Welcome to our privacy notice (“Privacy Notice”), at Collinson Assistance Services Limited Cutlers Exchange, 123 Houndsditch, London, EC3A 7BU, United Kingdom ("we, us, our,"). We respect and commit to protecting our customers’ (“you”) and associated persons’ Personal Data and privacy. This Privacy Notice, together with our Terms and Conditions aims to inform both passengers on arrival and departure how we collect, use, store, share and look after your Personal Data:
• When you interact or use our website to register and book for Covid-19 Testing, or
• If you use any of our products, services and or applications (together “services”).
To help with working your way through this Privacy Notice, we have separate it into sections to provide an outline of the full Privacy Notice and the choice to select the section you would like to read in detail. We have also included a Glossary at the end of the Privacy Notice for some terms used (highlighted in bold).
About Us and Contact Details
Collinson Assistance Services Limited, is a company registered in England and Wales with company number 11908215 and offices in Cutlers Exchange, 123 Houndsditch, London, EC3A 7BU, United Kingdom, and a subsidiary of The Collinson Group Limited (the “Collinson Group”).
Under Applicable Data Protection Law, we are the Controller of the Personal Data we process.
The Collinson Group has appointed a Group Data Protection Officer (“DPO”). If you have any questions about this Privacy Notice or would like to know how we handle your Personal Data, please contact the DPO or the Data Protection Team by post at The Data Protection Officer, Culters Exchange,123 Houndsditch, London , EC3A 7BU or by email at firstname.lastname@example.org
Our Global Presence
Personal Data we collect about you.
Apart from the medical data processed as a result of the testing e.g. negative or positive results, we do not record any other medical data on our systems or on paper.
We will collect Personal Data about you from:
• You e.g. when interacting with us, either online or via email, mobile, phone or post, or in person and you provide us with your details for a Covid-19 test.
• your devices e.g. when you connect to our Website, use our Website.
• through cookies we use on our Websites to secure our Website, offer you personalised experiences.
Each test option will require slightly different details. The Personal Data we may need from you are outlined in the table below.
How we use your Personal Data
- Your consent, where you specifically provide us with consent, we may also collect, use and/or disclose your Personal Data for the purposes outlined in the table below. You have the right to withdraw your consent up until you take your test.
- For the performance of a contract (Terms and conditions – to allow us to book the test)
- To comply with a legal and regulatory obligation.
The information is only used for the purpose of testing for Covid-19. The table outlines the lawful basis we can rely on to process your Personal Data.
- Booking and confirming the appointment with our partner clinic
- To process payment for the test
- Receiving and processing your test result
- Provide access to Covid-19 Test results
- Respond to any enquiries from you regarding our service
- Where we share your personal data and sensitive personal data with regulators and governmental agencies.
- To provide you with access to our website
- To receive feedback from you to help us improve on our product services
- To provide customer support services
We may still use aggregated and anonymised Personal Data that does not identify any individual for analysis to support operational decisions, to improve the full end-to-end testing process or for research purposes. We may also retain and use your information as necessary, for example, to comply with our legal obligations, resolve disputes, and enforce our agreements.
We may provide Personal Data to courts, law enforcement, and governmental authorities and other third parties if required by law, subpoena, directive from a regulatory authority or as otherwise necessary to comply with legal requirements or to protect our rights or property or those of third parties. We may access, use and preserve data to comply with law, in anticipation of litigation, or to protect our rights or property or those of third parties, even if the data is subject to a deletion request from you. We may also provide information to law enforcement or authorities to protect the safety of users our services or others.
Sale, acquire, merger, or change of ownership. If we merge with another company, or our equity securities or all or a part of our assets are sold to a third party, your Personal Data may be transferred to the buyer or successor entity. We will notify all users of any transfer to a different legal entity.
International Transfer of your Personal Data
Where we transfer your Personal Data outside the country, we will ensure it is sent securely and protected, there is an appropriate contract in place and appropriate steps are taken to ensure that:
- we will comply with applicable Data Protection Law obligations in respect of the transferred Personal Data while it remains in our possession or under our control; and
- the recipient outside of the country is bound by legally enforceable obligations to provide a standard of protection to the personal data transferred that is comparable.
Your booking data will be held within our service cloud in the EU.
If you are located within the EEA, we will send your data to countries outside the UK and the EEA (transfers outside the EEA include transfers to the UK), where different data protection laws may apply. These transfers will only happen when:
• we use service provider companies outside the UK or EEA;
• there is a legal or regulatory obligation;
• to meet our contractual obligation with you or about to enter with you; or
• we have your consent.
Where we transfer your data to a service provider company outside the UK or the EEA, we will implement safeguards so that your data continues to be protected. We protect your data by making sure:
· the country has adequacy protection approved by the European Commission or UK; or
· we conduct a security and data protection transfer assessment and put an appropriate contract in place with approved UK or European Commission standard contractual clauses between the company and us.
Retention of your Personal Data
We will not keep your Personal Data for longer than is necessary. Please note Personal Data may be retained if there is a legal obligation to keep the information or your personal data would be used for the establishment, exercise or defence of legal claims.
Your profile data, including your contact and registration data will be kept for one year.
Your test result on the system will be kept for 10 days
Security of your Personal Data
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We have written procedures and policies regularly audited, and the audits are reviewed at a senior level.
Your rights under Applicable Data Protection Law
Under Applicable Data Protection Law, you may have certain rights. The table below outlines your rights. If you would like to request to exercise your rights, please email email@example.com
Your request will be reviewed and responded to as quickly as possible
The right to object to the processing
You have the right to object to the processing of your Personal Data in certain situations.
You have an absolute right to stop your Personal Data being used for direct marketing.
The right to information
You have the right to be informed whether and to what extent we process your data. E.g. this Privacy Notice
The right of access
You have the right to request access to your Personal Data we hold. You also have the right to request a copy, and we will provide you with this unless legal exceptions apply.
The right to rectification
If the Personal Data that we process is incomplete or incorrect, you have the right to request their completion or correction at any time.
The right to Erasure (also known as the “right to be forgotten”)
You have the right to request we delete your Personal Data.
This is not an absolute right and only applies in certain circumstances, for example, we cannot delete information if there is a legal or regulatory obligation on us to keep it.
The right to restrict the processing
You have the right to request that we restrict the processing of your Personal Data in certain situations.
The right to data portability
You have the right to request that we provide your Personal Data to you in a machine-readable format.
This right can only be used where the processing relies on your consent or contract and is carried out by automated means.
Your rights in relation to automated decision making and profiling
You have the right to object to decisions based exclusively on the automated processing of your Personal Data.
We do not engage in profiling or any processing related to automated decision-making activity.
The right to withdraw your consent
If your Personal Data is processed based on your consent, you have the right to withdraw your consent at any time.
If you withdraw your consent, this will not affect the lawfulness of how we used your personal data before you withdrew consent, and we will let you know if we can no longer provide you with your chosen service.
We will keep a copy of any request. Further, we may charge a reasonable fee or refuse to act on a request if such a request is excessive, repetitive or manifestly unfounded.
If you make a request, where required, we will confirm your identity and ask you to provide us with information to help us deal with your request. We have one month from receiving your request (provided we have verified your identity) to respond.
Please note that for a complex request, we may extend the one month by two months. To exercise your rights please contact firstname.lastname@example.org
Making a complaint
If you have any questions, concerns or complaints about this Privacy Notice, please contact our Data Protection Team and or our Data Protection Officer at email@example.com.
If you are unsatisfied with our response, you can also make a complaint to your local privacy supervisory authority where:
- you reside;
- you work; or
- the matter you are complaining about took place.
If located in within the UK, you can contact the UK’s Supervisory Authority, the Information Commissioner at:
Information Commissioner's Office
Cheshire, United Kingdom
Phone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
If located within the EU, you can contact our lead supervisory authority in Malta at:
Officer of the Information and Data Protection Commissioner
Floor 2, Airways House,
Tas-Sliema SLM 1549, Malta
Updates to the Privacy Notice
We keep our Privacy Notice under regular review, and we will make new versions available on our Privacy Notice page on our website. This Privacy Notice was last updated on 18th December 2020
Data Protection Law
means all applicable worldwide legislation and regulation relating to data protection and privacy including without limitation UK, European, Singapore and Indonesia applicable Data Protection Law.
is a person(s) or company (either alone or jointly or in common with other persons) who decides how Personal Data will be processed.
Information relating to an identifiable living person, who can be directly or indirectly identified by reference to an identifier.
Processor or Data Intermediaries
is an external company or other third parties that collects and processes Personal Data on behalf of a Collinson.
Special Category Data
Also referred to as sensitive data, is defined as Personal Data relating to the following, race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation (only applicable for UK and European Data Protection Law)