Welcome 


Welcome to our privacy notice (“Privacy Notice”), at Collinson Assistance Services Limited Cutlers Exchange, 123 Houndsditch, London, EC3A 7BU, United Kingdom ("we, us, our,"). We respect and commit to protecting our customers’ (“you”) and associated persons’ Personal Data and privacy.  This Privacy Notice, together with our Terms and Conditions aims to inform both passengers on arrival and departure how we collect, use, store, share and look after your Personal Data:  

 

 

•    When you interact or use our website to register and book for Covid-19 Testing, or  

•    If you use any of our products, services and or applications (together “services”). 

 

 

To help with working your way through this Privacy Notice, we have separate it into sections to provide an outline of the full Privacy Notice and the choice to select the section you would like to read in detail. We have also included a Glossary at the end of the Privacy Notice for some terms used (highlighted in bold). 


        


About Us and Contact Details


Collinson Assistance Services Limited, is a company registered in England and Wales with company number 11908215 and offices in Cutlers Exchange, 123 Houndsditch, London, EC3A 7BU, United Kingdom, and a subsidiary of The Collinson Group Limited (the “Collinson Group”). 

Under Applicable Data Protection Law, we are the Controller of the Personal Data we process. 

The Collinson Group has appointed a Group Data Protection Officer (“DPO”). If you have any questions about this Privacy Notice  or would like to know how we handle your Personal Data, please contact the DPO or the Data Protection Team by post at The Data Protection Officer, Culters Exchange,123 Houndsditch, London , EC3A 7BU or by email at data.protection@collinsongroup.com 



Our Global Presence


As a company with a global presence, we are subject to the varying requirements of data protection and privacy regulation and legislation in jurisdictions we operate. We aim to be as consistent as possible and obey all applicable laws and apply the highest standard of data protection and privacy laws to our approach.  


Personal Data we collect about you.


Apart from the medical data processed as a result of the testing e.g. negative or positive results, we do not record any other medical data on our systems or on paper.  

 

 

We will collect Personal Data about you from:   

•    You e.g. when interacting with us, either online or via email, mobile, phone or post, or in person and you provide us with your details for a Covid-19 test. 

•    your devices e.g. when you connect to our Website, use our Website.   

•    through cookies we use on our Websites to secure our Website, offer you personalised experiences.  

 

Each test option will require slightly different details. The Personal Data we may need from you are outlined in the table below. 



PurposeType of Personal Data
Data collected to register and take the test 
  • Name, email address, telephone number/mobile number, date of birth 
  • Password, Sample number, flight number 
  • Passport number, nationality, country of issue, gender  
  • Departure Country and Destination Country 
  • Payment method used, credit and debit card, bank details 
  • Any Personal Data you provide us when you contact us. We also record your calls with us.  We collect and store all copies of emails sent.  
  • Medical data that directly relate or may prevent you from undertaking the Covid-19 testing. 
  • Test method (e.g. PCR) 
  • PCR test result (i.e. COVID-19 +ve/-ve) 
  • Genetic data (genetic swabs)  
  • Device details: Traffic information, IP address, time of access, date of access, location, web pages visited, device identifiers. 



If the parent or guardian has granted consent, we will undertake a Covid-19 testing on your child 


How we use your Personal Data

We will use your Personal Data in the following circumstances:  


  • Your consent, where you specifically provide us with consent, we may also collect, use and/or disclose your Personal Data for the purposes outlined in the table below. You have the right to withdraw your consent up until you take your test.  
  • For the performance of a contract (Terms and conditions – to allow us to book the test)  
  • To comply with a legal and regulatory obligation. 

 

 The information is only used for the purpose of testing for Covid-19. The table outlines the lawful basis we can rely on to process your Personal Data. 



What we use your Information for


  • Booking and confirming the appointment with our partner clinic 
  • To process payment for the test  
  • Receiving and processing your test result 
  • Provide access to Covid-19 Test results 
  • Respond to any enquiries from you regarding our service 
  • Where we share your personal data and sensitive personal data with regulators and governmental agencies.  
  • To provide you with access to our website  
  • To receive feedback from you to help us improve on our product services  
  • To provide customer support services 



Other Use


We may still use aggregated and anonymised Personal Data that does not identify any individual for analysis to support operational decisions, to improve the full end-to-end testing process or for research purposes. We may also retain and use your information as necessary, for example, to comply with our legal obligations, resolve disputes, and enforce our agreements.  

We may provide Personal Data to courts, law enforcement, and governmental authorities and other third parties if required by law, subpoena, directive from a regulatory authority or as otherwise necessary to comply with legal requirements or to protect our rights or property or those of third parties. We may access, use and preserve data to comply with law, in anticipation of litigation, or to protect our rights or property or those of third parties, even if the data is subject to a deletion request from you. We may also provide information to law enforcement or authorities to protect the safety of users our services or others. 

 

Sale, acquire, merger, or change of ownership. If we merge with another company, or our equity securities or all or a part of our assets are sold to a third party, your Personal Data may be transferred to the buyer or successor entity. We will notify all users of any transfer to a different legal entity. 


How we share your Personal Data 


We may share your Personal Data with the following categories of third parties, in respect of your Personal Data, for the purposes explained in section 5. They will be under a duty of confidentiality and will handle your data securely. 

 

Processors or Data Intermediaries (acting under our instructions and on our behalf): 

  • Our providers who host our websites or platform such as Salesforce. 
  • IT service providers, data disposal service providers and data storage service providers.
  • Companies within the Collinson Group acting as our processor, to help us provide our services to you e.g. our customer service function to handle your enquiries.

 

Where we share your Personal Data with our Processors or Data Intermediaries, we will enter into contracts with them to ensure they also protect your Personal Data in line with Applicable Data Protection Law and to this Privacy Notice.  

 

Controllers we will also share Personal Data with include: 

  • Our payment service providers. 
  • Our clinic partners, such as Raffles Medical Group and Siloam Hospitals Groupyou can read about how they will process your data by visiting their privacy notices on their websites. They will have their own reporting obligations. 
  • Companies within the Collinson Group acting as an independent Controller, to offer you services or products, where we have your consent.


Please note where we have shared your Personal Data with a Controller, we have done so in compliance with data protection laws, as Controllers they will have their own obligations under data protection law that they must comply with. 

Where we have links to other sites promoting our partners and clients. Please read their Privacy Notices available on their website to find out how they process Personal Data. This Privacy Notice will not cover their use of Personal Data. 


International Transfer of your Personal Data

Where we transfer your Personal Data outside the country, we will ensure it is sent securely and protected, there is an appropriate contract in place and appropriate steps are taken to ensure that: 

  1. we will comply with applicable Data Protection Law obligations in respect of the transferred Personal Data while it remains in our possession or under our control; and 
  2. the recipient outside of the country is bound by legally enforceable obligations to provide a standard of protection to the personal data transferred that is comparable.   

Your booking data will be held within our service cloud in the EU.


If you are located within the EEA, we will send your data to countries outside the UK and the EEA (transfers outside the EEA include transfers to the UK), where different data protection laws may apply.  These transfers will only happen when: 

•    we use service provider companies outside the UK or EEA;  

•    there is a legal or regulatory obligation;  

•    to meet our contractual obligation with you or about to enter with you; or 

•    we have your consent.  

  

Where we transfer your data to a service provider company outside the UK or the EEA, we will implement safeguards so that your data continues to be protected. We protect your data by making sure: 

·     the country has adequacy protection approved by the European Commission or UK; or 

  

·     we conduct a security and data protection transfer assessment and put an appropriate contract in place with approved UK or European Commission standard contractual clauses between the company and us. 



Retention of your Personal Data

 

We will not keep your Personal Data for longer than is necessary. Please note Personal Data may be retained if there is a legal obligation to keep the information or your personal data would be used for the establishment, exercise or defence of legal claims.

Your profile data, including your contact and registration data will be kept for one year. 

Your test result on the system will be kept for 10 days


Security of your Personal Data 


We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We have written procedures and policies regularly audited, and the audits are reviewed at a senior level.

 

Your rights under Applicable Data Protection Law  

 

Under Applicable Data Protection Law, you may have certain rights. The table below outlines your rights. If you would like to request to exercise your rights, please email consumerhelp.ap@collinsongroup.com

Your request will be reviewed and responded to as quickly as possible


Your rights:

Meaning:

The right to object to the processing

You have the right to object to the processing of your Personal Data in certain situations.

You have an absolute right to stop your Personal Data being used for direct marketing.

The right to information

You have the right to be informed whether and to what extent we process your data. E.g. this Privacy Notice  

The right of access

You have the right to request access to your Personal Data we hold. You also have the right to request a copy, and we will provide you with this unless legal exceptions apply. 

The right to rectification

If the Personal Data that we process is incomplete or incorrect, you have the right to request their completion or correction at any time.

The right to Erasure (also known as the “right to be forgotten”)

You have the right to request we delete your Personal Data.  

This is not an absolute right and only applies in certain circumstances, for example, we cannot delete information if there is a legal or regulatory obligation on us to keep it.

The right to restrict the processing

You have the right to request that we restrict the processing of your Personal Data in certain situations. 

The right to data portability

You have the right to request that we provide your Personal Data to you in a machine-readable format. 

 

This right can only be used where the processing relies on your consent or contract and is carried out by automated means.  

Your rights in relation to automated decision making and profiling

You have the right to object to decisions based exclusively on the automated processing of your Personal Data. 

 

We do not engage in profiling or any processing related to automated decision-making activity.

The right to withdraw your consent

If your Personal Data is processed based on your consent, you have the right to withdraw your consent at any time. 

 

If you withdraw your consent, this will not affect the lawfulness of how we used your personal data before you withdrew consent, and we will let you know if we can no longer provide you with your chosen service.

  

We will keep a copy of any request. Further, we may charge a reasonable fee or refuse to act on a request if such a request is excessive, repetitive or manifestly unfounded. 

If you make a request, where required, we will confirm your identity and ask you to provide us with information to help us deal with your request. We have one month from receiving your request (provided we have verified your identity) to respond. 

Please note that for a complex request, we may extend the one month by two months. To exercise your rights please contact consumerhelp.ap@collinsongroup.com


Making a complaint


If you have any questions, concerns or complaints about this Privacy Notice, please contact our Data Protection Team and or our Data Protection Officer at data.protection@collinsongroup.com

If you are unsatisfied with our response, you can also make a complaint to your local privacy supervisory authority where: 

  • you reside;
  • you work; or
  • the matter you are complaining about took place.

If located in within the UK, you can contact the UK’s Supervisory Authority, the Information Commissioner at:  


Information Commissioner's Office 

Wycliffe House  

Water Lane  

Wilmslow  

Cheshire, United Kingdom  

SK9 5AF  

 

Phone: 0303 123 1113 (local rate) or 01625 545 745 (national rate) 

  

If located within the EU, you can contact our lead supervisory authority in Malta at: 

Officer of the Information and Data Protection Commissioner  

Floor 2, Airways House, 

Triq Il-Kbira, 

Tas-Sliema SLM 1549, Malta

 


Updates to the Privacy Notice

We keep our Privacy Notice under regular review, and we will make new versions available on our Privacy Notice page on our website. This Privacy Notice was last updated on 18th December 2020 


Glossary

Term 

Definition 

Data Protection Law  

means all applicable worldwide legislation and regulation relating to data protection and privacy including without limitation UK, European, Singapore and Indonesia applicable Data Protection Law. 

Controller 

is a person(s) or company (either alone or jointly or in common with other persons) who decides how Personal Data will be processed. 

Personal Data 

Information relating to an identifiable living person, who can be directly or indirectly identified by reference to an identifier.

Privacy Notice

Also referred to as a Fair Processing Notice) or a Privacy Policy)– Privacy Notice is a document explaining to data subject what Personal Data is processed and how a company will process it

Processor or Data Intermediaries

is an external company or other third parties that collects and processes Personal Data on behalf of a Collinson. 

Special Category Data 

Also referred to as sensitive data, is defined as Personal Data relating to the following, race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation (only applicable for UK and European Data Protection Law)