Privacy Policy

Privacy Notice

Any reference to “the legislation” shall include the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UKGDPR), the Data Protection Act 2018, the Privacy & Electronic Communications Regulations 2003, and any other applicable data protection legislation as introduced from time to time.

Who are we?

Invivo Healthcare (Invivo) is the trading name of Invivo Clinical Ltd, a healthcare company offering laboratory testing, therapeutic formulas and clinical education for healthcare professionals and their patients.  

Invivo Clinical Ltd is part of Microba PTY LTD, an Australian healthcare and biotechnology group. In the course of providing our services, certain personal data may be shared with Microba PTY LTD in Australia. Where such international transfers take place, we use the European Commission’s Standard Contractual Clauses (SCCs) together with the UK International Data Transfer Addendum to ensure equivalent protection under UK GDPR and EU GDPR.

Data protection principles

All personal data that is stored and processed by us is handled in line with a core set of principles under the legislation:

• Processing is fair, lawful, and transparent  
• Data is collected for specific and legitimate purposes  
• The data we collect is adequate, relevant, and limited to what is necessary in order to perform the required processing
• The data is kept accurate and up to date. Any data found to be inaccurate will be erased or rectified without undue delay  
• Data is not retained for longer than intended or necessary  
• Data is processed to ensure appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate measures  
• We comply with the relevant data protection legislation for international transfers of data (including by using SCCs with the UK International Data Transfer Addendum, where applicable)
  

Personal data

To provide you with our services, we may need to control and process your personal data. Personal data constitutes information about you, which can be used to identify you. This may include information such as your name, date of birth and contact information.  

We may also require special category data including, but not limited to, health data, gender, and genetic data (for example, biological samples).

Confidentiality

Invivo considers the confidentiality of your personal data our main priority. We comply with all relevant data protection legislation.  

We have internal policies, procedures and controls designed to ensure that all personal data is protected and not accidentally destroyed, misused, disclosed or lost. Your data is controlled and managed by employees of Invivo as part of their duties in their role. Where third-party companies are engaged to process your data on our instruction, they do so in line with our procedures and instructions, are bound by a duty of confidentiality, and implement appropriate technical and organisational measures to ensure the security of your data.  We will only keep your data for as long as necessary and in accordance with Data Protection Legislation.

Your rights and how to exercise them

At any point while we are in possession of or processing your personal data, you - the data subject - have the following rights:

• The right to request a copy of the information that we hold about you
• The right to correct or remove any data that we hold about you that is inaccurate or incomplete
• The right to restriction of processing  
• The right to have the data we hold about you transferred to another organisation (data portability)  
• The right to object to certain types of processing such as direct marketing

In certain circumstances you can ask for the data we hold about you to be erased from our records. You have the right to have your personal data erased if:  

• The personal data is no longer necessary for the purpose which we originally collected or processed it for  
• We are relying on consent as our lawful basis for holding the data, and you withdraw your consent  
• We are relying on legitimate interests as our basis for processing, and you object to the processing of your data  
• We have processed the personal data unlawfully  
• We must do it to comply with a legal obligation  
• We have no legal right to retain the personal data  

Any requests for access to the personal data we hold should be accompanied by our Data Subject Access Request Form, available on request. If a third party is involved (such as a laboratory), we will request your information from them and provide it to you. Please note that you will be asked for documentation to prove your identity or, if you are acting on the behalf of another client, we will ask for proof of their consent.  

You may also have the right to lodge a complaint with your local supervisory authority (e.g., the UK Information Commissioner’s Office (ICO) or the relevant EU authority).

Changes to our processing arrangements

If anything changes in the way we collect, store, control or process your data, we will contact you and let you know.

What data do we collect?

The personal data we would like to collect from you and/or process might include: your name, your address, your email address, your company name, telephone number, and your IP (Internet Protocol) address.

How do we collect your data?

• You may have completed our registration form
• You may have registered for an event or webinar  
• You may subscribe to our newsletters or email communications  
• You may complete an online survey

Why do we collect the data?

• To enable us to respond and deal with any query or request (such as orders etc.)  
• To register you for email notifications/newsletters and events  
• To book you into events/seminars as well as consultations

What is the lawful basis for processing?

We may process your data on the grounds of legitimate interests. Should you purchase goods or services from us, performance of a contract is the lawful basis for processing.  

If you subscribe to our newsletters or receive marketing communications from us, we rely on your consent to process your personal data and this can be withdrawn at any time.

Who do we share the data with?

The data may be shared internally with any Invivo employees with a need to access your data as part of their job role. All of our staff understand the importance of data protection and have undergone suitable training.

We may also share some of your data with Microba PTY LTD (Australia), our parent company, for purposes compatible with this Privacy Notice. Where data is transferred outside the UK/EEA, we use SCCs with the UK International Data Transfer Addendum (as applicable) to protect your information.  

If you are subscribed to our newsletter, your name and email address may be stored with Klaviyo, which is based in the United States. Data is transferred processed under Standard Contractual Clauses (SCC’s), the EU-U.S. Data Privacy Framework and the associated UK Extension.

Our website is hosted by Digital Ocean, which is based in the United States. Data is transferred processed under Standard Contractual Clauses (SCC’s), the EU-U.S. Data Privacy Framework and the associated UK Extension.

We will not share your personal data with anyone else outside of Invivo, its parent company (Microba PTY LTD) and partners listed below, without your consent, unless we are required to do so by law.

Consent

By consenting to this Privacy Policy, you are giving us permission to process your personal and special category data for the purposes identified in the headings above.  

Consent is required for Invivo to process special category data such as health and genetic data, and it must be explicie you are asked for your special category data, we will always tell you why, how the information will be used, and obtain your explicit consent either directly or via your healthcare providers.  

In some circumstances you have the right to withdraw consent at any time by advising us.

Disclosure

Invivo will not pass on your personal data to third parties other than those listed in this notice, without obtaining your consent. The following third parties may receive your personal or special category data for processing purposes. The safeguards for international transfers have been updated to reflect the Standard Contractual Clauses (SCCs) with the UK Addendum where applicable:

Microba PTY LTD – SCCs

Klaviyo – SCCs  

Digital Ocean  - SCC’s  

Optimising IT – UK GDPR  

We share your personal data (such as name, delivery address and contact details) with trusted courier and logistics partners, including Royal Mail, FedEx and UPS, for the purposes of fulfilling and delivering your orders. These partners act as data processors and are contractually bound to handle your data securely and in compliance with data protection law.

Cookies

Note the use of Performance / Analytics Cookies for the purposes described below.

Cookies are small text files sent to your device when you visit a website which are then sent back to the website on each subsequent visit.  

Cookies act as a memory for a website, allowing that website to remember your device when returning. Cookies can also remember preferences and improve the user experience as well as tailor adverts to those most relevant to you.

We use session cookies (which exist only until you close your web browser) and persistent cookies (which exist until their expiry date, or until removed by the user). Some cookies on our website are needed so you can move around the website and use it. These cookies don’t gather information about you that could be used for marketing or remember where you have been on the internet.

Some cookies on our website collect information about how visitors use the website, e.g. which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies visitors. The information these cookies collect is aggregated and therefore anonymous. It is used only to improve how our website works.

Our website uses Google Analytics cookies. Information collected by these cookies will be transferred to and stored by Google on servers in the USA in accordance with its privacy practices and protected by SCCs.

We may embed photos and videos from websites such as Vimeo and YouTube, or feeds from organisations like Facebook and Twitter. When you visit a page containing these services, you may be presented with cookies from these websites. You may see embedded ‘share’ buttons on some of our pages. These allow you to share content through social networks. When you click these buttons, a cookie may be set by the service you have chosen to share content through. These third-party cookies are not controlled by us. For further information about their use, please visit the relevant third-party website.

Please be aware: if you refuse or disable cookies, this website will not work as it should. Disabling a cookie or category of cookie does not delete the cookie from your browser; you will need to do this yourself from within your browser.

If you are using a recent version of Google Chrome, you can see the specific cookies that are being used by this site (and any site) by clicking on the secure padlock to the left of the web address in the browser window, or—if the site does not have a secure padlock—then the (i) information icon.

Learn more about cookies

To find out more about cookies in general either search in Google or visit aboutcookies.org or allaboutcookies.org.  

A guide to behavioural advertising and online privacy has been produced by the internet advertising industry which can be found at www.youronlinechoices.eu. The guide contains an explanation of the Internet Advertising Bureau’s self-regulatory scheme to allow you greater control of the advertising you see.