Welcome to
HMR Pharmacy
GMP pharmacy services in London
Pharmacy services for clinical trials
Welcome to
HMR Pharmacy
GMP pharmacy services in London
Pharmacy services for clinical trials
Privacy
This statement explains how HMR protects the personal information of individuals whose COVID-19 tests are processed in the HMR laboratory. It applies to visitors to HMR and people offered COVID-19 tests by third parties, such as healthcare clinics and employers.
Information for volunteers is in the HMR privacy statement Privacy statement for volunteers.
Personal data
All personal data processing in the UK must conform to the UK General Data Protection Regulation (GDPR) and to the UK Data Protection Act 2018. The EU GDPR also applies to the UK as a third country.
The UK GDPR defines personal data as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
How we use your information
This privacy notice tells you how we, HMR (Hammersmith Medicines Research Ltd), will collect and use your personal data for COVID-19 testing. We’ll ensure that information is kept confidential in line with the GDPR. We’ll use your information to provide a COVID-19 testing service and to meet our legal obligation to report to the authorities: Public Health England (until 1 October 2021) or the UK Health Security Agency (UKHSA; from 1 October 2021).
Why does HMR need to collect and store personal data?
The information that you submit to HMR will be held by us for the purpose of doing COVID-19 tests, and providing the results to: you, either directly or via the third party who offered you the test; and the authorities (Public Health England until 1 October 2021; the UKHSA from 1 October 2021). We won’t use the data you provide for COVID-19 testing for any other purpose, including marketing. We’ll ensure that the information we collect and use is appropriate for this purpose, and doesn’t constitute an invasion of your privacy.
If you don’t provide the required personal details to HMR, we can’t process your COVID-19 test.
What information will HMR collect from me?
We’ll collect basic identifiers (including your name, sex, date of birth, ethnic origin and contact details). We’ll get the information from you (if you’re a visitor) or from the third party who offered you the test (for example, your clinic or your employer).
What is the lawful basis for processing my personal information?
If you’re a visitor to HMR, the legal basis for processing your information will be the legitimate interest of HMR, because HMR needs to take precautions to limit the spread of COVID-19, to protect all our staff and volunteers. HMR is the data controller, and you can contact our Data Protection Officer as described below.
If you have requested a COVID-19 test through a third party, the third party is the data controller and the legal basis is usually contract, consent or their legitimate interest – you can ask the third party for further information.
Will HMR share my personal data with anyone else?
HMR will store your information, including personal details and the results of your tests. HMR will keep that information confidential, but we must, by law, share your personal details and test result with Public Health England or the UKHSA. If you were offered a test via a third party, we’ll send your test result to the third party, and they will give it to you. We’ll never allow other parties access to your personal information for their own marketing purposes or for any purpose other than that described in the section ‘Why does HMR need to collect and store personal data?’. We’ll never sell your personally identifiable information.
How will HMR use the personal data it collects about me?
HMR will process (collect, store and use) the information you provide in line with the GDPR. We’ll do our best to keep your information accurate and up to date, and not keep it for longer than is necessary.
Automated decision making
We don’t use automated decision making when we process your personal information.
Cookies
Cookies are small files sent from websites (or through a service from another party such as Google via Google Analytics) and stored in your internet browser. They allow a website’s systems to recognise your internet browser and remember certain information. However, we cannot collect your personal information (name, date of birth, contact details etc) from cookies on our website. Also, you can reject receiving cookies from websites through the settings on your internet browser. If you’d like to reject cookies from Google Analytics, please refer to the link below. [Google Analytics Opt-out Browser Add-on]
Google Analytics
We use Google Analytics to analyse visits to our website and help us improve it. Google may set up cookies or read current cookies on your internet browser to collect data. We may use the information to track our website visitors and to improve their experience. Google use this information to evaluate your use of our website, and to prepare reports on website activity. Google will not link your computer’s IP address with any other data held by Google. Further information about Google’s privacy policy may be found at http://www.google.com/privacy.html.
Can I find out the personal data that HMR holds about me?
HMR, at your request, can confirm what information we hold about you and how it is processed. You can request the following information under the GDPR.
- The name and the contact details of the person or organisation that has decided how and why to process your data.
- Contact details of the Data Protection Officer of HMR.
- The purpose of the processing, and the legal basis for processing.
- If the processing is based on the legitimate interests of HMR or a third party, information about those interests.
- The categories of personal data collected, stored and processed.
- Details of who will see your data.
- Confirmation that we do not intend to send the personal data to a country outside the EU
- How long the data will be stored.
- Details of your rights to correct or erase your data or to restrict or object to the processing.
- How to make a complaint to the supervisory authority.
- Whether your providing your personal data is a statutory or contractual requirement, or is necessary to enter into a contract, whether you‘re obliged to provide the personal data, and the possible consequences of not providing such data.
- The source of personal data if it wasn’t collected directly from you.
- Confirmation that we do not use automated decision making, such as profiling.
Under the GDPR, you can ask us for a copy of your data and request corrections. You can object to our processing those records, or ask us to restrict our processing or erase the records. However, if we’ve processed your COVID-19 swab, you can’t object to our sharing your personal data and result with Public Health England or the UKHSA, because that is a legal requirement. At your request, HMR can correct your personal data (such as your postal address or phone number), but we can’t modify the result of the COVID-19 test.
What should I do if I want access to my information or I have any concerns or complaints?
Please write to the HMR Data Protection Officer, at the address given below or email privacy@hmrlondon.com. If you’re not happy with our response, or you think we’re using your information unlawfully, you can call the Information Commissioner’s Office (ICO) helpline (0303 123 1113) or use the website (www.ico.org.uk/).
What forms of ID will I need to provide to access my personal information held by HMR?
We must make sure that we don’t give your personal information to anyone else. So, if you want to access your personal information, you should provide two of the following forms of ID as evidence of your identity (at least one must have your photo and signature):
- Passport
- driving licence
- birth certificate
- credit or debit card
- utility bill (from last 3 months)
- bank statement (from last 3 months)
Contact details of the Data Protection Officer / GDPR Owner:
Data Protection Officer
Hammersmith Medicines Research
Cumberland Avenue
Park Royal
London NW10 7EW
How to contact our Data Protection Officer and EU GDPR representative
Contact details of HMR’s Data Protection Officer:
Data Protection Officer
Hammersmith Medicines Research
Cumberland Avenue
Park Royal
London NW10 7EW
Or
HMR Data Protection Officer
Silicon Marketing SAS
8 rue Roublot
94120 Fontenay-sous-Bois
France
Or
Contact details of HMR’s EU representative for GDPR:
Karine Renault
230 rue de la Laurendière
45470 Trainou
France