Privacy Policy

Last updated: 13 April, 2020
1. Introduction

Please take time to read our Privacy Policy. We want you to know that that we are committed to not just protecting your privacy but also fully respecting your right to privacy in accordance with the choices you give us and applicable laws. If there are any matters you are unclear about or simply want clarification on please contact us.

Our privacy policy sets out the basis on which any personal information (“personal data”) about you is collected and processed by us. Please read this privacy policy in line with our Cookie Policy and our website Terms and Conditions.

In this privacy policy, the terms “we“, “our”, “us” and “the Website”are used to refer to Biosample Hub. We are registered in England and Wales under company number 12514786 and our registered oce is at The Old School, The Quay, Carmarthen, Carmarthenshire, SA31 3LN. We are a private ‘not for profit’ company, limited by guarantee, without share capital. We have exemption from use of ‘Limited’ in our title.

2. Regulatory compliance

We are both the data controller and the processor ie handler of any personal data that we hold about you – which we do in strict compliance with both the spirit and the letter of applicable laws  including,  but not limited to,the General Data Protection Regulation 2016, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003, and/or any replacement or subsequent legislation that it is amended or replaced by, but in any event, working with and under the guidance provided by the Information Commissioner’s Office (‘ICO’) whose site can be visited at

3. What personal data do we collect?

The kind of data or information we collect and process ie handle, is your personal  data (which is any information that identifies you) such as for example:

  • your name,
  • your email address,
  • your phone number,
  • your account identification including username and some passwords used to access our Website.
  • Any transactional and financial data relating to any services or subscriptions made.
  • any other information that identifies you when you contribute to our discussion forum or upload content or otherwise communicate with us through the Website or any other means.

It would therefore not include data from which identifying details have been removed rendering the data anonymous.

4. Data security

We have in place appropriate technical and administrative measures to prevent your data being accidentally lost or accessed maliciously or without our authority. Your personal data is limited in being shared with others, including any agents or contractors, on the basis of a business need to know and subject to a duty of confidentiality in how it is processed.

We monitor our Website to protect against and deal with any potential or suspected threats of data breaches. We will take appropriate measures to mitigate and notify relevant parties if a breach to occur in accordance with current good practice guidance and our legal obligations.

5. How we use your information

We  use information held about you in the following ways, depending on the nature or purpose of the personal data being held: 

  • to communicate and manage our Website relationship with you in relation to any query, request, service or other communication you make with us via our Website or by any other means (by post, telephone, email or text message.
  • to communicate with other users and third parties where this is necessary for the proper provision of services to you or otherwise necessary for the proper functioning and management of our Website, including any accounting or regulatory needs in maintaining the Website.
  • for the purpose of carrying out data analytics to enable us to review and improve our services to ensure that content is presented in the most effective way and in a manner that holds relevance, use, and value to you; and as part of our efforts to keep our Website safe and secure – for more details on this please see our Cookie Policy.


Please note that we do not collect information about individual patient samples and so it is a requirement for use of the Website that any patient data provided is aggregate data which is not identified or coded – such data is thereby anonymous ie it does not  identify you and would not count as personal data.

6. How long we keep your information

We will only retain your personal data for as long as it is reasonably needed for thepurposes it was provided and/or for as long as it necessary to comply with our legal requirements to retain data. We may need to retain it for longer than normal if, for instance, there is any ongoing issue such as a complaint or any other outstanding query after the initial purpose for collection has expired.

We will at all times endeavour to minimise retention of your personal data to mitigate the potential risk of breach or unauthorised use but please be aware we are required to keep certain data for 6 years after the end of our Website relationship including contract, identity, financial and transactional data. 

In some circumstances we may be able to anonymize your personal data in which case we will be able to keep hold of it at our discretion.

7. Children

This website is not intended for use by persons under the age of 18 and thus no personal data is collected and/or retained from any person whom we know or suspect to be under the age of 18.

8. Your rights

You have a number of rights over your personal data and how it is processed. You are entitled to do the following:

  • access your personal data.
  • require us to rectify any inaccurate personal data.
  • require us to erase personal data. Please bear in mind that this will only apply where we no longer need to use the personal data to achieve the purpose it was collected for; or where you withdraw your consent if collection was based on your consent; or where you object to the way we processed your data.
  • A right to restrict to our processing of personal data.
  • A right to object to our processing of personal data.
  • A right to withdraw your consent to our use of your personal data such as, for example, withdraw consent (previously given) to receive information about our services or
  • A right to have your data transferred to another party (largely intended for utility and telecommunications services – generally referred to as ‘interoperability’).

Your first port of call in the event that you wish to enquire about or exercise any of your rights is to contact us

We will do our best to provide a prompt and helpful response but additionally you can, should you wish, obtain further detailed information from the Information Commissioner’s Office (‘ICO’) which maintains a very useful site at

The Information Commissioner’s Office is also the regulator that receives any complaints you may have and if appropriate, take necessary enforcement action against any organisation that flouts your privacy rights. Generally, we believe the ICO will want you to first approach us if you have any privacy issues to see if we can resolve them, but this is without prejudice to your right to complain. That said, we are always happy to listen to, and hopefully, address any concerns you may have.

9. Links to other websites

Please note that external websites have their own privacy policies over which we exercise no control. We do not accept any responsibility or liability for potential defects or breaches of privacy by these third parties. We invite and encourage you to read their privacy policies and use your  own discretion with appropriate due diligence and checks before providing any personal data to externally linked websites.