Protecting your privacy and personal health
LetsGetChecked ("we", "us" or "our") is committed to protecting and respecting your privacy.
This privacy statement ("Privacy Statement"), together with our Cookies Policy, describes the types of personal information collected and created in connection with your use of our Products and Services, how and why we use such information, who we share it with, and your legal rights. Please read the following carefully to ascertain how we process your personal information (or "information").
We may, from time to time, provide links on www.LetsGetChecked.com (the "Site") to the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy statements and that we do not accept any responsibility or liability for their privacy or security practices. Please check these privacy statements before you submit any personal information to these websites.
For residents of the United Kingdom and the European Economic Area (the "EEA"), the service provider and the controller of your information is PrivaPath Diagnostics Limited, trading as LetsGetChecked, registration number 531029 and registered office at Unit 3, Adelphi House, George's St. Upper, Dun Laoghaire, Co. Dublin, A96 NY82, Ireland.
For residents of the US and non-EEA countries, the service provider is PrivaPath Diagnostics Inc., a Delaware corporation assigned number SR 20150809693, with a registered office at 100 Beach Drive, St Petersburg FL 33701-3968. LetsGetChecked is a registered business name with registered number #G15000103268.
What information we collect
When you access the Site or use our Products and Services, we collect, receive or otherwise process information in several different ways. In many cases, you choose what information to provide. Some information is required in order for us to provide our Products and Services. We use your information for the purposes described further below.
We may collect and process the following types of information about you:
- Purchase and assistance information. We collect information when you purchase our Products and Services, including when you phone our Support Team. This information will include name, gender, contact information, billing address, delivery address and any further information you volunteer to provide through the Site.
- Health-related data. When you purchase or use our Products and Services, we will collect and process data concerning health, including Samples, Test Information or any further information we might receive from Accredited Laboratories. When you activate a Service or Product, we will collect and process information relating to your personal health record as well as a suitability questionnaire to confirm that the Service or Product is appropriate to your needs. You may also provide information to us if you connect a wearable device to one of our Products or Services.
- Correspondence. We will collect and maintain your contact details when you communicate with us, sign up for promotional material, participate in special promotions, or connect with us through social media. If you contact us by email, we may keep a record of that correspondence.
- Survey information. If you respond to any surveys that we might request, which are completely voluntary, we will process your responses.
How we use your information
We use the information we have to help us provide, operate, improve, understand, customize, support, and market our Products and Services. The broad uses of your information are described below. As required under EU law, we have also specified the legal bases which we rely on to process your information.
We rely on your explicit consent to process your information as follows:
- To receive, store and analyse your Samples at Accredited Laboratories.
- To receive, review, store and communicate your Test Information to you, including by presenting your Test Information and other reported history via the LetsGetChecked secure environment.
- To provide you with your results and, in some instances, relevant treatment options.
- To de-personalise your information for service improvement, product quality improvement and/or research, as relevant.
You can withdraw your consent to this processing at any time. Withdrawing your consent stops future processing and does not affect any processing we have already undertaken. Without your consent, however, we shall be unable to provide most of our Products and Services to you.
To fulfil our contract(s) with you, we process your information – including data concerning your health and medical history – as follows:
- To fill and support your purchases of our Products and Services, including to process payments and to provide customer assistance.
It is in our legitimate interests to process your information as follows:
- To ensure that content from our Site is presented in the most effective manner for you and your device.
- To contact you with offers, updates and news related to Services and Products you have purchased, unless you choose not to receive these.
- To analyse non-health information provided by you and others to help us administer, support and improve our business.
- To detect, investigate and prevent activities that may violate our policies or agreements or be illegal, including by sharing information with law enforcement.
We are legally obligated to process your information as follows:
- To retain certain records about the handling of any Samples you send us for regulatory purposes.
- To retain certain tax and accounting records.
Where we store your information
In certain cases, we transfer and store certain information outside the EEA, such as to the United States. In such cases, we use a legal mechanism known as “standard contractual clauses” to protect information transferred outside the EEA. Standard contractual clauses refer to contracts between companies transferring personal information that contain standard commitments, approved by the European Commission, protecting the privacy and security of the information transferred. To request a copy of the clauses, please email us at email@example.com.
How we secure your information
All information you provide to us in purchasing or availing of our Products or Services are stored on our secure servers or else on secure servers used by our service provider. Any payment transactions effected by us will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. You must not share a password with anyone.
Unfortunately, the transmission of information via the internet is not secure and if you request that we communicate with you using a secure means of communication, we can arrange to do this. Once we have received your information, we will impose obligations of confidentiality and security on any of our service providers who process the information.
We maintain appropriate physical, electronic, standard security practices, including encryption, passwords and physical security measures, and managerial procedures to protect the security and confidentiality of your personal data. Only a limited number of our internal staff are authorised to access, delete or modify your data. We will make reasonable efforts to ensure that your privacy interests are protected.
Disclosure of your information
We share information with service providers, affiliates, partners, and other third parties where it is necessary to provide the Products and Services, or for any other purposes described in this Privacy Statement. In particular, we may share your information with certain third party suppliers and service providers to help us operate, provide, improve, understand, customize, support, and market our Products and Services. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Statement by imposing obligations of security and confidentiality on such service providers.
Your information may be provided as necessary to following categories of recipients: Accredited Laboratories, couriers, communications and marketing service providers, analytics providers, legal or financial advisors, or government/regulatory/law enforcement agencies pursuant to legally binding order.
We may disclose and transfer your information to our Accredited Laboratory for the purpose of (i) accepting and processing an accepted order by us, (ii) in order to procure the Product is delivered to you by it, and (iii) to test any Sample provided and make your Test Information available to you on our secure Account on our Site.
To process a request for a Product and for our Accredited Laboratory to test the Sample and send you the Test Information, we need to disclose information within our company including to the Medical Practitioner, to our Accredited Laboratory and our IT services providers. Your request for a Product will result in your order details being accessed by and processed by our Accredited Laboratory and our IT service providers.
The Accredited Laboratory shall have access to: your date of birth, your Sample, information relevant to your test (i.e. gender), and the test results created therein, in a pseudonymised manner that cannot be attributed to you without the use of additional information kept separately in our database. The Accredited Laboratory shall not have access to your other personal information.
In instances where our business is subject to a re-organization, such as a merger or acquisition of some or all of its assets, we may, in accordance with our legitimate interests, need to share information in the course of the transaction. In such circumstances, your information may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status of LetsGetChecked.
If you send offensive or objectionable content or otherwise engage in any disruptive behaviour on the Site, we can use your information to stop such behaviour and pursue our legitimate interest to prevent such behaviour on our Site. This may involve informing relevant third parties, such as law enforcement agencies about the content and your behaviour.
Equally, we may retain, preserve, or disclose your information if we have a good-faith belief that it is reasonably necessary to (i) respond, based on applicable law, to a legal request (such as a subpoena, a search warrant, court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce the agreements we have with you; (e) prevent physical injury or other harm to any person or entity, including yourself and members of the general public. For example, your IP address may be supplied to regulatory authorities in connection with fraud or other formal investigations.
We may pass aggregate information on the usage of our Site to third parties, but this will not include information that can be used to identify you. Unless required to do so by law, we will not otherwise share sell or distribute any of the information you provide to us without your consent.
How long do we keep your information?
If you live in the EEA, you have certain rights in relation to your information that we process. While some of these rights apply generally, others apply only in certain circumstances. To exercise your rights or to submit a question, you can email us at firstname.lastname@example.org.
- Access. You have the right to request a copy of your information that we process. You may exercise this right in "privacy settings" section in your user account. If you require additional access, please email us.
- Correction. If you discover that we hold inaccurate information about you, you have a right to ask us to correct that information. You can correct account information by logging into your account. For other corrections, please email us.
- Erasure. You have the right to request that we delete your information. We may refuse this request if (a) the information is still necessary for the purposes that we collected or processed it or (b) we still have a legal basis to process it, even after you’ve withdrawn consent. You can exercise this right in the “Privacy Settings” section of your user account or you can email us.
- Restriction. You have the right, in some cases, to restrict the processing of your information, such as where you have exercised your right to object and we are reviewing your objection. For more information, please email us.
- Objection. You have the right to object to us using your information based on our legitimate interests described above. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing, you can always object by using the unsubscribe link in such communications, changing your account settings or, if you do not have an account, you can email us.
- Portability. You have the right in some cases to port your information from us to a new data controller. We can refuse this request if (a) our processing is not based on your consent or our contract with you, or (b) the data are not stored electronically. You can exercise this right through the “Privacy Settings” section in your user account to download your data in XML format. Alternatively, you can email us.
- Withdraw consent. You can withdraw your consent to processing at any time by deactivating your account through the LetsGetChecked website or by e-mailing email@example.com. Withdrawing your consent does not affect processing that has already occurred. Where you withdraw your consent, we will no longer process your information based on your consent. We may process your information if another legal basis applies, for example, if we are legally obligated to store certain records or if your withdrawal of consent was limited to certain processing activities.
- Complain. You have the right to lodge a complaint with our lead supervisory authority – the Data Protection Commission (www.dataprotection.ie) – or the data protection supervisory authority for your EEA jurisdiction. If you are considering lodging a complaint, we would appreciate the opportunity to try and resolve your issue before you submit your complaint.
Changes to our Privacy Statement
From time to time, we will make changes to this Privacy Statement. Any changes we may make in future will be posted on this page. If we materially change our Privacy Statement, we will take steps to notify you, for example by emailing you or by posting a notice on the Site.
Questions, comments and requests regarding this Privacy Statement are welcomed and should be addressed to our Data Protection Officer (DPO) at firstname.lastname@example.org.
Any questions? Call our Support Team on +44 20 3936 4095