Skip to content

LetsGetChecked Privacy Policy

Overview

LetsGetChecked ("we", "us" or "our") is committed to protecting and respecting your privacy. This privacy statement ("Privacy Statement"), together with our Cookies Policy, describes the types of Personal Information collected and created in connection with your use of our Products and Services (including use of our LetsGetChecked iOS and Playstore Mobile Applications, collectively the “Apps”), how and why we use such Personal Information, who we share it with, and your legal rights. Please read the following carefully to ascertain how we process your Personal Information (or "Information").

We may, from time to time, provide links on www.LetsGetChecked.co.uk (the "Site") or our Apps to the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy statements and that we do not accept any responsibility or liability for their privacy or security practices. Please check these privacy statements before you submit any Personal Information to these websites.

For residents of the United Kingdom and the European Economic Area (the "EEA"), the service provider and the controller of your Information is PrivaPath Diagnostics Limited, trading as LetsGetChecked, a company registered in Ireland with registration number 531029 and its registered office at Unit 3, Adelphi House, George's St. Upper, Dun Laoghaire, Co. Dublin, A96 NY82, Ireland.

For residents of the US and non-EEA countries, the service provider is LetsGetChecked Inc., a Delaware corporation assigned number SR 20150809693, with a registered office at 100 Beach Drive, St Petersburg FL 33701-3968. LetsGetChecked is a registered business name with registered number #G15000103268. If you are resident of US and non-EEA countries, or using our Products and Services from these locations, our US Privacy Notice may apply.

Any defined terms in the Terms of Use (which govern your access to and use of our Site) shall have the same meaning when used in this Privacy Statement.

What Information we collect

When you access the Site or use our Products and Services, including our Apps, we collect, receive or otherwise process Information in several different ways. In many cases, you choose what Information to provide. Some Information is required in order for us to provide our Products and Services. We use your Information for the purposes described further below.

We may collect and process the following types of Information about you:

  • Purchase and assistance Information.We collect Information when you purchase our Products and Services, including when you phone our Support Team. This Information will include name, gender, contact Information, billing address, delivery address and any further Information you volunteer to provide through the Site or Apps.

  • Health-related data.When you purchase or use our Products and Services, we will collect and process data concerning health, including Samples, Test Information or any further Information we might receive from Accredited Laboratories. When you activate a Service or Product, we will collect and process Information relating to your personal health record as well as a suitability questionnaire to confirm that the Service or Product is appropriate to your needs. You may also provide Information to us if you connect a wearable device to one of our Products or Services.

A note on COVID-19. If you are using our COVID-19 testing services, we may collect Information from you such as symptoms you may be experiencing, and a sample to enable us to test you for COVID-19. We will then perform the testing and obtain your test results as a consequence. More information about how COVID-19 related Information may be used and disclosed by us is discussed in the following section “How we use your Information”, however please note that we generally collect your consent for use and disclosure of COVID-19 testing results, for example if sharing results with your employer or educational institution. While we generally limit collection, use and disclosure of COVID-19 related Information to supporting COVID-19-related efforts or epidemiological research, we may use Personal Information collected from the Apps as described within this privacy notice, with your consent, or where another legal basis applies. Please be assured that we do not engage in sale of Personal Information, and only share Information where required to support in the delivery of our Products and Services or as described in this Privacy Statement.

  • Genetic and Genetic-Related Data.This is data relating to the inherited or acquired genetic characteristics of a natural person which give unique Information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question (“Genetic Data”). Our collection of Genetic Data may include physical samples provided in connection with your use of our Products and Services (such as a blood sample, saliva sample, or nasal swab). We may also request or generate Genetic Data, medical history, family history, known familial genetic conditions or mutations where necessary to provide our Products and Services;

  • Biometric and Identity Verification Data.In connection with certain Products and Services, we may collect documentation (such as a government issued ID) or your biometric data, such as a face scan, for the purposes of verifying your identity.

  • Correspondence.We will collect and maintain your contact details when you communicate with us, sign up for promotional material, participate in special promotions, or connect with us through social media. If you contact us by email, we may keep a record of that correspondence. If you make a request with regard to the handling of your Personal Information, we may retain Information regarding the request and any actions we take or correspondence we provide in response to such request.

  • Website and device Information.We collect Information about your browser or device, including, where available, your IP address or device ID, operating system and browser type. We also collect details of your visits to our Site and Apps including, but not limited to, traffic data, location data, the resources that you access, web logs and other communication data. Our Site and Apps also use cookies. For detailed Information on the cookies we use and the purposes for which we use them, see our Cookies Policy. We may also ask you for Information when you report a problem with our Site or Apps. You may also choose to provide us access to certain features of your device, including allowing LetsGetChecked’s App to access your mobile phone camera to take pictures. This will enable you to use QR codes on our home sample collection kits (allowing you to quickly input kit details and codes, rather than hand typing), and in some cases to verify your identity (for example to allow you to photograph and share with us a passport-style photo or proof of government issued identification or other documentation). 

  • Survey Information.If you respond to any surveys that we might request, which are completely voluntary, we will process your responses.

  • Video Surveillance/CCTV. LetsGetChecked uses video surveillance/CCTV at our offices to ensure the security of our facilities, our assets and individuals who visit our offices.

How we use your Information

We use the Information we have to help us provide, operate, improve, understand, customize, support, and market our Products and Services, and for purposes described in this Privacy Statement. The broad uses of your Information are described below. As required under the GDPR and other applicable laws, we have also specified the legal bases which we rely on to process your Information.

Where legally required, we rely on your explicit consent to process your Information as follows:

  • To collect, store, and process relevant health-related data and Genetic Data, such as identifiable Information related to your past, present, and future health and healthcare, for the purposes of performing health diagnostic testing, genetic testing and genetic sequencing, and providing our health testing and genetic testing Products and Services.

  • To receive, store and analyse your Samples at Accredited Laboratories.

  • To receive, review, store and communicate your Test Information to you, including by presenting your Test Information and other reported history via the LetsGetChecked secure environment.

  • In some cases, to verify your identity.

  • To provide you with your results and, in some instances, relevant treatment options or sharing your Information where we have legal basis to do so.

  • To de-personalise your Information for use for service improvement, product quality improvement and/or research, as relevant.

  • To contact you with offers, updates and news related to Services and Products you have purchased, unless you choose not to receive these. With your consent, we may also share Personal Information with third parties for advertising purposes.

  • We may use your Personal Information for research purposes where we have a legal basis to do so, or may contact you about research opportunities, clinical trials, or clinical treatments for you when appropriate. The legal basis for this activity is express prior consent (e.g. to participate in a research study), or if consent is not required as a legal basis for such activities, LetsGetChecked is acting in its legitimate business interests where not overridden by your interests or fundamental rights and freedoms.

You can withdraw your consent to this processing at any time. Withdrawing your consent stops future processing and does not affect any processing we have already undertaken. Without your consent, however, we shall be unable to provide most of our Products and Services to you. 

To fulfil our contract(s) with you, we process your Information – including data concerning your health and medical history – as follows:

  • To fill and support your purchases of our Products and Services, including to process payments and to provide customer assistance.

It is in our legitimate interests to process your Information as follows:

  • To ensure that content from our Site and Apps is presented in the most effective manner for you and your device.

  • To contact you with offers, updates and news related to Services and Products you have purchased, unless you choose not to receive these.

  • To communicate with you via various channels including by phone, SMS text message, email, and physical mail, to support in the delivery of Products and Services or to send you important account-related communications. For example, communicating with you by phone to discuss your results, or sending you an email or text message to notify you that your results are ready.

  • To analyse Information provided by you and others to help us administer, support and improve our business.

  • To detect, investigate and prevent activities that may violate our policies or agreements or be illegal, including by sharing Information with law enforcement.

  • To ensure the security of our facilities, our assets and the people who visit our offices. This may be through the use of video surveillance/CCTV.

We are legally obligated to process your Information as follows:

  • To retain certain records about the handling of any Samples you send us for regulatory purposes.

  • To fulfil any applicable legal and regulatory requirements, for example regulatory reporting obligations to health agencies, or retaining certain tax and accounting records for financial reporting. For COVID-19 testing we use your Information to provide you or any authorized parties (such as an employer or other organization that you have consented to us sharing results with) with testing services, and to support in public health efforts or research (for example, reporting positive test results to local health agencies where legally required). If we use your Personal Information or Test Information for anything beyond this, we will ask for your explicit consent or else explain the legal basis for any further use of your data, if such use does not rely on your consent.

  • To ensure appropriate security measures are in place to protect our assets which include the personal data of our individuals who use our services. This may include the use of video surveillance/CCTV.

Please be assured that we do not engage in sale of Personal Information, and only share Information where required to support in the delivery of our Products and Services. 

Children’s privacy

We will not knowingly collect Personal Information from Site and Apps users that are under 18 years of age. We are relying on your undertaking in the Terms of Use that you are over 18 years of age. You should not use the Apps, Site or its Services, including purchase Products, if you are not 18 years of age or older. If you believe we might have Information from or about an individual under 18 years of age, please contact us at dpo@letsgetchecked.com.

Where we store your Information

The Information that we collect from you may be transferred to and stored with an Accredited Laboratory (as defined in the Terms of Use) or any supplier of data processing and data hosting services to us at a destination within the EEA. It may also be processed by staff operating inside the EEA who work for any of them. Such staff may be engaged in, among other things, the fulfilment of your order, the provision of data processing and data hosting services to us.

In certain cases, we transfer and store certain Information outside the EEA, such as to the United States. In such cases, we use a legal mechanism known as “standard contractual clauses” to protect Information transferred outside the EEA. Standard contractual clauses refer to contracts between companies transferring Personal Information that contain standard commitments, approved by the European Commission, protecting the privacy and security of the Information transferred. To request a copy of the clauses, please email us at dpo@letsgetchecked.com.

How we secure your Information

All Information you provide to us in purchasing or availing of our Products or Services are stored on our secure servers or else on secure servers used by our service providers. Any payment transactions effected by us will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site or Apps, you are responsible for keeping this password confidential. You must not share a password with anyone.

Unfortunately, the transmission of Information via the internet is not secure and if you request that we communicate with you using a secure means of communication, we can arrange to do this. Once we have received your Information, we will impose obligations of confidentiality and security on any of our service providers who process the Information.

We maintain appropriate physical, electronic, standard security practices, including encryption, passwords and physical security measures, and managerial procedures to protect the security and confidentiality of your Personal Information. Only a limited number of our internal staff are authorised to access, delete or modify your data.

Disclosure of your Information

We share Information with service providers, affiliates, partners, and other third parties where it is necessary to provide the Products and Services, or for any other purposes described in this Privacy Statement. In particular, we may share your Information with certain third party suppliers and service providers to help us operate, provide, improve, understand, customize, support, and market our Products and Services. We will take all steps reasonably necessary to ensure that your Information is treated securely and in accordance with this Privacy Statement by imposing obligations of security and confidentiality on such service providers. 

Your Information may be provided as necessary to the following categories of recipients:

  • Accredited Laboratories

  • Couriers

  • Communications and marketing service providers

  • IT systems and IT service providers (such as those who host our data and Information systems)

  • Analytics providers

  • Legal or financial advisors

  • Government/regulatory/law enforcement agencies pursuant to legally binding order or where legally required, for example where we are required to report positive test results of certain communicable diseases to local health authorities.

We may disclose and transfer your Information to our Accredited Laboratory for the purpose of 

  1. accepting and processing an accepted order by us

  2. in order to procure the Product is delivered to you by it, and 

  3. to test any Sample provided and make your Test Information available to you on our secure Account on our Site and Apps.

To process a request for a Product and for our Accredited Laboratory to test the Sample and send you the Test Information, we need to disclose Information within our company including to the Medical Practitioner, to our Accredited Laboratory and our IT services providers. Your request for a Product will result in your order details being accessed by and processed by our Accredited Laboratory and our IT service providers. 

The Accredited Laboratory shall have access to minimum data required to process your sample, including your date of birth, your Sample, Information relevant to your test (such as your gender), and the test results created therein. 

For research, development, publications, and analytics purposes, we may also share Personal Information where we have your consent or some other legal basis to do so. We may engage in collaborative research with third parties (for example, health, educational, or government institutions, or private companies) related to the development of new tests, validation of existing testing processes or technologies, or to improve existing products and services. We may also disclose de-identified Genetic Data to public databases for the advancement of medical research; this enables improved understanding of how genetics may impact the risk of certain diseases or health conditions. We may include de-identified Genetic Data in our research databases, which may be accessible, searchable, and downloadable by third parties (including researchers and the public). More information about this will be available on any consent forms provided to you if you are using Products and Services that involve genetic testing, genetic sequencing, or processing of your Genetic Data. We and/or our workforce members may be involved in the creation of publications, and this may include collaborating with third parties. Where this is done, it will involve only de-identified Personal Information.

If any third party has provided, subsidized or paid for the Products and Services you are using, your Personal Information may be shared with them as required by the contract between us and that third party. This may include identifiable results reporting (for example, reporting COVID-19 testing results to your employer, if they are performing a testing program for health and safety in the workplace). If you are a participant in such a program, you will be provided with a program specific privacy notice and/or consent form as required.

In instances where our business is subject to a re-organization, such as a merger or acquisition of some or all of its assets, we may, in accordance with our legitimate interests, need to share Information in the course of the transaction. In such circumstances, your Information may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status of LetsGetChecked.

If you send offensive or objectionable content or otherwise engage in any disruptive behaviour on the Site, we can use your Information to stop such behaviour and pursue our legitimate interest to prevent such behaviour on our Site. This may involve informing relevant third parties, such as law enforcement agencies about the content and your behaviour.

Equally, we may retain, preserve, or disclose your Information if we have a good-faith belief that it is reasonably necessary to (i) respond, based on applicable law, to a legal request (such as a subpoena, a search warrant, court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce the agreements we have with you; (e) prevent physical injury or other harm to any person or entity, including yourself and members of the general public. For example, your IP address may be supplied to regulatory authorities in connection with fraud or other formal investigations.

We may share information with advertising partners or service providers to contact you with offers, updates and news related to Services and Products you have purchased, unless you choose not to receive these. With your consent or another applicable legal basis, we may also share Personal Information with third parties for advertising purposes.

We may pass aggregate Information on the usage of our Site and Apps to third parties. Unless required to do so by law, we will not otherwise share, sell or distribute any of the Information you provide to us without your consent or other legal basis.

How long do we keep your Information?

We retain your Information in our server logs, our databases, and our records for as long as necessary to provide the Products and Services. In some cases we may retain some of your Information for a longer period, where we have a legitimate business interest to do so (such as to contact you to provide you with relevant Information about our Products and Services or to maintain your account with us), in order to comply with our legal or regulatory obligations, to resolve disputes or defend against legal claims, or to enforce our Terms of Use.

Any data recorded on video surveillance/CCTV systems shall be kept for no longer than is considered necessary. Normally data recorded on video surveillance/CCTV systems will not be retained beyond a maximum of 30 days. Data recorded on video surveillance/CCTV systems may however be retained beyond a maximum of 30 days in circumstances where the data is required for evidential purposes and/or legal proceedings.

Your rights

If you live in the EEA or the UK, you may have certain rights in relation to your Information that we process. While some of these rights apply generally, others apply only in certain circumstances. To exercise your rights or to submit a question, you can email us at dpo@letsgetchecked.com.

  • Access.You have the right to request a copy of your Information that we process. You may exercise this right in the "Privacy Settings" section in your user account. If you require additional access, please email us. This right also applies to personal data captured by video surveillance/CCTV recordings.

  • Correction.If you discover that we hold inaccurate Information about you, you have a right to ask us to correct that Information. You can correct account Information by logging into your account. For other corrections, please email us.

  • Erasure.You have the right to request that we delete your Information. We may refuse this request if (a) the Information is still necessary for the purposes that we collected or processed it or (b) we still have a legal basis to process it, even after you’ve withdrawn consent. You can exercise this right in the “Privacy Settings” section of your user account or you can email us.

  • Restriction.You have the right, in some cases, to restrict the processing of your Information, such as where you have exercised your right to object and we are reviewing your objection. For more information, please email us.

  • Objection.You have the right to object to us using your Information based on our legitimate interests described above. In such cases, we will cease processing your Information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing, you can always object by using the unsubscribe link in such communications, changing your account settings or, if you do not have an account, you can email us.

  • Portability.You have the right in some cases to port your Information from us to a new data controller. We can refuse this request if (a) our processing is not based on your consent or our contract with you, or (b) the data are not stored electronically. You can exercise this right through the “Privacy Settings” section in your user account to download your data in XML format. Alternatively, you can email us.

  • Withdraw consent.You can withdraw your consent to processing at any time by deactivating your account through the “Privacy Settings” section in your user account or by e-mailing  dpo@letsgetchecked.com. Withdrawing your consent does not affect processing that has already occurred. Where you withdraw your consent, we will no longer process your Information based on your consent. We may process your Information if another legal basis applies, for example, if we are legally obligated to store certain records or if your withdrawal of consent was limited to certain processing activities.

  • Complain.You have the right to lodge a complaint with our lead supervisory authority – the Data Protection Commission (www.dataprotection.ie) – or the data protection supervisory authority for your EEA jurisdiction. If you are considering lodging a complaint, we would appreciate the opportunity to try and resolve your issue before you submit your complaint.

If you’re a UK resident or using our Products and Services in the UK, you may be entitled to exercise your rights under the UK GDPR. These are broadly the same rights as listed above, although your supervisory authority is the UK Information Commissioner’s Office (https://ico.org.uk/). LetsGetChecked takes the protection of Personal Information seriously, and has appointed DataRep UK as their Data Protection Representative in the UK so that you can contact them directly regarding rights or questions you have relating to the UK GDPR.

If you want to raise a question to LetsGetChecked or exercise your rights under UK GDPR, you may do so by:

  • Sending an email to DataRep UK at: LetsGetChecked@datarep.uk

  • Mailing your inquiry to: 107-111 Fleet Street, London, EC4A 2AB, United Kingdom.

Please ensure your request is addressed to DataRep, not LetsGetChecked, though do mention LetsGetChecked in the request or question itself.

If you have questions on DataRep’s own privacy practices when handling any requests or questions you make, please refer to www.datarep.uk/privacy-policy

Changes to our Privacy Statement

From time to time, we will make changes to this Privacy Statement. Any changes we may make in future will be posted on this page. If we materially change our Privacy Statement, we will take steps to notify you, for example by emailing you or by posting a notice on the Site.

Contact us

Questions, comments and requests regarding this Privacy Statement are welcomed and should be addressed to our Data Protection Officer (DPO) at dpo@letsgetchecked.com.

If you are a resident of the UK and want to raise a question to LetsGetChecked or exercise your rights under UK GDPR, you may prefer to contact our appointed UK representative rather than directly contacting our Data Protection Officer. You may do so by:

  • Sending an email to DataRep UK at: LetsGetChecked@datarep.uk

  • Mailing your inquiry to: DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom.

Please ensure your request is addressed to DataRep, not LetsGetChecked, though do mention LetsGetChecked in the request or question itself.

If you are a resident of Switzerland and want to raise a question to LetsGetChecked or exercise your rights under the Swiss Federal Act on Data Protection(FADP), you may prefer to contact our appointed Swiss representative rather than directly contacting our Data Protection Officer. You may do so by:

Sending an email to DataRep at: LetsGetChecked@datarep.uk

Mailing your inquiry to: DataRep, Leutschenbachstrasse 95, ZURICH, 8050, Switzerland

Please ensure your request is addressed to DataRep, not LetsGetChecked, though do mention LetsGetChecked in the request or question itself.

This Privacy Statement was last updated on September 21st, 2023.