Our Site is not intended for children and we do not knowingly collect personal data relating to children.
We may hold information about you as a user of our Site, customer, a prospective customer or as a representative of a business customer or supplier. We collect this information in a number of ways (as applicable, depending on what service we provide you):
- information is collected through your use of the Site and any applications or partnerships;
- information is collected through your communications with us;
- information is collected via our networks when you use any of our services, to enable us to provide the service, and to bill it.
We may also record and/or monitor calls for quality checks and/or staff training.
We may hold and use the following information about you (as applicable and dependant upon which service we provide you):
- your name, title, place of work, job role, date of birth, passport number (only for business users of our Site) (Identity Data);
your phone number(s), address, email address(es) (Contact Data);
- your banking or financial details (Financial Data);
- your interests, preferences, feedback and survey responses (Profile Data);
- details and information about the goods and/or services you receive from us including travel itinerary details (Usage Data or Transaction Data);
- information about when you contact us and when we contact you (Marketing and Communications Data);
- Vaccination status, ethinic origin and diagnostic details (Special Category Data)
If we need to collect your personal information by law or under the terms of a contract we have with you and you don't provide that information, we may not be able to provide you with the applicable products or services. In this case, we may have to cancel a product or service you have with us, but we will tell you if this is the case at the time.
If a debit or credit card provided to us is identified as having been used fraudulently, we will maintain a record of its use for reporting and preventing fraud.
We may use your information on the following lawful grounds:
- where we need to in order to perform the contract we are about to enter into with you or have entered into with you;
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- where we need to comply with a legal or regulatory obligation;
- where we are permitted to do so by law;
- where it is in the public interest to disclose the information;
- where it is otherwise permitted under data protection laws.
Generally, we do not rely on consent as a legal basis for processing your personal information.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Retention of personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Keeping in touch
We may use your information to contact you by email, SMS, letter, telephone (including voicemail) or other ways.
You can ask us to stop sending you marketing messages at any time by sending an email to [email protected] with the subject line 'Unsubscribe'.
We may share information about you:
- with anyone we use to help us to operate our business to collect payments or recover debts or to provide a service on our behalf, such as contractors, consultants, advisers and the markets. We will put in place appropriate measures to ensure your personal information remains protected;
- with regulatory bodies, government authorities or ombudsmen schemes or other authorities to comply with our regulatory obligations and industry standards;
- with the police and any other investigatory authority where we consider it reasonable to do so in order to protect our business, premises, visitors and staff;
- with media organisations you've spoken to or corresponded with about your account;
- with any individual or entity where we are required to do so by law (for example, pursuant to a court order).
If you become one of our business customers and apply for our products or services, we may also use and share information about you as follows:
- with any payment system we use;
- with any laboratory who we arrange to provide testing services to you;
- with government agencies such as Public Health England and the Department for Health and Social Care for any statutory reporting of diagnostic test outcomes for notifiable diseases;
- with credit reference agencies or fraud prevention agencies.
We may transfer your information to other countries outside the UK, including outside the European Economic Area whose data protection laws may not be equivalent to those in the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; or
- Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
Information provided through the Site is stored on our secure servers or those of any third party we engage to provide our IT platform.
Where we have given you, or you have chosen, a password which enables you to access certain parts of our Site, you are responsible for keeping the password confidential and must not share it with anyone. You are responsible for any actions carried out using your password save where there has been fraud.
Whilst we will have appropriate measures in place to protect personal information you send to the Site, we cannot guarantee the security of the internet, so please refrain from sending us particularly private or sensitive details in free text fields. Please only provide such details to the extent that specific data fields are provided. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Under data protection laws, you have the following rights in relation to your personal information:
- Request access to your personal information i.e. a right to be told whether we hold your personal information and, subject to certain exceptions, to be provided with a copy of such information.
- Request correction of your personal information i.e. a right to have any incomplete or inaccurate personal information we hold about you corrected.
- Request erasure of your personal information i.e. a right to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
- Object to processing of your personal information i.e. where we are relying on a legitimate interest and there is something which makes you want to object to processing on this ground because it impacts on your fundamental rights and freedoms.
- Request restriction of processing your personal information i.e. a right to ask us to suspend the processing of your personal information in certain scenarios.
- Request transfer of your personal information i.e. a right to have any information which we used to perform a contract with you transferred to you or a third party of your choice.
- Right to withdraw consent.
If you would like to exercise any of these rights, please do so in writing to [email protected] You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we can refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will let you know and keep you updated.
Our site may contain links to the websites of third parties. If you follow a link to any third-party website, please note that these websites will have their own privacy policies and that we do not accept any responsibility or liability in respect of the same.
You have the right to make a complaint at any time to the Information Commissioner's Office ("ICO"), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
ICO Registration number: ZA775566
© 2021 Covid Testing Network, July 2021