Privacy Policy

Your privacy is important to Bluecrest Health Screening (“Bluecrest”, “we”, “us”, “our”). We have developed the Privacy Policy below so you can understand how we collect, use, disclose, transfer and store your information. Please read this privacy policy carefully to ensure you understand how we handle your personal information. By accessing and browsing www.bluecrestwellness.com or using our services you are confirming that you have read, understood and agree to the terms set-out in our Privacy Policy. You may contact us at dataenquiries@bluecresthealth.com with any questions.

What information we collect

We will collect the following types information directly through and for the provision of our service or via use of our website:

  • Identity Data includes information such as: first name, last name, title, date of birth, personal description, gender
  • Contact Data includes information such as: email address, billing address, delivery address, location, country, telephone number
  • Transaction Data includes information such as: details of your purchases and the fulfilment of your orders (such as order number, subtotal, title, currency, discounts, number of items, product number, single item price, category; payments to and from you and details of other products and services you have obtained from us, correspondence or communications with you in respect of your orders.
    • This information is required to find a suitable clinic for your appointment, a suitable health assessment package and to notify you of your order status. We ask for your telephone number and mobile number so that we can contact you if we need to speak to you about your appointment or any subsequent outcomes arising from your appointment. The types of information we receive as part of providing our services also include the following special categories:

      • Your physical and mental health
      • Your biometric data (physiological information such as height and weight)
    • Some of this information may come from our medical business partners such as the laboratories (blood samples), cardiologists (ECG readings) or doctors. This information will have been provided to us solely for the purposes of fulfilling our service to you e.g. providing you with your results. You must provide your consent in order to process these special categories of information. By signing up for our services you are providing consent for us to process these special categories of information and accepting these privacy terms and conditions. You may withdraw your consent by contacting dataenquiries@bluecresthealth.com Please note by withdrawing your consent to us processing special categories of data we will no longer be able to provide our services to you. This will also not affect the lawfulness of any special category information processing undertaken prior to the time before consent was withdrawn.

    • If your appointment involves our extended medical business partners (for example referrals nutritionists or cognitive behavioural therapists) you will be asked to provide consent to share your personal information with these third parties at the time of referral.

  • Technical Data includes information such as: details of the device(s) you use to access our services, your internet protocol (IP) address, login data, your username and password, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
  • Usage Data includes information such as: how and when you use our website, how you moved around it, what you searched for; website performance statistics, traffic, location, weblogs and other communication data
  • Marketing and Communications Data includes information such as: your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

Information we obtain indirectly

Bluecrest works with third-party data suppliers who provide us with name and address information in order for us to send marketing letters for promotional purposes. Bluecrest rely upon its legitimate interests as our lawful basis for processing your data. Specifically, for our legitimate interests to market our services effectively, develop new services, keep records updated and inform general marketing strategy. We only process information about you where it has been permissioned fairly and the level of processing does not override your rights. We have carried out a Legitimate Interest Impact Assessment to carefully consider this. The data mailing file is file is shared with our printer solely for the purposes of sending an invitation letter to you. Within 30 days of receipt of the mailing file, and the completion of the direct mail print job, the file is deleted. It is not used for any other purpose, sold to, or shared with any additional third party. We do not rely on consent for processing personal data to send prospecting letters.

Our current contracted third-party suppliers of name and address data are:

  • Epsilon Abacus
  • CACI Limited

Epsilon Abacus (registered as Epsilon International UK Ltd), manage the Abacus Alliance on behalf of UK retailers and charities. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, home interiors and travel categories. These retailers and charities share information about their customers and supporters and what they buy or donate. Epsilon Abacus processes this information as a processor on behalf of these companies to help them understand individuals’ behaviour and preferences. Epsilon combines information provided by participating retailers and charities with third party data. From this combined information, these companies can tailor their communications, sending individuals suitable offers and appeals that should be of interest to them. You can learn more about how Epsilon Abacus processes your personal information in their Privacy Policy, which is available here.

CACI Limited provide marketing and analytical services to consumer brands to help them effectively market their products and services. CACI’s main data set is called Ocean, which uses names and addresses of consumers living in the UK based on the edited Electoral Register. CACI also obtain names and addresses from partners who collect data directly from consumers for marketing purposes. In these instances, CACI is named as a partner with whom the data is shared. CACI does not collect personal data directly from consumers for marketing or any other purpose. You can learn more about how CACI obtain and process your personal information on their Consumer Information page, which is available here. If you would like to be removed from the CACI data set, you can email compliance@caci.co.uk

To ensure the data is as accurate as possible, data is cleaned against Royal Mail Postal Address File and matched against registers of individuals who have moved house, died, registered with the Mailing Preference Service or been added to our internal suppression file. Data suppliers also provide regular (monthly) updates, refreshes and suppressions of their data in order to comply with GDPR. We only keep your personal details for as long as is necessary or as long as you wish. GDPR does not place a limit on the amount of time we should hold your personal details which are also subject to amendment or removal in line with how our data suppliers maintain their supplies into the pool.

Our current contracted third-party supplier of address data only is:

Royal Mail MarketReach

MarketReach are part of the Royal Mail Group. They publish research and market insights, and give best-practice advice to brands. They supply Bluecrest with addresses of prospective customers who live in the areas we are holding our health check events. If you have received a letter invitation from Bluecrest which did not have your name on the envelope, your address would have been supplied to us by MarketReach. MarketReach do not provide any information to Bluecrest other than your address, which is why your mailing is unpersonalised.

You can opt-out from receiving prospecting letters anytime by emailing us at dataenquiries@bluecresthealth.com or calling 0800 652 2183.

Use of Cookies

We use cookies to collect information from visitors to our website to help us improve the website and services that we make available.

These cookies may be used for testing different designs and ensuring a consistent look and feel is maintained for users of our website, track and provide trend analysis on how our users interact with our website. The data collected is aggregated to provide trends and usage patterns for business analysis, site/platform improvement and performance metrics. The type of information we collect includes how many visitors visit our website, when they visited, for how long and which areas of our website were viewed. Your use of our website indicates your consent to the use of these web analytics cookies.

The following cookies types are collected:

Managing cookies

You can opt-out of each cookie category (except strictly necessary cookies) by clicking on the “cookie settings” button below:

Use of data

In providing you with our products and services, we may disclose personal information to third parties, including disclosure to other persons or organisations engaged by us or acting on our behalf in relation to the provision of our services or the operation of our business. For example, in the print and production of your health results report. When engaging a third party, we require they handle your personal information in accordance with all relevant privacy laws, and solely for the purposes of their engagement.

We will only collect personal data from you directly where:

  • we have your consent to do so, or
  • we need your personal data to perform a contract with you. For example, to process a payment from you, fulfil your order or provide customer support connected with an order, or
  • we have a legal obligation to collect or disclose personal data from you.

We work with Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to understand consumer’s wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy. At the time of booking your appointment, you will be asked for your consent to information sharing with Epsilon Abacus. You may opt-out then or at any other time and doing so will not affect the provision of our services to you.

Transfer of information

Personal information is not transferred or stored outside of the EEA. Personal information may be accessed by third party suppliers operating outside of the EEA. We will always take the appropriate steps to ensure all reasonable precautions are taken to ensure your personal data is treated securely. Data is AES256 encrypted.

Your rights

Under GDPR the following rights apply:

  • Right to be informed Our third party data suppliers have to tell you what they are going to do with it at the point of obtaining permission. This is done primarily through their privacy policies.

  • Right of access You have the right to request details of the personal information we hold on you in both the data pool and customer database.

  • Right to rectification You have the right to request changes to be made to the data we hold about you.

  • Right to erasure You have the right to request that your data is erased if there is no legitimate reason for continued processing. Please note, however, we will keep a record of your name and address on our internal suppression file to ensure that we do not contact you through the data pool again. Without this suppression file there is a chance we may be resupplied your data and contact you again because we would not have a record showing that you asked not to be contacted by us again.

  • Right to restriction of processing You have the right to tell us to stop processing your data but to allow us to maintain the minimum amount of information about you to ensure your contact preferences are respected.

  • Right to data portability You have the right to ask for your information to be transferred to another entity.

  • Right to object You have the right to object to the processing of your data for marketing purposes.

  • Rights related to automated individual decision-making, including profiling We do not undertake any automated decision-making processing.

  • Right to withdraw consent at any time where relevant You can withdraw your consent to processing of information at any time. You can withdraw consent by writing to us:

Complaint and Compliance Officer, Bluecrest Health Screening Ltd. Registered address: Bluecrest Centre of Excellence, First Floor, Ridgeworth House, 5/9 Liverpool Gardens, Worthing BN11 1RY.

Email dataenquiries@bluecresthealth.com

Right to lodge a complaint with a supervisory authority

You have the right to complain to the ICO if you feel we have not dealt with any of your privacy concerns satisfactorily. We ask that you contact dataenquiries@bluecresthealth.com with your initial enquiry in the first instance however.

We will consider all requests and provide a response within the time period stated by applicable UK law.

When booking your appointment we will ask you for explicit consent to receive first party communications via email, SMS/Text, Phone and Post. You can exercise your right to prevent receiving marketing information through these channels by checking the consent boxes. You can also update your preferences at any time by contacting us on dataenquiries@bluecresthealth.com

Notification of Changes

We reserve the right to change this policy from time to time and your continued use of the site and our services will signify your acceptance of any adjustment to these terms. If there are any changes in how we use our site customers’ Personally Identifiable Information, notification by e-mail or postal mail will be made to those affected by this change. You are therefore advised to re-read this statement on a regular basis.