Privacy policy

Last updated: July 21, 2025

The National Blood Test Clinic operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). The National Blood Test Clinic is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.

1. Personal Information We Collect or Process

When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified, so that it cannot identify or be reasonably linked to you.

We may collect or process the following categories of personal information, including inferences drawn from this personal information, depending on how you interact with the Services, where you live, and as permitted or required by applicable law:

Contact details including your name, address, billing address, shipping address, phone number, and email address.

Financial information including credit card, debit card, and financial account numbers, payment card information, transaction details, and payment confirmations.

Account information including your username, password, security questions, preferences and settings.

Transaction information including the items you view, purchase, return, exchange, or cancel.

Communications with us, including any information you share when contacting customer support.

Device information including details about your device, browser, IP address, and network connection.

Usage information regarding how and when you interact with the Services.

Health Data We Collect (Special Category Data)

When you use our Services to purchase or arrange blood testing, we may collect health-related personal information, which may include:

  • Test results
  • Symptoms or health concerns (where submitted)
  • Medical history (if provided)
  • Any health data submitted in connection with your order

This data is considered special category data under the UK General Data Protection Regulation (UK GDPR). We only collect and process this information where strictly necessary and with your explicit consent.

2. Personal Information Sources

We collect personal information from the following sources:

  • Directly from you, when you create an account, place an order, submit medical forms, or communicate with us.
  • Automatically, through cookies and tracking tools when you interact with our Services.
  • From our service providers, such as Shopify, payment processors, and labs.
  • From third-party partners, such as laboratories or marketing platforms.

3. How We Use Your Personal Information

Depending on how you interact with us, we may use your personal information for the following purposes:

  • Provide, Tailor, and Improve the Services
  • To process orders, provide lab testing, deliver results, and personalize your experience.
    This includes remembering your preferences and tailoring content or offers.
  • Processing and Delivering Health-Related Tests
  • We use your health information to:
  • Arrange blood sample analysis with third-party accredited laboratories
  • Deliver your test results securely
  • Where applicable, provide clinical oversight of results by a registered UK doctor
  • Legal Basis for Processing Health Data
  • We process your personal and health data under the following lawful bases:
  • Performance of a contract: to deliver the Services
  • Legal obligation: to comply with diagnostic and consumer health regulations
  • Explicit consent: required for special category data such as health information (per Article 9 of the UK GDPR)

Marketing and Advertising

We may send you promotional messages via email or display personalised ads, subject to your consent and preferences.

  • Security and Fraud Prevention
  • To verify identity, secure your account, detect fraud, and protect our Services.
  • Communicating with You
  • For customer service, order updates, and responding to your questions.
  • Legal Compliance
  • To comply with applicable laws, defend legal claims, and enforce our Terms and Conditions.

4. How We Disclose Personal Information

We may disclose your personal data in the following circumstances:

  • With Shopify, which powers our platform and helps manage secure transactions and analytics.
  • With third-party laboratories, for diagnostic analysis of your biological samples.
  • These laboratories act as data processors, operating under contractual obligations and complying with UK GDPR and, where applicable, UKAS accreditation (ISO 15189). We only partner with trusted and compliant laboratories.
  • With registered doctors or clinicians, where clinical review of your test results is part of the service.
  • With service providers, including IT support, payment processors, couriers, and data security vendors.
  • With advertising and marketing partners, for audience targeting (subject to consent).
  • With regulators or legal authorities, when required by law.
  • In connection with a business transfer, such as a merger or acquisition.

5. Relationship with Shopify

Our Services are hosted and supported by Shopify. Shopify may collect personal information about your use of the Services, both for operational reasons and for its own analytics. Shopify may also use personal data gathered across multiple merchants to improve its platform.

To understand how Shopify processes your data, including your rights, please review the Shopify Consumer Privacy Policy and Privacy Portal.

6. Third-Party Websites and Links

We may link to third-party websites or platforms. We are not responsible for their privacy practices. We encourage you to review their terms and privacy policies before submitting personal data.

7. Children’s Data

Our Services are not intended for individuals under the age of 18. We do not knowingly collect or process personal data from children. If you believe a child has submitted personal data to us, please contact us to have it removed.

8. Security and Retention of Your Information

We use reasonable technical and organizational safeguards, including secure servers and encrypted communications. However, no system is 100% secure.

We retain your data only as long as necessary to:

  • Fulfil the purposes outlined in this policy
  • Comply with legal or regulatory requirements (e.g., retaining medical data for 7 years)

9. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Right to Access: Request a copy of your personal data.
  • Right to Deletion: Request that we delete your data.
  • Right to Correction: Update inaccurate or incomplete data.
  • Right to Portability: Obtain your data in a structured, machine-readable format.
  • Right to Object or Restrict: Request we stop or limit certain types of processing.
  • Right to Withdraw Consent: Where we rely on consent, you may withdraw it at any time.

To exercise these rights, email us at: Cristina.Sabau@thenationalheartclinic.co.uk

We may require verification of identity before fulfilling certain requests.

10. Cookie Use and Preferences

We use cookies and similar technologies to:

  • Enable essential website features
  • Analyse traffic and performance
  • Personalise your experience

You can manage cookie preferences via your browser settings or through our website banner. Learn more in our Cookie Policy (optional link if created).

11. International Transfers

We may transfer your data outside the UK or EEA. When we do so, we use safeguards like:

  • Standard Contractual Clauses
  • UK International Data Transfer Agreements
  • Transfers only to countries deemed “adequate” by the UK or EU authorities

12. Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated “Last Updated” date.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your data:

Data Controller:
The National Blood Test Clinic
74 Elm Park Gardens
London, SW10 9PD, UK
Email: Cristina.Sabau@thenationalheartclinic.co.uk

If you believe your rights under data protection law have been violated, you may lodge a complaint with the UK Information Commissioner’s Office (ICO): https://ico.org.uk