following categories of personal data:
2.1 Personal and contact details
Name, date of birth, address, email address, telephone number.
2.2 Health and medical information (special category data)
Medical history, imaging reports, referrals, diagnostic outcomes, and other health information required to provide clinical services.
2.3 Booking and payment details
Appointment information, deposit and payment records (processed securely via our payment provider).We do not store card details directly.
2.4 Technical and website information
When using our website, limited technical data such as IP address, browser type, and pages visited may be collected automatically. The only interactive element on our website is Google Maps, which may collect location data if you interact with the map.
3. How We Collect Your Information
3.1 Directly from you, when you:
a) Book an appointment via our Semble booking portal.
b) Provide medical information during consultations.
c) Contact us by email, telephone, or in person.
3.2 Indirectly, from:
a) Your GP, consultant, or other healthcare providers (with your consent).
b) External imaging providers where we refer you for MRI, CT, or X-ray scans.
4. How We Use Your Information
We process your personal data for the following purposes:
4.1 To deliver clinical services – booking appointments, carrying out imaging, creating reports, and communicating results.
4.2 To maintain medical records in line with clinical and regulatory obligations.
4.3 To manage billing and payments.
4.4 To meet legal and regulatory requirements, including Care Quality Commission compliance.
4.5 To improve our services and website, ensuring security and functionality.
5. Legal Basis for Processing
Our processing of personal data is lawful under:
5.1 Article 6 UK GDPR (lawful bases for processing):6(1)(b) – processing necessary for the performance of a contract (provision of healthcare services).6(1)(c) – compliance with a legal obligation.6(1)(f) – legitimate interests in managing and improving our services.
5.2 Article 9 UK GDPR (special category health data):9(2)(h) – processing necessary for medical diagnosis and provision of healthcare or treatment.
6. Systems and Third-Party Processors
We use the following secure systems to manage data:
6.1 Semble – patient management and booking portal.
6.2 Biotronics3D PACS & RIS – storage and reporting of imaging results.
6.3 Google Maps – embedded on our website; may process location/IP data when you interact with the map.All third-party providers are contractually bound to comply with UK GDPR.
6.4 Forth – Handling blood test results presentation & sharing.
7. Data Sharing
We may share your personal data only when necessary:
7.1 With external imaging providers (MRI, CT, X-ray) where referral is required.
7.2 With your GP, consultant, or other healthcare professionals, where clinically relevant and with your consent.
7.3 With regulators (e.g. CQC) or where required by law.
7.4 With approved IT service providers (e.g. lab partners such as Forth, Randox and TDL) for secure hosting and system maintenance. We will never sell or share your personal data for marketing purposes.
8. Data Retention
8.1 Medical records are retained in line with NHS Records Management Code of Practice:
a) Adult medical records: minimum of 8 years after last treatment.
b) Imaging records: as clinically appropriate.
8.2 Non-clinical data (e.g. enquiries) is retained no longer than necessary.
9. Your Rights
Under UK GDPR, you have the following rights:
9.1 Right to access your personal data.
9.2 Right to request correction of inaccurate data.
9.3 Right to request erasure (where legally permissible).
9.4 Right to restrict processing.
9.5 Right to data portability.
9.6 Right to object to processing.
9.7 Right to lodge a complaint with the Information Commissioner’s Office (ICO) (www.ico.org.uk).
To exercise your rights, contact us at [email protected]
10. Data Security
10.1 We implement appropriate technical and organisational measures to safeguard personal data, including encryption, secure hosting, and role-based access controls.
10.2 Access to patient data is restricted to authorised clinicians and staff only.
11. International Data Transfers
11.1 We primarily store and process data within the UK.
11.2 If data is transferred outside the UK (e.g. by third-party providers), we ensure appropriate safeguards (such as UK adequacy regulations or Standard Contractual Clauses).
12. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, practice, or services. Updates will be posted on our website with the date of revision.