GC Biosciences GDPR and Data Protection Policy

1. Introduction

GC Biosciences is committed to protecting the privacy and security of our patients’ personal data. This policy outlines how we collect, use, store, and protect patient information in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable healthcare policies.

2. Data Controller and Contact Information

GC Biosciences acts as the data controller for the personal data collected from patients. If you have any questions about this policy or how we handle your data, please contact us:

Email: [Insert Contact Email]
Address: [Insert Business Address]
Phone: [Insert Contact Number]

3. What Data We Collect

We collect and process the following types of personal data:

  • Personal Identification Data: Full name, date of birth, gender, contact details (phone, email, address).
  • Health Data: Blood test results, medical history, genetic and biomarker analysis, and other relevant health information.
  • Billing and Transaction Data: Payment details for services rendered.
  • Technical Data: IP addresses, cookies, and device identifiers if you use our online services.

4. Purpose of Data Processing

We process patient data for the following purposes:

  • To provide blood testing and health assessment services.
  • To generate personalised health reports and recommendations.
  • To comply with legal and regulatory obligations.
  • To conduct internal research and analysis for service improvement and innovation.
  • To improve our AI-driven diagnostics and predictive health models.
  • To contact patients regarding their test results, appointments, or service updates.

5. Legal Basis for Processing Data

We process your personal data under the following legal bases:

  • Performance of a Contract: Data processing is necessary to provide the blood testing services you have requested.
  • Legal Obligation: We must comply with health regulations and data protection laws.
  • Legitimate Interest: We may use anonymised patient data for internal research to improve our health services and AI models.
  • Consent: For specific data uses (such as marketing communications), we will obtain explicit consent.

6. Data Sharing and Disclosure

We do not sell patient data. However, we may share personal data in the following circumstances:

  • With healthcare professionals or laboratories involved in processing blood tests.
  • With regulatory authorities if legally required.
  • With research partners, but only in an anonymised and aggregated form.
  • With IT service providers who help us securely store and process patient data.

7. Use of Data for Internal Research

GC Biosciences uses anonymised patient data for internal research to enhance our blood testing services, develop AI-driven diagnostics, and contribute to medical advancements. This research is essential for improving health insights and predictive capabilities while ensuring that no personally identifiable information is used beyond service delivery.

8. Data Security Measures

We implement strict security measures to protect patient data, including:

  • Encryption of stored and transmitted data.
  • Access controls to limit data exposure to authorised personnel only.
  • Regular security audits and compliance checks.
  • Secure data storage on UK-based servers compliant with GDPR regulations.

9. Data Retention Policy

We retain personal data only as long as necessary for the purposes outlined in this policy, in line with regulatory and legal requirements:

  • Health records are retained for at least 8 years following last contact, in accordance with UK healthcare guidelines.
  • Financial transaction data is retained for 6 years for tax and auditing purposes.
  • Anonymised research data may be retained indefinitely for scientific advancements.

10. Your Rights Under GDPR

Patients have the following rights under UK GDPR:

  • Right to Access: Request copies of your personal data.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of personal data (subject to legal requirements).
  • Right to Restrict Processing: Limit the use of your data under certain conditions.
  • Right to Data Portability: Obtain and reuse your data for personal use.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where consent is the legal basis, you can withdraw it at any time.

To exercise any of these rights, please contact us at [Insert Contact Email].

11. Complaints and Regulatory Authority

If you believe your data has been mishandled, you have the right to file a complaint with the UK Information Commissioner’s Office (ICO):

Website: www.ico.org.uk
Phone: 0303 123 1113

12. Updates to This Policy

We may update this GDPR policy periodically. Any significant changes will be communicated via our website or direct patient communications.

13. Acceptance of This Policy

By using our services, you acknowledge that you have read and understood this GDPR and Data Protection Policy.