GDPR Compliance

At Baby Bump Sheffield, we take your privacy, confidentiality, and data security extremely seriously.

We are committed to processing personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This page outlines our approach to data protection and the measures we have implemented to ensure the safety, confidentiality, and integrity of our clients’ personal and medical information.

Our Commitment

As a private ultrasound clinic, we handle both personal data and special category medical data. We have aligned our internal processes, systems, and documentation to ensure full compliance with UK data protection laws.

• Transparency: We clearly explain what data we collect, why we collect it, and how it is used.
• Data Minimisation: We only collect information that is necessary to provide safe and effective ultrasound services.
• Security: We implement appropriate technical and organisational safeguards to protect your information.
• Confidentiality: All medical information is treated with strict professional confidentiality.
• Accountability: We maintain appropriate documentation and internal procedures to demonstrate GDPR compliance.

How We Protect Data

We follow a “Privacy by Design” approach in all aspects of our operations.

• Encryption: Data is encrypted in transit (SSL/TLS) and stored securely where applicable.
• Secure Record Systems: Patient records and scan data are stored in secure systems with controlled access.
• Access Controls: Access to personal and medical data is restricted to authorised staff only and granted on a need-to-know basis.
• Device & System Protection: Password-protected devices, secure networks, firewalls, and anti-malware protection are in place.
• Third-Party Due Diligence: We only work with trusted providers (e.g., booking systems, payment processors, cloud hosting) who meet high standards of GDPR compliance.

Medical Data & Lawful Basis

We may process the following information:

• Personal identification data
• Contact details
• Pregnancy and medical information relevant to your scan
• Ultrasound images and reports

We process this information under:

• Contractual necessity: To provide the services you have booked
• Legal obligations: To comply with healthcare and tax regulations
• Explicit consent: For processing special category medical data

Your medical information is never used for marketing purposes without your explicit consent.

Data Sharing

We do not sell or trade your personal data.

We may share information only when necessary:

• With your GP or healthcare provider (with your consent or if clinically necessary)
• With secure payment providers
• With IT service providers under strict data processing agreements
• With regulatory authorities if legally required

International Data Transfers

Baby Bump Sheffield operates within the United Kingdom.

If data is transferred outside the UK (for example, via secure cloud providers), appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), adequacy regulations, or standard contractual clauses are implemented.

Data Retention

Medical and personal records are retained in accordance with UK healthcare record retention guidelines. When data is no longer required, it is securely deleted or anonymised.

Your Rights Under GDPR

• The right to be informed
• The right of access
• The right to rectification
• The right to erasure (“right to be forgotten”) where applicable
• The right to restrict processing
• The right to object
• The right to data portability
• The right to withdraw consent at any time (where consent applies)

To exercise any of these rights, please contact us using the details below.

Contact Us

Baby Bump Sheffield
Unit 12 New Era Square,Bramall Ln, Highfield,Sheffield S2 4RB,United Kingdom
Sheffield
Email: info@babybumpsheffield.co.uk
Phone: 01146980398