Privacy Policy
PRIVACY NOTICE for the Pinpoint Travel Health website pinpointtravelhealth.com (the “Website”) and use of the Travel Health Software (‘Software’) used by us when you order a Travel Health Brief.
Please read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share your personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Use of the Website and Software is not obligatory but please note that you cannot access the Website without accepting our Cookies [pinpointtravelhealth.com/cookie-notice] and you cannot access the Software if you do not accept the terms of this Notice.
We may update this notice from time to time and although we will notify you if there is a significant change, it is your responsibility to check the terms are acceptable to you each time and before you send us personal information.
As the ‘User’ of the Software, you will need to use and input certain personal information into our Software. Further to your use of this Software you will be providing us with personal data, including that which is defined as ‘special category’ personal data, i.e. health information. You must therefore understand how we will use your personal information, by reading this privacy notice in full, and consent to such use before you provide us with any personal information.
If, having read all of this privacy notice, you are unclear about any aspect of it, please contact support@pinpointtravelhealth.com. This privacy notice is divided into the following sections:
- Who we are
- Our Website and Software
- Our collection and use of your personal information
- The lawful basis for our use of your personal information
- Our retention policy – how long we process your personal information
- Details of who we share your personal information with
- Cookies and similar technologies
- Your rights
- Keeping your personal information secure
- How to complain
- How to contact us
- Changes to this privacy notice and your duty to inform us of changes
1 Who we are
This Website and our Software are supplied to you directly by us, Pinpoint Travel Health Limited, a company incorporated in England and Wales under number 11517766 and our registered address is at Nexus, Discovery – Way, University of Leeds, Leeds, LS2 3AA. We collect, use and are responsible for the personal information which:
- we collect via Cookies when you access our Website;
- you input into the Software when you apply for a Health Travel Brief in accordance with the terms of this notice. When we do so we are regulated under the Data Protection Act 2018 (‘DPA’) and the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR), and we are responsible as a ‘data controller’ of that personal information, for the purposes of those laws.
2 Our Website and Software
This privacy notice relates to the personal data processed further to your use of the Pinpoint Travel Health Website and Software only.
3 Our collection and use of your personal information
We collect personal information about you when you visit our Website and if you access the Software, register with us, contact us, send us feedback, purchase services via the Software and input information onto the Software. We collect this personal information from you either directly, such as when you register with us, contact us or purchase services via the Software, or indirectly, such as your browsing activity while on our Website (see ‘Cookies’ below). The personal information we collect about you via the Software is required in order to provide you with the services you have bought from us and may include:
- your name and contact details, including your current address and postcode
- your sex
- your ethnicity
- your date of birth
- details of any feedback you give us
- your account details, such as email, login details
- your health status such as medical conditions and current medication
- your travel itinerary We use your personal information to:
- create and manage your account with us
- verify your identity
- provide our services to you
- comply with the legislation regarding reporting test results to government authorities where required
- communicate with you about your account
- notify you of any changes to our Software or to our services that may affect you
- improve our services
When is information collected? When you register with us or make an order for our services.
4 The legal basis for processing your personal information
We mostly rely on the performance of a contract (or anticipation of such performance) as the lawful basis for collecting and using your personal information for the purposes described in this Notice. The contracts setting out the ‘Terms of Use for our Website’ can be found here [pinpointtravelhealth.com/terms-of-use] and the ‘Terms of Supply’ for our services can be found here [pinpointtravelhealth.com/terms-of-supply]. If you do not agree to these terms of use and supply please do not use our website or request any services from us.
The health information which you provide to us when you make an application for a Travel Health Brief (‘Brief’) is defined under data protection laws as ‘special category’ personal data. This means we can only process this type of personal information further to your consent.
‘Consent’ as defined under the relevant data processing laws as meaning any freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of your health data by us.
This Notice provides you with information about the way in which we process your health information (and other types of personal information).
When you apply for a Brief you will be asked to confirm (by ticking a box) that you have understood how we will use your health data and that you consent to such use for the purposes we have specified in this Notice. If you do not consent to any of the types of processing we describe in this notice, please do not accept this Notice and do not order any services from us.
Occasionally we may rely on legitimate interest as the lawful basis for processing your personal information but we will only do so if we have carried out (and recorded) a risk assessment to consider our interests with any potential impact on you and your rights. We will not process your personal information on this basis if your rights override our interests unless we have your express consent or are subject to an obligation under law.
Finally we may be processing your personal information in order to comply with a legal obligation to which we are subject.
5 Retention policy
We will keep your personal data until the earlier of:
- you closing your account with us
- you directing us to delete your personal data
- us closing your account and then we will delete this information within 4 weeks, in each case unless there is a legal obligation to retain it for a longer period.
6 Who we share your personal information with
Pinpoint Travel Health Limited licences the Software from Personalised Diagnostics Limited, a company incorporated in England and Wales under number 13124636, whose registered office is at Nexus, Discovery Way, Leeds, England, LS2 3AA. Personalised Diagnostics Limited is our parent company and it processes your personal data as part of the performance of its services for us, as does the hosting company, which is currently Microsoft Azure. (Each of these companies is processing your personal information as our “processor” and we have a contract in place with each of them for this purpose.
We only share your special category personal information (ie health information) where we are required to do so and this is with:
- Personalised Diagnostics Limited and Microsoft via the Azure hosting
None of the third party recipients will be based outside the United Kingdom. We will share personal information with law enforcement or other authorities if required by applicable law. We will not share your personal information with any other third party. We do not use your personal information for marketing purposes.
Third party links: Our Website may have links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control those third party sites and are not responsible for their privacy notices or policies. When you leave our website we encourage you to read the privacy notice of each website you visit.
7 Cookies and other tracking technologies
A cookie is a small file of letters and numbers that we put on your computer or other access device when you access our Website. These cookies allow us to distinguish you from other users of the Website which helps us to provide you with a good experience and also allows us to improve our Website.
Some cookies we use are analytical cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they’re using it. This helps us to improve the way our Website works, for example by making sure users are finding what they need easily. This information will not personally identify anyone.
Information on deleting or controlling cookies is available at the Information Commissioner’s Office. Please note that by deleting our cookies or disabling future cookies you will not be able to access certain features of our site.
Our site may contain further cookies due to integration with other third party sites. Please see our cookie policy for further information.
8 Your rights
Under the Data Protection Act 2018 (‘DPA’) and the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (‘UK GDPR’) you have a number of important rights. In summary, those include rights to:
- fair processing of information and transparency over how we use your personal information
- access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
For further information on all of your rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) at www.ico.org.uk
If you would like to exercise any of those rights, please:
- email us at support@pinpointtravelhealth.com
- let us have enough information to identify you
- your name, email address and a contact number
- let us know the information to which your request relates
9 Keeping your personal information secure
We have appropriate security measures in place to prevent your personal information from being accidentally lost, or used, or accessed in an unauthorised way. We limit access to your personal information to those who have express authority and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
10 How to complain
We hope that we can resolve any query or concern you raise about our use of your information. The DPA also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
11 How to contact us
Please contact us if you have any questions about this privacy notice or the information we hold about you. If you wish to contact us, please send an email to support@pinpointtravelhealth.com
12 Changes to this privacy notice and your duty to inform us of changes
We keep our privacy policy and this notice under regular review. This version was last updated on 8th February 2024. If there is any significant change to it we will bring this to your attention. It is your duty to check the terms of this notice before you send us your personal data and to inform us of any changes to the personal data you have given to us.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Last updated 8-Feb-2024