Your privacy matters
We may make changes from time to time, and you should check regularly to keep up-to-date.
We may, from time-to-time, highlight major changes to you by email or other routes, depending on your communication preferences.
Who we are, how to contact us and our Data Protection Officer.
We are Medical Diagnosis Ltd., a privately-owned company with our principal and registered office at Central Business Centre, Unit 12, Great Central Way, London, NW10 0UR. Our registered company number is 05790895.
You can find out more about us by clicking “about us”. You can also contact us via social media.
Our Data Protection Officer is:
020 8830 0503
We are registered as a “data controller” with the Information Commissioner’s Office, under registration number CSN3168084.
What personal data do we collect?
Medical Diagnosis will only ever ask for personal data if it is required for a specific purpose mainly but not excluding processing of test sample provided; The kinds of personal data we may collect are:
- Information you give us (for example on contact forms, questionnaires or when setting up accounts)
- Contact details – such as your name, address, email address, phone number.
- Past medical history details that relate to sample processing.
- Responses to surveys or promotions as outlined on the request forms when donating a sample
- Any updates to the information you provide to us – and thanks for keeping us updated.
This is essential information for us to provide the best service we can to you. If you ask us to delete it, it’s possible we may no longer be able to provide our services to you.
What we do with your personal data
We only ever use your information in line with data protection laws – in particular, the EU General Data Protection Regulation, otherwise known as GDPR. In short, this means we only use it where we have a legal basis to do so. These are the general legal basis for which we use your information:
- Consent – you have given clear consent to us to process your personal information for a specific purpose.
- Legitimate interests – processing your personal information is necessary for our legitimate interests or those of a third party, provided those interests are not outweighed by your rights and interests.
Here are the specific reasons we process your personal information:
- to allow you to access and use our Website and to register for other services we may provide;
- to provide you with the information, products and services that you request from us;
- to send notifications about services you have enquired
- to do things necessary for our business, such as pursuing debts or ensuring the security of our assets, services and Website;
- to carry out statistical analysis and market research;
- for marketing, advertising and promotional purposes;
- for improving and maintaining our services and website, preparing reports or compiling statistics;
- to notify you about changes to our services, innovations, fees and charges
- to send you requested information regarding our services
- to provide third parties with information you have requested us to do so
- with your consent only, to contact you (including by email or post) with information about our products and services which either you request, or which we feel will be of interest to you.
- with your consent only, to contact you (including by email or post) with information about our products and services which either you request, or which we feel will be of interest to you
- to comply with legal obligations
- to comply with industry standards and carrying out due diligence
- Ensuring that data subject can be identified and contacted if there are changes to medical knowledge.
- Where we process special categories of personal data, other than where we have your consent to do so we shall be processing this data on one or more of the following lawful basis:
- It relates to personal data which are manifestly made public by the data subject.
- It is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems or pursuant to contract with a health professional.
What information does our online platform collect?
Below you can see the types of customer and technical data that our online platform collects, with examples.
- Cookie Identifiers include GoogleAnalytics_ID.
- Identity Data includes first name, last name and gender.
- Contact Data includes delivery address, email address and telephone numbers.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us. These do not include bank details.
- Technical Data includes internet protocol (IP) address, browser type and version, location by country, operating system and device details.
- Profile Data includes your orders and type of product purchased.
- Usage Data includes information about how you use our website, such as what products you have viewed and whether you have updated your basket.
- Preferences Data includes your consent preferences in receiving marketing from This helps us to manage our relationship with you and ensures you only receive communications from us that are relevant and timely.
Who we share your personal data with
In order to achieve the above stated purposes for which we process your personal data, we may need to share your personal data with various third-party service providers who act as data processors, such as the laboratory handling your test.
As part of the transaction process, we automatically verify some data you provide us with to complete your transaction with external organizations – for instance, if you buy using a credit or debit card, our systems automatically check the details you have provided are correct with your credit or debit card supplier. They don’t get to see what specific items you have purchased.
We work with a number of trusted third-parties to ensure that the experience we give on-site is relevant, optimized and useful to you. These third-party products include Google Analytics, Google Ads, Facebook, among others.
We never sell customers’ details to other organizations.
In the event that we sell or reorganize our business, or if otherwise required by law or by an authorized regulator, we may transfer your personal data as a part of the general business data to the relevant parties.
We want you to be happy and confident with how your information is being handled. There are several rights granted to you immediately upon providing us with your personal information; these are mentioned below. We’d like you to know that at Medical Diagnosis we take your rights as a Natural Person seriously and will always conduct ourselves in a way that is considerate of our responsibility to serve your legal rights.
- Right of rectification; update any personal information which is out of date or incorrect;
- Right of access to your data
- Right to complain by contacting the information commissioner’s office. https://ico.org.uk/concerns
- Right to delete any personal information which we are holding about you;
- Right to restrict the way that we process your personal information;
- Right provide your personal information to a third-party provider of services; or
- Right provide you with a copy of any personal information which we hold about you on request, although we reserve the right to charge reasonable fee for this if requests are excessive or repetitive.
- You have the right to withdraw your consent in relation to us processing your special categories of personal data (as mentioned above) at any time. You can do this by contacting us.
If you withdraw your consent to us processing your personal data, especially the special categories above, this will mean that we are unable to provide our services to you. In addition, please remember that we are required by law to retain medical records for 10 years.
Our Contact Details:
If you wish to get in touch with Medical Diagnosis, please do so with any of the following contact details:
Central Business Centre,
Unit 12, Great Central Way,
Telephone: 020 8830 0503
Transfers of personal data to foreign countries
From time to time we may make use of service providers to support our business delivery. We have contracts in place with our data processors to ensure that the recipient organization has a suitable standard of data protection in place and cannot do anything with your personal data unless we have instructed them to do it. They will not share your personal information with any organization apart from us. They will hold it securely and retain it for the period we instruct.
Medical Diagnosis will not transfer your personal data to any country outside the European Union (EU) other than those that have been granted an adequacy decision under the General Data Protection Regulation (GDPR).
How long we store your personal data
Your account stores details of your tests. You can control the visibility of purchases you have made in the past, but we may keep information about purchases you have made for longer, for instance in case you have a complaint or query about a test you have bought from us.
We keep your personal data:
- As long as it is required to do so in order to comply with any regulatory requirements or financial obligations it is subject to.
- Medical test results will be maintained as required by law for a minimum of 10 years.
You may request that we erase your personal data an anytime, though in cases where there is a remaining relevant or legal reason why we are required to keep the data, we may opt to restrict the amount of processing being conducted to what is absolutely necessary, in line with your legal rights in order to minimize the impact the processing will have.