The Blood Test Company Limited (“Blood Test Company”) takes your privacy seriously. This is where we explain how we process and protect your personal data. We have tried to make this policy as straightforward as possible, but if you have any questions please contact us at [email protected].
This policy applies for anyone who is a Blood Test Company customer or subscribes to our mailing list or visits out website. Please check you’re happy with this policy. If you’re unhappy with this policy for any reason, please don’t use our services or website. By using our website bloodtestsdirect.co.uk.com (our “Website”) or by ordering one of our home blood test kits, you are confirming that you have read this policy and agree to it.
We will update this policy from time to time so we ask that you check back from time to time to make sure you’re happy with it.
Contents of this Policy
About Blood Test Company
- We are registered as a UK limited company
- Registration number: 12151689
- Registered office: 5 Chase Plain, Hindhead, Surrey, GU26 6BZ
- We are registered with the UK’s data protection regulator, the Information Commissioner’s Office, registration number: ZA735968
- Our Data Protection Officer is Josh Wreford. You can contact Josh by email at [email protected] or post at 5 Chase Plain, Hindhead, Surrey, GU26 6BZ
Your personal data
Personal data is the term we use to describe information that we collect that relates to an identified or identifiable individual.
Please find below the types of personal data we collect:
Information you give us (for example, via emails you send us or when you set up an account with us)
- Contact information - your name, address, email address and phone number
- Information you provide us - via email or when you log in to your account and update your personal information
- Responses to our surveys or online marketing, including marketing via social media
We need this information in order to provide our home blood testing kit services to you.
As explained further below, we use Stripe for payment transactions, meaning we do not hold your payment or payment card data.
Information we collect from you automatically when you visit out Website
- IP address (including what country you’re visiting our Website from)
- Your browser type and version
- Time zone setting
- Operating system and platform
- Information from your visits to our Website, including: length of visits on our pages, Website interaction information, i.e. clicks and scrolling and the full URL clickstream to, through and exit from our Website
Information we collect when you use our home blood test kit services
We will receive information about you from our suppliers and sub-contractors, including our doctors and laboratories. This includes the following special categories of personal data:
- Your date of birth
- Any health conditions or other information that you share with us when you place an order for a home blood test kit from us
We need this information in order to provide our home blood testing kit services to you.
Information we receive from third parties about you
- Information from laboratories with the details of your results following the completion and return of your home blood test kit
- Information from our doctors with their commentary on your results
How we use your personal information
We use your personal information in line with the following laws:
- General Data Protection Regulation (“GDPR”)
- Data Protection Act 2018 (“DPA 2018”)
We will only ever use your personal information where we have a legal basis to do so. We rely on the following legal bases for using your personal information:
- Consent - where you provide us with clear consent for processing your personal information for a particular purpose
- Our contract with you - where we process your personal information in order to
- Legitimate interests - where we process your personal information for our legitimate interests
Why we process your personal information:
- For you to access and use our Website
- For you to register an account with us
- To inform you of any changes to our services and update you about our charges
- To carry out analysis and research in order to help us to improve our services to you, including the maintenance of and improvement of our Website
- To carry out other things we need to for our business, including pursuing any debts
- For marketing and advertising purposes
- For promotional purposes
- To contact you by email or post with information about our products and services that we think you may be interested in (note that we only do this where we have your consent)
Sharing your personal information
We will share your personal information with the following third parties:
- Payment processors
- Suppliers of technical and support services, including cloud storage service providers
- Our sub-contractors, including our laboratories and doctors
Where we share your personal information with these third parties, they will only be able to use it for the purposes of providing services to us. We have contracts with our laboratories and doctors to make sure that they follow equivalent security and privacy procedures to us to ensure the security of your personal information.
We will anonymise and aggregate your information in order to create statistics and health reports. These will be used for marketing and may also be shared with third parties for the purpose of research (however, where shared with third parties for the purpose of research, your data will be anonymised).
In addition to the above, we may also disclose your personal information to third parties in the following exceptional circumstances:
- Where we are required to by any applicable law or law enforcement organisation to do so, for example, should the UK’s data protection regulator, the Information Commissioner’s Office, request information from us.
- To respond to any complaints or claims.
- To protect our rights or the rights of a third party.
- To protect the safety of any individual person.
- To prevent illegal activity.
- To exchange information with third parties for the purposes of fraud protection.
Save for the above, we will not share your personal information with any third party without notifying you and, if appropriate, obtaining your consent.
How long we keep your information for
We store personal information for as long as you use our services and then as required to comply with applicable laws. We hold all medical information for a period of 10 years, however, our laboratories and doctors are required by law to and will hold your medical information for a period of 25 years.
You can turn off cookies in your browser settings, which means you will be able to visit our Website, but may struggle to access all of our online services.
You have the choice of whether you want to provide us your personal information for marketing purposes. Where you have provided us with your consent to receive marketing, you can always unsubscribe by email or contact us at [email protected] to opt out.
You ultimately decide what personal information you provide us with. If you choose not to provide us with personal information, you will be able to visit our Website, but we won’t be able to deliver our services to you.
Contact us at [email protected] to request that we:
- Provide you with a copy of any personal information we hold about you.
- Restrict how we process your personal information.
- Delete any personal information that we hold about you.
- Update any personal information which you believe is incorrect or out of date.
- Provide your personal information that we hold about you to a third party services provider.
- Withdraw your consent in relation to us processing your personal information (including special categories of personal information/ sensitive personal information), although note that this will mean we are unable to provide our services to you. We will also still need to hold certain information about you that we are required by law to keep, including keeping your medical records for 10 years.
Transfer of your information
We collect and process your personal information at our offices in Surrey and in any data processing facilities operated by the third parties we work with. Below is a list of the main third parties we use:
- Payments: Stripe
- Infrastructure: OpenCart
- Communications: Mail
We do not currently transfer or store your personal information outside of the EEA. Should this change, we will take steps to inform you of this by updating this policy and ensuring we take reasonable precautions to ensure your privacy rights are protected.
We take all reasonable precautions to ensure the security of and safeguard the confidentiality of your personal information. Should we ever experience a data breach, we are committed to taking swift action in line with both the GDPR and DPA and will do our best to ensure your personal information is protected.
Third party websites
- This policy only applies to personal information that we collect via this Website.
What are cookies?
- Cookies are files saved on your device, including your phone, tablet or computer when you visit our Website.
- Cookies store information about how you use our Website, including the pages you visit.
- For more information about cookies generally, please see www.allaboutcookies.org.
- Make our Website work
- Measure how you use our Website, including which links you click on (analytics cookies)
Here are a list of the cookies we use to make our Website work:
- Cookie Consent, used to remember your cookies setting on our Website and (unless deleted by you) will last for the duration of your session
- Currency Cookie, used to remember your preferred currency on our Website and (unless deleted by you) will last for 1 month from your visit to our Website
- Language Cookie, used to remember your preferred currency on our Website and (unless deleted by you) will last for 1 month from your visit to our Website
- cfduid Cookie, used to help keep the Website secure, specifically by maximising network resources, managing traffic and protecting our Website from malicious traffic. This cookie will last for 1 month from your visit to our Website (unless deleted by you).
- Google Analytics Cookie, used to help us understand how you interact with our Website content. This cookie will last for 2 years from your visit to our Website (unless deleted by you).
- _gid Cookie, used to track your behaviour while visiting our Website. This cookie will last for 24 hours from your visit to our Website (unless deleted by you).