Header Logo
Blog
About Contact
Log In

Privacy Notice

Health Labs HQ Ltd | How we collect, use, and protect your personal data Last updated: 23 June 2026

1. ABOUT THIS PRIVACY NOTICE

This Privacy Notice explains how Health Labs HQ Ltd ("we", "us", "our") collects, uses, stores, and shares your personal data when you use our at-home blood testing, AI-powered results interpretation, and digital platform services. It should be read alongside our Terms and Conditions. Health Labs HQ Ltd is the data controller responsible for your personal data. We are registered in England and Wales with company number 14787527. Our registered office is at The Station House, 15 Station Road, St Ives, Cambridgeshire, PE27 5BH.

2. OUR LABORATORY AND SAMPLE COLLECTION PARTNERS

We work with the Inuvi Group of companies to deliver our Services: Inuvi Diagnostics Limited carries out the laboratory analysis of your blood samples. Inuvi Diagnostics holds UKAS accreditation (number 10641) to ISO 15189 for medical laboratory testing. Inuvi Diagnostics acts as a data processor on our behalf, processing your personal data strictly under our instructions and in accordance with a data processing agreement. Inuvi Health Limited provides nurse-assisted sample collection through registered nurses who are registered with the Nursing and Midwifery Council. When you book a nurse visit, Inuvi Health processes your personal data (name, contact details, address) to arrange and carry out the appointment. Inuvi Health acts as a data processor on our behalf for this purpose. Each Inuvi Group company is also a data controller in its own right for certain purposes, such as regulatory compliance and legal obligations. For details of how the Inuvi Group handles your data as a controller, please refer to the Inuvi Group Privacy Notice, available at https://inuvi.co.uk/privacy-and-cookie-policies/.

3. WHAT PERSONAL DATA WE COLLECT

When you use our Services, we may collect the following types of personal data: Account and identity data: first name and surname; email address; contact telephone number; home address; date of birth; and sex. Health and test data (special category data): blood sample data; laboratory test results; AI-generated health interpretations; and any health information you provide through your account (for example, medical history, dietary details, lifestyle information). Order and payment data: order history; and payment information (processed securely by our payment provider; we do not store full card details). Technical data: IP address, browser type, and device information when you use the Platform; and cookies and similar tracking technologies (see our Cookie Policy for details).

4. WHAT WE USE YOUR DATA FOR AND OUR LEGAL BASIS

Purpose Types of data Lawful basis Retention Creating your account and processing your order Account and identity data, order and payment data Performance of a contract with you 10 years from last order Conducting laboratory tests and generating results Health data, blood sample data, personal identifiers Explicit consent (Article 9(2)(a) UK GDPR) 10 years Providing AI-powered interpretation of your results Health data, test results, any health information you provide Explicit consent (Article 9(2)(a) UK GDPR) 10 years Arranging nurse-assisted sample collection Name, contact details, address Performance of a contract with you 10 years from last order Sending service Name, email address Performance of a 10 years from last order communications (e.g. results ready, kit dispatch) contract with you Sending marketing communications (only with your consent) Name, email address Consent Until you unsubscribe Anonymised research, analysis, and commercial use of aggregated data Anonymised, aggregated data Not applicable - once anonymised, the data is no longer personal data and falls outside UK GDPR Indefinitely (as non-personal data) Complying with legal and regulatory obligations All categories as required Legal obligation As required by law Defending legal claims Health data, personal identifiers Legitimate interests (defence of legal claims) 10 years

5. WHO WE SHARE YOUR DATA WITH

We may share your personal data with the following categories of recipients: Recipient Purpose Inuvi Diagnostics Limited Laboratory analysis of blood samples (data processor) Inuvi Health Limited Nurse-assisted sample collection (data processor) Cloud, website and digital platform service providers (e.g. Amazon Web Services) Secure data hosting and storage Payment processors Processing your payments securely UK Health Security Agency or other health Where required for public health programmes authorities Regulatory bodies (e.g. ICO, CQC, UKAS) Compliance with legal and regulatory obligations Professional advisers (e.g. lawyers, auditors) Legal advice and compliance We will never sell your identifiable personal data to third parties for marketing purposes. All data sharing is carried out under strict contractual agreements and in compliance with UK data protection law.

6. INTERNATIONAL TRANSFERS

Our data is primarily stored within the United Kingdom. Some data hosting may use Amazon Web Services, with possible locations including London (United Kingdom) and Dublin (Republic of Ireland). Where we transfer your personal data to the European Economic Area, we rely on the UK Government's adequacy regulations, which recognise that the European Economic Area provides an adequate level of data protection. Any transfer to a country not covered by UK adequacy regulations will be made only where an appropriate safeguard recognised under UK data protection law is in place, such as the International Data Transfer Agreement or the UK Addendum to the EU standard contractual clauses.

7. YOUR RIGHTS

Under UK GDPR, you have the following rights in respect of your personal data: the right to be informed about how your personal data is processed (this Privacy Notice); the right of access to your personal data and confirmation that it is being processed; the right to rectification if your personal data is inaccurate or incomplete; the right to erasure (the "right to be forgotten") where there is no compelling reason to continue processing, subject to our legal retention obligations; the right to restrict processing in certain circumstances; the right to data portability; the right to object to processing for direct marketing, scientific or historical research, or statistical purposes; and the right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal. To exercise any of these rights, please contact our Data Protection Officer at [email protected] or write to us at our registered office address. We may require valid identification to action your request. We will respond to your request within one month.

8. DATA SECURITY

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These measures include encryption of data in transit and at rest, access controls, and regular security reviews. Where we engage data processors (such as Inuvi Diagnostics and Inuvi Health), we ensure they maintain equivalent security standards through contractual obligations and regular oversight.

9. COOKIES

The Platform uses cookies and similar technologies to improve your experience and analyse usage. For full details of the cookies we use and how to manage your preferences, please refer to our Cookie Policy, available on our website.

10. CHANGES TO THIS PRIVACY NOTICE

This Privacy Notice may be updated from time to time to reflect changes in our processing activities or in data protection law. We recommend reviewing this notice periodically. The date of the most recent update is shown at the top of this document.

11. CONTACT US AND COMPLAINTS

If you have any questions about this Privacy Notice or how we handle your personal data, please contact our Data Protection Officer at [email protected] or write to: Data Protection Officer, Health Labs HQ Ltd, The Station House, 15 Station Road, St Ives, Cambridgeshire, PE27 5BH. Our laboratory partner's Data Protection Officer can be contacted at [email protected]. If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). Website: www.ico.org.uk. Telephone: 0303 123 1113.

12. DEFINITIONS

Data Subject - an individual who is the subject of personal data. Data Controller - a person who determines the purposes for which, and the manner in which, personal data is processed. Data Processor - a person who processes personal data on behalf of the data controller. Personal Data - any information relating to a person that can be used to identify them directly or indirectly, such as their name, identification number, address, or other factors specific to their identity. Special Category Personal Data - information on racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, health, sex life and sexual orientation, and genetic or biometric data. END OF PRIVACY NOTICE

Footer Logo
Blog
© 2026 Kajabi