ScanBook
Book a Scan

ScanBook legal

Privacy Policy

Last updated: 28 April 2026

Connective Ltd (trading as Scanbook) | Company No. 11148446

1. Who We Are

This Privacy Policy explains how Connective Ltd, trading as Scanbook ("Scanbook", "we", "us", "our"), collects, uses, stores, and shares your personal information when you use the Scanbook platform at www.scanbook.uk (the "Platform").

Connective Ltd is the data controller for the purposes of the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018 ("DPA 2018"). Our registered address is Unit Da2 Sutherland House, 43 Sutherland Road, London, E17 6BU, United Kingdom.

For any data protection queries, please contact us at: info@scanbook.uk

2. Personal Information We Collect

When you use the Platform, you may provide us with identity data, contact data, booking data, health data, payment data and communications you send to us.

When you browse the Platform, we may automatically collect technical data, usage data and approximate location data based on IP address or postcode entered during booking.

  • Identity data: full name, date of birth, gender
  • Contact data: email address, phone number, home address
  • Booking data: scan type, preferred clinic, appointment preferences
  • Health data: relevant medical history, contraindications, implants, where required for safety or booking purposes
  • Payment data: billing address and payment method, processed directly by Stripe; we do not store full card details
  • Technical data: IP address, browser type, operating system, device identifiers
  • Usage data: pages viewed, time spent on the Platform, referral sources

3. Special Category Data - Health Information

Some information you provide, such as details about medical conditions, implants, or contraindications relevant to your scan, constitutes special category data under UK GDPR. We process this data only where strictly necessary to facilitate your booking and to ensure your safety at the Clinic.

The legal basis for processing your health data is Article 9(2)(h) UK GDPR - processing necessary for the purposes of preventive medicine or the provision of health care - and where applicable, your explicit consent collected during the booking process.

We restrict access to health data on a strict need-to-know basis and share it only with the Clinic you have booked with.

4. Legal Bases for Processing

We process your personal information on the following legal bases under UK GDPR Article 6:

  • Performance of a contract: to process your booking, confirm appointments, and manage payments.
  • Legal obligation: to comply with applicable laws and regulations, including tax and accounting obligations.
  • Legitimate interests: to operate, improve, and secure the Platform; to communicate with you about your booking; to prevent fraud.
  • Consent: for marketing communications where you have opted in and for certain cookie-based tracking technologies.

5. How We Use Your Information

We use your personal information to operate the Platform and provide booking services.

  • To process and confirm your booking and communicate appointment details.
  • To share the minimum necessary information with the Clinic you have booked with.
  • To process your payment securely via Stripe.
  • To send booking confirmations, appointment reminders, and post-scan follow-up communications.
  • To respond to your enquiries and provide customer support.
  • To comply with legal and regulatory obligations.
  • To improve the Platform and user experience through analytics.
  • To send you marketing communications, if you have opted in.

6. Who We Share Your Information With

When you book a scan, we share the minimum necessary personal information, including name, contact details, and relevant health information, with the Clinic to facilitate your appointment. Clinics are independent data controllers and are CQC-registered providers subject to their own data protection obligations.

We use third-party service providers to help operate the Platform. These providers process personal information only on our instructions and are subject to contractual data protection obligations.

We may disclose your personal information where required by law, court order, or to protect the rights and safety of Scanbook, our users, or third parties.

If Connective Ltd is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction, subject to appropriate safeguards.

7. International Transfers

Some of our sub-processors are based outside the United Kingdom. Where we transfer personal information outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR, including the use of UK International Data Transfer Agreements or equivalent mechanisms approved by the Information Commissioner's Office.

8. How Long We Keep Your Information

We retain your personal information only for as long as necessary for the purposes described in this Policy, or as required by law.

  • Booking and transaction records: 7 years.
  • Health-related booking information: 7 years from the date of the appointment.
  • Marketing preferences and consent records: until you withdraw consent or request deletion.
  • Technical and usage data: up to 26 months.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Platform, analyse usage, and where you consent, deliver relevant communications. Our Cookie Policy provides full details of the cookies we use and how to manage them.

You can manage cookie preferences at any time via your browser settings or our cookie consent banner.

10. How We Keep Your Information Safe

We apply appropriate technical and organisational security measures to protect your personal information against unauthorised access, loss, destruction, or alteration. These include encrypted data transmission, access controls, and regular security reviews.

However, no method of electronic transmission or storage is 100% secure. You use the Platform at your own risk and should access it from a secure device and connection.

11. Your Rights

Under UK GDPR, you have rights of access, rectification, erasure, restriction, objection, data portability and withdrawal of consent where processing is based on consent.

To exercise any of these rights, please contact us at info@scanbook.uk. We will respond within one calendar month of receiving your request. You also have the right to lodge a complaint with the Information Commissioner's Office at www.ico.org.uk.

12. Children's Privacy

The Platform is intended for use by adults aged 18 and over. We do not knowingly collect personal information from children under 18. If you believe a child's data has been submitted to us without appropriate authority, please contact us at info@scanbook.uk.

13. Marketing Communications

We will only send you marketing communications where you have given your consent. You may opt out at any time by clicking the unsubscribe link in any marketing email, or by contacting us at info@scanbook.uk. Opting out of marketing does not affect service-related communications relating to your bookings.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on the Platform with a revised "Last Updated" date. We will notify you of material changes where possible.

15. Contact and Complaints

Connective Ltd (trading as Scanbook), Unit Da2 Sutherland House, 43 Sutherland Road, London, E17 6BU.

Email: info@scanbook.uk | Website: www.scanbook.uk/privacy-policy

If you are not satisfied with our response, you may escalate your complaint to the Information Commissioner's Office at www.ico.org.uk.