GDPR Compliance Statement


Berkeley Health Tests GDPR Commitment

At Berkeley Health Tests, we understand the importance of protecting personal data and respecting the privacy of our customers. The General Data Protection Regulation (GDPR) presents an opportunity to build a stronger foundation for data protection and we fully embrace this opportunity.

We are committed to ensuring that our products and services comply with GDPR regulations. Our team is dedicated to implementing and maintaining the necessary processes and procedures to ensure that our customers’ personal data is protected at all times.

We believe that GDPR compliance is not only necessary, but it also benefits our customers. By adhering to these regulations, we can provide greater transparency and control over how personal data is collected, processed, and used. We strive to give our customers the peace of mind that their data is being handled in a responsible and ethical manner.

Our commitment to GDPR compliance extends to all aspects of our business. We have put in place measures to ensure that our staff are trained and aware of GDPR regulations and their responsibilities under these regulations.

We believe that GDPR compliance is not just a legal requirement but also a moral obligation to our customers. We are proud to support the GDPR and are committed to maintaining the highest standards of data protection for the benefit of all.

GDPR Compliance Statement

Berkeley Health Tests has prepared this statement to provide our customers with information regarding the impact of the GDPR, the steps taken by Berkeley Health Tests to ensure our compliance with the GDPR, and the ways in which we can assist and support our accounts and users (as data controllers) with their respective obligations under the GDPR.

Overview of GDPR

The General Data Protection Regulation, commonly known as GDPR, is a comprehensive law that governs the handling of personal data of European Union (EU) residents. It gives individuals the right to control their data and aims to regulate the use of such data by organisations. This law is applicable not only to EU-based companies but also to organisations worldwide that target or provide services or products to EU residents.

Under the GDPR, organisations are required to be transparent and accountable in their use of personal data. They must be able to demonstrate their compliance with GDPR regulations to both individuals and regulators. While the GDPR does not mandate that personal data must remain in the EU, it places restrictions on the transfer of data outside the European Economic Area. Unless a country’s privacy laws have been assessed and declared “adequate” by the European Commission, the data must be further protected by contract or other EU-approved methods.

To ensure that data transfers to non-adequate countries are adequately protected, Berkeley Health Tests Data has incorporated EU-approved methods such as the European Commission’s standard contractual clauses. Customers can rely on these protections to transfer EU personal data using our services, giving them the peace of mind that their data is being handled in compliance with GDPR regulations.

Compliance, Account & User Support

At Berkeley Health Tests, we are committed to complying with the General Data Protection Regulation (GDPR) in the delivery of our products and services to our users. We recognise the importance of data protection and respect the privacy of our users. As part of this commitment, we have established a specialised team, which includes a dedicated Data Protection Officer, to ensure that we comply with GDPR requirements.

We understand that our users also have their own GDPR obligations, and we are dedicated to helping them meet these obligations. Our team is equipped to provide support and guidance to our users on GDPR compliance matters.

We have made enhancements to our services, agreements, policies, and internal processes to ensure that we satisfy our GDPR obligations. These enhancements include incorporating GDPR-compliant clauses into our agreements and updating our privacy policy to reflect GDPR requirements. We have also implemented internal processes to ensure that we handle personal data in compliance with GDPR regulations.

Compliance with Customer Instructions

Berkeley Health Tests is committed to processing personal data only as instructed by applicable accounts and users, as a data processor. To ensure that all of our colleagues who have access to personal data adhere to this commitment, we have updated our internal policies. This means that they will only process personal data on behalf of and in accordance with the documented instructions of the relevant accounts and users.

Berkeley Health Tests may fulfil different roles in respect of different data, but we are committed to meeting and exceeding our obligations under the GDPR. We understand the importance of data protection and respect the privacy of our users. Our commitment to GDPR compliance is an integral part of our business operations, and we will continue to improve our processes to meet GDPR requirements.

Data Minimisation

Berkeley Health Tests only collects and processes the minimum personal data necessary to provide the relevant services on behalf of our users. In addition, we do not knowingly collect and/or process sensitive or special categories of personal data not unless otherwise required by law depending on the engagement we have with you.

Data Protection Impact Assessment

As a data processor, Berkeley Health Tests is committed to supporting our customers in respect of data protection impact assessments including data transfer impact assessments and/or prior consultations that may be required. As a data controller, Berkeley Health Tests complies with its obligations under the GDPR and our data protection team regularly complete privacy impact assessments where personal data is used or collected.

Data Protection Training and Awareness

Berkeley Health Tests ensures that all of our colleagues are aware of their obligations under the GDPR and complete annual training on their role-specific responsibilities. Our commitment to data protection training and awareness supports Berkeley Health Tests commitment to meeting and exceeding our obligations under the GDPR.


Berkeley Health Tests has implemented and maintains appropriate technical and organisational measures to ensure the processing of personal data meets the requirements of the GDPR. These measures include:

  1. Pseudonymisation and encryption of personal data, as appropriate based on the risk to data subjects
  2. Ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  3. Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  4. Regular testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing of personal data

We treat all personal data processed on behalf of our users as confidential information and ensure that all Berkeley Health Tests colleagues, agents, and contractors engaged in the processing of personal data are informed of the confidential nature of such personal data. We ensure that:

  1. Access to personal data is limited to those performing services in accordance with the relevant account and user agreement.
  2. All colleagues, agents, and contractors are committed to confidentiality (or are under an appropriate statutory obligation of confidentiality) and receive appropriate training on their responsibilities.

Responding to Personal Data Breaches

To ensure that we are fully prepared in the event of a data breach, we have updated our policies to provide timely notice to our accounts and users if a breach occurs. Our aim is to minimise any potential damage and enable our accounts and users to take appropriate action.

In the event of a personal data breach, we will also assist and cooperate with any internal or external investigation as directed by our accounts and users. This includes cooperating with third-party organisations such as law enforcement agencies to ensure that any breaches are fully investigated and appropriate actions are taken to prevent any future breaches. We believe that this approach not only benefits our organisation but also our accounts and users, as it helps to build trust and ensure that personal data is protected at all times.

Use of Sub-Processors

Berkeley Health Tests carefully selects its subprocessors in order to ensure the security and privacy of personal data. We may engage additional subprocessors in order to provide certain services. If this is necessary, we will make information about any additional subprocessors publicly available.

We take our commitment to data protection seriously and ensure that all subprocessors we work with are subject to data protection terms that meet our standards for compliance. This ensures that the personal data we process remains secure and protected at all times

Law Enforcement Requests

Berkeley Health Tests recognises that it has a legal obligation to comply with valid legal process from law enforcement authorities with jurisdiction over the data it hosts. This may require the disclosure of personal data to the relevant authorities. However, Berkeley Health Tests is committed to protecting the privacy and security of personal data in accordance with applicable laws and regulations. Any such disclosure will be made only to the extent required by law and after careful review to ensure compliance with legal obligations and user rights.

Contact Us

Berkeley Health Tests

Location: International House 10, Beaufort Court Admirals Way Canary Wharf London E14 9XL

Call us: 03300221664

Email us: