Book now
Menu
Dexa Menu Close
Book now
Call: 0207 637 8227 Email: info@dexa.london
Book now

Privacy Policy

DEXA London (3Beam Ltd)

1. Overview

1.1 We are committed to protecting the privacy and security of your personal data. We have robust information security and data-governance systems in place to protect your personal information.

1.2 This Privacy Policy applies to personal data we process when you: visit our websites; book or attend a scan (bone-density or body-composition) with DEXA London; communicate with us regarding those services.

1.3 3Beam Ltd, trading as DEXA London, is the “data controller” for the purposes of UK GDPR and the Data Protection Act 2018. Our registered office is 86 Harley Street, London W1G 7HP.

1.4 We are registered (or remain registered) as a data controller with the Information Commissioner’s Office (ICO).

1.5 We will ensure that data is: fairly and lawfully processed; collected for specified and legitimate purposes; adequate, relevant and not excessive; accurate; not kept longer than necessary; processed in accordance with your rights; and, where applicable, not transferred outside the UK without suitable safeguards.

2. What Information Do We Collect, and How Do We Use It?

We collect and process the following categories of information:

2.1 Types of Data Collected

Identity and contact data: name, title, date of birth, address, email address, telephone number.

Booking/appointment data: dates of scan, type of scan booked (bone density or body composition), payment and billing information (processed by third-party payment provider; card details not stored by us).

Health & clinical data (special category data): for example, referral details, indication for scan, previous imaging or treatment history (bone density scans), body composition metrics, DEXA images (DICOM files) and scan reports (bone scans only).

Technical/usage data: IP address, browser type/version, device used, location data (collected via cookies or website analytics) when you visit our website.

Marketing & communications data: your preferences for receiving marketing communications from us, if you have opted-in.
Service-provider data: data we hold about you when you are referred through a clinician, partner organisation, or when you provide third-party details (for example, a referrer sending us your data).

2.2 Purposes of Processing

We use your information for the following purposes:
To provide the scan service you have requested (booking, appointment confirmation, scan performance, clinical reporting (bone scans), result delivery).

To administer your account, billing, invoicing and payments.

To communicate with you (appointment reminders, scan instructions, follow-up information, result delivery).

To meet our legal and regulatory obligations (CQC, IR(ME)R compliance, radiation safety records, record-retention).

For internal business purposes (service improvement, audit, quality assurance) and to protect against fraud or misuse.

If you have consented, to send you relevant marketing communications about our imaging services.

For external clinical reporting: in the case of bone-density scans, your imaging data and referral information will be shared with external specialist rheumatologists/reporting providers for interpretation and clinical report.

3. Lawful Bases for Processing

Under UK GDPR we process your data on the following lawful bases:
Contract: processing necessary to deliver the service you have requested (for example, booking and performing a scan).

Legal obligation: processing necessary for compliance with legal/regulatory obligations (e.g., radiation-safety records, CQC audits).

Legitimate interests: for our business operations and service improvement, provided this does not override your rights.

Consent: where you have explicitly consented to certain processing (e.g., marketing, external specialist reporting).

For special category data (health data), we rely on Article 9 (2)(h) of UK GDPR (processing for the provision of health or social care) and/or explicit consent, as appropriate.

4. Use of Pabau and Other Third-Party Processors

We use the patient records management system Pabau to securely store appointment, clinical and billing data relating to DEXA London scans. We also engage other third-party processors (e.g., payment gateways, clinical-reporting providers, IT service providers).

These third-parties act either as processors or independent controllers, as described below.

We only share your personal data with them where necessary, and under contractual terms that ensure compliance with data-protection requirements.

5. Sharing and Disclosing Your Data

We may share your personal data with:
External specialist reporting providers (for bone-density scans) for interpretation of your scan images and preparation of the clinical report;

Payment service providers for processing payments;

Our IT and cloud-service providers (e.g., Amazon AWS, encrypted backup services);

Our professional advisers, auditors and legal advisors;

Regulatory or statutory bodies (e.g., CQC, ICO) when required by law;

Other third-parties only with your consent or where necessary for the performance of our contract with you.
We will not sell or rent your personal information to third parties for marketing purposes without your explicit consent.

6. Transfers Outside the UK

Our primary data processing is in the UK. If we transfer personal data outside the UK, we will ensure appropriate safeguards are in place (e.g., standard contractual clauses) and you will be informed.

7. Retention of Your Data

Data retention periods vary depending on the type of service and relevant legal or clinical obligations.

Typical retention periods are:
General enquiries or marketing-leads data: up to 12 months (unless you withdraw consent earlier).

Appointment and billing records: for the duration of our contract with you and thereafter for legal/accounting purposes.

Clinical imaging records and reports (bone-density scans): in line with the Department of Health & Social Care’s Records Management Code of Practice 2021—normally a minimum of 8 years from the end of treatment; for children and young people until the patient’s 25th birthday (or 26 if they were 17 at end of treatment). Additional retention may apply for medico-legal, regulatory or insurer reasons.

Once data is no longer required, it will be securely deleted or anonymised.

8. Your Rights

Under UK GDPR you have rights in relation to your personal data, including:
The right to access the data we hold about you;

The right to request correction or deletion (“erasure”) of your data;

The right to restrict or object to processing;

The right to data portability (where applicable);

Where processing is based on consent, the right to withdraw your consent at any time (without affecting the lawfulness of processing before withdrawal);

The right to complain to the Information Commissioner’s Office (ICO) if you believe
your rights have been breached.

9. Automated Decision-Making / Profiling

We do not currently carry out any automated decision-making or profiling which has legal or similarly significant effect on you. Should this change, we will inform you accordingly and obtain consent where required.

10. Children’s Data

Our services (imaging scans) are offered to adults. Where children or young people attend, appropriate consent is sought from parent/guardian. We do not knowingly collect personal data from children under 13 via our website without parental consent.

11. Third-Party Websites & Links

Our website may include links to third-party websites. We are not responsible for the privacy practices or content of those websites and encourage you to review their privacy policies.

12. Business Transfers

In the event our business (or part of it) is sold, merged or reorganised, we may transfer your personal data to the acquiring organisation to enable them to continue providing the services to you. Any such transfer will only be made under safe and secure conditions.

13. Changes to this Policy

We reserve the right to amend this Privacy Policy at any time. Any changes will be posted on our website and take effect from the date of posting. It is your responsibility to review it periodically.

14. Contact Information

If you have queries, wish to exercise any of your rights, or have concerns about how we
process your data, please contact:
Data Contact / Data Manager: Dr Emil Gadimali
Email: emil@3beam.co.uk

WE ARE DEXA

DEXA LONDON IS PROVIDED BY 3BEAM.

Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.

EXPLORE MORE