privacy policy

Last updated: 18 November 2025

Ovidius Medical Ltd is committed to protecting your privacy.

This policy explains what information we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

‍1. Who we are Ovidius Medical Ltd Registered in England and Wales Company number: 10054904Registered office: 45 Queen Street, Deal, Kent, CT14 6EYEmail: info@ovidius-medical.comOvidius Medical is a UK distributor specialising in medical imaging software and spinal implant technologies. For Bone MRI services, Ovidius Medical acts as a UK commercial partner and facilitates communication between NHS Trusts and MRI guidance BV (the technology provider).

‍2. What information we collect ‍Website visitors If you contact us via our website or email, we may collect:• your name• email address• phone number• organisation and job role• any information you choose to include in your messageWe do not use tracking cookies, targeted advertising or marketing analytics. BoneMRI pilot and licence projects During the pilot onboarding process:
• NHS Trusts transfer DICOM imaging data directly to MRIguidance BV using their secure IEP (Image Exchange Portal).
• Ovidius Medical does not download, process or store any DICOM images.
• Ovidius Medical does not retain patient-identifiable imaging data.
• Ovidius Medical may be included in email correspondence that contains patient identifiers (for example, when Trusts share IEP access links or passwords with MRIguidance).IEP passwords expire automatically within minutes.Ovidius Medical does not store, save or archive these credentials.
Once a Trust moves from the pilot to a full BoneMRI licence, all clinical data flows directly between the Trust and MRIguidance, and Ovidius Medical no longer receives any patient information.

‍3. How we use your information We use your information only to:
• respond to general enquiries• support NHS Trusts during the BoneMRI pilot onboarding process
• coordinate communication between Trusts and MRI guidance BV• manage commercial and contractual relationships
• meet regulatory, audit and business obligations We do not use personal information for marketing and we do not sell or rent personal data.

‍4. Legal basis for processing For Bone MRI projects, the lawful basis for processing patient information is:Article 6(1)(e) – performance of a task carried out in the public interest Article 9(2)(h) – management of healthcare systems and services, including ensuring the safety, traceability and quality of medical devices These legal bases apply because processing supports direct patient care and required clinical workflows. Consent is not required for this type of healthcare-related processing. For non-clinical information (such as enquiries), we rely on:
• legitimate interest, or• contract, depending on the context.More information on lawful basis is available from the ICO:https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/a-guide-to-lawful-basis/

‍5. Sharing your data We share information only when necessary and only with trusted partners, including:
• MRIguidance BV (Netherlands) – the Data Processor for Bone MRI clinical imaging
• NHS Trusts and clinicians involved in patient care
• authorised IT suppliers (such as Microsoft 365)Ovidius Medical does not transmit or transfer DICOM images.These are exchanged directly between NHS Trusts and MRIguidance BV.We do not sell, rent or trade personal data.

‍6. International data transfers MRIguidance BV is based in the Netherlands. When NHS Trusts transfer data to MRI guidance, the information flows to the EU. The UK Government recognises the EU as providing an adequate level of data protection. This means EU data transfers are lawful and provide equivalent safeguards to UK GDPR.More information:https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfers-a-guide/

‍7. How we store and protect your information
‍• Ovidius Medical does not store BoneMRI imaging data.
• Emails containing patient identifiers (received incidentally during pilot onboarding) are retained only temporarily and are automatically deleted after 90 days.
• All business information is stored securely on Microsoft 365 UK-based servers, protected with multi-factor authentication (MFA).
• Access to personal data is limited to authorised personnel.
• We review and update security measures in line with UK GDPR and ICO expectations.

‍8. How long we keep your data We retain personal information only as long as necessary for the purposes described above or to meet our legal and regulatory obligations.
Patient information received incidentally via email during pilot onboarding is short-lived and deleted automatically within 90 days. We do not store or retain DICOM images or access credentials.

‍9. Your rights Under UK GDPR, you have the right to:
• access your personal data
• correct inaccurate information
• request deletion where appropriate
• object to or restrict processing
• request a copy of your data in a portable format (where applicable) To exercise your rights, contact: info@ovidius-medical.comIf you are unhappy with how your data has been handled, you may complain to the Information Commissioner’s Office (ICO):https://ico.org.uk/make-a-complaint/

‍10. Updates to this policy We may update this policy from time to time to reflect changes in law or our operations. The latest version will always be available at:www.ovidius-medical.com/privacy-policy

‍Privacy Policy

This privacy policy is for this website www.ovidius-medical.com and served by Ovidius Medical Ltd and governs the privacy of its users who choose to use it.
‍
The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore the way this website processes, stores and protects user data and information will also be detailed within this policy.

The Website

This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.

Cookie Policy

This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer / device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer / device.