Privacy Policy

Introduction
SureScreen Diagnostics Ltd. respects the privacy of its customers and visitors to its website and is committed to protecting the privacy of the Personal Data (defined below) that you share with us.

This Privacy Policy explains how we handle the personal information that you provide to us on websites controlled by SureScreen Diagnostics Ltd. (including its subsidiaries and affiliates) which link to this Privacy Policy (referred to as “SureScreen Websites“). The EU General Data Protection Regulation (“GDPR”) is in force from 25 May 2018. The GDPR amends and updates the rights you have in relation to your Personal Data. The GDPR also regulates what companies that process your Personal Data are permitted to do with it. This Privacy Policy provides you with information relating to the processing of your Personal Data. It also explains how you may exercise your data protection rights under the GDPR.

This Privacy Policy does not apply to personal information collected from you offline, to SureScreen Websites that do not link to this Privacy Policy, or to third-party websites to which SureScreen Websites may link. Your use of SureScreen Websites, which link to this Privacy Policy is subject to this Privacy Policy and the Terms of Use.

This website is not intended for children, and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

What is Personal Data?
“Personal Data” is any information that identifies you or from which you could be identified, in particular by reference to an identifier such as a name, an identification number, location data, an online identified or one or more factors specific to the physical, psychological, genetic, mental, economic or social identity. Personal Data includes subsets of special categories of information that reveal information about your health, among other things.

Controller
SureScreen Diagnostics Limited is the controller and responsible for your personal data (collectively referred to as “SureScreen”, “we”, “us” or “our” in this privacy policy).

We have appointed a [data protection officer (DPO) OR data privacy manager] who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise [your legal rights], please contact the [DPO OR data privacy manager] using the details set out below.

The data we collect about you
We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:

Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data includes information about how you use our website, products and services.
Marketing and Communication Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose.

Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.

For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Why does SureScreen process your Personal Data?
SureScreen processes your Personal Data. We may also process your personal data in our laboratory for healthcare purposes, where we do so we will comply with all relevant legislation in relation to laboratory processing, for example, ISO17025.

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

SureScreen also collects health data about EU individuals who use SureScreen products, for medical device reporting, warranty, and product support purposes. Under the GDPR, this is sensitive Personal Data. We will only process such sensitive Personal Data where you explicitly consent.

Marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We employ the following personal data control mechanisms:

Promotional offers from us
We may use your Identity, Contact, Technical, Usage, and Profile Data to form a view of what we think you may want or need, or what may be of interest to you. This is how we decide which products, services, and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased [goods or services] from us and you have not opted out of receiving that marketing.

Third-party marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out
You can ask us or third parties to stop sending you marketing messages at any time [by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences OR by following the opt-out links on any marketing message sent to you OR by contacting us at any time].

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of [a product/service purchase, warranty registration, product/service experience or other transactions].

Who does SureScreen share your Personal Data with?
SureScreen may share your Personal Data with its affiliate companies within its corporate group.

SureScreen may also share your Personal Data with vendors with whom SureScreen contracts to carry out business activities for SureScreen. If SureScreen provides your Personal Data to vendors to assist us with our business activities, it is SureScreen’s practice to require those vendors to keep your Personal Data confidential and to use your Personal Data only to perform functions for SureScreen.

SureScreen may share your Personal Data with a third party in connection with the sale or transfer of one of its product lines or divisions so that the buyer can continue to provide you with information and services.

SureScreen reserves the right to disclose your Personal Data to respond to authorized information requests from government authorities, to address national security situations, or when otherwise required by law.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Does SureScreen transfer your Personal Data outside of Europe?
We may need to transfer your Personal Data outside of the European Economic Area (“EEA”) to third countries that do not offer the same level of protection as required by the EEA. In order to safeguard your Personal Data we will only make such transfers on the basis of: (i) a decision of the European Commission that permits this; or (ii) EU-approved Standard Contractual Clauses. Please note, SureScreen and all subsidiaries and related entities have entered into intragroup data transfer agreements based on the EU Standard Contractual Clauses to transfer your Personal Data from the EEA to third countries, which includes the United States. To access or receive a copy of our intragroup data transfer agreement, please contact our EU data protection officer (details below).

How long does SureScreen store your Personal Data for?
Your Personal Data will be stored for as long as it is needed to provide you with: (i) the SureScreen service or product that you have requested; and/or (ii) access to the SureScreen Websites. Alternatively, your Personal Data will also be stored for as long as we require it to respond to your queries and concerns or in accordance with any legal requirements, including those in relation to product or medical device safety. For further information please contact your local customer care or our EU data protection officer using the details below.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

What SureScreen does to keep Personal Data secure
It is SureScreen’s practice to secure each web page that collects personal information; however, the confidentiality of personal information transmitted over the Internet cannot be guaranteed. We urge you to exercise caution when transmitting personal information over the Internet, especially personal information related to your health. SureScreen cannot guarantee that unauthorized third parties will not gain access to your personal information; therefore, when submitting personal information to our website, you must weigh both the benefits and the risks. In addition, our website covered by this Privacy Policy will display a warning whenever you link to a website that is not controlled by SureScreen or subject to a SureScreen privacy policy; you should check the privacy policies of such third-party websites before submitting personal information.

What rights do you have in relation to your Personal Data?
You may have the following rights in relation to your Personal Data:

Request access You can request access to your personal data (known as a “data subject access request”).
This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction You can request correction of the personal data that we hold about you.
This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure You can ask us to erase your personal data.
This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law.
Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing You can object to our processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request a restriction of processing You can request that we restrict the processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

  • If you want us to establish the data’s accuracy.
  • Where our use of the data is unlawful, but you do not want us to erase it.
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims.
  • You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Request a transfer You can request that we transfer your personal data to you or to a third party.
We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
Note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent You can withdraw consent to the processing of your personal data in situations where we relied on your consent to do so.
However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

We may ask you for additional information to confirm your identity and for security purposes, before responding to any request you submit.

Where you have been asked to consent to the processing of your Personal Data, we will provide you with an opportunity to withdraw your consent. There may be several methods by which you can withdraw consent, such as by contacting us directly or by deleting any SureScreen mobile app from your smartphone. In each case, you will be given information about how to withdraw consent. Any withdrawal of consent will not affect the lawfulness of the processing based on your consent before the withdrawal. Please also note that where you withdraw consent, SureScreen will only stop processing your Personal Data that relates to the withdrawal of consent.

SureScreen may still need to process Personal Data where:

  • we are required to do so by law;
  • we have a legitimate business interest to do so, such as in connection with the sale or transfer of our product lines or divisions;
  • necessary to respond to authorized information requests from government authorities;
  • necessary to address national security situations; or otherwise required by law to which we are subject.

No Fee
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time Limit
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Why do SureScreen Websites use “cookies” and other tracking technologies?
SureScreen may use “cookies” to collect other information during an individual’s visit to the SureScreen Websites, such as the particular site areas visited and the services utilized through our website. We collect this information to better tailor our site and our products to your interests and needs. Cookies may also be used to help speed up your future activities on our site. For example, a site can recognize that you have provided Personal Data to use and refrain from requesting the same information a second time. Most browsers are initially set to accept a cookie. Cookies may be disabled by the individual visitor, although refusal of cookies at the site may result in an inability to visit certain areas of the site or to receive personalised information when visiting the site.

In addition, we are constantly trying to improve how we promote our websites. To help us do this, we may measure the effectiveness of our web presence by determining when you accessed the SureScreen Websites, and what you clicked on within our site. Site measurement statistics may be used to personalize your website experience, as well as to evaluate – anonymously and on an aggregated basis – statistics about the usage of the website. Information about your computer, such as your IP address (a number assigned to your computer whenever you surf the Internet), the type of Internet browser you are using, and the type of operating system you are using may also be collected and linked to your Personal Data. This is to ensure that the SureScreen Websites presents the best web experience for visitors and that they are effective information resources.

Some of the pages an individual visits may also collect information through the use of pixel tags (also called clear gifs) that may be shared with third parties that directly support SureScreen’s promotional activities and website development. For example, website usage information about visitors to the SureScreen Websites may be shared with our third-party advertising agency in order to better target Internet banner advertisements on the SureScreen Websites. The information collected through the use of these pixel tags is not, however, personally identifiable, although it could be linked to an individual’s Personal Data.

The specific choices you receive about SureScreen’s use of cookies and other tracking technologies vary by website. On some SureScreen Websites, you will be asked to consent to the use of cookies and/or other tracking technologies on that website. Cookies that are necessary to the operation of the site will continue to function regardless of whether you have provided consent. Other types of cookies and tracking technologies will be turned off until you provide consent. As a result, the functionality of the site may be reduced until you choose to provide consent.

On some SureScreen Websites, you may be provided with preference questions or boxes allowing you to indicate that you do not want that website to use cookies or other tracking technologies that are not necessary to the operation of the site. If you choose to exercise this opt-out option, the functionality of the site may be reduced as a result.

Some Internet browsers allow you to limit or disable the use of cookies and other tracking technologies. Please refer to the information provided by your Internet browser for instructions on how to do so (generally found under a “Help” menu).

Do I have to provide my Personal Data to SureScreen?
The provision of Personal Data to SureScreen is required to fulfill the terms of a contract you have with SureScreen, to provide you with a product or service you have requested, or to comply with local laws, such as those relating to product or medical device safety. Any failure to provide such Personal Data will mean that SureScreen cannot provide you with the product or service you have requested.

Who can I contact?
To exercise any of your rights in connection with your Personal Data or if you have any questions or concerns as to the processing of your Personal Data, please contact our Information Security Officer at:

Lucinda House, Sherwood Business Park, Little Oak Drive, NG15 0DR

Call: +44 (0) 1332 365318, where anyone can take your request and pass it to the Information Security Officer.

E-mail: [email protected]

You can expect to receive confirmation we have received your request within 3 days and fulfillment of the request within 1 month. There is no charge for providing information; however, repeated requests for the same information may incur a fee.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.