- Who we are
- Our website
- Our collection and use of your personal information
- Transfer of your information out of the UK and EEA
- Cookies and similar technologies
- Your rights
- Keeping your personal information secure
- How to complain
- How to contact us
- Do you need extra help?
Who We Are?
This website is operated by Acethetix Limited (“Acethetix”, “Testing Services” ”we”, “us” “our”) with UK Company Registration No. 12399278 and registered office at 23 Burnedge Fold Road, Oldham, OL4 4EE. Trading address, 73A Market Street, Stalybridge, Cheshire, SK15 2 AA.
We collect, use, and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union and the United Kingdom and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
Throughout our website, we may link to other websites owned and operated by certain trusted third parties to government links, couriers, etc (eg make additional products and services available to you)]. These other third-party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third-party websites, please consult their privacy policies as appropriate.
Our collection and use of your personal information
We collect personal information about you when you access our website, register with us, contact us, send us feedback, purchase products or services via our website, post material to our website and complete customer surveys or participate in competitions via our website.
We collect this personal information from you either directly, such as when you register with us, contact us, or purchase products or services via our website, or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below).
We also collect personal information about you from other sources as follows:
- Labs where your tests are being processed
- Couriers you may instruct to collect and take your test to the lab
- The personal information we collect about you depends on the particular activities carried out through our website. This information includes:
- your name, address and contact details
- date of birth
- details of any feedback you give us by phone, email, post or via social media
- information about the services we provide to you
- your account details, such as username, login details
We use this personal information to:
- create and manage your account with us
- verify your identity
- provide goods and services to you
- customise our website and its content to your particular preferences
- notify you of any changes to our website or to our services that may affect you
- improve our services
This website is not intended for use by children and we do not knowingly collect or use personal information relating to children.
Our legal basis for processing your personal information
When we use your personal information we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
consent: where you have given us clear consent for us to process your personal information for a specific purpose
contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
vital interests: where our use of your personal information is necessary to protect you or someone else’s life
public task: where our use of your personal information is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law
legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information that overrides our legitimate interests)
Categories of personal information we collect
We have statutory duties of reporting notifiable diseases as per the Public Health (Control of Disease) Act 1984 and the Health Protection (Notification) Regulations 2010. The regulations state that all COVID-19 RT-PCR test positive, indeterminate, negative and void results from point of care testing (POCT) are mandated by law to be reported to Public Health England (PHE). In which case, we will also ask you for additional information required by the healthcare regulators for laboratory reporting purposes. To support the reporting of the required infectious diseases, PHE developed the Second-Generation Surveillance System (SGSS). This is the national surveillance system that holds all test results. To enable to receipt of the reports, your following information will be required:
Your first name, surname, date of birth, gender, postcode, contact telephone number (preferably mobile), GP practice, contact email, ethnicity, your test result (such as COVID-19 +ve/-ve), test date and time.
Further, to manage our contractual relationship with you we will process the following categories of personal information about you:
Standard personal information: Your name; Your email address; Your mobile number; Your date of birth; Your contact details including address and postcode; Your photo (if you use the Health Passport).
Special Category Data to provide you with test results: Your test sample; Your COVID-19 test results; Your information from the Health Survey (only required for Health Survey users).
To process your personal information lawfully we need to rely on one or more valid legal grounds. All processing must be carried out in accordance with the Data Protection Act 2018, the GDPR and any associated codes of practice issued by the Information Commissioner’s Office.
The grounds we may rely upon for the processing of your personal information include:
- legitimate interests we pursue as a business, except where such interests are overridden by your interests and fundamental rights;
- compliance with any legal obligation to which we are subject, for example, the processing for the purposes of complying with applicable law;
- for the purpose of preventive or occupational healthcare required by regulators such as the Public Health England;
- as part of the performance of the Services set out in a contract with you or with your Company;
- in our third party’s legitimate interest for example your employer/your Company, considering your interest rights and freedoms.
Who we will share your information with?
In order for us to provide our Services to you, we will share your personal information within the Prenetics Group companies that are based in and outside of the UK and the EEA. We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law, are carefully managed to protect your privacy rights and interests and limited to countries which are recognized as providing an adequate level of legal protection or where alternative adequate arrangements are in place to protect your privacy rights.
We will share your personal information with your Company; relevant health regulatory authorities such as Public Health England and Department for Health; our laboratories for analyzing your test (when we send your sample to our laboratory, which adheres to strict clinical and industry standards for the analysis and processing of your results); healthcare practitioners;
We will also engage service providers such as logistics providers for the transporting of your sample to our laboratory and our database storage provider to securely store your information. Any Processors or other third-party service providers will be required to contractually comply with the principles and objectives of any Prenetics policies, information security, data protection, and regulatory requirements to confirm that information will not be collected, used, shared, stored, or otherwise for any purpose other than those instructed by Prenetics.
Further information-The personal information we collect, when and how we use it
For further details on when we collect personal information, what we collect as well as how we use it, please read the following sections:
|When information is collected||What information we ask for||How and why we use your information|
|When you register with us||Contact details: your name, email address, self-isolating address if different, DOB, sex, NHS number, ethnicity, flight details (if applicable), phone number,
If applicable also the following information: –
Supporting ID such as driving licence
|We ask for this:
— to create and manage your account with us
— to communicate with you about your account
— report to the government on results as and when appropriate
We rely on data as the lawful basis for collecting and using your personal information.
We will keep this information until:
— you close your account with us
— we close your account
Whether information has to be provided by you, and if so why
We require you to provide details as set out in the table above. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.
Under the General Data Protection Regulation, you have a number of important rights free of charge. In summary, those include rights to:
- fair processing of information and transparency over how we use your use personal information
- access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- the object in certain other situations to our continued processing of your personal information
- otherwise, restrict our processing of your personal information in certain circumstances
- claim compensation for damages caused by our breach of any data protection laws
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used, or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.