Covid19 Health Clinics Limited will be what’s known as the “Controller” of the personal information you provide to us, which means we’re responsible for protecting the personal information we hold about you.
Why do we have this policy?
Collecting your information
We may hold information about you as a customer, a prospective customer or as a representative of a business customer. We collect this information in a number of ways:
- information is collected through your use of the site and any applications or partnerships;
- information is collected through your communications with us;
- information is collected via our networks when you use any of our services, to enable us to provide the service, and to bill it.
- We may also record and/or monitor calls for quality checks and/or staff training.
Using your information
We may hold and use the following information about you:
- your name, title, place of work, job role, date of birth (Identity Data);
- your phone number(s), address, email address(es) (Contact Data);
- your banking or financial details (Financial Data);
- Test results, booking details and travel declaration information (including customer address, post-code, NHS number, passport number, travel information).
- your interests, preferences, feedback and survey responses (Profile Data);
- details and information about the goods and/or services you receive from us (Usage Data or Transaction Data);
- information about when you contact us and when we contact you (Marketing and Communications Data);
- If we need to collect your personal information by law or under the terms of a contract we have with you and you don’t provide that information, we may not be able to provide you with the applicable products or services. In this case, we may have to cancel a product or service you have with us, but we will tell you if this is the case at the time.
- If a debit or credit card provided to us is identified as having been used fraudulently, we will maintain a record of its use for reporting and preventing fraud.
- We may use your information on the following lawful grounds:
- where we need to in order to perform the contract we are about to enter into with you or have entered into with you;
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- where we need to comply with a legal or regulatory obligation;
- where we are permitted to do so by law;
- where it is in the public interest to disclose the information;
- where it is otherwise permitted under data protection laws.
Generally, we do not rely on consent as a legal basis for processing your personal information.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
The period of time for which we keep personal information depends on how long we are required to keep it by law (in some cases, the law requires us to keep information for a minimum period) or how we use the information. Unless required by law to keep it, we will keep information no longer than we need to for the purpose or purposes for which we collected it.
Keeping in touch
We may use your information to contact you by email, SMS, letter, telephone (including voicemail) or other ways.
Sharing your information:
We may share information about you:
- with anyone we use to help us to operate our business to collect payments or recover debts or to provide a service on our behalf, such as contractors, consultants, advisers and the markets. We will put in place appropriate measures to ensure your personal information remains protected;
- with regulatory bodies, government authorities or ombudsmen schemes or other authorities to comply with our regulatory obligations and industry standards.
- with the police and any other investigatory authority where we consider it reasonable to do so in order to protect our business, premises, visitors and staff.
- with media organisations you’ve spoken to or corresponded with about your account;
- with any individual or entity where we are required to do so by law (for example, pursuant to a court order).
- If you become a customer of Covid19 Health Clinics, or apply for our products or services, we may also use and share information about you as follows:
- with any payment system we use.
- with any laboratory who we arrange to provide testing services to you.
- with government agencies such as Public Health England and the Department for Health and Social Care for any statutory reporting of diagnostic test outcomes for notifiable diseases.
- with credit reference agencies or fraud prevention agencies.
Transfer of information
We may transfer your information to other countries outside the UK, including outside the European Economic Area whose data protection laws may not be equivalent to those in the UK. If we do so, we will put in place appropriate measures for the protection of your personal information in such countries.
Information provided through the Site is stored on our secure servers or those of any third party we engage to provide our IT platform.
Where we have given you, or you have chosen, a password which enables you to access certain parts of our Site, you are responsible for keeping the password confidential and must not share it with anyone. You are responsible for any actions carried out using your password save where there has been fraud.
Whilst we will have appropriate measures in place to protect personal information you send to the Site, we cannot guarantee the security of the internet, so please refrain from sending us particularly private or sensitive details in free text fields. Please only provide such details to the extent that specific data fields are provided. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Under data protection laws, you have the following rights in relation to your personal information:
- Request access to your personal information i.e. a right to be told whether we hold your personal information and, subject to certain exceptions, to be provided with a copy of such information.
- Request correction of your personal information i.e. a right to have any incomplete or inaccurate personal information we hold about you corrected.
- Request erasure of your personal information i.e. a right to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
- Object to processing of your personal information i.e. where we are relying on a legitimate interest and there is something which makes you want to object to processing on this ground because it impacts on your fundamental rights and freedoms.
- Request restriction of processing your personal information i.e. a right to ask us to suspend the processing of your personal information in certain scenarios.
- Request transfer of your personal information i.e. a right to have any information which we used to perform a contract with you transferred to you or a third party of your choice.
- Right to withdraw consent.
If you would like to exercise any of these rights, please do so in writing to firstname.lastname@example.org. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we can refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will let you know and keep you updated.
Third party links
Our site may contain links to the websites of third parties. If you follow a link to any third-party website, please note that these websites will have their own privacy policies and that we do not accept any responsibility or liability in respect of the same.