We update this Policy from time to time so please do review this Policy regularly, and before consenting to future services.Importantly, your information may be shared with third-parties (such as your local NHS Trust) who we partner with to deliver services such as your onward care. This will always be made clear to you when you use our service and is explained in more detail below.
Information About Our Organisation
Test.HIV is operated by Preventx Limited, who is the data controller for the service.
Preventx and its partners make decisions on what data is processed and how this will be done.
This is role is undertaken in accordance with the General Data Protection Regularly (GDPR) and the Data Protection Act 2018.
For all requests regarding the control of your data, please contact Preventx:
Carbrook Hall Road
The Purposes of Processing
We process your data in order to deliver the Test.HIV service to you. You are asked for your consent for us to process your data in order to register with our services, receive test kits, etc.
Lawful Basis for Processing
In order to access our services, we ask for your consent and this is the primary basis on which we process your data.
However, in most cases we process your data in order to provide services for the prevention, diagnosis and treatment of illness in line with the Health and Social Care Act (2012) which are funded via your local authority or NHS Trust.
Additionally, some of the data we collect is processed in the public interest such as to provide mandatory national data to Public Health England.
What Data We Collect
The information that we collect and store relating to you is primarily used to enable us to provide our services to you, which you have explicitly ordered or requested. For example, to request a free sexual health test you will be asked a number of questions, including some personal questions. In some cases, you may opt-out of certain questions.
The information you give will be recorded and includes details such as your name, address, date of birth, contact information (e.g. telephone number).
Special category data may also be collected including items such as ethnicity, gender identity, responses to medical and safeguarding screening questions, medical testing history, details of attendance with health providers that may have provided treatment.
Your data is stored in the UK on secure servers which are firewalled from both the NHS N3/HSCN network and the public internet and all personal data is transferred securely. There is no transfer of data to any countries or international organisations.
In addition to the above, by accessing our website we also collect some information about your visit such as details of the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data.
Recipients of your Personal Data
In the case of most of our free testing services, your data will be accessible (along with your results) by the nominated provider for patient management. Such providers will be responsible for your ongoing care, for example if you require treatment or further testing.
A full list of providers has not been included as this may change over time and will depend on your geographic location in the UK and the services you wish to use. Instead, we will explicitly and clearly inform you of the provider responsible for your record before you complete your order.
The provider is usually the funding organisation, or a specialist sexual health charity who are partnered with us to manage patients testing via Test.HIV, however this can change over time due to new commissioning and service migrations. Both Test.HIV and any providers managing results adhere to strict privacy guidelines in order to protect your data, and all information will be treated in strict confidence by the current or future service providers.
Please be advised that we never reveal information about identifiable individuals to other parties outside of our standard pathway (as described above) but we may, on occasion, provide them with aggregate or anonymous statistical information about our visitors.
Our partners who provide treatment and care (as described in more detail above) can securely access your full personal record and test results. The organisations that we share your information with must comply with data protection law.
The local authorities who fund the service and the Department of Health (including Public Health England) receive anonymised and/or aggregate data only.
Why and When we Contact You
Depending on your contact preferences we may notify you by SMS or email:
- Once that we have dispatched your self-sampling kit.
- Up to three times if you do not return your test kit promptly.
- When your kit has arrived at the laboratory, and when your results are ready.
- Once in the future to remind you to get tested again unless you’ve opted out.
Where you may require treatment or onward care, or in certain circumstances where our system determines you may need additional support (for example if we believe you may be at risk) our partners will make direct contact with you.
Sometimes we have a legal duty to provide personal information to other organisations.
We may also share your personal information when we consider/believe that there is a good reason to do so, which is more important than protecting your privacy. This doesn’t happen often, but in these circumstances, we may share your information:
- to find and stop crime and fraud; or
- if there are serious risks to the public, our staff or to other professionals.
- to protect a child; or
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them.
For all these reasons, the risk must be serious before we can override your right to privacy.
If we are worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we or our partners will discuss this with you and, if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
If this is the case, we will make sure that we record what information we share and our reasons for doing so. We will let you know what we have done and why, if we think it is safe to do so.
Duration of Storage
We will only hold your personal information for as long as it is necessary to fulfil our legal duties or business purposes.
In line with national clinical guidelines, your record will be retained for a minimum of 10 years after the last recorded entry. If you are aged 16 or 17 years your record will be retained for a minimum of 10 years after your 18th birthday.
After that point, your personal identifying information (e.g. name, house number, street name, telephone number and email) will be removed to provide an anonymised data set for statistical and research purposes only.
The law gives you a number of rights in relation to what personal information is used by Preventx, and how it is used. These rights allow you to ask us to:
- provide you with a copy of the personal information that we hold about you
- correct personal information about you which you think is inaccurate
- delete personal information about you if you think we no longer should be using it
- stop using your personal information if you think it is wrong, until it is corrected
- transfer your personal information to another provider in a commonly used format
- review automated decision-making processes that have been used to make decisions about you.
The right to withdraw consent and the right to erasure may not apply due to the nature of the services being provided and our basis in law for processing this data. We will consider requests to remove personal identifying information from your record to ensure that the data we do retain is anonymised, while enabling us to meet our statutory requirements.
You have the right to lodge a complaint with a supervisory authority. For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at http://www.ico.org.uk.
We use automated decision-making to confirm eligibility for the services you may wish to access, for example based on your geographic postcode of residence and age.
We also use automated decision making, based on national clinical guidelines, to determine whether our services are appropriate for your individual circumstance and to determine which type of test kit is most suitable for you.
If the automated decision-making process determines that you are not suitable for the service, you will be provided with information about accessing care from a physical clinic.
A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer or mobile phone (referred to here as a "device") browser from a website's computer and is stored on your device's memory.
We require cookies to be enabled so we can keep track of your progress through the request procedure. No personal or confidential information is stored in cookies, only a temporary and unique identification code which is only active whilst you are visiting the site and deleted promptly after.
Your sample will be tested in Preventx's specialist laboratory and in accordance with the laboratories quality system. Standard testing carried out via the Test.HIV service is accredited to international standards, and more information can be read in the Preventx Laboratory Services document (https://www.preventx.com/laboratory).
In some cases, we may use non-accredited tests to supplement your screening, however this would only ever be in agreement with doctors of clinicians (for example, pharyngeal swab testing may be recommended but falls outside 'off label' and outside of our accreditation).
Please note that some test samples may be retained by the laboratory after testing for internal studies and verification purposes (such as performing equipment validation). Samples used for wider validation or laboratory studies would always be fully anonymised.
Third Party Links
You may find links to third party websites on our website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
We may include a male condom in your self-sampling kit. This is not something we are required to include, but though it may be useful so have included one CE marked condom free of charge. Some do's and don'ts along with instructions on using a male condom can be found via this link.