Privacy Notice

Privacy Notice for Log My Scan

  1. Purpose of this Notice

This Privacy Notice tells you how Teesside University as Data Controller, collects and processes your personal data as users of the app Log My Scan. 

We may amend this notice to reflect changes to our website, business, data protection law or other legislation.  For this reason, we ask that you revisit this notice on a regular basis.

  1. Why your Personal Data is Collected

Log My Scan is a technology service for doctors, nurses and other healthcare professionals who undertake Point-of-Care Ultrasound (POCUS) scanning as part of their professional role. Your Personal Data is collected in order to register you as an app user, to faciltiate your use of the app and for general administration of your account, including sending you updates and push notifications. The app aims to facilitate supervision of training. 

  1. How Personal Data is Collected

Personal Data is collected from you when you register and when you upload anything which identifies you personally to the app. 

  1. What Personal Data Is Collected

The following information will be collected and stored by the University:

4.1 Name 

4.2 Email

4.3 Password (hashed)

4.4 Phone number

4.5 Marketing Preferences

4.6 Job

4.7 Hospital/Clinical Location

4.8 Language preferences

4.9 Address/Country

4.10 Date of Registration

4.11 Clinical activity

4.12 Superviser/supervisee relationship

4.13 Feedback and comments 

4.14 Personal reflections on clinical activity

4.15 Progress towards achievement competencies

4.16 Users skill level in performing different types of scans as a medical diagnostic test

This is not an exclusive list and other personal data may be requested consistent with the expressed purpose.  

  1. Lawful Basis

Personal data processed for the purposes identified above on the basis of consent. In signing up to and using the app you expressly consent to personal data being collected and shared as described below. 

All uploaded patient scan data will be anonymous and does not constitute personal data under data protection legislation. You are however obliged to follow ethical and clinical requirements in relation to obtaining consent from the patient to use their anonymised scan data for these purposes and/or have a lawful basis under Article 6 and 9 of the GDPR (e.g. Article 6(f) and 9(h), with a condition under Part 1, Sch 1 section 2(c) and (d) of the Data Protection Act 2018). 

  1. How Your Personal Data is shared with 3rd parties

The University may share your personal data internally between departments for the purposes of administering your account.

The University will only share your Personal Data with external third parties where we are permitted to do so under Data Protection Legislation. 

Where we have a lawful basis, we may pass Personal Data to third parties in the following circumstances:

5.1 To professional bodies where there are fitness to practice concerns; 

5.2 To the police where inappropriate use is identified;

5.3 To relevant authorities where required by law to do so;

5.4 In the public interest for the purposes of research subject to appropriate safeguards;

5.5 Some data e.g. feedback from a supervisor may be shared with others with your express consent.

  1. Transfers of Personal Data outside of the EEA

International processing is not envisaged within this activity but in the event that it is necessary to transfer data outside the EEA this will done pursuant to an agreement which ensures that necessary safeguards are in place and this privacy notice will be updated accordingly.

  1. Security of Personal Data

We take technical and organisational measures to protect all of the Personal Data we hold. Only authorised employees and contractors have access to your Personal Data. All personal data will be stored in cloud storage which complies with NHS standards of cloud storage and NHS cloud provider requirements.

  1. Personal Data Retention Periods

We will only retain the Personal Data we hold about you as long as necessary. Personal data will automatically be deleted when you delete the app from your device. See below section 10. if you have any concerns about retention of your personal data and/or you wish to exercise a right to erasure. 

  1. Your Responsibilities

GDPR requires that Personal Data is accurate. It is essential that you update your account details if any information you have provided changes. If you fail to update your details, the University cannot take responsibility for any inaccuracy. Requests for deletion or erasure in accordance you’re your rights below should be sent to Any such requests will be actioned within 28 days of receipt.

  1. Your Rights

As a data subject you have certain rights which include:

Right to complain  You have the right to lodge a complaint with the Information Commissioner’s Office details are provided below;

Right to access personal data: You can find out what information we hold about you by making a subject access request.  The request can be made free of charge, by writing to  the Data Protection Officer, details of which are below.

Right to Erasure (Right to be Forgotten)  You have the right to have the Personal Data we hold about you erased;

Right to object You have the right to object at any time to the processing of your Personal Data;

Right to withdraw Consent  Where consent forms are the basis for processing, you have the right to withdraw your consent to the processing at any time;

Right to Data Portability  If you request us to we will transmit your Personal Data directly to another organisation;

Right to Rectification  You have the right to ask us to rectify inaccurate information held about you without undue delay.

These are not unqualified rights and the University may not be able to act on your request in certain circumstances.

  1. Contact Details of the Data Protection Officer

The Data Protection Officer is contactable at Teesside University, Middlesbrough, Tees Valley, TS13BX, UK.  Telephone: +44 (0)1642218121, Email:

You may contact our Data Protection Officer directly with any queries relating to Data Protection.

  1. Name and Address of the Lead Supervisory Authority

The Lead Supervisory Authority overseeing the Controller is:   The Information Comissioner’s Office (the’ICO’), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF, United Kingdom.  Tel: +44 (0)3031231113, Email: Website:

Document Version


Publication Date

12th May 2021