Privacy Policy


“Our mission is to ensure that privacy lives at the very heart of our business; that we build and maintain trust and confidence with our customers, internal team and all stakeholders. We strive to ensure that all in our company understand our commitment to keep personal data safe and secure, comply with all relevant data protection regulations and respect the rights of our data subjects whoever they may be.”
Invivo Healthcare Privacy Mission Statement

Privacy Notice

Any reference to ‘the legislation’ shall include the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UKGDPR), the Data Protection Act 2018, the Privacy & Electronic Communications Regulation 2003 and any other applicable data protection legislation as introduced from time to time.

Who are we?

Invivo Healthcare (Invivo) is the trading name of Invivo Clinical Ltd, a healthcare company offering laboratory testing, therapeutic formulas and clinical education for healthcare professionals and their patients.

Data protection principles

All personal data that is stored and processed by us, is done so by a core set of principles in line with the legislation:

Processing is fair, lawful, and transparent

Data is collected for specific and legitimate purposes

The data we collect is adequate, relevant and limited to what is necessary in order to process

The data is kept accurate and up-to-date. Any data found to be inaccurate will be erased or rectified without undue delay

Data is not retained for longer than intended or necessary

Data is processed to ensure appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate measures

We comply with the relevant data protection legislation for international transferring of data

Personal data

In order to provide you with our services, we may need to control and process your personal data. Personal data constitutes information about you which can be used to identify you, such as your name, date of birth and contact information.

We may also require special category data including, but not limited to, health data, gender, genetic data (for example samples).

Confidentiality

Invivo considers the confidentiality of your personal data our main priority. We comply with all relevant data protection legislation.

We have internal policies, procedures and controls designed to ensure that all personal data is protected and not accidentally destroyed, misused, disclosed, lost etc. Your data is controlled and managed by employees of Invivo as part of their duties in their role. Where third party companies are engaged to process your data on our instruction, they do so in line with our procedures and instructions which are set out to include a duty of confidentiality and include technical and organisational measures to ensure the security of your data.

We will only keep your data for as long as necessary and in accordance with Data Protection Legislation.

Your rights and how to exercise them

At any point while we are in possession of or processing your personal data, you – the data subject – have the following rights:

The right to request a copy of the information that we hold about you

The right to correct or remove any data that we hold about you that is inaccurate or incomplete

In certain circumstances you can ask for the data we hold about you to be erased from our records. You have the right to have your personal data erased if:

  • the personal data is no longer necessary for the purpose which we originally collected or processed it for
  • we are relying on consent as our lawful basis for holding the data, and you withdraw your consent
  • we are relying on legitimate interests as our basis for processing, and you object to the processing of your data
  • we have processed the personal data unlawfully
  • we must do it to comply with a legal obligation
  • we have no legal right to retain the personal data

The right to restriction of processing

The right to have the data we hold about you transferred to another organisation

The right to object to certain types of processing such as direct marketing

Any requests for access to the personal data we hold should be accompanied by our Data Subject Access Request Form available on request. If a third party is involved (such as a laboratory), we will request your information from them and provide it to you. Please note that you will be asked for documentation to prove your identity or, if you are acting on the behalf of another client, we will ask for proof of their consent

Changes to our processing arrangements

If anything changes in the way we collect, store, control or process your data, we will contact you and let you know.

For ease and clarity, we have provided the rest of the Privacy Policy in a layered format; please select the heading most relevant to you:

What data do we collect?

The personal data we would like to collect from you and/or process might include: your name, your address, your email address, your company name, telephone number, your IP (Internet Protocol) address

How do we collect your data?
  • You may have completed our registration form
  • You may have registered for an event or webinar
  • You may subscribe to our newsletters or email communications
  • You may complete an online survey
Why do we collect the data?
  • To enable us to respond and deal with any query or request (such as orders etc.)
  • To register you for email notifications/newsletters and event
  •  book you into events/seminars as well as consultations
What is the lawful basis for processing?

We may process your data on the grounds of legitimate interests. Should you purchase goods or services from us we would include performance of a contract as a lawful basis from processing.

If you subscribe to our newsletters or receive marketing communications from us we are relying on your consent to process your personal data and this can be withdrawn easily at any time.

Who do we share the data with?

The data may be shared internally with any Invivo employees who view your data as part of their job role. All our staff understand the importance of data protection and have undergone suitable training.

If you are subscribed to our newsletter, your name and email address may be stored on Mailchimp, which is based in the United States and such data is processed under the mechanism of standard contractual clauses.

Our website is hosted by Memset who are based in the UK and compliant with all EU Data Protection Legislation in line with their privacy policy.

We will not share your personal data with anyone else outside of Invivo, or its partners without your consent.

Consent

By consenting to this Privacy Policy, you are giving us permission to process your personal and special category data for the purposes identified in the headings above.

Consent is required for Invivo to process special category data such as health and genetic data, but it must be explicitly given. Where you are asked for your special category data, we will always tell you why, how the information will be used and obtain your explicit consent either directly or via your healthcare providers.

In some circumstances you have the right to withdraw consent at any time by advising us or by completing our Data Subject Consent Withdrawal Form.

Disclosure

Invivo will not pass on your personal data to third parties other than those listed in this notice, without obtaining your consent. The following list of third parties may receive your personal or special category data for processing purposes:

Organisation / safeguards in place to protect your personal data

Aerodiagostics Laboratory – Committed to Privacy Shield

BioTek – Committed to Privacy Shield

Mailchimp / Privacy Shield

Memset / UKGDPR

Wavenet / UKGDPR

OmegaQuant Laboratory – Committed to Privacy Shield

Invivo Healthcare (Invivo Clinical Ltd)/ UKGDPR

RealTime Labs – Committed to Privacy Shield

STL – UKGDPR

Third Wave – UKGDPR

ZRT Laboratory – Committed to Privacy Shield

Cookies

Note the use of Performance / Analytics Cookies for the purposes described below.

Cookies are small text files sent to your device when you visit a website which are then sent back to the website on each subsequent visit.

Cookies act as a memory for a website, allowing that website to remember your device when returning.

Cookies can also remember preferences and improve the user experience as well as tailor adverts to those most relevant to you.

We use session cookies (which exist only until you close your web browser) and persistent cookies (which exist for until their expiry date, or until removed by the user). Some cookies on our website are needed so you can move around the website and use it. These cookies don’t gather information about you that could be used for marketing or remember where you have been on the internet.

Some cookies on our website collect information about how visitors use the website, e.g. which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies visitors. The information these cookies collect is aggregated and therefore anonymous. It is used only to improve how our website works.

Our website uses Google Analytics cookies. Information collected by these cookies will be transferred to and stored by Google on servers in the USA in accordance with its privacy practices.

We may embed photos and videos from websites such as Vimeo and YouTube. Or feeds from organisations like Facebook and Twitter.

When you visit a page containing these services, you may be presented with cookies from these websites. You may see embedded ‘share’ buttons on some of our pages. These allow you to share content through social networks. When you click these buttons, a cookie may be set by the service you have chosen to share content through. These third-party cookies are not controlled by us. For further information about their use, please visit the relevant third-party website.

Please be aware: if you refuse or disable cookies, this website will not work as it should. Disabling a cookie or category of cookie does not delete the cookie from your browser, you will need to do this yourself from within your browser.

If you are using a recent version of Google Chrome, you can see the specific cookies that are being used by this site, and in fact any site, by clicking on the secure padlock to the left of the web address in the browser window, or if the site does not have a secure padlock, then the (i) information icon.

Learn more about cookies

To find out more about cookies in general either search in Google or visit aboutcookies.org or allaboutcookies.org.

A guide to behavioural advertising and online privacy has been produced by the internet advertising industry which can be found at www.youronlinechoices.eu. The guide contains an explanation of the Internet Advertising Bureau’s self-regulatory scheme to allow you greater control of the advertising you see.

Frequent questions
What is personal data?

Under the EU’s GDPR, personal data is defined as “any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person”

How do we use your information?

This privacy notice tells you how Invivo will collect, store and process your information. If you are concerned about any of the information in this policy, please contact our Data Protection Officer (DPO).

Why does Invivo need my personal/special category data?

Invivo needs the data in order to provide you with our services, including a professional account, order processing, controlling patient data for third parties (such as our Lab Partners), email marketing and cookies. In all events, Invivo is committed to ensuring that the information we collect and use is appropriate for its purposes.

Will Invivo share my data with anyone else?

Invivo may share your personal data with third-party service providers contracted to Invivo in the course of dealing with your data. Any third-parties that have your data, are obliged to keep your details secure and use them only to fulfil laboratory testing services. When the data is no longer required, they dispose of them in line with procedures set out by Invivo. Invivo will only pass your personal or special category data to these third-parties with your consent, or where we are legally required to do so.

How will Invivo use the personal data they collect?

Invivo will process the information provided by yourself, or your healthcare provider, in a matter which is compliant with the GDPR legislation. We endeavour to keep all information secure, accurate and up to date. Invivo is required to retain certain information in accordance with law and for auditing purposes (such as invoicing information).

Under what circumstances will Invivo contact me?

Invivo endeavour not to ask irrelevant or unnecessary questions or send you any information that you might not reasonably want, or expect to receive from us. Any information we do send, will be on the basis that you have given consent to be contacted.

What forms of ID are accepted for a Data Subject Access Request?

Invivo will accept the following ID when information regarding your personal data is requested:

Full, in date, Passport

In date driving licence PLUS any one of the following:

Bank statement dated within 3 months

Utility bill dated within 3 months

Document owner and approval

The Data Protection Officer is the owner of this document and is responsible for ensuring that this record is reviewed in line with the review requirements of the GDPR.

A current version of this document is available on request at any time, or on our website

We keep our privacy notice under regular review.

This notice was last updated during April 2021.

If, at any point, you would like to exercise any of your rights or wish to make a complaint about how we handle your data, please contact our Data Protection Officer (DPO) on the following details:

Email: dpo@invivoclinical.co.uk Tel: 0333 241 2997

FAO DPO,
Invivo Healthcare
The Coach House,
3 Lewiston Mill,
Toadsmoor Road,
Brimscombe,
Stroud,
Gloucestershire,
GL5 2TE

If at any time you are still unhappy with how we manage your personal data you have the right to complain to the Information Commissioner’s Office (ICO) at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Fax: 01625 524510

We keep our privacy notice under regular review. This notice was last updated on 21st April 2023.