Effective date: 13 August 2021
- The personal data we collect from you
We may collect and use your personal data when you submit it to us in the following ways:
The reasons for processing your personal data
- Account registration: when you set up an account with us, we will collect your personal data, such as your full name, email address and password.
- Purchasing our products and services: when you purchase YourBio Health products or services direct from us on our website, we will collect your personal data to process your request, such as: your full name, date of birth, gender, payment details, billing address, shipping address, contact details (such as, email address and telephone number). To process your order, an order ID and KIT ID will be assigned to you. We will also receive a tracking reference number from our third party partner who will send the product to you which you have purchased from us.
- Medical questionnaire: if you choose to do so, you can update your user profile with details about vaccination doses and your medical history so we are able to better tailor your test results.
- Reviews: if you choose to provide a review of a YourBio Health product or service and agree to us posting on our website, we will process the details of your review as well as your first name and your last initial.
- General communications: when you provide personal data to us in correspondence and communications (including through our website), we will process any personal data that you provide to us in connection with these correspondence and communications, including your full name, email address, telephone number and your IP address (to track your location).
- Anonymisation. We may anonymise your personal data so all identifying features are removed and you cannot be identified and we may use the anonymised data for purposes consistent with this policy.
- Health-related data you provide to receive our products and services: in order to provide you with our products and services, we will need to log and record your test results in order for you to access the test results. We will also log a unique order ID, an image of the test report and your test results on our database.
The types of personal data relating to you that we may collect, and the purposes for which we process this data, depends on the nature of your interaction with us. This section describes our reasons for processing your personal data and, in accordance with applicable data protection laws in the United Kingdom and the European Economic Area (“EEA”), specifies the legal basis under which we are allowed to process your personal data.
Reasons for Processing General Personal Data
Generally, we may process your general (non health-related) personal data to perform a contract with you or for your benefit, for the establishment, exercise or defence of legal claims or proceedings and to comply with our legal and regulatory obligations. Other bases for processing your other personal data are described below.
- To enable us to perform the contract you have entered into for our products and services. This covers processing we carry out to process any request for a YourBio Health product or service we receive from you or which is made on your behalf, to deliver your requested YourBio Health product or service (including sharing your personal data with our third party partner) and to enable us to take payment from you or provide you with a refund;
- For our legitimate business interests (including for statistical purposes). This covers the following processing activities:
- to notify you about changes to our products or services and provide you with customer service, to improve and monitor the quality of our products and services;
- to enable us to respond to an enquiry or other request you make when you contact us via our website or through another communication channel;
- to promote and advertise the YourBio Health product via our website;
- to protect the security of and manage access to our IT and communication systems, online platforms, website and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities.
- For our legitimate interests, we may contact you to inform you of, and make suggestions and recommendations about our products and services that we believe may be of interest to you.
Reasons for Processing Health-Related Data
We may process your health-related data (as detailed above) as described below. Please note that the legal bases which we rely on to process your health-related data will be determined by your use of the product or service which you have requested from us.
Where you have requested a product or service from us in connection with a medical diagnosis, we will process your health-related data for the provision of health and social care and to conduct scientific research, for the following reasons:
- to process your health-related data for the purpose of providing the products or services you have requested;
- to allow you to register for our products or services on your behalf, to access your test results which we receive from our third party partner who has processed your test results and provide you with statistical information in connection with your test results. Please note that we will store your test results for your use, including for the purposes of allowing you to access and verify your results;
- to de-identify your health-related data and to use that de-identified data in order to monitor how our products and services are used and to evaluate the performance, impact and experience of our products and services and for product improvement and development, including the effectiveness of our sample testing techniques; and
- to use de-identified data to conduct scientific research into diagnostics in connection with related health factors, which may include repeated observations over time of test results and associated risk factors or health outcomes, and other data analysis and market research.
We also process your health-related data (such as details about vaccinations doses and your medical history), where we have your explicit consent, to better tailor our services to you.
You can withdraw your consent to any of these processing activities at any time by contacting us. When you withdraw your consent, we will stop any future processing of your health-related data for the relevant purposes. We will be entitled to continue to process any data that we have anonymised so that it is no longer possible to identify you.
For scientific research purposes, we may archive your health-related data in furtherance of these scientific research purposes. In certain circumstances, we may need to process your health-related data to comply with local legal and regulatory requirements, for example if we need to issue a safety notice or corrective action related to any of our products or services; for reporting to and/or being audited or investigated by national and international regulatory bodies; or to comply with court orders and to exercise and/or defend our legal rights.
You have the right to opt out of receiving marketing at any time by following the information in each communication on how to unsubscribe or by writing to us at: firstname.lastname@example.org. Our disclosure of your personal data
We may share your personal data with the following third parties:
Individuals under 21
- Partners: where you have requested a product or service from us, we may share your personal data with the partner so that they may deliver your product to your or to process your test results.
- Payment processors: we use third party payment processors in order to process your payment for our goods or services. Our payment processors are separate controllers who collect and process your information, including payment information, in accordance with their privacy policies, which can be found on their website.
- Administrative and legal reasons: we may disclose personal data as we deem necessary and appropriate under applicable laws, such as to comply with a bankruptcy proceedings, or similar legal process; in response to lawful requests by public, governmental and regulatory authorities. Where we are required by law, we may also disclose your personal data where it is necessary to investigate or protect the rights, property or safety of YourBio Health, our products and services, our partners who help us provide our services to you, other business partners or to prevent or take action regarding illegal activities or fraud, situations involving potential threats to the safety of any person or as evidence in litigation.
- Business transfers: we may disclose and transfer your information and data to a third party: (a) if we assign our rights regarding any of the information to a third party, or (b) in connection with a corporate merger, consolidation, restructuring, sale of certain of our ownership interests or assets (or both), or other corporate change.
Our products and services are not aimed at individuals under 21. If you are aware of the fact that an individual under 21 has given us your personal data, please contact us at: email@example.com.
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws and/or regulatory requirements and standards or until you withdraw your consent (where applicable).
To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements and standards. Data transfers
You may have the right to: (a) access the personal data we hold about you; (b) request we correct any inaccurate personal data we hold about you; (c) request we delete any personal data we hold about you; (d) restrict the processing of personal data we hold about you; (e) object to the processing of personal data we hold about you; (f) not be subjected to a decision based solely on automated processing, including profiling; and/or (f) receive any personal data we hold about you in a structured and commonly used machine readable format or have such personal data transmitted to another company.
Please note that we may ask you to verify your identity before responding to such requests.
Where you have been asked to consent to the processing of your personal data, you can withdraw consent, such as by contacting us using our contacts details below. Any withdrawal of consent will not affect the lawfulness of the processing based on your consent before the withdrawal. Please also note that where you withdraw consent, we will only stop processing your personal data that relates to the withdrawal of consent.
To exercise any of your rights in connection with your personal data, please contact us using the details in the “Contact Us” section below. If you are located in the United Kingdom or the EEA, you have the right to complain to a data protection authority in your country about our collection and use of your personal data. Contact Us
VeraSafe has been appointed as YourBio Health’s representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can be contacted in addition to or instead of firstname.lastname@example.org only on matters related to the processing of personal data.
To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003. Alternatively, VeraSafe can be contacted at: VeraSafe United Kingdom Ltd. 37 Albert Embankment London SE1 7TL United Kingdom.
Please also note that VeraSafe has been appointed as YourBio Health’s data protection officer. VeraSafe’s data protection officer details are as follows: 100 M Street S.E., Suite 600, Washington D.C. 2000, USA, +1 (617) 398-7067, email@example.com.