Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Information about us and how to contact us
- Who we are. We are TEST.ME which is our trading name for Preventx Limited. Preventx Limited is a company registered in England and Wales. Our company registration number is 06603066 and our registered office is at MBP 5 Meadowhall Business Park, Carbrook Hall Road, Sheffield, South Yorkshire, England, S9 2EQ.
- When we use the words “writing” or “written” in these terms, this includes emails.
Information we may collect from you
- Personal Data Collection. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you when you do so which we have grouped together follows:
- Identity Data – this includes first name, last name, username or similar identifier, date of birth and sex / gender.
- Contact Data – this includes billing / delivery address, email address and telephone number.
- Health Data includes any information about your physical health including your medical history and/or current health status including but not limited to data relating to test results.
- Financial Data (if applicable) includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and Services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Site.
- Usage Data includes information about how you use our Site, products, and services.
- Aggregated Data Collection. We also may collect, use and share aggregated (anonymised) data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.
- Marketing Purposes. We do not collect, use and / or share any of your personal data for marketing purposes.
Keeping your data secure
At Preventx, data security is important to us and we also know that it is important to you. We have therefore put in place robust and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who only have a legitimate business requirement to see it. These individuals will only process your personal data on our instructions in accordance with this policy and they are subject to a duty of confidentiality.
In line with EU GDPR regulations we have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How we will collect your data
We use different methods to collect data from and about you including through:
You may give us any of the categories of data identified above by filling in forms on our Site or by corresponding with us by phone, e-mail or otherwise. This includes personal data you provide when you:
- register to use our Site;
- purchase one of our products or services;
- give us some feedback.
Automated technologies or interactions
Contact, Financial and Transaction Data (if applicable)
from providers of technical, payment and delivery services such as Stripe (or similar third-party payment processors) based inside the EU.
Identity and Contact Data
from data brokers or aggregators such as Google Analytics (or similar organisations) based inside the EU.
Why we will use your data
The lawful basis for processing is set out in Schedule 1 of the Data Protection Act 2018 and Article 6 and 9 of the General Data Protection Regulation (GDPR). We may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal basis, we are relying on to process your personal data where more than one ground has been set out below.
At least one of these must apply whenever we process personal data:
- Consent:you have given clear consent for us to process your personal data for a specific purpose.
- Contract:the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
- Legal obligation:the processing is necessary for us to comply with the law (not including contractual obligations).
- Vital interests:the processing is necessary to protect someone’s life.
- Public task:the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
- Legitimate interests:the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
- Healthcare provision:the processing of data concerning your health is necessary for us to provide you with a medical diagnosis and/or healthcare treatment.
Click here to find out more about the types of lawful basis that we will rely on to process your personal data.
Generally, we do not rely on consent as a legal basis for processing your personal data other than as described below.
However, where we do ask for your consent (for example in processing data relating to your health) we will do so to comply with the principle that any processing must be lawful, fair and transparent.
To provide our services to you we will need to process personal data about your health. Whilst we will ask for your consent to process this data we do not rely on this consent as the lawful basis on which we may process your health data. Alongside this consent we will also rely on the following lawful basis:
Contract - To fulfil our contract(s) with you, we process your information – that may include data concerning your sexual health and medical history – as follows:
- To fulfil and support your purchases of our Products and Services, including to process payments and to provide customer assistance.
Legitimate Interests - It is in our legitimate interests to process your information as follows:
- To detect, investigate and prevent activities that may violate our policies or agreements or be illegal, including by sharing information with law enforcement.
Legal Obligations - We are legally obligated to process your information as follows:
- To retain certain records about the handling of any Samples you send us for regulatory / compliance purposes.
- To retain certain information for tax and accounting recording purposes.
Disclosing your personal data
We may have to share your personal data with service providers, affiliates, partners, and other third-parties where it is necessary to provide our products and services to you, or for any other purposes described in this Privacy Statement.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
If you send offensive or objectionable content or otherwise engage in any disruptive behaviour on the Site, we can use your information to stop such behaviour and pursue our legitimate interest to prevent such behaviour on our Site. This may involve informing relevant third parties, such as law enforcement agencies about the content and your behaviour.
We do not transfer your personal data outside the European Economic Area (EEA).
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please Contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How long we will keep your data
We retain your information in our server logs, our databases, and our records for as long as necessary to provide the Products and Services. We may need to retain some of your information for a longer period, such as in order to comply with our legal or regulatory obligations, to resolve disputes or defend against legal claims
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
Please click on the links below to find out more about these rights:
If you wish to exercise any of the rights set out above, please Contact us.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee of £10 if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month.
Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests.
In this case, we will notify you and keep you updated.
The right to lodge a complaint with a supervisory authority
If you have concerns about our information rights practices, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner's Office
Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.