1. Meaning of Terms that we use
- TestCard means the company TestCard Ltd registered in England under the company number 10764577;
- “testcard” means the testing kits which are supplied by us;
- TestCard App means the software application made available to you by us and which enables you to obtain a test result;
- you, your and yours are references to you the person accessing our products and services;
- we, us, and our references to TestCard Ltd registered in England under the company number 10764577; and
- Website is a reference to www.testcard.com.
2.1 Responsible Entity
We are TestCard Ltd (company number 10764577), a company registered in England, with our registered office address at Unit 6 Betton Business Park, Racecourse Road, East Ayton, Scarborough, YO13 9HD (TestCard).
This policy explains how we use the personal information which you provide to us including when you use our platforms including; our Website and the TestCard App. We take our responsibilities for managing your personal information seriously and we explain in this document how we collect your personal information and what we do with it.
2.2 Structure of our Policy
When we say your “personal data” or “personal information” we mean any information that identifies you as a person.
You can read more information about how we process your personal information by clicking on the various sections below:
- Responsible Entity
- Structure of our Policy
What information do we collect from you?
- Ordering our products
- Customer Services and Support Requests
- Guest User Services
- Registered User Account
- How do we collect data from you?
How do we use your personal information?
- Providing Products and Support Services
- Improving our Product and Services
- Customising and Improving Your Results
- Marketing and Promotional Information
Sharing your personal information with third parties
- Overview of third parties information sharing
- Examples of third party information sharing
- Third Party Websites, Plug-ins and Apps
- Cookies - What are they and how do we use them?
- Access to your personal data – your rights and how to contact us
- Retention of Data
- Our Security Standards
- Data protection officer
- EU Representative
3. What information do we collect from you?
We collect personal information from you in order to provide you with our services, when you contact or request information from us or when you use our Website and TestCard App. The types of information we may collect can be found in the sections below.
3.1 Ordering our products
We will require you to provide the following personal information to process your product order online and to dispatch products to you; contact information such as your name, title, address, telephone number, email address, payment details.
If you purchase one of our products in a retail store, we will not require any of your details to complete the order.
3.1 Customer Services and Support Requests
If you contact our customer services team, you may be required to provide us with your contact details (name, title, telephone number and email address) for us to communicate with you effectively and solve any queries you may have.
3.3 Guest User Services
If you are a guest user, we will process the information listed below in order to provide our basic services. As a guest user, your test results will not be linked with any personal information you provide when ordering the product online. As a guest user, the information below will be collected on an anonymised basis:
- Test scanning performance information - this is anonymised and does not identify you personally.
- Device related information - This includes your; Device Identification (ID) Number, Device Manufacturer, Device Model and Operating System Version. This information will be collected whilst you use our TestCard App to secure our system and detect any potential breaches.
- Internet Protocol (IP) Address
As a Guest User, you will not be able to retain any testing data as it will be anonymised in our system.
3.4 Registered User Account
If you decide to set up a registered user account (optional), you will be able to store your previous test data and contact details in our system, which you can view at any time in your account area. If you do not consent to this necessary processing, you cannot create a user account. To create a user account we require and process the following personal data: contact information such as your name, address, telephone number and email address; password, language, country location, timezone, IP address.
We will use your personal information to provide the following services:
- Displaying your previous orders - linking your personal information to your order history
- Communicating with you about your support requests - using your contact information to engage and interact with you
- Retain results of the tests conducted using your TestCard registered user account
When you create a registered user account, you have the option to provide further personal information about your health. We use this optional information to help make some of our product test results more relevant to you. Your biological make-up can influence the recommendations we provide for your results. The optional information you may provide includes; date of birth and special category data such as biological sex, height, weight, biological ethnicity and health conditions.
4. How do we collect data from you?
You may provide us with personal information in one of the following ways when you engage us to provide products or services:
- Contact via Telephone (support services) - This information will be used to contact and interact with you if you have any service related queries (see Section 3.2).
- Contact via our Website or the TestCard App (support services) - you will be required to leave your contact details through a support form (see Section 3.2).
- Contact via Chat bot or Live Chat agent (support services) - to allow our customer service team to contact you (see Section 3.2).
- Purchasing our products - When you purchase a product directly from our Website or the TestCard App, you will be required to enter in your personal information for delivery (see Section 3.1).
One of our team members may, in the course of assisting you with a query or when we provide services to you, ask for your consent to use your details for further purposes such as marketing and other promotional activities (see section 5.4). When we do this, you will be clearly advised and your specific consent will be required before we can use your information for such activities.
We may also gather personal information about you from third parties such as the country you are from, the device you used to visit our Website and the TestCard App (including IP addresses), and the pages you visit. We will do our best to ensure that the businesses that provide us with this information do so lawfully.
5. How do we use your personal information?
Under data protection law, we can only use your personal information if we have a proper reason for doing so.
This will be for one of the following reasons:
- For the performance of our contract with you or to take steps at your request before entering into a contract;
- To comply with our legal and regulatory obligations;
- For our legitimate interests or those of a third party;
- For the establishment, exercise or defence of legal claims or proceedings; or
- Where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
We may process special category personal data for the following reasons:
- Where you have given your explicit consent;
- For compliance with a legal obligation;
- For the purposes of establishing, exercising or defending legal claims;
- Where it is in your vital interests;
- Where you have made the personal data public; and/or
- For compliance with an employment law obligation.
There may be additional reasons which will be notified to you where they apply.
When we refer to special category data we mean information such as about health, race or ethnicity, religious beliefs, sexual orientation and marital status. Information about criminal convictions is also included within this type of data.
5.1 Providing Products, Services and Support Services
We use your personal information to open a registered account with us, to send you our products, to provide you with our TestCard services and to contact you about the services that we are providing to you. Reminders and updates will be sent to you using the contact information that you provide to us or as push notifications from the TestCard App on your device. Use of our Website, TestCard App and app extensions allow you to actively and voluntarily enter personal information. Without your personal contact information, it is impossible for us to provide our product and support services to you.
5.2 Improving our Product and Services
We may analyse your anonymised usage data and statistical background information in order to improve our business, our TestCard App, our Website and customer services. This information is anonymised and cannot be traced back to you. This allows us to better understand user trends and to highlight key areas for improvement. Without your personal information, we are unable to enhance your experience or improve our services.
Feedback and complaints will be linked to the provided personal information in order to provide support and respond to the request.
5.3 Customising and Improving Your Results
Personal biological information such as demographics, biological ethnicity and medical conditions provided by you may be used to influence the information we provide to you about your results. This information is reported via the TestCard App and is stored securely. Previous (historical) results may also be used in this manner. This data allows us to customise and improve your experience by connecting your diagnosis with other recommended influential factors in the diagnosis process.
Usage data and activity on the Website and within the TestCard App will also be monitored to improve the overall user experience and that our services benefit our users in the most effective way. For example, we may use activity data to optimise or highlight key pieces of information on specific notification alerts, product pages or menu designs. This will allow us to continually develop, test and launch new features - conducting regimented usage and security tests before live updates are released. These improvements are provided to you, for example, via product or regular app updates.
5.4 Marketing and Promotional Information
We may use your personal information to contact you about product offers, promotions and other news or information about our business. This will allow us to highlight user stories or recommendations that might be of interest to you alongside product related discounts or offer codes. We will obtain your consent before using your personal information for other purposes under special circumstances, such as a user study.
You can update your marketing preferences at any time by clicking ‘unsubscribe’ on our newsletters or by updating your account settings. We will continuously improve our marketing content to ensure it is relevant and tailored for the best possible service.
6. Sharing your personal information with third parties
6.1 Overview of third parties information sharing
In order to provide our services and operate our Website and the TestCard App, we use various third parties which are carefully selected by us. These parties include companies which provide business functions such as email, marketing assistance, accounting, payment processing, data management, website support and business advice.
6.2 Examples of third party information sharing
We may have to share your personal information with third parties in certain circumstances. Some examples of these scenarios are set out below:
- Legal purposes - we may be required to share your data with law enforcement or government agencies. This may be as part of an investigation, fraud prevention or similar.
- Business reorganisation - if we are involved in an acquisition, a merger, sale of assets or liquidation we may be required to share specific user data. If this circumstance arose, appropriate undertakings would be obtained from the third party.
- Financial Transactions. - we process payments through third party payment providers including Stripe, Judopay or Paypal. You can find more information about how Stripe manages your data here, Judopay here and Paypal here.
6.3 Third Party Websites, Plug-ins and Apps
Sections of our Website and the TestCard App, such as our blog articles and press media pages, can include links to other websites, plug-ins and apps which we do not own or control. These external links will provide you with additional information, products and services that will improve your experience - such as; retail pharmacy partners, online doctors or support articles for your health.
If you click on those links, activate the plug-ins or apps, (for example; if you click on a link to share our blog article to your social media accounts, such as Facebook, Twitter, OK, VK or Google Plus or choose to post a comment through your social media accounts) you may allow third parties to collect or share information about you. Because we do not control these other websites, we are not responsible for their privacy notices or how they will handle your personal information.
When you leave our Website, we strongly suggest that you read the privacy notice of every website that you visit.
7. Access to your personal data – your rights and how to contact us
You have the following rights in relation to your personal information:
- Access to the personal data we hold on you:: You have the right to ask us for a copy of the personal information we hold on you, called a “subject access request”. There is no fee for this. However, requesting subsequent copies of such information within an unreasonably short period may be chargeable.
- Right to rectify or erase your personal data: You also have the right to have any inaccuracies corrected or removed. You have the right to close your account using the account deletion process in the App and the Website. This will permanently remove all of your personally identifiable data.
- Right to withdraw consent: If you have given us consent to use your personal details you may withdraw this consent at any time by emailing us - firstname.lastname@example.org. Your withdrawal of consent or objection to processing may mean we cannot perform the services you have requested of us or you may not be able to use the services we offer. We will advise you where this is the case. In certain circumstances even if you withdraw your consent we may still be able to process your personal information if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.
- Right to limit processing your data: You may also instruct us to cease processing your data if no longer relevant, or if there are no other legal or contractual obligations for us to do so.
You also have the right to make a complaint about our data processing activities to the Information Commissioner’s Office. Further details can be found at https://ico.org.uk.
8. Retention of Data
We hold your personal information only for as long as is necessary for the specified purpose. Once you have closed your account with us, we will delete all of the personal information that we hold on you apart from your name and email address which we will hold on our marketing database if you agreed to receive news and other communications from us. You may unsubscribe from any of our marketing emails at any time. We will also keep invoicing and other accounting records which are necessary to satisfy HMRC. For payment information records, please see the privacy policies of our payment providers (Section 9.2 above). Anonymised results generated from the testcards and health profile information will be retained for the purposes of improving our analytical algorithms, epidemiology, and will remain in the ownership of TestCard Ltd. This data cannot be associated with an individual’s personally identifiable information.
9. Our Security Standards
We use standard SSL encryption throughout our business. Data on the Website is only accessed through encrypted SSL. All orders placed with us for our products are given an encrypted reference number during the order process in order to enhance the security of our ordering process.
All personal information that you provide to us or that we collect is stored on our secure servers which are located within the UK. We promise that we will do our best to ensure that your personal information is treated securely.
We have appropriate security measures in place (such as encrypted passwords) to protect your personal information from being accidentally lost, used or accessed by someone who does not have permission to access it. We only give access to your personal information to people who need to access it in order to carry out their job such as our website and system administrators, order fulfilment technicians and customer support agents. They will only use your personal information for a specific task and they undertake to keep any information confidential.
We have procedures to deal with any suspected breaches of personal information and if the law requires us to, we will tell you (and any regulator) if there has been a breach.
10. Data protection officer
Our data protection officer is available to answer any data protection questions at email@example.com. The officer independently monitors compliance with all data protection regulations and is subject to strict statutory confidentiality obligations.
The officer is widely involved in all questions associated with protecting the personal information of our users and monitors our processing on an ongoing basis, informs and regularly advises the entire team in order to ensure the best possible protection of all user data.
11. EU Representative
We have appointed Saltire Data Protection Services Limited to act as our representative in the European Union as required under Article 27 EU GDPR. You can always contact us directly if you are located in the EU and wish to raise any issues or queries you may have relating to the processing of your personal data. However, if you wish to contact Saltire Data Protection Services Limited you can do so by clicking this form.
Last updated August 2021