Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Information about us and how to contact us
- Who we are. We are TEST.ME which is our trading name for Preventx Limited. Preventx Limited is a company registered in England and Wales. Our company registration number is 06603066 and our registered office is at MBP 5 Meadowhall Business Park, Carbrook Hall Road, Sheffield, South Yorkshire, England, S9 2EQ.
- We are registered as a data controller with the Information Commissioner’s Office (ICO), which regulates data protection in the UK, and our registration number is Z1828250
- When we use the words “writing” or “written” in these terms, this includes emails.
Information we may collect from you
- Personal Data. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data – this includes first name, last name, username or similar identifier, date of birth and sex / gender.
- Contact Data – this includes billing delivery address, email address and telephone number.
- Health Data includes any information about your physical health including your medical history and/or current health status including but not limited to data relating to test results.
- Financial Data (if applicable) includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and Services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Site.
- Usage Data includes information about how you use our Site, products, and services.
- Aggregated Data. We may use and share aggregated (anonymised) data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.
Keeping your data secure
At Preventx, data security is important to us, and we also know that it is important to you. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use and disclosure. For example, we store your personal data on computer servers that are located in secure and controlled facilities with limited access to those employees, agents, contractors and other third parties who only have a legitimate business requirement to see it. These individuals will only process your personal data on our instructions in accordance with this policy and they are subject to a duty of confidentiality.
In line with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 we have put in place procedures to deal with any suspected or actual personal data breach if it should occur and will notify you and any applicable regulator of a breach where we are legally required to do so.
How we will collect your data
We use different methods to collect data from and about you including through:
- Direct interactions - You may give us any of the categories of data described above by completing our online forms or by corresponding with us by phone, e-mail or otherwise. This includes personal data you provide when you:
- register to use our site.
- purchase one of our products or services.
- provide feedback.
- Contact, Financial and Transaction Data (if applicable) - from providers of technical, payment and delivery services such as Stripe (or similar third-party payment processors) based inside the EU.
- Identity and Contact Data - from data brokers or aggregators such as Google Analytics (or similar organisations) based inside the EU.
Why we will use your data
We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
To provide our services to you we will need to process personal data about your health, and we will also rely on the following lawful basis:
- Consent: you have given clear consent for us to process your personal data for a specific purpose when you agree to the use of our Products and Services. For example, you may choose to receive marketing communications at the point of registering with us. We will use your data to set up contact lists, send newsletters, or personalise and deliver our communications to you.
- Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract. - To fulfil our contract(s) with you, we process your information – that may include data concerning your sexual health and medical history. To fulfil and support your purchases of our Products and Services, including to process payments and to provide customer assistance.
- Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations) to retain certain records about the handling of any Samples you send us for regulatory / compliance purposes. To retain certain information for tax and accounting recording purposes.
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests. To detect, investigate and prevent activities that may violate our policies or agreements or be illegal, including by sharing information with law enforcement agencies.
When we process your information on that basis, we always make sure that we balance our interest in having the information with your rights and reasonable expectations.
Disclosing your personal data
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We do not use or share any of your personal data for marketing purposes without first asking for and receiving your consent to do so.
If you send offensive or objectionable content or otherwise engage in any disruptive behaviour on the Site, we can use your information to stop such behaviour and pursue our legitimate interest to prevent such behaviour on our Site. This may involve informing relevant third parties, such as law enforcement agencies about the content and your behaviour.
We do not transfer your personal data outside the European Economic Area (EEA).
Change of purpose
How long we will keep your data
We retain your information in our server logs, our databases, and our records for as long as necessary to provide you with our Products and Services. We may need to retain some of your information for a longer period, such as in order to comply with our legal or regulatory obligations, to resolve disputes or defend against legal claims
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your legal rights
Under certain circumstances, you have the following rights in relation to your personal data.
- You have a right to know whether we hold personal information about you. Where such is the case, you can request a copy of your personal data held, as well as information about how it is being used. However, please note that your right of access is subject to limits, and we may not be able to provide you with all the requested information. Where this is the case, we will explain the reasons why. Your request will be responded to within one calendar month of receipt. Please note that we may require you to provide proof of identity before we are able to provide any information.
- Where information held about you is inaccurate or incomplete, you may request its rectification or completion.
- In certain circumstances, you may request your information to be erased (subject to conditions).
- You have a right to ask us to restrict our use of your personal information in some circumstances, for example whilst we investigate a complaint that the data we hold about you is inaccurate (subject to conditions).
- In certain circumstances, you may request the movement, copy or transfer of your information (subject to conditions).
- You have a right to object to the use of your information. Additionally, where we have used your information in pursuit of our legitimate interests, you can ask us to stop (subject to conditions).
If you wish to exercise any of the rights set out above, please contact our Data Protection Officer via email at email@example.com.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable administrative fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Links to other Websites
Changes to this Privacy Notice
We keep this Privacy Notice under regular review. It was last updated in August 2021.
How to make a Complaint
We would encourage you to contact us at firstname.lastname@example.org if you think that any collection or use of your personal data by us is unfair, misleading or inappropriate.
If you remain dissatisfied, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at:
Information Commissioner's Office
Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.