JavaScript is disabled. Please enable to continue!
Print this page

Mobile search icon
Menu
Clinical Diagnostics >> Contact Us >> Privacy Notice And Data Complaints Process

Privacy Notice And Data Complaints Process

Sidebar Image

Privacy Notice & Data Protection Complaints Process

Thank-you for visiting  the Eurofins Clinical Diagnostics (“Eurofins”) website. This Privacy Notice sets out the basis on which Eurofins’ website users (“you”) personal data provided through Eurofins (defined below under data controller and data processor information) web forms will be processed by Eurofins.

This Privacy Notice also sets out the Data Protection Complaints Process in compliance with the Data (Use and Access) Act 2025.

Please read the following carefully to understand Eurofins practices regarding your personal data and how Eurofins will treat it. If you have any questions regarding this Privacy Notice or if you want to lodge a request in relation to your personal information, please contact us via our contact point:

DATA CONTROLLER & DATA PROCESSOR INFORMATION

Eurofins Clinical Diagnostics UK Limited, 90 Priestley Road, Surrey Research Park, Guildford, Surrey GU2 7AU (Registered Office Address: i54 Business Park, Valiant Way, Wolverhampton WV9 5GB). Registered in England, UK No: 5900958.

NOTE:

Eurofins is both a Data Controller and a Data Processor, with different obligations.

  • As a Data Controller, we process data, for example for our employees and/or prospective candidates that may apply to advertised positions with Eurofins and/or individuals that contact us regarding our services through ‘web-form’ and/or by other means (e.g., by letter, by email).
  • As a Data Processor, In context of personal and special category data, submitted by a healthcare professional on behalf of their patient and sample-tested at our laboratory, the result-test is reported to the healthcare professional on behalf of their patient. Eurofins is a Data Processor in this context as we process this type of data on behalf of our Clients (‘Data Controllers’), which include, healthcare professionals (Clinicians / Clinics / Doctors/GPs / Healthcare Consultants / Hospitals) involving patient data. Should a ‘Data Subject Access Request (DSAR)’ be made to Eurofins as a Data Processor by a Patient and/or by someone representing a Patient, then the Client must be notified of such request in compliance with data protection legislation and regulation, as the Client is responsible to engage directly with the patient and address, fulfil, the Patient’ DSAR request.

The Client (healthcare professional) decides as to whether such health data / information is to be disclosed to a Patient.

Eurofins does not disclose processed health data / health information directly to a Patient.

What personal information do we collect and how?

We collect the personal information which is requested in our web forms and that you agreed to give us.

Such personal information usually consists of:

  • data about your identity such as your last name, your first name;
  • data about your occupation such as the name of your company;
  • information on how to contact you such as your e-mail address and phone number;
  • data about your business interests.

You should only give us the personal information requested in the web forms and if you do not agree to provide us with this information, you must not fill in the web forms. However, if you want to enter into a business relationship with us, you should provide us with the information necessary to enter into the relevant contracts and perform the relevant services.

We also use the user-behaviour tracker tool available on our CRM software (e.g. MailChimp) enabling us to know for example if you opened a newsletter or clicked on a link in order to optimise the content of our newsletters and their usability.

Why do we use personal information about you?

We may use the information we collect through the web forms for the following purposes:

  • Contact you in any means provided.
  • Provide, administer, and communicate with you about products, services, events, surveys and promotions by Eurofins or our affiliates (including by sending you marketing communications and newsletters);
  • Give you the possibility to attend seminars and trainings.
  • Process, evaluate and respond to your requests and enquiries (including quote requests, documentation requests, free tests requests), inquiries and applications (including for volunteer testing);
  • Create, administer, and communicate with you about your account (including any purchases and payments).
  • Provide investor and customer services.
  • Evaluate your interest in employment (including current or future job positions) and contact you regarding possible employment.
  • Enter into a business relationship with you.
  • Ensure customers satisfaction through sending customers surveys.
  • Comply with laws and obligations we are subject to;
  • Maintain our software;
  • Gathering statistics on your responsiveness towards our emails;
  • Be able to make your rights described below exercisable.

We also may use personal information for additional purposes. We will identify these additional purposes at the time of collection if any.

Which processing ground(s) do we rely upon for processing your personal information?

In order to process your personal data, depending on the situation, we rely on:

  • For legitimate interests (not for sensitive data).
  • Ensure performance of a contract entered into with your employer.
  • Reply to your orders and inquiries.
  • Recruiting of candidates to fill in any of our present or future job vacancies within one of the companies of the Eurofins group.
  • Prevention of fraud.
  • Direct marketing.
  • The necessity for the establishment, exercise, or defense of legal claims.
  • Transfer of information within the group for administrative purposes.
  • Maintenance (including but not limited to bug fixes) of our database.
  • Legal obligations (regarding sensitive data, only legal obligations in the field of employment and social security law).
  • Contract performance, including the continuous improvement of the services provided under such contracts.
  • Your consent.

If you give us your consent to process your personal information for a specific purpose, can you withdraw it afterwards?

Yes, you can withdraw your consent in full or in parts at any time by changing your preferences through a link provided in all emails footer or by contacting our contact point indicated above.

Who your personal information will be transferred to?

Your personal data might be transferred to any Eurofins affiliates (which can be found at https://www.eurofins.com/). We do not sell or otherwise disclose personal information about you to third parties except as described below:

  • to trusted businesses or persons to process your personal information for us, based on our instructions and in compliance with applicable privacy laws and regulations.
  • to service providers we have retained to perform services on our behalf.
  • to companies, organisations, or individuals outside of Eurofins if we have a good reason to believe that access, use, preservation, or disclosure of the information is reasonably necessary to:
    • execute and enforce contractual terms.
    • meet any applicable law, regulation, legal process, or enforceable governmental request.
    • detect, prevent, or otherwise address fraud, security, or technical issues.
    • protect against harm to the rights, property or safety of Eurofins, our users or the public as required or permitted by law.
    • to regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, to comply with any applicable law or order of a court of competent authority, jurisdiction, or in connection with legal proceedings.
    • to third parties as part of a merger, acquisition, or bankruptcy, in the event we sell or transfer all or a portion of our business or assets (including through bankruptcy).

Will your personal information be transferred outside the UK and or European Union?

Your personal data might be transferred outside the UK and/or EU/EEA in case one of the recipients stated above is located outside the UK and/or EU/EEA and only to countries for which:

  • the European Commission has issued an adequacy decision (which guarantees that an adequate level of protection of personal data is offered in that country).
  • you have given explicit consent.
  • appropriate safeguards have been provided, such as International Data Transfer Agreement (IDTA) and/or Standard Contractual Clauses (SCCs), which are data protection clauses and mechanisms for such a data transfer.

Your Data Protection Rights - Which rights do you have over your personal information?

You have the right to ask for:

  • The right to access– You have the right to request Eurofins for copies of your personal data.
  • NOTE: In context of personal and special category data, submitted by a healthcare professional on behalf of their patient and sample-tested at our laboratory, the result-test is reported to the healthcare professional on behalf of their patient. Eurofins is a Data Processor in this context as we process this type of data on behalf of our Clients (‘Data Controllers’), which include, healthcare professionals (Clinicians / Clinics / Doctors/GPs / Healthcare Consultants / Hospitals) involving patient data. Should a ‘Data Subject Access Request (DSAR)’ be made to Eurofins as a Data Processor by a Patient and/or by someone representing a Patient, then the Client must be notified of such request in compliance with data protection legislation and regulation, as the Client is responsible to engage directly with the patient and address, fulfil, the Patient’ DSAR request.
  • The Client (healthcare professional) decides as to whether such health data / information is to be disclosed to a Patient.
  • Eurofins does not disclose processed health data / health information directly to a Patient.
  • The right to Be Informed - You have the right to know how your personal data is collected, used, shared, and stored.
  • The right to rectification– You have the right to request that Eurofins correct any information you believe is inaccurate. You also have the right to request Eurofins to complete the information you believe is incomplete.
  • The right to erasure– You have the right to request that Eurofins erase your personal data, under certain conditions.
  • The right to restrict processing– You have the right to request that Eurofins restrict the processing of your personal data, under certain conditions.
  • The right to Object - You can object to the processing of your data, particularly for direct marketing or where it is based on legitimate interests.
  • Rights Related to Automated Decision-Making and Profiling - You have the right not to be subject to a decision based solely on automated processing (without human involvement) that has legal or similarly significant effects.
  • The right to data portability– You have the right to request that Eurofins transfer the data that we have collected to another organization, or directly to you, under certain conditions.

 

If you wish to raise a complaint about how your personal data has been handled, you can contact Eurofins Clinical Diagnostics UK Limited, Data Protection Officer (DPO) using the details below:

  • Email: dpo@ctuk.eurofins.com
  • Postal Address: Eurofins Clinical Diagnostics UK Limited, 90 Priestley Road, Surrey Research Park, Guildford, Surrey GU2 7AU
  • Telephone or Online: contact our Customer Services team at enquiries@ctuk.eurofins.com and/or phone: 01483 45038

You also have the right to complain to the relevant national data protection authority in case these rights are not complied with. An overview of the national data protection authorities is available at the following link: 

 Information Commissioner’s Office (ICO) UK:

  • Website: https://www.ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

How long will we keep your data for?

Your personal data will be stored for a limited period of time, determined with regards to the necessity to keep them in order to serve the purposes for which they have been collected and processed, as listed above.

Data Protection Complaints Process - Data (Use and Access) Act 2025

Eurofins Clinical Diagnostics Limited is committed to protecting your personal data and upholding your data protection rights. In accordance with applicable UK data protection laws, including the UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025, we have established a clear and accessible process to handle complaints relating to the use of personal data.

This complaints process complements your data protection rights, which are explained in the section titled “Your Data Protection Rights” in this Privacy Notice. If you believe your rights have not been respected, you may raise a complaint using the process below.

  1. Your Right to Complain

Under UK data protection law, including the Data (Use and Access) Act 2025, individuals have the right to raise concerns where they believe an organisation has not complied with its obligations. This includes situations where you consider that:

  • Your personal data has been processed unlawfully.
  • Your rights (such as access, rectification, or erasure) have not been appropriately handled.
  • Your personal data has not been kept secure.
  • You have not received clear or transparent information about how your data is used.

The Data (Use and Access) Act 2025 reinforces the requirement for organisations to provide a clear, accessible, and effective complaints mechanism, ensuring individuals can easily challenge how their data is handled and seek resolution.

  1. How to Make a Complaint

If you wish to raise a complaint about how your personal data has been handled, you can contact Eurofins Clinical Diagnostics UK Limited, Data Protection Officer (DPO) using the details below:

  • Email: dpo@ctuk.eurofins.com
  • Postal Address: Eurofins Clinical Diagnostics UK Limited, 90 Priestley Road, Surrey Research Park, Guildford, Surrey GU2 7AU
  • Telephone or Online: contact our Customer Services team at enquiries@ctuk.eurofins.com and/or phone: 01483 45038

To help us investigate your complaint efficiently, please provide:

  • Your full name and contact details
  • A clear description of your concern or complaint
  • Details of any relevant interactions with us
  • Copies of any supporting documents (if available)
  • Your preferred outcome or resolution

You do not need to complete a specific form, but providing this information as outlined above will assist us in responding more quickly.

  1. What Happens Next

Once we receive your complaint, we will:

  • Acknowledge receipt of your complaint without undue delay and within the lawful 30 day period in compliance with the Data (Use and Access) Act 2025,
  • Conduct a fair and proportionate investigation in line with our legal obligations.
  • Consider whether your data protection rights (as outlined in the “Your Data Protection Rights” section of this Privacy Notice) have been impacted.
  • Contact you if additional information is required.
  • Provide a response within the lawful 30 day period in compliance with the Data (Use and Access) Act 2025, unless an extension is permitted under applicable law.

If your complaint is complex, we will keep you informed of progress and explain any delays.

  1. Outcome of Your Complaint

Following our investigation, we will:

  • Explain our findings clearly and transparently.
  • Confirm whether we have complied with applicable data protection law, including the Data (Use and Access) Act 2025.
  • Explain how your rights have been considered and applied.
  • Outline any corrective actions taken (if applicable).
  • Describe any improvements implemented to prevent recurrence.
  1. Escalation to the Supervisory Authority

If you are not satisfied with our response, or if you believe your personal data has been processed unlawfully, you have the right to lodge a complaint with the UK supervisory authority:

  • Information Commissioner’s Office (ICO)
  • Website: https://www.ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

You also have the right to seek a judicial remedy where appropriate.

  1. Accessibility

In line with our obligations under the Data (Use and Access) Act 2025, we are committed to ensuring this complaints process is clear, transparent, and accessible to all individuals.

If you require this information in an alternative format such as large print, easy-read, or need assistance in raising a complaint, please contact us and we will provide appropriate support.

  1. No Fee

You will not be charged for making a complaint. Eurofins Clinical Diagnostics UK Limited will not treat you unfairly or disadvantage you for raising a concern about your personal data.

  1. Continuous Improvement

We review complaints to identify trends and improve our data protection practices, supporting ongoing compliance with UK data protection law, UK-GDPR, including the Data (Use and Access) Act 2025.