What is personal data and what is personal data processing?

Personal data is any kind of information that can be directly or indirectly attributed to a living physical person. For example, images and sound recordings that are processed on a computer can be personal data even if no names are mentioned. Encrypted data and various types of electronic identities (e.g., IP addresses) are personal data if they can be linked to natural persons. Processing of personal data includes everything that happens with personal data. Every measure taken with personal data constitutes processing, regardless of whether it is performed automatically or not. Examples of common processing activities are collection, registration, organization, structuring, storage, processing, transfer, and deletion.

Who is responsible for the personal data we collect?

GetTested is responsible for the personal data processed by the company.

By approving the policy on our website in connection with a purchase or submission of information, you agree to the processing of your personal data as described below.

How we process your personal data

We process the personal data that you provide when ordering, registering for tests, and via cookies approved by you. The personal data we process includes your name, gender, age, email address, purchase history, payment and order history, payment method, delivery address, IP address, and telephone number.

How is your personal data protected?

We follow all applicable directives and laws to protect your information. To keep the personal data we process secure, we have implemented several security measures: We have security routines and technical and organizational measures to protect your personal data, such as SSL (Secure Socket Layer) certification technology for browsers. Additionally, we have advanced firewalls and antivirus software to protect and prevent unauthorized access to our servers and networks. Access to the spaces where personal data is stored is strictly protected by our data service provider in Germany.

GetTested uses SSL (Secure Socket Layer), a secure protocol for data transfer over the Internet (or other networks). You, as a customer, need to ensure that SSL is not turned off in the browser settings. We use one-way encryption, all for your safety.

How long is the personal data stored?

When you agree to become a customer (make a purchase) at GetTested via one of our websites, your information is saved until you actively request to be removed from our customer register. You can unsubscribe as a customer at any time. Note that your data is never stored longer than permitted under current personal data legislation. We follow all directives.

Can I change the information you save?

You always have the right, according to current personal data legislation, to once a calendar year receive an extract of the personal data we have registered about you and how it has been used, regardless of how this data has been collected. If you want to receive this information, you must submit a written request to us. According to current personal data legislation, the request must be sent and signed by you by post to the address stated on one of our websites. You send the request by registered letter where your sender information is clearly stated and that you want an extract. It cannot be sent by email. Our ambition is always to ensure that your personal information is correct and up to date. If any of the information you provide to us changes, e.g., if you change your email address, name, or payment details – please inform us of the correct information by sending an email to our customer service at hello@gettested.io. You have the right to request that your personal data be corrected, blocked, or deleted at any time.

It is important to note that personal data is not processed for purposes of direct marketing if you object to such processing. You always have the right to revoke a given consent to the processing of personal data at any time, and we respect your privacy.

Links

Links that point to other websites may appear on our website. We take no responsibility for the content of these websites.

Our policy for personal data management – GDPR

Introduction and purpose

The purpose of our policy is to ensure that GetTested handles personal data in accordance with the EU’s latest Data Protection Regulation (GDPR). The policy covers all processing where personal data is handled and includes structured and unstructured data. This policy is implemented for all our employees.

Application and revision

The Board is responsible for ensuring that the processing of personal data complies with this policy. The policy must be established by the board at least once a year and updated as necessary. The CEO is responsible for directing the process regarding the annual update of the policy as a result of new and changed regulations. This policy applies to the company’s CEO, employees, and contractors who are affected by GetTested’s operations.

Organization and responsibility

The CEO has the overall responsibility for the content of this policy and that it is implemented and complied with by the business. The CEO may delegate responsibility and implementation to a suitable person at the company. All employees are responsible for acting in accordance with this policy and what it ensures.

Personal data processing

Each personal data processing activity shall take place according to the following principles:

Legality

Purpose limitation

Data minimization

Accuracy

Storage minimization

Integrity and confidentiality

For payment services, Stripe Inc is ultimately responsible for the processing of personal data and other data compatible with their business.

Our data processing must be documented on an ongoing basis in the Processing Register.

Follow-up and evaluation of our handling of personal data must take place at least annually.

Any incidents concerning personal data that we process must be reported to the CEO without delay and, within 72 hours, reported to the Data Inspectorate. Necessary measures must be taken in connection with the incident.

Our requirements for personal data to be handled in accordance with the GDPR must always be ensured in the procurement and development of IT solutions, third-party integrations, and services, and must be part of the requirements specification for any agreements.

Payments

We use Klarna as the provider of our checkout. This means that we might transfer your personal data in the form of contact and order details to Klarna when the checkout is loaded, in order for Klarna to manage your purchase. Your personal data transferred is processed in line with Klarna’s own privacy notice.

Cookies

This website (gettested.io) uses cookies to give you the best possible experience. You can choose which cookies are stored on your computer. We use both functional and non-functional cookies.

Functional cookies consist of cookies that make this site work. These are cookies that allow your goods to follow from the product page to the shopping cart. If you should close your browser and want to resume your purchase at a later time, these cookies will enable that.

These cookies are always allowed and are necessary for the site to work for you as a visitor.

In addition to this, we also use non-functional cookies which you have the right to refuse. These are used to improve and develop our website and for analysis.