Introduction

Test.me (trading name for Preventx Limited) respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data and sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

Your visit to test.me is collectively referred to as the “site” and is subject to the terms set out in this privacy policy.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Preventx Limited is the data controller and responsible for your personal data (collectively referred to as “Preventx”, “we”, “us” or “our” in this privacy policy) and we are committed to protecting and respecting your privacy.

Information about us and how to contact us

  1. Who we are. We are test.me, which is our trading name for Preventx Limited. Preventx Limited is a company registered in England and Wales. Our company registration number is 06603066 and our registered office is at MBP 5 Meadowhall Business Park, Carbrook Hall Road, Sheffield, South Yorkshire, England, S9 2EQ.
  2. We are registered as a data controller with the Information Commissioner’s Office (ICO), which regulates data protection in the UK, and our registration number is Z1828250.
  3. How to contact us. We have an appointed data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact our DPO, at [email protected] or telephoning 0333 344 4462.
  4. When we use the words “writing” or “written” in these terms, this includes emails.

Information we may collect from you

  1. Personal Data. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you when you do so which we have grouped together follows:
    • Identity Data – this includes first name, last name, username or similar identifier, date of birth and sex / gender.
    • Contact Data – this includes billing / delivery address, email address and telephone number.
    • Health Data includes any information about your physical health including your medical history and/or current health status including but not limited to data relating to test results.
    • Financial Data (if applicable) includes bank account and payment card details.
    • Transaction Data includes details about payments to and from you and other details of products and Services you have purchased from us.
    • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this site.
    • Usage Data includes information about how you use our site, products, and services.
  2. Aggregated Data. We also may collect, use and share aggregated (anonymised) data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.

For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Keeping your data secure

At Preventx, data security is important to us, and we also know that it is important to you. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use and disclosure.  For example, we store your personal data on computer servers that are located in secure and controlled facilities with limited access to those employees, agents, contractors and other third parties who only have a legitimate business requirement to see it. These individuals will only process your personal data on our instructions in accordance with this policy and they are subject to a duty of confidentiality. 

In line with EU GDPR regulations, we have put in place procedures to deal with any suspected or actual personal data breach if it should occur and will notify you and any applicable regulator of a breach where we are legally required to do so.

How we will collect your data

We use different methods to collect data from and about you including through:

  1. Direct interactions - You may give us any of the categories of data identified above by completing our online forms or by corresponding with us by phone, email or otherwise. This includes personal data you provide when you:
      • register to use our site;
      • purchase one of our products or services;
      • give us some feedback.
  1. Automated technologies or interactions - As you interact with our site, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies. Please see our Cookie Policy for further details.
  2. Contact, Financial and Transaction Data (if applicable) - from providers of technical, payment and delivery services such as Stripe (or similar third-party payment processors) based inside the EU.
  3. Identity and Contact Data - from data brokers or aggregators such as Google Analytics (or similar organisations) based inside the EU.

Why we will use your data

The lawful basis for processing is set out in Schedule 1 of the Data Protection Act 2018 and Articles 6 and 9 of the General Data Protection Regulation (GDPR). We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

At least one of these must apply whenever we process personal data:

  • Consent: you have given clear consent for us to process your personal data for a specific purpose. - when you agree to the use of our Products and Services. For example, you may choose to receive marketing communications at the point of registering with us. We will use your data to set up contact lists, send newsletters, or personalise and deliver our communications to you.
  • Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract. - To fulfil our contract(s) with you, we process your information – that may include data concerning your sexual health and medical history. To fulfil and support your purchases of our Products and Services, including to process payments and to provide customer assistance.
  • Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations). - To retain certain records about the handling of any Samples you send us for regulatory / compliance purposes. -To retain certain information for tax and accounting recording purposes.
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests. - To detect, investigate and prevent activities that may violate our policies or agreements or be illegal, including by sharing information with law enforcement agencies.

When we process your information on that basis, we always make sure that we balance our interest in having the information with your rights and reasonable expectations.

Generally, we do not rely on consent as a legal basis for processing your personal data other than as described below.

However, where we do ask for your consent (for example in processing data relating to your health) we will do so to comply with the principle that any processing must be lawful, fair and transparent.

To provide our services to you we will need to process personal data about your health. Whilst we will ask for your consent to process this data we do not rely on this consent as the lawful basis on which we may process your health data.

Disclosing your personal data

We may have to share your personal data with service providers, affiliates, partners, and other third-parties where it is necessary to provide our products and services to you, or for any other purposes except as described in this Privacy Policy.  Where we do this, we will only share the minimum personal data necessary to fulfil the sharing requirement.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We do not use or share any of your personal data for marketing purposes without first asking for and receiving your consent to do so.  

If you send offensive or objectionable content or otherwise engage in any disruptive behaviour on the site, we can use your information to stop such behaviour and pursue our legitimate interest to prevent such behaviour on our site. This may involve informing relevant third parties, such as law enforcement agencies about the content and your behaviour.

We do not transfer your personal data outside the European Economic Area (EEA).

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  Where this is the case, we will notify you and will update this Privacy Policy.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so as well as updating this Privacy Policy.

How long we will keep your data

We retain your information in our server logs, our databases, and our records for as long as necessary to provide you with our Products and Services. We may need to retain some of your information for a longer period, such as in order to comply with our legal or regulatory obligations, to resolve disputes or defend against legal claims.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data.

Please click on the links below to find out more about these rights:

If you wish to exercise any of the rights set out above, please contact us via email at [email protected] or by telephone 0333 344 4462

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable administrative fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month.

Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests.

In this case, we will notify you and keep you updated.

Links to other websites

Our website may contain links to other websites run by other organisations.  This Privacy Policy applies only to our website, and we encourage you to read the privacy policies on those other websites you visit.  If you visited our website using a link from another third-party website, we cannot be responsible for the privacy policies and the practices of the owners and operators of that website.

Changes to this Privacy Notice

We keep this Privacy Notice under regular review.  It was last updated in August 2021.

The right to lodge a complaint with a supervisory authority

If you have concerns about our information rights practices, you can contact the Information Commissioner’s Office (ICO) at:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

Email: [email protected].

Website: https://ico.org.uk/make-a-complaint/

 

 

You can only purchase one kit. You already have:



Do you want to replace it for



Keep test