Selph.co.uk is owned and operated by Selph Limited. Selph Limited ("Selph", "we", "us", "our") is committed to protecting the privacy of the users of our products and services and visitors of our website (together our “Services”). This Privacy Policy states our policy and practices regarding the collection and use of information via our Services.

We want to provide a safe and secure user experience. We will ensure that the information you submit to us, or which we collect, via various channels (including our website or through correspondence (including e-mail, telephone, and other messaging services), is only used for the purposes set out in this Privacy Policy.

Through this Privacy Policy we aim to inform you about the types of personal data we collect, the purposes for which we use the data and the ways in which the data is handled. We also aim to satisfy the obligation of transparency under applicable data protection legislation, including the UK GDPR and EU GDPR (together “GDPR”).

For the purpose of this Privacy Policy the controller of personal data is Selph Limited and our contact details are set out in the Contact section at the end of this Privacy Policy.

In general, you can visit the Selph website without identifying yourself or revealing any personal information.

However, you may choose to provide us with personally identifiable information. In some cases, this is required in order to purchase products or services from us, or to register for an account with us. Personally identifiable information is information that can be used to identify you, such as your name, email address, telephone number, or similar information.

Within the Selph website, you can make requests for information, create and manage an online account and order products and services. The types of personal information collected on these pages includes some or all of the following:

• Contact details: name, surname, email address, telephone number and address
• Demographics: date of birth, sex and ethnicity
• Symptoms: answers to routine clinical questions about physical and mental health symptoms
• Medical and lifestyle history: medical history, drug history, family history and lifestyle information including diet, exercise, smoking, occupation etc.
• Responses to questionnaires about our products and services
• Payment information

We collect this information to allow us to provide you with a high-quality, personalised service. Certain information, such as contact details and demographics are essential for some products and services. Other information, such as symptoms and medical and lifestyle history, are important for us to provide beneficial lifestyle advice. Any information you choose to provide is optional but helps us to provide you with more personalised health insights. For the most part, this information would be entered by you, but in some cases, could be collected from devices (e.g. apps) or wearables that you may choose to pair with us.

• Technical information: IP address, domain names, country you’re visiting from, your web browser type and version, time-zone setting, browser plug-in types and versions, operating system and platform.
• Visit information: information about the pages you visit on our website, how long you spend on each page, how you interact with page content (e.g. clicks, scrolls and mouse-overs) and any products or services you request.

This information is collected anonymously and helps us to optimise our website performance to meet your needs.

• Test results: generated by our laboratory partner when you submit samples for testing. Results will be held both by us and our partner laboratory (currently The Doctors Laboratory and Salient Bio Lab). Only tests you have requested will be performed and your samples will not be used for anything else.

You can be assured that information you provide voluntarily will only be used in connection with your business relationship with Selph. We will hold, use and disclose your personally identifiable information for our legitimate business purposes including:

• to provide our products and/or services to you;
• to maintain our business relationship, where you are a visitor of our website or a user;
• to deal with your enquiries and complaints;
• to administer our website;
• to keep our website and systems secure and prevent fraud;
• where relevant, to meet legal, regulatory or compliance needs;
• to better understand your needs; and,
• to provide a better service including through conducting market research.

When you sign up to our newsletter, we may use your information to contact you, to provide you with marketing information we think would be of particular interest. At a minimum, we will always give you the choice to opt-out of receiving such direct marketing.

We will not use or share the personally identifiable information provided to us online in ways unrelated to the uses described in this statement. More information about how we may share your information can be found at section 5.

Under GDPR, the main grounds that we rely upon in order to process personal information of users and visitors of our websites are the following:

• Necessary for entering into, or performing, a contract – in order to perform obligations that we undertake in providing products or services to you, or in order to take steps at your request to enter into a contract with us, it will be necessary for us to process your personal data;
• Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your personal data. We may also be obliged by law to disclose your personal data to a regulatory body or law enforcement agency;
• Necessary for the purposes of legitimate interests – either we, or a third party, will need to process your personal data for the purposes of our (or a third party's) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected. Our legitimate interests include responding to requests and enquiries from you or a third party, optimising our website and user experience, informing you about and providing you with our products and services and ensuring that our operations are conducted in an appropriate and efficient manner;
• Consent – in some circumstances, we may ask for your consent to process your personal data in a particular way.

When we collect special category data, e.g. any data to do with your state of health, vaccination status, ethnicity or test result data, we rely on the following to process this type of personal information about you:

• (a) Health and social care: the processing of personal information is necessary for the purposes of health and social care and the processing is overseen by an appropriate health professional;
• (b) Public Interest: the processing of personal information is necessary for reasons of public interest in the area of public health and the processing is overseen by an appropriate health professional;
• (c) Consent: in some circumstances, we may ask for your consent to process your special category data in a particular way, e.g. where your employer requires you to carry out a test.

We may share your personal information with other parties to allow us to provide our services to you. For example, we use third parties to deliver health consultations and coaching services, host our website, manage our databases, process payments and perform our laboratory analyses.

Routine data sharing for administrative purposes:

Details of third parties with which we routinely share information for the purpose of delivering our products and services are set out below:

• Web services: Netlify, Amazon Web Services, Mailchimp, Twilio, Trustpilot
• Website analytics and search engine providers: Google Analytics
• Laboratory partners: The Doctors Laboratory, Salient Bio Lab
• Payment processing: Stripe, PayPal
• Courier and delivery: DPD, Royal Mail

Wherever possible, personal information that we share with these third parties will be in an anonymised and aggregated format from which individuals cannot be identified.

We will share data with independent healthcare practitioners or health coaches in order that we can provide you with health coaching services. We ensure that these third parties undertake and pass the applicable legally required screening procedures and / or are suitably qualified to deliver coaching services to you.

We may provide our test kits to a business or other legal entity for them to give to their staff for the purpose of medical testing. In these cases, we may offer individual employees using our test kits the option to consent to sharing their personal information – including test results and other medical data generated by us – with their employer. This will only be on an opt-in basis. The specific data being shared, whom the data is being shared with and the purpose of data sharing will be stated at the time of seeking consent from an individual. Although we make every reasonable effort to ensure that the information governance practices of business with whom we share data with are as rigorous as our own, we cannot be held responsible for the breach or misuse of data once it is under the control of a third party.

On occasion, we may display statistics based on aggregated, anonymised data on our websites for the purpose of research and marketing. Individuals will not be identifiable from this data.

Rarely, we may share your personal information with other parties in the following exceptional circumstances:

• We may share anonymised and aggregated data, which includes laboratory analyses and personal information, with third parties such as research companies or other healthcare companies. Individuals would not be identifiable from this information.
• We may disclose your personal information if required to do so by applicable law, regulation or as part of a legal process. This includes informing Public Health England of positive results for notifiable infectious diseases; a list of which can be found on the gov.uk website. If we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies
• If we or our business merges with or is acquired by another business or company in the future, we will share your personal information with the new owners of the business or company and their advisors. If this happens, we will notify users and visitors of our website of such event.

In line with UK Department of Health advice, we will keep health-related information (e.g. test results and medical records) for at least 8 years. We will retain other personal information for as long as you continue to use our services. You can always request that we stop processing or delete your personal information.

You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.

You have the right at any time to ask us for a copy of the personal information about you that we hold. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.

If personal information we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed. You can let us know by contacting us.

In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.

In certain circumstances, you have the right to object to our processing of your personal information by contacting us. For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your personal information for direct marketing purposes.

You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.

In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that information to you or directly to a third party organisation.

The above right exists only in respect of personal information that:

• you have provided to us previously; and
• is processed by us using automated means.

While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation's systems. We are also unable to comply with requests that relate to personal information of others without their consent.

You can exercise any of the above rights by contacting us. Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.

To the extent that we are processing your personal information based on your consent, you have the right to withdraw your consent at any time.

"Cookies" are small text files placed on your device (e.g. computer, phone or tablet) when viewing certain pages on our website. For information on how we use cookies please see our separate Cookie Policy.

If you are unhappy about our use of your personal information, you can contact us. You are also entitled to lodge a complaint with the UK Information Commissioner's Office using any of the below contact methods:

Telephone: 0303 123 11113

Website: https://ico.org.uk/concerns/

Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We have put in place measures to ensure the security of the information we collect and store about you and will use our reasonable endeavours to protect your personal data from unauthorised disclosure and/or access including through the use of network and database security measures. Despite our best efforts, there is always some risk in storing and transferring information over electronic media and we cannot guarantee the absolute security of any data which is collected and stored. However, were such a data breach to occur, we do guarantee to act swiftly in an effort to minimise its effects.

In recognition of the value of your personal financial information, we do not store any payment card details – most payments are processed by Stripe or PayPal and bespoke orders of multiple Products involving invoicing will be processed via a bank transfer. We do not store users’ payment card details.

Please note that clicking on links and banner advertisements on our websites can result in your browser accessing a third party website, where data privacy practices are different to that of Selph.

We are not responsible for, and have no control over, information that is submitted or collected by these third parties and you should consult their privacy policies.

Some of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
• Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

Our Privacy Policy is subject to change from time to time and, if we update it, we will post these changes on this page so that you will be aware of how we use your information.

If you have any enquires or if you would like to contact us about our processing of your personal information, including to exercise your rights as outlined above, please contact us directly. When you contact us, we will ask you to verify your identity.

Our registered office is at: Selph Ltd, 124 City Road, London, EC1V 2NX.