Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Information about us and how to contact us
- Who we are. We are test.me, which is our trading name for Preventx Limited. Preventx Limited is a company registered in England and Wales. Our company registration number is 06603066 and our registered office is at MBP 5 Meadowhall Business Park, Carbrook Hall Road, Sheffield, South Yorkshire, England, S9 2EQ.
- We are registered as a data controller with the Information Commissioner’s Office (ICO), which regulates data protection in the UK, and our registration number is Z1828250.
- When we use the words “writing” or “written” in these terms, this includes emails.
Information we may collect from you
- Personal Data. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you when you do so which we have grouped together follows:
- Identity Data – this includes first name, last name, username or similar identifier, date of birth and sex / gender.
- Contact Data – this includes billing / delivery address, email address and telephone number.
- Health Data includes any information about your physical health including your medical history and/or current health status including but not limited to data relating to test results.
- Financial Data (if applicable) includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and Services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this site.
- Usage Data includes information about how you use our site, products, and services.
Keeping your data secure
At Preventx, data security is important to us, and we also know that it is important to you. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use and disclosure. For example, we store your personal data on computer servers that are located in secure and controlled facilities with limited access to those employees, agents, contractors and other third parties who only have a legitimate business requirement to see it. These individuals will only process your personal data on our instructions in accordance with this policy and they are subject to a duty of confidentiality.
In line with EU GDPR regulations, we have put in place procedures to deal with any suspected or actual personal data breach if it should occur and will notify you and any applicable regulator of a breach where we are legally required to do so.
How we will collect your data
We use different methods to collect data from and about you including through:
- Direct interactions - You may give us any of the categories of data identified above by completing our online forms or by corresponding with us by phone, email or otherwise. This includes personal data you provide when you:
- register to use our site;
- purchase one of our products or services;
- give us some feedback.
- Contact, Financial and Transaction Data (if applicable) - from providers of technical, payment and delivery services such as Stripe (or similar third-party payment processors) based inside the EU.
- Identity and Contact Data - from data brokers or aggregators such as Google Analytics (or similar organisations) based inside the EU.
Why we will use your data
The lawful basis for processing is set out in Schedule 1 of the Data Protection Act 2018 and Articles 6 and 9 of the General Data Protection Regulation (GDPR). We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
At least one of these must apply whenever we process personal data:
- Consent: you have given clear consent for us to process your personal data for a specific purpose. - when you agree to the use of our Products and Services. For example, you may choose to receive marketing communications at the point of registering with us. We will use your data to set up contact lists, send newsletters, or personalise and deliver our communications to you.
- Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract. - To fulfil our contract(s) with you, we process your information – that may include data concerning your sexual health and medical history. To fulfil and support your purchases of our Products and Services, including to process payments and to provide customer assistance.
- Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations). - To retain certain records about the handling of any Samples you send us for regulatory / compliance purposes. -To retain certain information for tax and accounting recording purposes.
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests. - To detect, investigate and prevent activities that may violate our policies or agreements or be illegal, including by sharing information with law enforcement agencies.
When we process your information on that basis, we always make sure that we balance our interest in having the information with your rights and reasonable expectations.
Generally, we do not rely on consent as a legal basis for processing your personal data other than as described below.
However, where we do ask for your consent (for example in processing data relating to your health) we will do so to comply with the principle that any processing must be lawful, fair and transparent.
To provide our services to you we will need to process personal data about your health. Whilst we will ask for your consent to process this data we do not rely on this consent as the lawful basis on which we may process your health data.
Disclosing your personal data
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We do not use or share any of your personal data for marketing purposes without first asking for and receiving your consent to do so.
If you send offensive or objectionable content or otherwise engage in any disruptive behaviour on the site, we can use your information to stop such behaviour and pursue our legitimate interest to prevent such behaviour on our site. This may involve informing relevant third parties, such as law enforcement agencies about the content and your behaviour.
We do not transfer your personal data outside the European Economic Area (EEA).
Change of purpose
How long we will keep your data
We retain your information in our server logs, our databases, and our records for as long as necessary to provide you with our Products and Services. We may need to retain some of your information for a longer period, such as in order to comply with our legal or regulatory obligations, to resolve disputes or defend against legal claims.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
Please click on the links below to find out more about these rights:
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing of your personal data
- Request restriction of processing your personal data
- Request transfer of your personal data
- Right to withdraw consent
If you wish to exercise any of the rights set out above, please contact us via email at [email protected] or by telephone 0333 344 4462
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable administrative fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month.
Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests.
In this case, we will notify you and keep you updated.
Links to other websites
Changes to this Privacy Notice
We keep this Privacy Notice under regular review. It was last updated in August 2021.
The right to lodge a complaint with a supervisory authority
If you have concerns about our information rights practices, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner's Office
Cheshire SK9 5AF
Email: [email protected].