1 Lower Grosvenor Place,
28-32 Brompton Road
1. About Us
1.1. The Trustees of the London Covid testing is a company limited by guarantee . Our registered office at 1 Lower Grosvenor Place, Belgravia, SW1W 0EJ. Throughout this notice, the terms “The London Covid Testing”, “we”, “us” or “our” are used.
1.2. We are the data controller and are responsible for your personal data.
1.3. We have appointed a data protection officer. If you have any questions about this privacy notice or our privacy practices, please get in touch using the contact details in section 12.
2. About this privacy notice
2.1. This privacy notice sets out how we will collect and process your personal data through your use of our website.
2.2. You should read this notice carefully together with any other privacy or fair processing notice that we provide on our website.
2.3. We provide more information about other aspects of our privacy practices in the following separate notices:
2.4 This privacy notice does not cover:
3, Information we collect about you
3.1. Personal data means any information about an individual from which they can be identified.
3.2. We collect, use, store and transfer different types of personal data about you, which we have summarised below.
This includes your full name, title or marital status.
This includes your email address and/or telephone number.
If you are making a donation, we may process your bank account details, payment details, including debit and credit card information, and whether you are a taxpayer.
If you are making a donation, this includes details about your transaction.
This includes your IP address, geographical location, browser type and version, operating system, referral source, length of visit and page views.
This includes your preferences for how we contact you.
This includes information about how you use our website and whether you have engaged with certain online campaigns that we are running.
This includes your preferences for receiving marketing from us.
This includes feedback and opinions that you provide to us when responding to surveys.
This includes any information you provide to us via our website about your health and medical conditions, genetic and biometric data, race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation. It also covers political views, or trade union membership. These types of information have additional safeguards under data protection legislation.
This includes statistical or demographic data that may be derived from your personal data but we cannot use it to directly or indirectly identify you.
4. How we obtain your information
4.1. You can provide us with information about yourself using the forms on our website. This is how we obtain most of the identity, contact, financial, transaction, communications, marketing, profile and special categories of personal data summarised above.
4.2. Please be aware that we make use of automated technologies to collect technical and usage data about you. You should read our Cookies Notice for more information.
4.3. We use third parties to power some of the functions on our website. They may provide us with transaction, technical and usage data information about you. For example, if you make a donation via our website we may receive information about you from our payment providers.
4.4. We may match up information obtained via our website with other information that we hold about you. For example, if you are a registered patient and contact us through our website with a query about your bill.
5. How we use your information
5.1. We have summarised how we use your personal data below.
Depending on the nature of your query, we may use your identity, contact, financial, transaction, payment, profile, or special category data to respond. We may process this information under the following legal grounds: performance of a contract, legitimate interest, consent or provision of medical care.
We may process your identity, contact and technical data for troubleshooting, data analysis, testing, systems maintenance and reporting. This is necessary for our legitimate interests and in some cases to comply with our legal obligations.
We may process your identity, contact, usage, communications, profile and technical information. This is necessary for our legitimate interests.
We may process your identity, contact, usage communications and technical information. This is necessary for our legitimate interests.
We may use your identity, contact, financial and payment details to process your donation. We may process this information under the following legal bases: legitimate interest, or legal obligation.
5.2. We may process your personal data on more than one legal ground, depending on the specific purpose for which we are using it.
5.3. We will only use your personal data for the purposes for which we collected it or for another reason that is compatible. If you would like more information, please get in touch using the contact details in section 12.
6. Sharing your information
6.1. Depending on the purpose for which we obtained your information, we may need to share it, as relevant, with our:
6.2. We will never share your information with third parties so that they can market their goods and services to you.
7.1. We have put in place appropriate security measures to prevent your information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
7.2. We also limit access to your information to those employees, agents, contractors and other third parties who have a business need to know. They will only act on our instructions and they are subject to a duty of confidentiality.
7.3. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Controlling your personal information
8.1. We have a dedicated section on our website dealing with access to medical records.
8.2. The Data Protection Act 2018 gives you various rights in relation to your personal data. We have summarised these below.
This is known as a data subject access request. You can receive a copy of the personal data that we hold about you.
You can correct any incomplete or inaccurate personal data that we hold about you.
You can ask us to delete or remove your personal data where:
We cannot always fulfil your request if there are specific legal reasons requiring us to retain your personal data. We will explain these to you, if applicable, when responding to your request.
You can object to our processing of your personal data if:
You can ask us to suspend processing of your personal data if:
You can request that we provide you or your chosen third party with your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information that you consented to us using or where we used the information to perform a contract with you.
If you gave us consent to process your personal data, you can withdraw that consent at any time.
8.3. If you have any questions about your rights or would like to exercise them, please contact our data protection officer using the contact details in section 12.
8.4. We may need certain information from you to help us confirm your identity and verify your rights. This is a security measure to ensure we do not disclose personal data to someone that does not have the right to receive it.
8.5. We aim to respond to all legitimate requests within 1 month. We will notify you if we believe it will take longer than this, for example if your request is complex or if you have made numerous requests.
8.6. We do not generally charge a fee if you want to exercise any of your rights under the Data Protection Act 2018.
8.7. If your request is clearly unfounded, repetitive or excessive:
9. International transfers
9.1. Some of the third parties that we work with are based outside of the UK or the European Economic Area.
9.2. Whenever we transfer your personal data outside of the EEA, we protect it by:
10. Data Retention
10.1. We will only retain your personal data for as long as is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
10.2. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
10.3. To determine the appropriate retention period for personal data, we consider:
11. Third party links
Our website contains links to third party materials, resources, websites, plug-ins and applications. These are outside of our control and you should check the privacy notices of all third parties carefully.
12. Contact us
If you would like to get in touch about this privacy notice, our privacy practices or to exercise your rights under the Data Protection Act 2018, please contact our data protection officer via email@example.com
Please contact us if you have any concerns about our privacy practices. We value the opportunity to respond to your query and will do our best to resolve an issue.
You also have the right to raise a complaint with the Information Commissioner’s Office at any time using the contact details available at www.ico.org.uk.
14. Downloading this privacy notice
If you would like a copy of this privacy notice in full, please right-click while on this page and use the ‘Save as’ option provided by your browser.
15. Updates to this privacy notice
We may make changes to this privacy notice from time to time by updating this page. You should check back regularly to ensure that you have read and understand any changes.
Last updated: October 2020