As updated April 2020.
Randox Labs is registered with the Information Commissioner’s Office (ICO) under registration number Z7894954 and Randox Health is registered with the ICO under registration number ZA056454.
As a user of Randox’s services, we will collect what is known as personal data about you. Personal data is information from which you, as an individual, can be identified. This policy outlines how the relevant Randox company you interact with will use, store and protect any personal data that you provide or that we otherwise hold about you when using Randox’s COVID-19 testing services.
Where you have obtained your COVID-19 test privately, then the relevant controller of personal data (i.e. the organisation that decides the purposes for which and the way in which your personal data is dealt with) will be Randox Health.
Unless indicated otherwise, this policy sets out how Randox will use, store and protect any personal data we collect or generate about you for both private tests and public tests.
This version two of this policy was last updated on 3 April 2020. Historic versions of this policy can be obtained by contacting us.
We will collect personal data as part of our online testing kit registration process. Registration is essential for all testing and reporting of results to proceed, and it is essential that you complete these details, and confirm your acceptance of this policy, personally.
The information we collect during registration includes:
We will not collect any information which we, or relevant third parties, do not need.
Once your swab sample has been returned to us, and it has been tested for COVID-19, our systems will automatically generate a report which shows our findings (the Report). This Report will include some of the personal details that you have provided to us about yourself. We will also hold this information in a centralised database.
Please note that there are limitations inherent in the sample collection and testing process, which are explained in our terms and conditions here: https://www.randoxhealth.com/screening-request-terms-and-conditions/, and in the test instructions that were provided to you when you received your test kit.
It is important that the personal data we hold about you is accurate and current, and we cannot be held responsible for incorrect data that is provided by you. Please keep us informed if your personal data changes during your relationship with us.
If you fail to properly provide all requested data or provide incorrect data we may be unable to provide the testing services or notify you of your results. There is also a risk that third parties could be inadvertently provided with your data if, for example, you have not correctly entered your email address, or your email servers are compromised.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data on one or more of the following grounds:
We do not rely on consent as a basis for processing your personal data, unless you have requested a private COVID-19 test from Randox Health, in which case you may withdraw your consent to processing at any time by contacting us using the details below. Any payments made for testing services are non-refundable, as explained in our terms and conditions here: https://www.randoxhealth.com/screening-request-terms-and-conditions/.
Where we are using your personal data that identifies your health data, we are doing that either on the basis of your explicit consent, your vital interests, for public interest, medical diagnostic reasons or preventative or occupational health reasons.
Generally, Randox will use the data you provide to test your swab samples for COVID-19 and notify the results to you as the registered user of the kit via the Report. A copy of the Report will be sent by email to the email address you provided to us when you signed up through our registration portal.
After your sample has been posted to us, please make sure to regularly check your emails (including any junk or spam folder) for any email attaching the Report. Please note that we are not responsible for the security of any domains in respect of email addresses you have given us. If you believe you have received a Report in error, please contact us at firstname.lastname@example.org immediately.
Additional information, including home address, is necessary for notifying the relevant public health or other Government authorities of the results of your test, if we are requested to do so.
As a controller or processor of personal data, Randox and its affiliated companies must process your information fairly and lawfully. We will also process your data in accordance with the instructions of the DOH and the terms of our contract, in the case of Randox Labs.
We also collect, use and share Aggregated Data for any purpose. Aggregated Data could be derived from your data but is not considered personal data as this it will not directly or indirectly reveal your identity.
We will not use any personal data that we collect for marketing purposes unless you have separately signed up to receive marketing communications from us.
Randox will not generally share personal data about you with other organisations or people, unless permitted or required by law, you have provided consent, or a third party is required to provide our testing services to you (in such circumstances, the third party will be bound by similar data protection requirements). Nor do we transfer your personal data outside of the UK.
That said, please note that your data (including your test results) may be available to other companies within the Randox groups of companies, to Microsoft (who host our registration platform, as noted above) and to relevant health or other governmental authorities for the purposes of, among other things, contact tracing and infection control.
Where possible, we require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.
In respect of NHS testing results, please note Randox Labs acts as a processor on behalf of the DOH, so has no control over what the DOH chooses to do with your personal data or who it is shared with by DOH.
We must keep all personal data safe and hold it for no longer than is necessary in line with our legal obligations.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
Where your test was provided through the NHS, Randox Labs will hold your information for the duration of its contract with the DOH, and for a period of three months thereafter (unless otherwise instructed by the DOH).
Where you are a private patient, Randox Health will hold your data for a minimum of six years for liability purposes. We review the personal data we hold on a regular basis.
We have set out an explanation of your rights regarding the data we hold below. Please note that these only apply where you have paid Randox Health for your test.
Where you are an NHS key worker, or have otherwise obtained your test through the NHS, you must contact the DOH to exercise any of your rights. Your rights will be different in this context, and are explained in the relevant DOH privacy documentation.
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this policy. Please contact DPO@Randoxhealth.com in the first instance, if you wish to:
Please contact the DOH if you have a query regarding processing by the DOH, where you are an NHS worker or have received your test through the NHS.
If you are not satisfied with our response to any query you raise with us, or you believe we are processing your personal data in a way which is inconsistent with the law, you can complain to the ICO office helpline: 0303 123 1113. We would appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Please do not contact the ICO regarding processing by Randox if your complaint relates to the processing of your data by the DOH (in respect of NHS tests).