Yorkshire Bloodworks Ltd ("we", "us", "our") respects your privacy. This policy explains how we collect, use, store, and protect your personal information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our registration number with the Information Commissioner's Office UK ("ICO") is ZB992358.
1. Data Controller
- Yorkshire Bloodworks Ltd (Company No. 16423384) is the data controller for your personal information.
- Registered address: 142 Moor Lane South, Ravenfield, Rotherham, United Kingdom, S65 4QR.
- For privacy enquiries, contact us through our website contact form or at our registered address.
2. Information We Collect
- Personal Information: Name, date of birth, address, telephone number, email address, and emergency contact details.
- Health Information: Medical history relevant to testing, current medications, symptoms, and test results.
- Payment Information: Billing details and payment card information (processed securely by our payment providers).
- Technical Information: IP address, browser type, and website usage data when you visit our website.
3. How We Use Your Information
- Service Delivery: To provide blood testing services, process samples, and deliver results.
- Communication: To contact you about appointments, results, and service updates.
- Legal Compliance: To meet regulatory requirements and maintain clinical records.
- Quality Assurance: To monitor service quality and improve our procedures.
- Safety: To ensure appropriate testing protocols and emergency contact procedures.
4. Communication and notifications
- We may contact you via email, SMS, or telephone to provide updates and notifications relating to your bookings, appointments, and payments. Our SMS communications are delivered using services provided by Faretext, a trusted UK-based messaging provider.
5. Legal Basis for Processing
- Contract Performance: Processing necessary to provide our testing services.
- Legitimate Interests: Quality assurance, service improvement, and business operations.
- Legal Obligations: Compliance with healthcare regulations and record-keeping requirements.
- Vital Interests: Emergency situations where health and safety are at risk.
6. Data Sharing
- Laboratory Partners: We share necessary information with accredited laboratories for test processing.
- Healthcare Professionals: With your explicit consent, we may share results with your GP or other healthcare providers.
- Legal Requirements: We may disclose information when required by law or to protect public health and safety.
- Service Providers: Secure sharing with IT support, payment processors, and other service providers who assist our operations.
7. Data Security
- We implement appropriate technical and organisational measures to protect your personal data.
- All staff are trained on data protection requirements and bound by confidentiality agreements.
- Electronic systems are encrypted and access-controlled with regular security updates.
- Physical records are stored securely with restricted access.
8. Data Retention
- Clinical records are retained for 8 years from your last contact with us, in accordance with healthcare regulations.
- Marketing communications data is retained until you withdraw consent or for 3 years if inactive.
- Website analytics data is retained for 26 months.
- Payment data is retained only as long as necessary for transaction processing and fraud prevention.
9. Your Rights under GDPR
- Access: Request copies of your personal data.
- Rectification: Request correction of inaccurate information.
- Erasure: Request deletion of your data (subject to legal retention requirements).
- Restriction: Request limitation of processing in certain circumstances.
- Portability: Request transfer of your data in electronic format.
- Objection: Object to processing based on legitimate interests.
- Complaint: Lodge a complaint with the Information Commissioner's Office (ICO).
Requests should be made in writing to: support@yorkshirebloodworks.co.uk.
10. Cookies & Website Analytics
- Our website uses cookies to improve functionality and analyse usage. See our Cookie Policy for details.
- You can manage cookie preferences through your browser settings.
- We use analytics tools to understand website performance and user experience.
11. Security
- We use secure systems and encryption to protect your data. Staff are trained in confidentiality and data protection.
12. International Transfers
- Your data is processed within the UK and European Economic Area.
- Any transfers outside the EEA are protected by appropriate safeguards, including adequacy decisions or standard contractual clauses.
13. Data Protection Lead
- We have appointed a Data Protection Lead to oversee our compliance with UK GDPR and data protection matters.
- Contact:
Data Protection Lead
Yorkshire Bloodworks Ltd
Email: support@yorkshirebloodworks.co.uk
14. Changes to This Policy
- We may update this privacy policy to reflect changes in our practices or legal requirements.
- Significant changes will be communicated via email or website notice.
- The current version will always be available on our website with the date of last update.
15. Complaints
If you have concerns about how we handle your personal data, please contact us first at support@yorkshirebloodworks.co.uk. We will do our best to resolve your query quickly and fairly.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK regulator for data protection:
Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
16. Contact Information
- For privacy-related queries, please contact us through our website contact form.
- Written correspondence: Yorkshire Bloodworks Ltd, 142 Moor Lane South, Ravenfield, Rotherham, S65 4QR.
.svg)
.svg)