Privacy policy
Privacy Policy
Effective Date: 01/04/2025
Company Name: Nuvivo Health LTD
Company Registration Number: SC821417
Registered Address: 8 Carmondean Centre Rd, Livingston, EH54 8PT
Contact Email: hello@nuvivo.co.uk
Contact Tel: 0333 305 9916
1. Introduction
Nuvivo Health LTD (“Nuvivo”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our services, including:
- Mobile and in-clinic blood testing services
- Online ordering of blood tests via www.nuvivo.co.uk
- Secure delivery of results and doctor-reviewed reports
- Consultations with healthcare professionals
- General enquiries, bookings, and communications
We process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable laws.
2. What Data We Collect
Personal Identification Data
- Full name, date of birth, sex/gender, home address, email, telephone number, emergency contact details
Health Data (Special Category Data)
- Blood test results, medical history you provide, consultation notes, consent forms, and doctor-reviewed reports
Payment Data
- Payment information is processed securely by Shopify Payments or other regulated third-party providers. Nuvivo Health does not store full payment card details.
Technical & Website Data
- IP address, browser type, device identifiers, cookies, and usage statistics when visiting our website
3. How We Use Your Data
Your personal data is used strictly for the purposes of providing safe, regulated healthcare services, including:
- Booking and managing appointments
- Delivering healthcare services (blood testing, consultations, reports)
- Securely providing results and doctor-reviewed reports
- Complying with Healthcare Improvement Scotland (HIS) regulations and UK law
- Processing payments, issuing invoices, and handling enquiries
- Quality assurance, audits, and improving patient safety
- Legal and safeguarding obligations (including incident reporting if required)
We do not use your health data for marketing purposes without explicit consent.
4. Lawful Basis for Processing
We rely on the following lawful bases under UK GDPR:
- Contractual necessity – to provide the healthcare services you request
- Legal obligations – to comply with healthcare regulations and record-keeping requirements
- Consent – for processing special category health data and for marketing (if you opt in)
- Legitimate interests – to ensure safe service delivery, patient protection, and continuous improvement
5. Sharing Your Data
We may share your personal data only where necessary and always securely:
- Accredited partner laboratories (e.g. The Doctors Laboratory, Randox) for processing blood tests
- Registered healthcare professionals (e.g. doctors, nurses, physiotherapists, psychologists) for delivering care and reviewing reports
- IT and system providers (e.g. Shopify, Semble, secure email providers) to deliver services
- Regulatory authorities (e.g. Healthcare Improvement Scotland, Information Commissioner’s Office, safeguarding bodies) where legally required
- Couriers/logistics providers for safe transport of samples
We will never sell or misuse your data for commercial purposes.
6. Data Retention
We keep your data only as long as required by law and regulation:
- Medical records and test results: retained for 7 years
- Financial records (invoices, payments): retained for 6 years
- Consent forms and clinical records: retained for 7 years
After retention periods expire, records are securely deleted or anonymised.
7. Security of Your Data
We apply strict safeguards to keep your data safe:
- Encrypted storage systems and secure portals
- Restricted access to health records (authorised staff only)
- Multi-factor authentication and password protection
- Regular audits and compliance checks
- Staff confidentiality agreements and ongoing training
- Secure disposal of expired records and clinical waste
8. Your Rights
You have the following rights under UK GDPR:
- Access to your personal data (Subject Access Request)
- Correction of inaccurate data
- Request deletion of data (where legally possible)
- Restrict or object to processing in certain circumstances
- Data portability (transfer of your data to another provider)
- Withdraw consent (for marketing or optional processing)
- Lodge a complaint with the Information Commissioner’s Office (ICO)
We will always respond to requests within statutory timeframes.
9. International Transfers
If your data is transferred outside the UK (e.g. via secure IT service providers), appropriate safeguards such as Standard Contractual Clauses (SCCs) will be applied to ensure full protection.
10. Cookies
Our website uses cookies to:
- Improve user experience
- Analyse website traffic
- Provide secure login and shopping functionality
You can control or disable cookies through your browser settings.
11. Updates to This Policy
We may update this Privacy Policy from time to time to remain compliant and transparent. The latest version will always be available on our website.
12. Contact Us
For questions, requests, or complaints regarding your data, please contact:
Data Protection Lead
Nuvivo Health LTD
8 Carmondean Centre Rd, Livingston, EH54 8PT
Email: hello@nuvivo.co.uk
Tel: 0333 305 9916