CHB Medical Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this Privacy Statement and Data Protection.
Table of Contents
Last Updated: 11/05/2021
CHB Medical (“CHB Medical”, “we, “our”) are committed to protecting the privacy and security of the personal data we collect about customers and users of our services (“you/your”).
The purpose of this privacy notice is to explain what personal data we collect about you when using our website or purchase one of our products or services. When we do this, we are the data controller.
Please read this privacy notice carefully as it provides important information about how we handle your personal information and your rights. If you have any questions about any aspect of this privacy notice you can contact us using the information provided below or by emailing us at [email protected]
Personal data we collect
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). The personal data we may collect includes (but is not limited to):
- contact detail information such as your name, email address, telephone number, job title, company name, and any other information provided by you in our customer/supplier form;
- information including name, sex, date of birth, ethnicity, email address, isolation address, arrival country, flight number, date of arrival to the UK, passport number and vaccination status which we only collect when you purchase Day 2 or Day 8 polymerase chain reaction (“PCR”) testing through our website;
- your Day 2 or Day 8 PCR test results;
- information about your engagement with us online via our cookies and similar technologies such as your IP address and geographical location;
- any other information you may provide to us as part of CHB Medical market research.
How your personal data is collected
We collect most personal data directly from you—in person, by telephone, text or email and/or via our website.
However, we may also collect information from third parties, for example, we may purchase contact information from suppliers in order to send you marketing communications about our products and services.
Purposes for which we use personal data and the legal basis
When providing services to you, we may use your personal data for the following purposes and on the following lawful bases:
Lawful Basis for Processing
To perform our contract with you
Performance of contract
To provide PCR testing
To comply with any legal obligations we may have
To send you marketing communications about new products, special offers or other information relating to our business which we think may be of interest to you by email or similar technology
Consent/ Our legitimate interest
To improve your browsing experience by personalising your website visit
Our legitimate interest
To provide other companies with statistical information about our users – this information does not identify any individual user
Our legitimate interest
To contact you when you provide us with market research feedback
Our legitimate interest
To credit check using Euler Hermes
Where personal data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.
Sharing your data
For some business activities we share your personal data with our vendors and third-party service providers, for instance, to provide our e-mail marketing services or for payments processing. We also use third-party service providers to provide Covid-19 testing. For example, we share your personal data with BioGrad Limited, our partnered laboratory, for the purposes of medical diagnosis and for workplace testing, we share information with NursePlus.
Personal data may also be shared with government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim. When providing PCR testing services we are required by law to share your test results with Public Health England.
Sometimes we may need to send or store your personal data outside the UK or European Economic Area (“EEA”). For example, some of the third-party providers we use to help run our business may store data outside of the UK/EEA.
We place significant importance on protecting the confidentially of personal data and seek the collaboration of all our suppliers in fostering this goal. We will only transfer personal data to a supplier where the supplier has provided assurances that they will provide at least the same level of privacy protection as is required by this Policy.
If we do transfer information outside the UK/EEA, we will only do so on the basis of Standard Contractual Clauses approved by the European Commission or UK Government, which contractually oblige the recipient to process and protect our personal data to the standard expected within the EU and UK.
Should we become aware that a supplier is using or sharing personal data in a way that is contrary to this policy, we will take reasonable action to prevent or stop such processing and notify any individuals whose data was affected.
How long we keep your data
We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims. Depending on the purpose, we hold data for different amounts of time:
- Contracted services: We will hold your data for 6 years.
- Marketing: We will hold your data for a period of 6 years with a review every 3 years. You may opt-out of receiving marketing material at any time. If you opt-out of receiving direct marketing material, we will suppress your details so that you are not contacted for marketing purposes.
At the end of the retention period, your personal data will be securely deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.
How we protect your data
We endeavour to process all personal data securely and have implemented appropriate technical and organisational measures to protect data that we process from unauthorised disclosure, use, alteration or destruction.
Your rights and options
You have the following rights in respect of your personal data:
- You have the right of access to your personal data and can request copies of it and information about our processing of it.
- If the personal data we hold about you is incorrect or incomplete, you can ask us to rectify or add to it.
- Where we are using your personal data with your consent, you can withdraw your consent at any time.
- Where we are using your personal data because it is in our legitimate interests to do so, you can object to us using it this way.
- Where we are using your personal data for direct marketing, including profiling for direct marketing purposes, you can object to us doing so.
- You can ask us to restrict the use of your personal data if:
- It is not accurate.
- It has been used unlawfully but you do not want us to delete it.
- We do not need it any more, but you want us to keep it for use in legal claims; or
- if you have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request.
- In some circumstances, you can compel us to erase your personal data. However, we will be unable to erase your medical records before the end of our retention period, since these are required as evidence of our clinical practice.
- You can request a machine-readable copy of your personal data to transfer to another service provider.
- You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you wish to exercise your rights, please contact us at [email protected]
You can also lodge a complaint with the Information Commissioner’s Office. They can be contacted using the information provided at: https://ico.org.uk/concerns/.
If you have any questions or wish to exercise any of your rights, then please address your correspondence to: CHB Medical Head Office, Unit 4, Neptune Business Centre, Tewkesbury Road, Cheltenham, GL51 9FB
Alternatively, you can email us at [email protected]
Changes to this privacy notice
We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify of the changes where required by applicable law to do so.
Last modified 11/05/2021.