Privacy Policy
1. Meaning of Terms that we use
2. Introduction to our Privacy Policy
2.1 Responsible Entity
We are TestCard Ltd (company number 10764577), a company registered in England, with our registered office address at Unit 6 Betton Business Park, Racecourse Road, East Ayton, Scarborough, YO13 9HD (TestCard).
This policy explains how we use the personal information which you provide to us when you use our platforms which include our Website and the TestCard App. We take our responsibilities for managing your personal information seriously and we explain in this document how we collect your personal information and what we do with it.
This Privacy Policy incorporates our Cookies Policy and a reference to Privacy Policy in this document includes a reference to our Cookies Policy where applicable.
2.2 Structure of our Policy
When we say your “personal data” or “personal information” we mean any information that identifies you as a person.
You can read more information about how we process your personal information in the various sections below:
3. What information do we collect from you?
We collect personal information from you in order to provide you with our services, when you contact or request information from us or when you use our Website and TestCard App. The types of information we may collect can be found in the sections below.
3.1 Ordering our products
If you have purchased your TestCard from outside of the UK, please refer to the Privacy Policy of the retailer where you purchased the product.
If you purchase our products through our online or in-store retail partners, we will not require any of your details to complete the order.
3.2 Customer Services and Support Requests
If you contact our customer services team, you may be required to provide us with your contact details (name, title, telephone number and email address) for us to communicate with you effectively and solve any queries you may have.
3.3 Guest User Services
If you are a guest user, we will process the information listed below in order to provide our basic services. As a guest user, your test results will not be linked with any personal information you provide when ordering the product online. As a guest user, the information below will be collected on an anonymised basis:
As a Guest User, you will not be able to retain any testing data as it will be anonymised in our system.
3.4 Registered User Account
If you decide to set up a registered user account (optional), you will be able to store your previous test data and contact details in our system, which you can view at any time in your account area. If you do not consent to this necessary processing, you cannot create a user account. To create a user account we require and process the following personal data: contact information such as your name, address, telephone number and email address; password, language, country location, timezone, IP address.
We will use your personal information to provide the following services:
When you create a registered user account, you have the option to provide further personal information about your health. We use this optional information to help make some of our product test results more relevant to you. Your biological make-up can influence the recommendations we provide for your results. The optional information you may provide includes; date of birth and special category data such as biological sex, height, weight, biological ethnicity and health conditions.
4. How do we collect data from you?
You may provide us with personal information in one of the following ways when you engage us to provide products or services:
If you have purchased your TestCard from outside of the UK, please refer to the Privacy Policy of the retailer where you purchased the product.
One of our team members may, in the course of assisting you with a query or when we provide services to you, ask for your consent to use your details for further purposes such as marketing and other promotional activities (see section 5.4). When we do this, you will be clearly advised and your specific consent will be required before we can use your information for such activities.
We may also gather personal information about you from third parties such as the country you are from, the device you used to visit our Website and the TestCard App (including IP addresses), and the pages you visit. We will do our best to ensure that the businesses that provide us with this information do so lawfully.
5. How do we use your personal information?
Under data protection law, we can only use your personal information if we have a proper reason for doing so.
This will be for one of the following reasons:
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
We may process special category personal data for the following reasons:
There may be additional reasons which will be notified to you where they apply.
When we refer to special category data we mean information such as about health, race or ethnicity, religious beliefs, sexual orientation and marital status. Information about criminal convictions is also included within this type of data.
5.1 Providing Products, Services and Support Services
We use your personal information to open a registered account with us, to send you our products, to provide you with our TestCard services and to contact you about the services that we are providing to you. Reminders and updates will be sent to you using the contact information that you provide to us or as push notifications from the TestCard App on your device. Use of our Website, TestCard App and app extensions allow you to actively and voluntarily enter personal information. Without your personal contact information, it is impossible for us to provide our product and support services to you.
5.2 Improving Our Product and Services
We may analyse your anonymised usage data and statistical background information in order to improve our business, our TestCard App, our Website and customer services. This information is anonymised and cannot be traced back to you. This allows us to better understand user trends and to highlight key areas for improvement. Without your personal information, we are unable to enhance your experience or improve our services.
Feedback and complaints will be linked to the provided personal information in order to provide support and respond to the request.
5.3 Customising and Improving Your Results
Personal biological information such as demographics, biological ethnicity and medical conditions provided by you may be used to influence the information we provide to you about your results. This information is reported via the TestCard App and is stored securely. Previous (historical) results may also be used in this manner. This data allows us to customise and improve your experience by connecting your diagnosis with other recommended influential factors in the diagnosis process.
Usage data and activity on the Website and within the TestCard App will also be monitored to improve the overall user experience and that our services benefit our users in the most effective way. For example, we may use activity data to optimise or highlight key pieces of information on specific notification alerts, product pages or menu designs. This will allow us to continually develop, test and launch new features - conducting regimented usage and security tests before live updates are released. These improvements are provided to you, for example, via product or regular app updates.
5.4 Marketing and Promotional Information
We may use your personal information to contact you about product offers, promotions and other news or information about our business. This will allow us to highlight user stories or recommendations that might be of interest to you alongside product related discounts or offer codes. We will obtain your consent before using your personal information for other purposes under special circumstances, such as a user study.
You can update your marketing preferences at any time by clicking ‘unsubscribe’ on our newsletters or by updating your account settings. We will continuously improve our marketing content to ensure it is relevant and tailored for the best possible service.
6. Sharing your personal information with third parties
6.1 Overview of third parties information sharing
In order to provide our services and operate our Website and the TestCard App, we use various third parties which are carefully selected by us. These parties include companies which provide business functions such as email, marketing assistance, accounting, payment processing, data management, website support and business advice.
All of these third parties have in place policies and procedures to ensure adherence to the General Data Protection Regulation (‘GDPR”). In some circumstances, your data may be transferred to or stored at a location outside the UK or the European Economic Area (“EEA”) and processed by individuals acting for one of these third parties. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and the GDPR. Where it is necessary to process data outside the UK or the EEA, we will ensure that the relevant third party processing the data has provided the required contractual undertakings as specified by the EU.
6.2 Examples of third party information sharing
We may have to share your personal information with third parties in certain circumstances. Some examples of these scenarios are set out below:
6.3 Third Party Websites, Plug-ins and Apps
Sections of our Website and the TestCard App, such as our blog articles and press media pages, can include links to other websites, plug-ins and apps which we do not own or control. These external links will provide you with additional information, products and services that will improve your experience - such as; retail pharmacy partners, online doctors or support articles for your health.
If you click on those links, activate the plug-ins or apps, (for example; if you click on a link to share our blog article to your social media accounts, such as Facebook, Twitter, OK, VK or Google Plus or choose to post a comment through your social media accounts) you may allow third parties to collect or share information about you. Because we do not control these other websites, we are not responsible for their privacy notices or how they will handle your personal information.
When you leave our Website, we strongly suggest that you read the privacy notice of every website that you visit.
7. Access To Your Personal Data – Your Rights And How To Contact Us
You have the following rights in relation to your personal information:
Right to withdraw consent: If you have given us consent to use your personal details you may withdraw this consent at any time by emailing us - support@testcard.com. Your withdrawal of consent or objection to processing may mean we cannot perform the services you have requested of us or you may not be able to use the services we offer. We will advise you where this is the case. In certain circumstances even if you withdraw your consent we may still be able to process your personal information if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.
If you have any enquiries and/or wish to exercise any of your rights in this privacy policy please contact us by emailing us - support@testcard.com – or contacting our EU Representative (see details below).
You also have the right to make a complaint about our data processing activities to the Information Commissioner’s Office. Further details can be found at https://ico.org.uk.
8. Retention of Data
We hold your personal information only for as long as is necessary for the specified purpose. Once you have closed your account with us, we will delete all of the personal information that we hold on you apart from your name and email address which we will hold on our marketing database if you agreed to receive news and other communications from us. You may unsubscribe from any of our marketing emails at any time. We will also keep invoicing and other accounting records which are necessary to satisfy HMRC. For payment information records, please see the privacy policies of our payment providers (Section 6.2 above). Anonymised results generated from the testcards and health profile information will be retained for the purposes of improving our analytical algorithms, epidemiology, and will remain in the ownership of TestCard Ltd. This data cannot be associated with an individual’s personally identifiable information.
9. Our Security Standards
We use standard SSL encryption throughout our business. Data on the Website is only accessed through encrypted SSL. All orders placed with us for our products are given an encrypted reference number during the order process in order to enhance the security of our ordering process.
All personal information that you provide to us or that we collect is stored on our secure servers which are located within the UK. We promise that we will do our best to ensure that your personal information is treated securely.
We have appropriate security measures in place (such as encrypted passwords) to protect your personal information from being accidentally lost, used or accessed by someone who does not have permission to access it. We only give access to your personal information to people who need to access it in order to carry out their job such as our website and system administrators, order fulfilment technicians and customer support agents. They will only use your personal information for a specific task and they undertake to keep any information confidential.
We have procedures to deal with any suspected breaches of personal information and if the law requires us to, we will tell you (and any regulator) if there has been a breach.
10. Data Protection Officer
Our data protection officer is available to answer any data protection questions at privacy@testcard.com. The officer independently monitors compliance with all data protection regulations and is subject to strict statutory confidentiality obligations.
The officer is widely involved in all questions associated with protecting the personal information of our users and monitors our processing on an ongoing basis, informs and regularly advises the entire team in order to ensure the best possible protection of all user data.
11. EU Representative
We have appointed Saltire Data Protection Services Limited to act as our representative in the European Union as required under Article 27 EU GDPR. You can always contact us directly if you are located in the EU and wish to raise any issues or queries you may have relating to the processing of your personal data. However, if you wish to contact Saltire Data Protection Services Limited you can do so by clicking this form.
12. Updates
This Privacy Policy is reviewed by us on a regular basis and may be updated from time to time. Please ensure that you are familiar with these changes.