Skip to main content

Privacy Policy

Policy version: 5

Tribuco Limited, company number 15311814, trading as Qured (‘we’, ‘our’ or ‘us’) provides the following preventative healthcare services through the Qured app:

  • Ordering of diagnostic testing kits and display of results,
  • Appointment booking, 
  • Facilitation of appointments with healthcare professionals, and
  • Access to educational resources.

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your information).

It also explains your rights in relation to your information and how to contact us or the relevant regulator in the event you have a complaint. Our collection, storage, use and sharing of your information is regulated by law, including under the UK General Data Protection Regulation (UK GDPR).

We are the controller of your information obtained via the website and app, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.

If you are aged under 18 you must not use the service as it is not designed for you. We do not intend to collect the information of anyone under 18. If you are aware that any information of anyone under 18 has been shared with the app, please let us know so that we can delete that data.

The service is available only in the UK and is solely intended for use by people in the UK.

This privacy policy is divided into the following sections:

1. What this policy applies to

2. Information we collect about you

3. How your information is collected

4. How and why we use your information

5. Marketing

6. Who we share your information with

7. How long your information will be kept

8. Transferring your information out of the UK

9. Your rights

10. Keeping your information secure

11. How to complain

12. Changes to this privacy policy

13. How to contact us

1. What this policy applies to

This privacy policy relates to your use of our website. For more information about how Qured collects and processes information about you when you access and use the Qured app, please see our Mobile app privacy policy available in the app from Apple App Store or Google Play store.

2. Information we collect about you

The information we collect about you depends on the particular activities carried out through the website or the app. We will collect and use the following information about you:

  • Contact details - your name and contact information, including email address and telephone number (and company details if applicable) when you submit an enquiry about our services.

  • Other data the website collects automatically when you use it - your activities on, and use of, the website which reveal your preferences, interests or manner of use of the website and the times of use. Technical data such as IP address, device operating system, browser type and version.
    For more information, see our Cookies Policy

if you register to use the Qured app

  • Identity and account data you input into the app (registration is mandatory in order to use the app)- your name, address and contact information, including email address and telephone number (and company details if applicable):
    - information to check and verify your identity, eg date of birth
    - your gender
    - your account details, such as username and password
    - your replies to security questions
  • Data collected when you use specific functions in the app - all data you store online with us using the app including answers to health questionnaires
  • Test results - test results from the laboratories that process your tests

You must provide the above information to use the app and its services unless we tell you that you have a choice.

Sometimes you can choose if you want to give us your information and let us use it. Where that is the case we

will tell you and give you the choice before you give the information to us. We will also tell you whether declining to

share the information will have any effect on your use of the app or our services.

We collect and use your information for the purposes described in the section ‘How and why we use your information’ below.

3. How your information is collected

We collect information from you directly or indirectly, such as your activity while using the website.

We also collect information about you from other sources as follows:

Where you are accessing this service as an employee benefit, we will collect the following data from your employer:

  1. Name;
  2. Date of Birth;
  3. Work ID number;
  4. Work address;
  5. Home address;
  6. Phone number;
  7. Private medical insurance information; and
  8. NHS Number.  

4. How and why we use your information

Under data protection law, we can only use your information if we have a proper reason, eg:

  • where you have given consent
  • to comply with our legal and regulatory obligations
  • for the performance of a contract with you or to take steps at your request before entering into a contract, or
  • for our legitimate interests or those of a third party

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).


The below explains what we use your information for and why. (Lawful basis relied on under the UK GDPR)

  • To create and manage your account with us

Processing is necessary for our contract with you, or because you have asked us to take specific steps before entering into a contract (Article 6(1)(b)).

  • To determine which healthcare services would be best for you.

Processing is necessary to perform our contract with you (Article 6(1)(b)). The processing of health data required additional safeguards under UK GDPR, which we cover under Article 9(2)(h)).

  • To provide preventative healthcare to you

Processing is necessary to perform our contract with you (Article 6(1)(b)). The processing of health data required additional safeguards under UK GDPR, which we cover under Article 9(2)(h)).

  • To provide the functionalities of the app to you

Our legitimate interests (Article 6(1)(f)), which is to be as efficient as we can so we can deliver the best service to you

  • We will use your information for onward referrals for continuity of your healthcare journey where you have agreed with your clinician for a referral.

Processing is necessary to perform our contract with you (Article 6(1)(b)). The processing of health data required additional safeguards under UK GDPR, which we cover under Article 9(2)(h)).

  • We will use your information for onward referrals for continuity of your healthcare journey if you are unable or incapable of providing your consent for any reason, and we consider it necessary for your vital interests. 

Processing is necessary in order to protect your vital interests (Article 6(1)(d) and Article 9(2)(c).

  • Communications with you not related to marketing, including about changes to our terms or policies or changes to the app or service or other important notices

Our legitimate interests (Article 6(1)(f)), which is to be as efficient as we can so we can deliver the best service to you

  • To conduct checks to identify you and verify your identity or otherwise to help prevent and detect fraud against you or us

For our legitimate interests, ie to minimise the risk of account or identity theft or fraud that could be damaging for you, a third party or us(Article 6(1)(f))

  • Disclosures and other activities necessary to comply with legal and regulatory obligations or defend or undertake legal proceedings

Processing is necessary for compliance with a legal obligation to which we are subject (Article 6(1)(c))

  • Operational reasons, such as improving efficiency, training, auditing and quality control or to provide support to you

Our legitimate interests (Article 6(1)(f)), which is to be as efficient as we can so we can deliver the best service to you

  • Statistical analysis to help us understand our customer base

Our legitimate interests (Article 6(1)(f)), which is to be as efficient as we can so we can deliver the best service to you

  • Updating and enhancing customer records

Our legitimate interests (Article 6(1)(f)), which is to be as efficient as we can so we can deliver the best service to you eg by making sure that we can keep in touch with our existing customers about existing orders and new products

  • Marketing our services to existing and former customers (to which you can unsubscribe at any time) - see ‘Marketing’ below for further information

Our legitimate interests (Article 6(1)(f)), which is to promote our service to existing and former customers and 

You have given your clear consent for us to process your personal data for this specific purpose (Article 6(1)(a))

5. Marketing

We will only send you direct marketing communications if we have your consent.  You have the right to opt out of receiving marketing communications at any time by:

  • contacting us at mkt@qured.com or
  • using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts.

We will always treat your information with the utmost respect and never share it with other organisations for marketing purposes.

For more information on your right to object at any time to your information being used for marketing purposes, see ‘Your rights’ below.

6. Who we share your information with
We may share your data with service providers (who act as data processors) we use to help us run our business or provide the services or functionalities in the app. These include the accredited laboratories that process your samples, medical practitioners who will provide consultations, the teleconsultation communication software and customer contact softwares. 


We only allow the companies referred to above to handle your information if we are satisfied they take appropriate measures to protect your information. We also impose contractual obligations on service providers to ensure they can only use your information to provide services to us and to you.


We or the third parties mentioned above occasionally also need to share your information with:

  • our (or their) external auditors; the recipient of the information will be bound by confidentiality obligations
  • our or their professional advisors (such as lawyers and other advisors)—the recipient of the information will be bound by confidentiality obligations
  • law enforcement agencies, courts or tribunals and regulatory bodies to comply with legal and regulatory obligations
  • other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your information will be bound by confidentiality obligations

We will not share your information with any other third party, and we will never sell your information to other organisations.

If you would like more information about who we share your information with and why, please contact us (see ‘How to contact us’ below).

7. How long your information will be kept
Different retention periods apply for different types of your information. Further details on this are available in our retention policy which you can request by contacting us. Following the end of the relevant retention period, we will delete or anonymise your information.

8. Transferring your information out of the UK     

It may sometimes be necessary for us to transfer your information to countries outside the UK. For countries within the EU there remains an Adequacy Agreement in place with the UK which allows for free flow of data without additional measures. The UK also has Adequacy Agreements in place with certain other countries.

However, in those cases where an Adequacy Agreement does not exist (ie. 3rd countries), we will comply with applicable UK laws and additional protection measures designed to ensure the privacy of your information is maintained to the same privacy standards as afforded by the UK GDPR for such international transfers.

We will use, as appropriate, either an International Data Transfer Agreement (IDTA) or the UK Addendum alongside existing Standard Contractual Clauses as a transfer tool to comply with Article 46 of the UK GDPR when making such restricted transfers.

If you would like further information about any such transfer and how we specifically protect your data, please contact dataprotection@qured.com

9. Your rights     

You generally have the following rights:

  • Access - you have the right to request a copy of your information that we process.
  • Rectification - you have the right to require us to correct any mistakes in your information.
  • Erasure - you have the right to request that we delete your information- in certain situations.
  • Restriction - you have the right to require us to restrict use of your information in certain circumstances, eg if you contest the accuracy of the data
  • Portability - you have the right to receive your information that you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
  • Objection - you have the right to object: 
    -at any time to your information being used for direct marketing (including profiling)
    -in certain other situations to our continued use of your information, eg where we use your information for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims.
  • Withdraw consent - if you have provided us with a consent to use your information, you have a right to withdraw that consent easily at any time

For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ below). You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR. 

If you would like to exercise any of those rights, please contact us at dataprotection@qured.com 

10. Keeping your information secure

We have appropriate security measures to prevent your information from being accidentally lost, or used or accessed unlawfully. We limit access to your information to those who have a genuine business need to access it. 

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

11. How to complain

Please contact us if you have any queries or concerns about our use of your information (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.

The Information Commissioner can be contacted using the details at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.

12. Changes to this privacy policy

We may change this privacy policy from time to time. When we make significant changes we will take steps to inform you, for example via the app or by other means, such as email.

12. How to contact us

You can contact us and/or our Data Protection Officer by post, email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.

Our contact details
Tribuco Ltd t/a Qured
71-75 Shelton Street

London

WC2H 9JQ
dataprotection@qured.com
03330164411

Our Data Protection Officer’s contact details
Ametros Group Limited

Lakeside Offices,

Thorn Business Park,

Hereford,

Herefordshire,

HR2 6JT,

England

0330 223 2246
dpo@ametrosgroup.com
www.ametrosgroup.com