PRIVACY NOTICE FOR THE C-19 DIRECT SOFTWARE (‘Software’)
Please read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share your personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Use of the Software is not obligatory but please note that you cannot access the Software if you do not accept these terms.
We may update this notice from time to time and although we will notify you if there is a significant change it is your responsibility to check the terms are acceptable to you each time and before you send us personal information.
As the ‘End User’ of this Software, you will need to use and in-put certain personal information into our Software.
Further to your use of this Software you will be providing us with personal data, including that which is defined as ‘special category’ personal data, i.e. health information. You must therefore understand how we will use your personal information, by reading this privacy notice in full, and consent to such use before you provide us with any personal information.
If, having read all of this privacy notice, you are unclear about any aspect of it, please contact email@example.com.
This privacy notice is divided into the following sections:
- Who we are
- Our Software
- Our collection and use of your personal information
- Cookies and similar technologies
- Your rights
- Keeping your personal information secure
- How to complain
- How to contact us
- Changes to this privacy notice and your duty to inform us of changes
1 Who we are
This Software is supplied to you directly by us, C-19 Direct Limited, a company incorporated in England and Wales under number 12836624 and our registered address is at Park House Winship Road, Milton, Cambridge, CB24 6BQ
We collect, use and are responsible for the personal information which you input into the Software in accordance with the terms of this notice. When we do so we are regulated under the Data Protection Act 2018 (‘DPA’) and the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR), and we are responsible as a ‘data controller’ of that personal information, for the purposes of those laws.
2 The Software
This privacy notice relates to the personal data processed further to your use of the C-19 Direct Software only.
3 Our collection and use of your personal information
We collect personal information about you when you access the Software, register with us, contact us, send us feedback, purchase services via the Software and input information onto the Software.
We collect this personal information from you either directly, such as when you register with us, contact us or purchase services via the Software, or indirectly, such as your browsing activity while on our Software (see ‘Cookies’ below).
The personal information we collect about you is required in order to provide you with the services you have bought from us and may include:
- your name and contact details, including your current address and postcode, and the address to which you require the testing kit to be delivered, if different from your current address
- your sex
- your ethnicity
- your passport number
- date of birth
- details of any feedback you give us
- your account details, such as email, login details
- sample for testing
- test result
(We may also require other information such as “international arrival information” which currently includes which country or countries you have come from before arriving in the UK, when you arrived in the UK and where you are isolating. While this is not defined as “personal information” for the purposes of the data protection legislation we will still keep such information secure.)
We use your personal information to:
- create and manage your account with us
- verify your identity
- provide our testing services to you
- comply with the legislation re reporting test results to government authorities
- communicate with you about your account
- notify you of any changes to our Software or to our services that may affect you
- improve our services
The testing services: If you decide that a Covid-19 test is appropriate then we will ask you to provide a physical sample. This sample will be sent to a testing laboratory. We do not give the laboratory any information from which it can identify you. The personal data listed above will only be shared with the relevant government body, such as Public Health England, in accordance with current legislation.
When is information collected? When you register with us or make an order for our services.
4 Our legal basis for processing your personal information and our retention policy
We mostly rely on consent and/or contract as the lawful basis for collecting and using your personal information for the purposes described in this notice.
The health information which you provide to us and the sample test results are defined as special category personal data so we only process this further to the consent you give us to use that information in the ways described in this notice. If you do not consent to any of the types of processing we describe in this notice please do not accept this notice and do not use our Software or order the services.
Retention policy: we will keep your personal data until the earlier of:
— you closing your account with us
— you directing us to delete your personal data
— us closing your account
and then we will delete this information within 4 weeks, in each case unless there is a legal obligation to retain it for a longer period.
5 Who we share your personal information with
Our Software is supplied by Virtuologists Limited, a company incorporated in England and Wales under number 12484686, whose registered office is at of 6 Dells Close, Teddington TW11 0LD, England and they process your personal data as part of the performance of their services for us, as does the hosting company, which is currently Microsoft Azure.
We only share your special category personal information (ie health information) where we are required to do so and this is with:
- Virtuologists Limited
- a testing laboratory and as noted above the information we provide to a laboratory is not sufficient to identify you, as the test sample and results are processed by the laboratory on an anonymised basis
- the government authorities as specified by legislation from time to time*.
None of these third party recipients will be based outside the United Kingdom.
We will share personal information with law enforcement or other authorities if required by applicable law.
We will not share your personal information with any other third party. We do not use your personal information for marketing purposes.
6 Cookies and other tracking technologies
A cookie is a small file of letters and numbers that we put on your computer or other access device. These cookies allow us to distinguish you from other users of the Software which helps us to provide you with a good experience and also allows us to improve our Software.
Some cookies we use are analytical cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they’re using it. This helps us to improve the way our Software works, for example by making sure users are finding what they need easily. This information will not personally identify anyone.
Information on deleting or controlling cookies is available at the Information Commissioner’s Office. Please note that by deleting our cookies or disabling future cookies you will not be able to access certain features of our site.
Initiated by us:
●This cookie is set by websites that run on Windows Azure cloud platform. The cookie is used to affinitize a client to an instance of an Azure Web App.
●The cookie used by the antiforgery system is part of a security system
●This cookie is associated with the Microsoft Application Insights software, which collects statistical usage and telemetry information.
Initiated by third parties:
●Google Analytics, you can opt out here.
Our site may contain further cookies due to integration with other third party sites. The cookies listed above are the cookies we are aware of.
7 Your rights
Under the Data Protection Act 2018 (‘DPA’) and the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR) you have a number of important rights. In summary, those include rights to:
- fair processing of information and transparency over how we use your use personal information
- access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
For further information on all of your rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) at www.ico.org.uk
If you would like to exercise any of those rights, please:
- email us at firstname.lastname@example.org
- let us have enough information to identify you – your name, email address and a contact number
- let us know the information to which your request relates
8 Keeping your personal information secure
We have appropriate security measures in place to prevent your personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have express authority and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
9 How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The DPA also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
10 How to contact us
Please contact us if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us, please send an email to email@example.com
11 Changes to this privacy notice and your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.