CardioLogic ECG Screening Privacy Notice
(UK GDPR Compliant)
1. Who we are
CardioLogic Ltd (“we”, “us”, “our”) is the data controller for your personal
information collected as part of our ECG screening service.
• Contact email: office@cardiologic.co.uk
• Phone: 01845 523132
If you have any questions about how we handle your data, you can contact us using the details above.
2. What data we collect
We collect the following personal and special category data:
• Identification and contact details (name, date of birth, phone, email, gender, ethnicity).
• Parent/guardian details (if under 18).
• Health information (heart-related symptoms, ECG recordings, cardiologist reports).
• Consent records.
3. Why we process your data
We process your data in order to:
• Provide ECG screening services.
• Enable self-administration of ECGs using QT Medical’s platform.
• Allow cardiologists to review your ECG results.
• Communicate results securely to you.
• Improve service quality (using anonymised data, unless you opt out).
4. Lawful basis for processing
• Article 6(1)(a) UK GDPR – Your explicit consent.
• Article 9(2)(a) UK GDPR – Your explicit consent to the processing of health data.
You may withdraw your consent at any time by contacting us (see Section 1).
Withdrawal will not affect the lawfulness of processing carried out before withdrawal.
5. Who we share your data with
We share your personal data only as necessary to deliver the ECG screening service:
• Zoho (Forms platform) – collection of your consent and questionnaire responses.
• Google (GMail/Sheets/Drive) – temporary storage, CSV export, encrypted delivery of ECG reports.
• QT Medical – creation of patient profiles and storage of ECG data/reports.
• Cardiologists – authorised medical professionals reviewing ECGs.
• Vonage (SMS provider) – delivery of encrypted report passwords by SMS.
All third parties act as our data processors and are bound by GDPR-compliant data processing agreements.
6. International data transfers
Some providers (e.g. Zoho, Google, QT Medical) may process data outside the
UK/EEA. Where this occurs, we ensure appropriate safeguards are in
place, such as Standard Contractual Clauses approved by the UK GDPR.
7. How long we keep your data:
CardioLogic keeps records for as long as required in accordance with:
-
legal requirements;
-
tax and accounting rules and
-
the needs of the purpose for which the data was collected.
Where or when your information is no longer required, we will ensure it is moved and / or disposed of in a secure manner.
8. How we keep your data secure
• Encrypted storage of files (AES-256).
• Secure transmission of reports (encrypted, password sent separately by SMS).
• Restricted access (only authorised staff and cardiologists).
• Routine deletion of temporary data files.
9. Your data protection rights
Under the UK GDPR, you have the right to:
• Access your data.
• Request correction of inaccurate data.
• Request erasure of your data (where applicable).
• Restrict or object to processing.
• Data portability (receive your data in a usable format).
• Withdraw consent at any time.
• Lodge a complaint with the Information Commissioner’s Office (ICO) – www.ico.org.uk.
10. Automated decision-making
We do not make decisions about you based solely on automated processing. All ECGs are reviewed by a qualified cardiologist.
11. Changes to this notice
We may update this privacy notice from time to time. The latest version will always be available on our website or upon request.