Your privacy matters
We may make changes from time to time, and you should check back here regularly to keep up-to-date. This policy is effective from 16th October 2018. We provide a link to this policy in our emails to customers when they register with us or make purchases, so you can access this information easily.
We may, from time-to-time, highlight major changes to you by email or other routes, depending on your communication preferences.
Who we are, how to contact us and our Data Protection Officer
We are Medichecks.com Ltd., a privately-owned company with our principal office at MediCity, Thane Road, Nottingham, NG90 6BH, UK. Our registered office is at Mathon Court, West Malvern Road, Mathon, Malvern WR13 5NZ and our registered company number is 6491221.
You can find out more about us by clicking ‘about us’. You can also contact us via social media.
The person responsible for monitoring Medichecks’ data protection compliance (our “Data Protection Officer”) is Alistair Hall, COO. He can be contacted by email at email@example.com.
We are registered as a ‘data controller’ with the Information Commissioner’s Office, under registration number Z1190827.
What personal data do we hold?
The personal data we hold is that which you supply to us, either actively because you have registered with us or made purchases through our site, or because your use of our website tells us something about you. How we monitor the use of our website is set out in our Cookies policy.
What we do with your personal data
We will always handle your information lawfully and will protect your privacy as far as possible. The purposes for which we process your personal data are:
- Providing products and services to you
- We need to use your personal data to provide our products and services to you, respond to comments and questions, and provide you with the best possible level of customer service. For instance, we may need to contact you about orders you have placed or to send you reminders about services you regularly use. In the unlikely event of an emergency connected with a service we provide, we may also need to contact you about – for instance – a product recall.
- To make use of certain features on our website – for instance, buying a test where visitors need to register and to provide certain information as part of the registration or transaction process. The website will tell you what information is essential for you to place an order. You can look round our site without providing such information but may not be able to make any purchases.
- Managing our business
- We may need to use your information to properly manage our business. This includes, for instance, maintaining records of transactions. Additionally, we may need to handle your information to protect our rights, to investigate and respond to any complaint you may have, or to comply with regulatory obligations or legal proceedings.
- Analysing your personal data, to deliver better services to you and others.
- We may analyse your personal information, including the products you view and buy, to evaluate the effectiveness of our services and to help us provide more relevant offers, products and information. By understanding you and our other customers better, we can offer you the best and most personalised service we can. We will, where possible, anonymise your data as part of these assessments. If we have a legitimate interest (defined below), we may go on to send you marketing information about products you may be interested in.
The legal basis for processing personal data
Depending on the circumstances, there are several different legal bases for our processing your personal data as follows:
- Because we have your consent through purchase (“legitimate interests”) for marketing communications. You can control what marketing you would like to receive through contacting us, opting out via the unsubscribe links that are present on all our marketing communication emails or via our preference
- Because it is necessary for the performance of a contract to which you, the data subject, are party with us or in order to take steps at your request prior to entering into a contract. For instance, when you buy products from us (have a contract with us), we need to handle your information to complete your transaction and send out testing kits and results.
- Because it is necessary and proportionate for the management of our business (“legitimate interests”). For instance, we maintain records of transactions for corporate governance processes and may use information derived from our interactions with you to offer you and other customers the best possible service in the future.
What information do we collect?
Below you can see the types of data we collect with examples.
- Cookie Identifiers include Exponea_cookie; GoogleAnalytics_ID; GlobalE_cookie; hotjar_cookie.
- Identity Data includes first name, last name and gender.
- Contact Data includes delivery address, email address and telephone numbers.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us. These do not include bank details.
- Technical Data includes internet protocol (IP) address, browser type and version, location by country, operating system and device details
- Profile Data includes your orders and type of product purchased.
- Usage Data includes information about how you use our website, such as what products you have viewed and whether you have updated your basket.
- Preferences Data includes your consent preferences in receiving marketing from This helps us to manage our relationship with you and ensures you only receive communications from us that are relevant and timely.
What do we use your information for?
|Activity||Purpose of Activity||The basis for lawful processing; including legitimate interest|
|Newsletter||To use Contact Data to periodically inform you about the latest health news and relevant products through E-Mail.||Our legitimate interests, to communicate with our core customers.|
|Latest Offers||To use Contact Data and Transactional Data to inform you of time-limited discount opportunities.||Our legitimate interests, to inform our customers of our discount merchandise.|
|Transactional||To use Identity Data, Contact Data and Transactional Data to keep you up to date with your order and results.||Our legitimate interests, to inform our customers of the progress of their order and their results.|
|Targeting||To use product details of your Usage, Transactional and Technical data to target you with specific offers; for example, a sale of product related to your previous purchases.||Our legitimate interests, to ensure that we are communicating the most relevant message to you based on our interactions.|
|Re-targeting||To use Contact Data to re-target audiences with announcements and marketing offers on platforms including “Facebook”.||Our legitimate interests, to communicate with you on Social Media and retargeting platforms.|
|Email Personalisation||To use your Identity, Technical, Usage, Transactional Data to personalise our communication with you via Email.||Our legitimate interests, to ensure we communicate with you as a brand that remembers our interactions and makes available the most relevant content, products and offers.|
|On-Site Personalisation||To use your Identity, Technical, Usage, Transactional Data to personalise our communication with you on-site.||Our legitimate interests, to ensure we communicate with you as a brand that remembers our interactions and makes available the most relevant content, products and offers.|
|Website Analytics||To use data analytics to improve our website, products/services, marketing and communications with you.||Our legitimate interests, to keep our records updated and to study how customers use our products/services.|
Who we share your personal data with (“recipients of your personal data”)
When you buy a test from us, we need to share information with the laboratory that is going to handle your test, to make sure that they have the necessary information to undertake a safe, timely, and effective test for you.
As part of the transaction process, we automatically verify some data you provide us with to complete your transaction with external organisations – for instance, if you buy using a credit or debit card, our systems automatically check the details you have provided are correct with your credit or debit card supplier. They don’t get to see what specific items you have purchased.
We work with a number of trusted third-parties to ensure that the experience we give on-site is relevant, optimised and useful to you. These third-party products include Google Analytics, Google Ads, Facebook, Exponea, Hotjar among others.
We never sell customers’ details to other organisations.
Your rights - how you can control how we use your personal data, your rights and how to find our information we hold about you
We want you to be happy and confident with how your information is being handled. You can contact us at any point to provide a copy of your personal data. You can also ask for any amends to be made and ask to be removed from our email marketing lists by unsubscribing, an option which is present on all our email marketing communications.
We always try to ensure that the information that we hold is accurate, up to date and relevant and you can contact us if you would like to make any changes. In some cases, we may need to keep certain records to manage our business, but please talk to us to discuss your options.
Transfers of personal data to foreign countries
From time to time we may make use of service providers to support our business delivery, for instance, website hosting and analytics. These may be based outside the European Economic area. We have contracts in place with our data processors. This means that they cannot do anything with your personal data unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
How long we store your personal data
Your account stores details of your purchases. You can control the visibility of purchases you have made in the past, but we may keep information about purchases you have made for longer, for instance in case you have a complaint or query about a test you have bought from us.
The length of time Cookies will be stored for is set out in our Cookies policy.
As an online provider, we make use of automated computer systems and processes to complete your transactions with us.
We may use some of the information you provide us, such as your age or sex, to provide you with offers which we believe are more likely to be relevant to you in the future. For instance, if you have bought a test in the past, we may use the fact of that purchase to suggest other tests that you may like to buy.
We don’t make use of the results of any tests you have bought to do this, and we do not otherwise ‘profile’ our customers or use automated decision making. We may however send reminders to you if a doctor reporting for Medichecks has recommended that you take a repeat or follow-up test based on the results of a previous test you have taken with us.
What we don’t do with your personal data
- Use results with any personally identifiable information linked to them;
- Sell your personal data to third parties;
- Send you marketing information if you have told us you don’t want to receive it.
If you have further questions or concerns about how your personal data is being handled
Please contact us in the first instance.
The Information Commissioner’s Office is the UK’s regulator for data protection law. If you are unhappy about the way in which we handle your personal data and we have not been able to resolve your complaint, you can complain to the ICO. You can contact the ICO through www.ico.org.uk
Children and young people
Children should always get permission from their parents before sending any information about themselves (such as their names, e-mail addresses, and phone numbers) over the internet, to us or to anyone else. We won’t knowingly allow anyone under 18 to register with us on our site.