Introduction

TEST.ME (trading name for Preventx Limited) respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data and sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

Your visit to TEST.ME is collectively referred to as the “Site” and is subject to the terms set out in this privacy policy.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Preventx Limited is the data controller and responsible for your personal data (collectively referred to as “Preventx”, “we”, “us” or “our” in this privacy policy) and we are committed to protecting and respecting your privacy.

Information about us and how to contact us

  1. Who we are. We are TEST.ME which is our trading name for Preventx Limited. Preventx Limited is a company registered in England and Wales. Our company registration number is 06603066 and our registered office is at MBP 5 Meadowhall Business Park, Carbrook Hall Road, Sheffield, South Yorkshire, England, S9 2EQ.
  2. We are registered as a data controller with the Information Commissioner’s Office (ICO), which regulates data protection in the UK, and our registration number is Z1828250
  3. How to contact us. We have an appointed data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact our DPO, at dpo@preventx.com.
  4. When we use the words “writing” or “written” in these terms, this includes emails.

Information we may collect from you

  1. Personal Data. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
    • Identity Data – this includes first name, last name, username or similar identifier, date of birth and sex / gender.
    • Contact Data – this includes billing delivery address, email address and telephone number.
    • Health Data includes any information about your physical health including your medical history and/or current health status including but not limited to data relating to test results.
    • Financial Data (if applicable) includes bank account and payment card details.
    • Transaction Data includes details about payments to and from you and other details of products and Services you have purchased from us.
    • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Site.
    • Usage Data includes information about how you use our Site, products, and services.
  2. Aggregated Data. We may use and share aggregated (anonymised) data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.

 

For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Keeping your data secure

At Preventx, data security is important to us, and we also know that it is important to you. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use and disclosure. For example, we store your personal data on computer servers that are located in secure and controlled facilities with limited access to those employees, agents, contractors and other third parties who only have a legitimate business requirement to see it. These individuals will only process your personal data on our instructions in accordance with this policy and they are subject to a duty of confidentiality. 

In line with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 we have put in place procedures to deal with any suspected or actual personal data breach if it should occur and will notify you and any applicable regulator of a breach where we are legally required to do so.

How we will collect your data

We use different methods to collect data from and about you including through:

  1. Direct interactions - You may give us any of the categories of data described above by completing our online forms      or by corresponding with us by phone, e-mail or otherwise. This includes personal data you provide when you:
    • register to use our site.
    • purchase one of our products or services.
    • provide feedback.
  2. Automated technologies or interactions - As you interact with our Site, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies. Please see our Cookie Policy for further details.
  3. Contact, Financial and Transaction Data (if applicable) - from providers of technical, payment and delivery services such as Stripe (or similar third-party payment processors) based inside the EU.
  4. Identity and Contact Data - from data brokers or aggregators such as Google Analytics (or similar organisations) based inside the EU.

Why we will use your data

We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.     

To provide our services to you we will need to process personal data about your health, and we will also rely on the following lawful basis:    

  • Consent: you have given clear consent for us to process your personal data for a specific purpose when you agree to the use of our Products and Services. For example, you may choose to receive marketing communications at the point of registering with us. We will use your data to set up contact lists, send newsletters, or personalise and deliver our communications to you.
  • Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract. - To fulfil our contract(s) with you, we process your information – that may include data concerning your sexual health and medical history. To fulfil and support your purchases of our Products and Services, including to process payments and to provide customer assistance.
  • Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations) to retain certain records about the handling of any Samples you send us for regulatory / compliance purposes. To retain certain information for tax and accounting recording purposes.
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests. To detect, investigate and prevent activities that may violate our policies or agreements or be illegal, including by sharing information with law enforcement agencies.

When we process your information on that basis, we always make sure that we balance our interest in having the information with your rights and reasonable expectations.  

Disclosing your personal data

We may have to share your personal data with service providers, affiliates, partners, and other third-parties where it is necessary to provide our products and services to you, or for any other purposes except as described in this Privacy Policy. Where we do this, we will only share the minimum personal data necessary to fulfil the sharing requirement.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We do not use or share any of your personal data for marketing purposes without first asking for and receiving your consent to do so. 

If you send offensive or objectionable content or otherwise engage in any disruptive behaviour on the Site, we can use your information to stop such behaviour and pursue our legitimate interest to prevent such behaviour on our Site. This may involve informing relevant third parties, such as law enforcement agencies about the content and your behaviour.

We do not transfer your personal data outside the European Economic Area (EEA).

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  Where this is the case, we will notify you and will update this Privacy Policy.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so as well as updating this Privacy Policy.

How long we will keep your data

We retain your information in our server logs, our databases, and our records for as long as necessary to provide you with our Products and Services. We may need to retain some of your information for a longer period, such as in order to comply with our legal or regulatory obligations, to resolve disputes or defend against legal claims

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Your legal rights

Under certain circumstances, you have the following rights in relation to your personal data.

  • You have a right to know whether we hold personal information about you. Where such is the case, you can request a copy of your personal data held, as well as information about how it is being used. However, please note that your right of access is subject to limits, and we may not be able to provide you with all the requested information. Where this is the case, we will explain the reasons why. Your request will be responded to within one calendar month of receipt. Please note that we may require you to provide proof of identity before we are able to provide any information.
  • Where information held about you is inaccurate or incomplete, you may request its rectification or completion.
  • In certain circumstances, you may request your information to be erased (subject to conditions).
  • You have a right to ask us to restrict our use of your personal information in some circumstances, for example whilst we investigate a complaint that the data we hold about you is inaccurate (subject to conditions).
  • In certain circumstances, you may request the movement, copy or transfer of your information (subject to conditions).
  • You have a right to object to the use of your information. Additionally, where we have used your information in pursuit of our legitimate interests, you can ask us to stop (subject to conditions).                                        

If you wish to exercise any of the rights set out above, please contact our Data Protection Officer           via email at dpo@preventx.com.         

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable administrative fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Links to other Websites

Our website may contain links to other websites run by other organisations.  This Privacy Policy applies only to our website, and we encourage you to read the privacy policies on those other websites you visit.  If you visited our website using a link from another third-party website, we cannot be responsible for the privacy policies and the practices of the owners and operators of that website.

Changes to this Privacy Notice

We keep this Privacy Notice under regular review.  It was last updated in August 2021.

How to make a Complaint    

We would encourage you to contact us at dpo@preventx.com if you think that any collection or use of your personal data by us is unfair, misleading or inappropriate.

If you remain dissatisfied, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

Email: casework@ico.org.uk.

Website: https://ico.org.uk/make-a-complaint/

You can only purchase one kit. You already have:



Do you want to replace it for



Keep test