Privacy Notice
This privacy notice explains how Vanguard Ultrasound Services Limited (“VanUS”, “we”, “us”) uses personal information. It is written for: NHS partners and professionals contacting or working with VanUS; and members of the public who visit our website or contact us.
If you have questions, contact us using the details in the Contact section below.
Who we are
VanUS is an NHS-facing ultrasound insourcing provider. We support NHS services with additional diagnostic ultrasound capacity delivered on-site. VanUS is registered in the UK. Our registered office and company number are available on request and on our Contact page.
Key points at a glance
We collect only the information we need to respond to enquiries, manage recruitment, and run our website. We do not use this website to book patient appointments. Please do not send patient-identifiable information through website forms or general email enquiries. Where VanUS supports NHS services, information handling arrangements are agreed with the host organisation and follow local pathways and information governance requirements.
Data protection roles (controller and processor) – plain English
Sometimes VanUS decides how personal information is used (we are the data controller). Sometimes we handle information on behalf of an NHS organisation (we act as a data processor).
| Scenario | Our role | What this means |
|---|---|---|
| Website enquiries and general contact | Controller | We decide how to use the information to respond to your enquiry. |
| Recruitment and workforce administration | Controller | We use applicant/worker information for recruitment and workforce processes. |
| Delivery of services within an NHS organisation | Processor (usually) | We handle information on behalf of the NHS organisation, following agreed instructions and local information governance arrangements. In some limited situations, roles may be shared or vary depending on the arrangement. |
If you are unsure who the controller is for a particular activity, contact us and we will clarify.
What information we collect
Depending on how you interact with us, we may collect:
- Contact details: name, email, phone number, organisation, job title.
- Enquiry details: the information you include in messages (for example, service, governance or procurement enquiries).
- Recruitment information: CV/employment history, qualifications, professional registration information (where relevant), references, right-to-work information, and notes from interviews.
- Website usage information: IP address, device/browser information, pages visited, and cookie preferences (see Cookies below).
- Health-related information (where applicable): limited special category health information only where necessary and appropriate (for example, occupational health adjustments in recruitment).
We do not ask for patient-identifiable information via website forms.
Why we use personal information (purposes)
We use personal information to: respond to enquiries and route them to the right team; discuss and mobilise NHS services, including governance and assurance discussions; manage recruitment, onboarding and workforce administration; meet legal and regulatory obligations where applicable; keep our systems secure and prevent misuse; and understand how our website is used so we can improve it.
Our lawful basis for processing
We rely on one or more of the following lawful bases under UK GDPR:
- Legitimate interests – to respond to enquiries, operate our website, and run our business (balanced against your rights).
- Contract – where processing is needed to take steps before entering into a contract or to deliver a contract (e.g., recruitment or supplier arrangements).
- Legal obligation – where we must process information to comply with law (e.g., employment law).
- Consent – where we ask for it (e.g., certain cookies; where we use consent on forms). You can withdraw consent at any time for future processing.
For special category data (such as health-related information), we only process it where a UK GDPR Article 9 condition also applies (for example, employment obligations or explicit consent where required).
Who we share information with
We may share information with:
- NHS partners where necessary to progress or mobilise services (for example, named contacts for contracting and governance discussions);
- Service providers who help us operate our website and systems (for example, web hosting, email, IT support), under appropriate contractual controls;
- Professional advisors (e.g., legal, insurance) where necessary and under confidentiality obligations;
- Regulators or authorities where we have a legal obligation.
Your rights
Under UK GDPR you have rights including: right to be informed, right of access, right to rectification, right to erasure (in some cases), right to restrict processing, right to data portability, right to object, rights related to automated decision making and profiling.
To exercise your rights or for questions, contact us using the details in the Contact section.
Contact
Email: [insert email]
Phone: [insert phone]
Registered office: [insert address]
Company number: [insert]
We aim to respond to data protection enquiries within 30 days.
