Diagnostics360 Privacy Policy
1. About Us
Diagnostic360 Limited (Diagnostics360) is a company incorporated in England and Wales with company number 13280636. Our registered office is Unit 146, The Light Box, 111 Power Road, Chiswick, W4 5PY. Diagnostics360 is an independent provider of clinical laboratory diagnostic services in the UK to the private sector (“Services”).
For the purpose of Data Protection Laws, we are a Data Controller, and we are registered as a Data Controller with the Information Commissioner’s Office (“ICO”) under number ZB282800. If you have any queries regarding our use of your personal data, please contact us at [email protected].
2. Introduction
It is the policy of Diagnostics360 to take steps to ensure that your information is kept confidential and secure and to otherwise protect and respect your privacy.
This Privacy Policy, together with our Cookie Policy, explains how we collect, share, and use your personal information when you: use our website https://diagnostics360.co.uk/ (‘Website”); use our web portal (“Portal”); or otherwise use our Services. To learn more about your rights to privacy and data protection, we recommend visiting ICO website at https://ico.org.uk/.
3. Personal Data Collected
- Identity Data: includes name, date of birth, gender, ethnicity, ID check.
- Contact Data: includes address, email address, and telephone number.
- Health Data: includes data about a patient’s pathology samples, NHS number and health information produced as part of the test process.
- Technical Data: includes data collected when a person uses the Diagnostics360 website, such as the Internet protocol (IP) address used to connect the person’s computer to the Internet, the person’s login information, URL traffic external to and internal pages within the Diagnostics360 website, pages viewed within the Diagnostics360 website, search requests, page response times, length of visit, browser used, media device used to browse, location, error pages or broken links.While using our Services, we may collect certain personally identifiable data that can be used to contact or identify you (“personal data”).
Diagnostics360 uses the following categories of data:
Diagnostics360 only processes the minimum amount of Health Data and Identity Data necessary to provide the Services.
4. Lawful basis of processing
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
We only collect and process personal data when:
- We need the personal data to perform a contract (such as to provide requested Services).
- The processing is necessary for the purposes of Diagnostics360’s legitimate interests and those interests are not overridden by the interests of the individual.
- The processing is necessary for the establishment, exercise of defence of legal claims.
- The processing is necessary for compliance with a legal obligation to which Diagnostics360 is subject.
- The processing is necessary for reasons of public interest in the area of public health.
We have consent to do so from the individual.
5. How Diagnostics360 obtains the Personal Data
Diagnostics360 obtains the personal data referred to in section 3 from:
- Direct interactions: Individuals may give Diagnostics360 data by submitting forms or corresponding with Diagnostics360 by post, phone, email or otherwise.
- Automated technologies or interactions: As individuals interact with the Diagnostics360 website, Diagnostics360 may automatically collect technical data about them. This personal data is collected by using cookies, and other similar technologies. More information can be found in Diagnostics360 cookie policy.
Third parties: Occasionally, Diagnostics360 may receive personal information about individuals from third party sources (including national airport authorities, a healthcare provider, a health insurer, an employer, or other laboratories), but only where we have checked that these third parties either have the individual’s consent or are otherwise legally permitted to disclose the personal information.
6. Recipients
We may disclose your personal information to the following categories of recipients:
- Third party services providers and partners who provide data processing services to us, for example to support the delivery of the Services, or who otherwise process personal information for purposes that are described in this policy.
- Public Health England (PHE) for the purposes of notification of COVID-19 test results in order to satisfy the legal requirements. PHE undertakes to handle these data in accordance with the Data Protection Act 2018, General Data Protection Regulations (GDPR) and Caldicott Guidelines.
- Competent law enforcement body, regulatory, government agency, Local and National Health Authority, court or other third party where we believe disclosure is legally required and/or necessary.
- Prospective seller or buyer in the event that we sell or buy any business or assets, or if Diagnostics360 or substantially all of its assets are acquired by a third party. The legal basis on which we process your data in these circumstances is our legitimate interest to ensure our business can be continued by a purchaser. If you object to our use of personal data in this way, the relevant seller or buyer of our business may not be able to provide good and/or services to you.
Any other person with your consent to the disclosure.
7. Retention and Storage of the Personal Data
Diagnostics360 retains the personal data referred to in this policy for as long as necessary to achieve the purpose for which Diagnostics360 holds the data. All personal data is stored and processed in the UK.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it.
8. Security of Data
Diagnostics360 uses appropriate technical and organisational measures to protect the personal information collected and processed. The measures we use are designed to provide a level of security appropriate to the risk of processing personal information. All information you provide to us is stored on secure servers and access is limited to ensure that information is not viewable by any unauthorised parties.
Your personal data will only be processed by those employees, agents, contractors and other third parties on a need-to-know basis. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Although we do our best to protect personal information, we cannot guarantee the security of any data transmitted from or to our website or portal and any transmission or data sharing is at your own risk.
Our website may contain links to other websites run by other organisations. This policy does not apply to those other websites, so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links that we provide. In addition, if you linked to our website from a third-party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party website and recommend that you check the policy of that third party website.
9. Rights of individuals
Individuals have the following rights in relation to their personal data:
- Request access to the personal data. This enables the individual to receive a copy of the personal data Diagnostics360 holds about the individual and to check that Diagnostics360 is lawfully processing it.
- Request correction of the personal data. This enables the individual to have any incomplete or inaccurate data Diagnostics360 holds about the individual corrected, under certain circumstances.
- Request erasure of personal data. This enables the individual to ask Diagnostics360 to delete or remove personal data where there is no good reason for Diagnostics360 continuing to process it.
- Object to processing of personal data under certain circumstances, including to the use of the personal data for direct marketing.
- Request restriction of processing of the personal data. This enables an individual to ask Diagnostics360 to suspend the processing of the personal data under certain circumstances.
- Withdraw consent at any time where Diagnostics360 is relying on consent to process the personal data. If consent is withdrawn Diagnostics360 may not be able to provide certain services to the individual. Diagnostics360 will advise the individual if this is the case at the time consent is withdrawn.
Complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
10. Contact Us
Questions, comments, and requests regarding this Privacy Policy are welcomed and should be sent to: [email protected].
11. Document Review
Documents are reviewed as a minimum on a 2-year basis. In addition to the 2-year review, results of audits, complaint, incidents may identify a requirement for the document to be amended. All documented procedures fall under Diagnostics360’s Quality Assurance Internal Audit programme which requires services to select documented procedures for internal review as part of on-going audit programmes. Where changes are required the author is responsible for undertaking the review prior to the formal 2-year review.
12. Policy Author Declaration
The policy author is responsible for ensuring that the documented procedure has been developed in line with Diagnostics360’s policies and also ensures the author confirms they have complied with Diagnostics360’s Diversity requirements.
Author Declaration |
The document style and format are consistent with policy (including footer and explanation of terms used) and are relevant to the document type e.g. policy, SOP, protocol. |
The title/outcome/objective/target audience and monitoring arrangements are clear and unambiguous |
The relevant expertise has been used and the evidence base is relevant, up to date. There are supporting references and a cross reference to associated documents e.g. other policies. |
Stakeholder, user and ratification forum consultation confirms accuracy and clarity of document/statements |
Superseded documents have been referenced in the reader box, and master location for this document has been documented |
Equality and Diversity Statement: I confirm that this document does not discriminate on the basis of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex or sexual orientation. |