Last updated: 13 April, 2020
2. Regulatory compliance
We are both the data controller and the processor ie handler of any personal data that we hold about you – which we do in strict compliance with both the spirit and the letter of applicable laws including, but not limited to,the General Data Protection Regulation 2016, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003, and/or any replacement or subsequent legislation that it is amended or replaced by, but in any event, working with and under the guidance provided by the Information Commissioner’s Office (‘ICO’) whose site can be visited at https://ico.org.uk.
3. What personal data do we collect?
The kind of data or information we collect and process ie handle, is your personal data (which is any information that identifies you) such as for example:
- your name,
- your email address,
- your phone number,
- your account identification including username and some passwords used to access our Website.
- Any transactional and financial data relating to any services or subscriptions made.
- any other information that identifies you when you contribute to our discussion forum or upload content or otherwise communicate with us through the Website or any other means.
It would therefore not include data from which identifying details have been removed rendering the data anonymous.
4. Data security
We have in place appropriate technical and administrative measures to prevent your data being accidentally lost or accessed maliciously or without our authority. Your personal data is limited in being shared with others, including any agents or contractors, on the basis of a business need to know and subject to a duty of confidentiality in how it is processed.
We monitor our Website to protect against and deal with any potential or suspected threats of data breaches. We will take appropriate measures to mitigate and notify relevant parties if a breach to occur in accordance with current good practice guidance and our legal obligations.
5. How we use your information
We use information held about you in the following ways, depending on the nature or purpose of the personal data being held:
- to communicate and manage our Website relationship with you in relation to any query, request, service or other communication you make with us via our Website or by any other means (by post, telephone, email or text message.
- to communicate with other users and third parties where this is necessary for the proper provision of services to you or otherwise necessary for the proper functioning and management of our Website, including any accounting or regulatory needs in maintaining the Website.
Please note that we do not collect information about individual patient samples and so it is a requirement for use of the Website that any patient data provided is aggregate data which is not identified or coded – such data is thereby anonymous ie it does not identify you and would not count as personal data.
6. How long we keep your information
We will only retain your personal data for as long as it is reasonably needed for thepurposes it was provided and/or for as long as it necessary to comply with our legal requirements to retain data. We may need to retain it for longer than normal if, for instance, there is any ongoing issue such as a complaint or any other outstanding query after the initial purpose for collection has expired.
We will at all times endeavour to minimise retention of your personal data to mitigate the potential risk of breach or unauthorised use but please be aware we are required to keep certain data for 6 years after the end of our Website relationship including contract, identity, financial and transactional data.
In some circumstances we may be able to anonymize your personal data in which case we will be able to keep hold of it at our discretion.
This website is not intended for use by persons under the age of 18 and thus no personal data is collected and/or retained from any person whom we know or suspect to be under the age of 18.
8. Your rights
You have a number of rights over your personal data and how it is processed. You are entitled to do the following:
- access your personal data.
- require us to rectify any inaccurate personal data.
- require us to erase personal data. Please bear in mind that this will only apply where we no longer need to use the personal data to achieve the purpose it was collected for; or where you withdraw your consent if collection was based on your consent; or where you object to the way we processed your data.
- A right to restrict to our processing of personal data.
- A right to object to our processing of personal data.
- A right to withdraw your consent to our use of your personal data such as, for example, withdraw consent (previously given) to receive information about our services or
- A right to have your data transferred to another party (largely intended for utility and telecommunications services – generally referred to as ‘interoperability’).
Your first port of call in the event that you wish to enquire about or exercise any of your rights is to contact us.
We will do our best to provide a prompt and helpful response but additionally you can, should you wish, obtain further detailed information from the Information Commissioner’s Office (‘ICO’) which maintains a very useful site at https://ico.org.uk.
The Information Commissioner’s Office is also the regulator that receives any complaints you may have and if appropriate, take necessary enforcement action against any organisation that flouts your privacy rights. Generally, we believe the ICO will want you to first approach us if you have any privacy issues to see if we can resolve them, but this is without prejudice to your right to complain. That said, we are always happy to listen to, and hopefully, address any concerns you may have.
9. Links to other websites
Please note that external websites have their own privacy policies over which we exercise no control. We do not accept any responsibility or liability for potential defects or breaches of privacy by these third parties. We invite and encourage you to read their privacy policies and use your own discretion with appropriate due diligence and checks before providing any personal data to externally linked websites.