Please take the time to read the following information carefully so that you fully understand our views and practices regarding your personal data and how we will use it. You must be over 18 years old to use our Site.
This privacy policy applies to people who:
This privacy policy does not apply to genetic personal data (namely DNA) that we process on behalf of a client. This is because in such instances:
Other than in relation to answers you choose to give a response to in surveys, under this privacy policy, we do not collect any personal data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health or genetic and biometric data. Nor do we collect any information about criminal convictions and offences.
(Note that if you donate at one of our facilities, some of the above information relating to your health, gender, sexual orientation and other matters will be collected in order to meet government regulations intended to ensure the safety of the blood supply. We may also collect data about race, ethnicity, smoking status, medications you have used, and similar types of information related to your donation for scientific research purposes. However, before we ask for any type of sensitive personal data, you will be informed and asked to consent to the collection.)
This Site is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
1. WHO WE ARE AND OUR DPO
Clinical Trial Laboratory Services Limited (CTLS), we or us) is the controller of personal data processed about you. We are committed to being responsible custodians of the information you provide us and the information we collect in the course of operating our business. We are part of the BioIVT group of companies and you can learn more about us here. This privacy policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
We have appointed a data protection officer (DPO) for you to contact if you have any questions regarding this privacy policy or our data protection practices. You can contact our DPO at privacy@bioivt.com or via PO BOX 770 Hicksville, NY 11802 (please mark the envelope ‘Data Protection Officer’).
You have the right to make a complaint at any time to a data protection authority about our collection and use of your personal data. For more information, please contact the Information Commissioner's Office at www.ico.org.ouk. We would, however, appreciate the chance to deal with your concerns before you approach a data protection authority so please contact us in the first instance.
2. ABOUT THIS POLICY
By using our Site, you accept the practices described in this Policy.
This Policy is effective on and from 29 June 2022. We may amend this Policy at any time, and whenever we do so we will notify you by posting a revised version on our Site or emailing you. Please review this Policy each time you visit our Site as it may have been updated since your last visit.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us (see Who we are and our DPO). If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
3. VISITORS TO OUR SITE
Personal data we collect: With regard to each of your visits to our Site, we will automatically collect:
We also collect, use and share Aggregated Data such as statistical or demographic data, for any lawful purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate information about how you use our Site to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
Cookies: Our Site uses cookies to distinguish you from other users of our Site. This helps us to provide you with a good experience when you browse our Site and also allows us to improve our Site. Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of our Site and to compile statistical reports on website activity. You can read more about how we use cookies in our Cookie Policy. You can enable or disable cookies by modifying the settings in your browser. You can find out how to do this, and find more information on cookies, at www.allaboutcookies.org.
Using your personal data: We will use this information for the following legitimate interests (whether ours or a third party’s):
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us (see Who we are and our DPO).
Sharing your personal data: We will only share personal data with third parties in the following instances:
To the extent required by law, we require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Retaining your personal data: This information is kept for up to 2 years and will then be deleted automatically. However:
Your rights: If you have questions about your rights with respect to your personal data, please see the section entitled Your Rights below.
4. ENTERING COMPETITIONS, PROMOTIONS OR GIVEAWAYS / COMPLETING SURVEYS AND GIVING FEEDBACK
Personal data we collect: If you enter any of our competitions, promotions or giveaways, or complete a survey or otherwise give us feedback, we will hold (as applicable) your name, email address, phone number, location, and any other details you give us (including the details you complete if you use a form on our Site to contact us, the details you complete on entry, survey and feedback forms, and any other information you choose to give us). We will not collect any personal data about you if our surveys or feedback forms are being run on an anonymous basis.
Using your personal data: We will use personal data you have provided to us when you enter any of our competitions, promotions or giveaways to perform the contract we are about to enter into or have entered into with you.
We will use information you give us when you complete surveys or otherwise give us feedback for the following legitimate interests (whether ours or a third party’s) (as applicable):
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us (see Who We Are and Our DPO).
Sharing your personal data: We will only share personal data with the following third parties:
To the extent required by law, we require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Retaining your personal data: This information is kept for so long as it is required for the purposes set out in this Policy, or as long as we are legally required or permitted to retain such information. When deciding how long to retain your personal data, we take into account our legal and regulatory obligations, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data described above, and whether we can achieve those purposes through other means. We may also retain your personal data to investigate or defend against potential legal claims in accordance with the limitation periods of countries where legal action may be brought.
Your rights: If you have questions about your rights with respect to your personal data, please see the section entitled Your Rights below.
If you have also visited our Site, please see Visitors to Our Site to understand how personal data collected when you visit our Site is used.
5. INTERNATIONAL DATA TRANSFERS
We may transfer your personal data to various jurisdictions to provide you our products and/or services and perform our obligations under this Policy and related agreements. The applicable data protection laws of those jurisdictions may differ from the data protection laws of the UK and, in some cases, may not be as protective. Whenever we transfer your personal data outside the UK, we will ensure a similar degree of protection is afforded to it as the data protection laws of the UK. For example, your personal data may be transferred to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government. In other instances, we will ensure at least one other lawful safeguard is implemented, which may include the use of specific contracts approved by the UK Government.
Further details can be provided upon request, please contact us (see Who we are and our DPO).
6. YOUR RIGHTS
In relation to personal data we hold about you, you have the right to:
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you would like to exercise any of these rights, please contact us (see Who we are and our DPO). We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month (starting from the day after we receive your request). Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
7. HOW WE PROTECT YOUR PERSONAL DATA
To help protect the privacy of personal data you transmit, we maintain physical, technical and administrative safeguards and, to the extent required by law, require the same of any third parties we share your personal data with. Any payment transactions will be encrypted. We update and test our security technology on an ongoing basis. In addition, we train our staff about the importance of confidentiality and maintaining the privacy and security of your personal data.
As you will be aware, the transmission of information via the internet is not completely secure. Although we will take measures to protect your personal data as described above, no security measures are perfect and we cannot guarantee the security of your personal data transmitted to our Site or otherwise provided to us; any transmission is at your own risk.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable data protection authority of a breach where we are legally required to do so.
8. MARKETING AND NOTIFICATIONS
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. To opt out of marketing communications, see Opting out below.
Donation Notifications: We may, with your opt-in, contact you via SMS text message or email regarding your eligibility to donate either because the required wait period between specimen donations (e.g. whole blood) has ended, or because we have a special donation program for which we believe you may be qualified. We will not contact you for non-donation related items.
Test Results: We may contact you, when required, to share information resulting from the viral testing done on blood/plasma that you have previously donated. Contacting you to provide you with the viral test information on your previous donation(s) is required by various governmental entities and you may not opt-out of it.
Third-party marketing: We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Opting out: You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us (see Who we are and our DPO) any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions. Please note that if you ask us not to contact you by email at a certain email address, we will retain a copy of that email address on a “suppression list” in order to comply with your no-contact request.
To opt out from all future communications (with the exception of the requirement to share viral test results) or to submit a request to access, modify, or delete your personal data, please email privacy@bioivt.com.
9. LINKS TO THIRD PARTY WEBSITES
Our Site may, from time to time, contain links to and from the websites of third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Our Site uses interfaces with social media sites such as LinkedIn, Twitter and others. If you choose to "like" or share information from our Site through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your Site visit to your personal data.
Clinical Trials Laboratory Services (CTLS) supplies the scientific community with human biologicals collected at our own IRB-approved donor centre in compliance with HTA UK regulations. Products include blood and sera, as well as white blood cells, red blood cells and various other human samples.
Monday through Thursday, 8 a.m. to 3 p.m. Friday, 8 a.m. to 2 p.m.
White City is the nearest London Underground station on the Central Line.