Privacy Policy

1. Introduction

This privacy policy ("Privacy Policy") describes how Diagu Ltd ("Diagu") will gather, use and maintain your Personal Data on the GetLabTest Platform. It will also explain your legal rights with respect to that data.

Diagu gathers specific personally identifiable information about you, which includes data reasonably connectable to your identity (“Personal Data”). Personal information or data (“Personal Data”) is defined as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’ by the United Kingdom’s General Data Protection Regulation or “GDPR” (the original EU regulation can be found here EU Regulation 2016/679). We must meet many data protection and privacy law requirements. In simple terms, personal data is information that can be used to identify you. Personal information can be details such as name or gender, but it also applies to more abstract data, such as IP address and location data.

By using the GetLabTest Platform, you confirm that you have read and understand this Privacy Policy, and our Terms of Use (together referred to herein as the"Agreement"). The Agreement governs the use of the GetLabTest Platform. Diagu will collect, use, and maintain information consistent with the Agreement. We respect and are committed to protecting your personal data.

2. General terms

In this Privacy Policy:

• Diagu may be referred to as"we","our"or"us";

• Users of the GetLabTest Platform may be referred to as"User(s)","you","your"or"Client"and"Service Provider"(as appropriate);

• The community platform that we offer at our websites (includingwww.GetLabTest.com) is referred to as the"Site(s)";

• The mobile applications (whether on iOS or Android) are referred to as the"Apps";

• Diagu’s Sites, Apps and related services, information and communications are collectively referred to as the"GetLabTest Platform"; and

• "Terms of Use"refers to our terms of use of the GetLabTest Platform, which can be found here. This Privacy Policy is incorporated into, and considered a part of, the Terms of Use.

Data collection

A. Data that you provide to Diagu

Diagu collects certain personally identifiable information about you, including information that is reasonably capable of being associated with you ("Personal Data"). Examples of Personal Data that Diagu may collect include but are not limited to:

Contact Data. This may include your title, first and last name, address, mobile and/or home phone number, and email address.

Billing Data, including your payment instrument number (such as a credit or debit card number), expiration date and security code as necessary to process your payments. Payments are handled by a third party and payment transactions are integrated with them. If you are a Service Provider, this may include your bank account details (see Financial Data).Identity Data. If you are a Service Provider, we may collect Personal Data, such as your date of birth, address, passport number or medical registration number, together with the result of basic criminal record checks as provided by you, or by our Third-Party Agents (as defined below), as applicable and to the extent permitted by law, and to validate your identity. This information is used for identity verification purposes and to ensure our Clients are kept safe.

Medical Data: We may obtain Personal Data required for you be registered and take a medical test and to conduct our services. This may include, but is not limited to:

• Date of birth, sex, ethnicity, nationality;

• Medical data or information that directly relates to the blood, image, genetic or other biological sample test;

• Name of referral doctor, GP practice or laboratory;

• Health questionnaires or surveys;

• Pre-existing medical conditions, medications, symptoms and clinical information, including past medical results (if provided);

• Sample type;

• Test method (e.g. PCR, blood film, biochemistry or immunochemistry);

• Date and time of sample taken;

• Location of sample being taken;

• Genetic or genomic data (DNA or RNA genetic swabs);

• Test result (e.g. a value, positive or negative);

• Result date and time.

If you are taking any medications, or have any pre-existing medical conditions or problems, or concerns such as vulnerabilities, you can discuss this during a medical consultation to a healthcare professional or to a healthcare assistant at a testing location. The healthcare professional or assistant will only use the information you share to provide direct care and will always remain confidential. If the healthcare professional or assistant needs your medical consent to care for you, they will get this from you at the time. The healthcare professional or assistant may note this on your file and notify Diagu and the laboratory. A referring doctor, healthcare professional or laboratory may also pass this information onto us if necessary and this may be stored on your file.

Financial Data. To help Service Providers set up a payment account and help Clients make payments to Service Providers and pay fees to Diagu, we may collect financial information, including debit or credit card numbers, bank account details, tax information, taxpayer identification numbers and other payment information, as applicable. We use Financial Data to operate the GetLabTest Platform and to ensure that Service Providers are paid by Clients. We do this as necessary for our legitimate interests in providing our platform and services and to fulfil our contracts with Users. To keep your financial data secure, we have contracted with a third party to maintain and process your payment information.

Promotional Data. Certain offerings of the GetLabTest Platform, such as newsletters, surveys and the like, are optional and you are not required to enter them or to give us your data in connection with them. Where you do consent to take advantage of such offerings, we will use your data to (as applicable) send you newsletters and other communications that are tailored based on information we have about you, or to operate and manage the survey or similar offering in connection with our legitimate interest in promoting our business and the GetLabTest Platform. To opt out of receiving marketing communications from us, please see theYour rights and choices section below.

Content Data. You also may choose to send Personal Data to Diagu in an email or chat message containing enquiries about the GetLabTest Platform and we use this information in order to help us respond to your enquiry. We also collect content within any messages you exchange with other Users through the Service (such as through our chat functionality), and we will never use or share such information for marketing purposes.

We require that you furnish your Contact Data and Financial Data when you register an account with us in order to provide or receive services through the GetLabTest Platform. For example, if you are a Client, we collect your first and last name, email address and postcode in order to create and administer your GetLabTest account. We also collect additional information in order to facilitate your booking request, such as information about the assignment you are seeking, the time, date and location of the assignment, and Financial Data. If you are a Service Provider, we collect your first and last name, email address, mobile phone number and postcode in order to create and administer your GetLabTest account and facilitate communications between you and your Clients through the GetLabTest Platform. We also collect information about your Assignments, rates and skills, as well as Identity Data and Financial Data.

Third-Party Data. We may receive additional information about you, such as demographic data, Financial Data or fraud detection information, from Third-Party Agents (as defined below) and combine it with other information that we have about you, to the extent permitted by law, in order to comply with our legal obligations and for the legitimate interest in improving the GetLabTest Platform. Diagu may work with Third-Party Agents to perform identity checks, criminal background checks and right-to-work checks on Service Providers, if applicable and permitted by local law, in order to advance our legitimate interests in ensuring the safety of our Users and maintaining the integrity of the GetLabTest Platform.

B. Data that Diagu collects automatically

We automatically collect certain data when you use the GetLabTest Platform (also known as “Usage Data”). The categories of data that we automatically collect (and have collected, including in the last 12 months) are as follows:

Service Use Data, including data about features you use, pages you visit, emails and advertisements you view, portions of the GetLabTest Platform that you view and interact with, the time of day you browse and your referring and exiting pages.

Device Data, including data about the type of device or browser you use, your device’s operating system, your internet service provider, your device’s regional and language settings, and device identifiers such as IP address and Ad Id. When you visit and interact with the GetLabTest Platform, Diagu may collect certain information automatically through cookies or other technologies, including, but not limited to, the type of computer or mobile device you use, your mobile device’s unique device ID, the IP address of your computer or mobile device, your operating system, the type(s) of internet browser(s) you use, and information about the way you use the GetLabTest Platform. We may use Device Data to monitor the geographic regions from which Users navigate the GetLabTest Platform, and for security and fraud prevention purposes. Use of any IP-masking technologies or similar technologies (like the TOR network) may render portions of the GetLabTest Platform unavailable and are forbidden on the GetLabTest Platform.

Location Data, including imprecise location data (such as location derived from an IP address or data that indicates a city or postcode level) and, with your consent, precise location data (such as latitude/longitude data). When you visit the GetLabTest Platform via a native mobile application, we use, with your consent when required under applicable law, GPS technology (or other similar technology) to determine your current location in order to determine the city in which you are located and display a relevant location map. We will not share your current location obtained in this manner with other Users.

We also use various Tracking Technologies ("Tracking Technologies") to automatically collect information when you use the GetLabTest Platform, including the following:

Cookies. When you visit our Sites, your browser may automatically transmit information to the Sites throughout your visit. In a similar way, when you use our Apps, we will access and use mobile device IDs to recognise your device. We use "cookies" and equivalent technologies to collect information through our Sites and Apps. Cookies are small data files stored on your device that act as a unique tag to identify your browser.

Persistent cookies help with personalising your experience, remembering your preferences, and supporting security features. Additionally, persistent cookies allow us to bring you advertising both on and off the GetLabTest Platform. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings. We utilise persistent cookies that only Diagu can read and use, and access mobile device IDs to:

• save your login information for future logins to the GetLabTest Platform;

• assist in processing items during checkout;

• hold session information; and

• track user preferences.

Session cookies make it easier for you to navigate the GetLabTest Platform and expire when you close your browser. We utilise session ID cookies and similar technologies to:

• enable certain features of the GetLabTest Platform;

• better understand how you interact with the GetLabTest Platform;

• monitor usage by our Users and web traffic routing on the GetLabTest Platform;

• track the number of entries in any promotions offered by us; and

• identify visited areas of the GetLabTest Platform.

Unlike persistent cookies, session cookies are deleted from your computer when you log off from the GetLabTest Platform and then close your browser.

Exhibit A (at the end of this Privacy Policy) sets out the different categories of cookies that the GetLabTest Platform uses and why we use them.

We may work with third-party advertisers who may also place or read persistent cookies on your browser, and we may use Flash cookies (or local shared objects) to store your preferences or display content based upon what you view on the Sites to personalise your visit.

You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the Sites. If you do not accept cookies, however, you will not be able to use all portions or all functionalities of the GetLabTest Platform.

You may change your cookie settings for cookies on the Sites by accessing the settings option on your particular browser.

Pixels. We and our Third-Party Agents may also use "pixel tags," "web beacons," "clear GIFs," or similar means in connection with the GetLabTest Platform and HTML-formatted email messages to, among other things, track the actions of Users and email recipients, determine the success of marketing campaigns, and compile statistics about Site usage and response rates.

4. Diagu's use of data

We collect and use information for business and commercial purposes in accordance with the practice described in this Privacy Policy. Our business purposes for collecting and using information include:

• To operate and make available the GetLabTest Platform. We use your data to connect you with other Users to enable the posting of, selection for, completion of and payment for Assignments, in order to fulfil our contracts with Users;

• For billing and fraud prevention, on the basis of our legitimate interests in ensuring a safe and secure environment in which Clients and Service Providers can meet and conduct business, and in order to comply with our legal obligations;

• To conduct identification, criminal background and right-to-work checks, if applicable and to the extent permitted by local law, on Users, in order to advance our legitimate interests as well as for the substantial public interest of ensuring the safety of our Users both online and offline, preventing or detecting unlawful acts, protecting the public against dishonesty and maintaining the integrity of the GetLabTest Platform given that Service Providers often interact directly with Clients and may enter their homes or places of work;

• To analyse GetLabTest Platform usage as necessary for our legitimate interest in improving the GetLabTest Platform to grow our business and benefit Users;

• To contact you and deliver (via email, SMS, push notifications or otherwise) transactional information, administrative notices, marketing notifications, offers and communications relevant to your use of the GetLabTest Platform, with your consent when required under applicable law, as necessary for our legitimate interests in proper communication and engagement with our Users and in promoting our business;

• To provide you with customer support in order to fulfil our contracts with Users;

• For internal market research for our legitimate interest in improving the GetLabTest Platform to grow our business;

• For troubleshooting problems for our legitimate interests in ensuring a safe and secure environment in which Users can meet;

• To assist Users in the resolution of complaints and disputes between them, as necessary for our legitimate interests in facilitating good relations among Users;

• To enforce our Terms of Use and our legitimate interests in ensuring our Agreement is complied with; and

• As otherwise set forth in the Agreement.

Interest-based advertising. Ads are a standard part of user experience on the Internet, and Diagu believes that targeted advertising enhances this experience. Diagu and affiliated third parties may use cookies and other technologies to place ads where they believe interested Users will see them. In addition to banner ads, Diagu may advertise products, companies and events that we think might interest you through the email address you provide. We may incorporate Tracking Technologies into our own service (including the GetLabTest Platform) as well as into our ads displayed on other websites and services. Some of these Tracking Technologies may track your activities across time and services for the purposes of associating the different devices you use and delivering relevant ads and/or other content to you ("Interest-Based Advertising").

For more information and to understand your choices regarding third-party ads, please see Exhibit A (at the end of this Privacy Policy). Advertising and marketing is carried out as necessary for our legitimate interests in providing an engaging and relevant experience, promoting our services and growing our business.

Analytics and Market Analysis. Diagu may analyse information ("Market Analysis") as necessary for our legitimate interests in providing an engaging and relevant experience, and in promoting and growing the GetLabTest Platform.

Diagu uses information to offer services to Users who express an interest in these services, through a poll for example, or to Users who can be presumed to have an interest based on results from our Market Analysis. We do this as necessary for our legitimate interests in providing an engaging and relevant experience, promoting our services and growing our business.

Mobile phone numbers. Diagu may use your mobile phone number to call or send recurring text messages to you, using an auto-dialler or pre-recorded voice, in order to provide you with notifications about Assignments, for marketing purposes (with your consent where required by law) and to administer the GetLabTest Platform. If you would like more information about our policy, or how to opt out, please review the Your rights and choices section below or Section 9 of our Terms of Use. You may be liable for standard SMS and per-minute charges by your mobile carrier. Diagu may also message you via push notifications (with your consent when required under applicable law), which you can opt out of on your mobile device. Data rates may apply.

5. Data sharing

We only share the Personal Data we collect about you as described in this Privacy Policy or as described at the time of collection or sharing, including as follows:

Third-Party Agents. We may share your Personal Data (including Identity Data) with our agents, representatives, vendors, service providers and other entities that process information on our behalf for our business purposes ("Third-Party Agents"). Third-Party Agents assist us with services such as:

• Payment processing/financial transaction fulfilment and related chargeback and collection services;

• Invoice, receipt or support services;

• Data analytics;

• Marketing and advertising;

• Website hosting;

• Fraud prevention and detection (N.B. our fraud detection providers may also use Personal Data relating to you and your use of and activity on the GetLabTest Platform to provide fraud detection services to their other clients);

• Identity checks and criminal background checks (to the extent permitted by law);

• Communication services and email origination

• Technical support;

• Customer relationship management; and

• To otherwise help us provide the GetLabTest Platform.

We contractually prohibit our Third-Party Agents from retaining, using or disclosing information about you for any purposes other than performing the services for us, although we may permit them to use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by law.

Medical Obligations. To help us deliver our services and provide the test(s) administration, we may share Personal Data with our medical practitioners, referral laboratories or external organisations who may provide you with the results of your test and analyse data from a laboratory or referral laboratories. They will be under a duty of confidentiality and will handle your data securely. In some cases, we may use a laboratory or company outside the United Kingdom to process, analyse and/or interpret a sample.

Organisations we may share your Personal Data with include:

• Third party testing locations and facilities;

• Referral and partner laboratories or medical companies;

• Providers who host our websites or third-party platforms necessary for our business operation and customer service such as Salesforce, Freshdesk, Zendesk, Capsule, etc.;

• IT service providers, Laboratory Information Management System (LIMS) providers, data disposal service providers and data storage service providers.

We may share your Personal Data, medical history and test results with your medical professional, doctor or the NHS if they have requested or referred a test to us. We will not share your Personal Data, medical history and test results unless explicitly authorised by yourself or your authorised representative.

Public Health England (PHE). Certain diseases are classified as notifiable by the United Kingdom government. Therefore, our laboratories and providers have a legal obligation to report such results and associated patient data to PHE. Your data will be transferred to PHE using only the methods approved by the standard reporting protocols. Further details and information about notifiable diseases and reporting to Public Health England is availablehere. Further details on how Public Health England uses, discloses and processes all personal data we share with them can be found in its privacy notice here.

If we share your Personal Data these organisations or entities, we will have contracts with them to make sure they keep your data safe in line with Data Protection Law and this Privacy Policy.

• Partners. Some GetLabTest content may be "sponsored by" or "presented by" other companies. If you connect to the GetLabTest Platform through a co-branded version of our GetLabTest Platform or otherwise participate in one of our partner programs, we may share information about your use of the GetLabTest Platform with that Partner in order to offer the integrated platform and to evaluate the partner program. We may also share your information with our Partners in order to receive additional information about you, or in order to create offers that may be of interest to you. Please check such Partner’s privacy policy before revealing information about yourself. If you don't want these Partners to have your Personal Data, you can choose to not participate.

• Promotions.When you voluntarily enter a promotion, we share information as set out in the official rules that govern the promotion as well as for administrative purposes and as required by law. By entering a promotion, you agree to the official rules that govern that promotion, and may, except where prohibited by applicable law, allow the sponsor and/or other entities to use your name, voice, and/or likeness in advertising or marketing materials. We may occasionally contact you, if you want us to, with information about promotions. You always have the ability, in your account settings, to ask Diagu not to contact you with this type of information. Please see theYour rights and choicessection below for more information.

• Other Users. Diagu facilitates contact between Clients and Service Providers and reserves the right to share a Service Provider’s contact information (e.g. name, phone number, address or email) with a Client and vice versa, or with their legal or other representative, in order to facilitate (i) the resolution of a dispute related to or arising from an interaction between two or more Users of the GetLabTest Platform or (ii) the performance of an Assignment. This exchange of information is a mandatory part of the GetLabTest Platform.

• Legal obligations. Diagu and our Third-Party Agents may disclose information or User Generated Content, including Location Data or Content Data, to a third party if required or permitted to do so by law or pursuant to a court order, warrant or subpoena, or to comply with legal and public health authorities. Diagu reserves the right to disclose Personal Data from both private and public areas of the GetLabTest Platform in the absence of a court order, warrant or subpoena, to the extent permitted by applicable law, if we are given reason to believe, in our sole discretion, that someone is causing injury to or interfering with the rights of Users, the general public, or Diagu or its Partners, parents or affiliates. It is our policy to provide notice to Users before producing their information in response to law enforcement requests unless (i) we are prohibited or otherwise constrained by law or court order from doing so, (ii) we have reason to believe the User’s account has been compromised such that the notice would go to the wrong person, or notice would otherwise be counterproductive or would create a risk to safety, or (iii) it is an emergency request and prior notice would be impractical (in which case we may provide notice after the fact).

• Merger or acquisition. Diagu reserves the right to share information in connect with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.

• Public areas.Your profile on the GetLabTest Platform consists of information about you and your business, and may include information such as photographs, your years in business, skills and expertise, hourly pay rates, feedback/rating information and other information, including your username ("User Profile"). The information in your User Profile may be visible to all Users and the general public. If you choose to post an Assignment via the GetLabTest Platform, the contents of such listing will be viewable to Service Providers that you select on the GetLabTest Platform.

6. Your rights and choices

You may opt out of receiving promotional communications from us and our Partners, remove your information from our database, choose to not receive future promotional communications related to the GetLabTest Platform, or cancel your account by logging on to a Site or App and changing your account settings, or by contacting us at cs@getlabtest.com

• Account settings.During account registration you choose whether to receive marketing correspondence from Diagu and its affiliates and Partners. This information remains on your User Profile where you can, at any point, easily edit it by changing your account settings.

• Push notifications. You have the option to receive updates and relevant offers via push notifications in your App. These notifications can be configured in the settings of your mobile device.

• Corrections to User Profile.You have the right to access, update and correct inaccuracies in your User Profile at any time by changing your account settings. There, you can view, update and correct your account information. Our databases automatically update any information you edit in your User Profile by changing your account settings.
  
  So that we may protect the integrity of the GetLabTest Platform, there are certain pieces of information, such as your age, that you cannot alter yourself. For example, since minors are not permitted to register as Users, we need to take reasonable measures to preserve the accuracy of our Users' ages. You may contact us at cs@getlabtest.com if there is a need to make a correction to such data. Please see the Minors section below for more details.

• Promotional communications.You can opt out of receiving promotional communications from Diagu sent via email by clicking on the unsubscribe link in any message. You can opt out of receiving promotional communications from Diagu sent via text message at any time by following the instructions provided in those messages to text the word "STOP". Please note that your opt-out is limited to the phone number used and will not affect subsequent subscriptions. If you opt out of only certain communications, other subscription communications may continue. Even if you opt out of receiving promotional communications, Diagu may continue to send you non-promotional communications, such as those about your account, Assignments, transactions, servicing or Diagu’s ongoing business relationship with you. If you receive unsolicited email from a Diagu domain, please let us know at cs@getlabtest.com.

• Cookies.Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.

• Do not track.Your browser settings may allow you to automatically transmit a "Do Not Track" signal to online services you visit. Note, however, that there is no industry consensus as to what site and app operations should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to "Do Not Track" signals. For more information on"Do Not Track,"visit https://www.allaboutdnt.com.

• App and location technologies. You can stop all collection of information via an App by uninstalling the App. You can also reset your device Ad Id at any time through your device settings, which is designed to allow you to limit the use of information collected about you. If you do not want us to use your location anymore for the purposes set forth above, you should turn off the location services for the App located in your device’s account settings, your mobile phone settings and/or within the App.

7. Data retention policy

We retain Personal Data for as long as you are a User in order to meet our contractual obligations to you, and for such longer period as may be in our legitimate interests and to comply with our legal obligations or to establish, exercise or defend a legal claim. In most circumstances, this means we will not keep your data for more than 8 (eight) years after the end of your relationship with us. According to theNHS Records Management Code of Practicewe are required to hold all Covid-19 records until necessary, which is currently indefinitely. Please note that laboratory results and records will be kept indefinitely on our secured systems or kept until no longer required.

Subject to the below, in some cases biological samples may be stored by our laboratories after the initial analysis has been carried out to give you the opportunity to order further tests or to repeat the analysis at an additional cost (‘Storage Period’). Samples will be destroyed once the laboratory’s Storage Period has expired, which is typically four (4) weeks. We may also be requested by regulatory authorities (such as Public Health England) to store samples for longer or even send samples to referral laboratories for additional analysis.

We may also retain information from which you cannot directly be identified, for example where stored against a randomly-generated identifier so we know that the information relates to a single User, but we cannot tell who that User is. We use this kind of information for research purposes and to help us develop and improve our services, and we take appropriate measures to ensure you cannot be re-identified from this information.

8. Security of collected data

Your GetLabTest account is password-protected so that only you and authorised Diagu staff have access to your account information. In order to maintain this protection, do not give your password to anyone. Also, if you share a computer, you should sign out of your GetLabTest account and close the browser window before someone else logs on. This will help protect your information entered on public terminals from disclosure to third parties.

Diagu implements and maintains reasonable administrative, physical and technical security safeguards to help protect information about you from loss, theft, misuse, unauthorised access, disclosure, alteration and destruction. Diagu is dedicated to maintaining this Privacy Policy and other privacy initiatives, periodically reviewing security and making sure that every Diagu employee is aware of our security practices. Nevertheless, transmission via the Internet is not completely secure and we cannot guarantee the security of information about you.

9. Security of collected data

In order to provide and operate the GetLabTest Platform or otherwise to exercise our rights and obligations under this Agreement, we and our affiliates and Third-Party Agents may send data about you, including Personal Data, to countries outside the United Kingdom, and store such data on servers located and operated outside the United Kingdom (including in the European Union or the United States). If we or our affiliates or Third-Party Agents do send or store Personal Data outside the United Kingdom, Diagu undertakes to ensure an adequate level of protection thereof in accordance with applicable legislation.

10. Your rights

You have the following rights under certain circumstances:

• A right of access. You have the right to obtain confirmation as to whether Personal Data concerning you are processed or not and, if processed, to obtain access to such Personal Data and a copy thereof.

• A right to rectification. You have the right to obtain the rectification of any inaccurate Personal Data concerning you. You also have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

• A right to erasure. In some cases, you have the right to obtain the erasure of Personal Data concerning you. However, this is not an absolute right and Diagu may have legal or legitimate grounds for keeping such Personal Data (see Section 7).

• A right to restriction of processing. In some cases, you have the right to obtain restriction of processing of your Personal Data.

• A right to data portability. You have the right to receive the Personal Data concerning you which you have provided to Diagu, in a structured, commonly used and machine-readable format, and you have the right to transmit those Personal Data to another controller without hindrance from Diagu. This right only applies when the processing of your Personal Data is based on your consent or on a contract and such processing is carried out by automated means.

• A right to object to processing. You have the right to object at any time, on grounds relating to your particular situation, to processing of Personal Data concerning you when such processing is based on the legitimate interest of Diagu. Diagu may, however, invoke compelling legitimate grounds for continued processing. When your Personal Data are processed for direct marketing purposes, you have the right to object at any time to the processing of such Personal Data. You can change your marketing preferences at any time as described in the Your rights and choices section above.

• A right to lodge a complaint with the supervisory authority. If your request or concern is not satisfactorily resolved by us, you may approach the Data Commissioner. The Data Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your Personal Data, as well as deal with any complaints that you have about our processing of your Personal Data.

More detailed information on your rights and privacy laws can be found at the ICO website. If you have an issue or complaint, you can contact us or lodge a complaint with the ICO.

If you make a request, where required, we will confirm your identity and ask you for more information to help us with your request.

We will keep a copy of your request. Further, we may charge a reasonable fee or refuse to act on your request if such a request is excessive, repetitive or manifestly unfounded.

We have 1 (one) month from receiving your request (provided we have verified your identity and have enough information to locate your data) to respond.

You can exercise your rights by contacting the Data Protection Officer at cs@getlabtest.com.

11. Minors

This service is intended for a general audience and is not directed at persons under 18 years of age. We do not knowingly gather personal data of persons under 18 years of age. If you are a parent or guardian and you believe that we have collected information from your child in a manner not permitted by law, please let us know by contacting us at cs@getlabtest.com. We will remove the data.

12. Notification of changes

This Privacy Policy is periodically reviewed and enhanced as necessary, and may change as Diagu updates and expands the GetLabTest Platform. Diagu will endeavour to notify you of any material changes by email or via the GetLabTest Platform. Diagu also encourages you to review this Privacy Policy periodically.

13. Contacting us or making a complaint

If you have any questions about this Privacy Policy or the manner in which we or our Third-Party Agents treat your Personal Data, the practices of the Site, your dealings with the GetLabTest Platform, or if you have technical problems, you may contact the Data Protection Officer at cs@getlabtest.com. Once we have received your request we will respond as soon as possible, and certainly within the regulatory time limit (one month).

Diagu's staff will respond to all mail or email from Users with questions about privacy, including the types of Personal Data stored on the Diagu database, and requests to delete or rectify such Personal Data.