Privacy Policy

Policy version: 7
Last updated: 22 April 2026

Qured Health Limited, company number 15311814, trading as Qured (‘we’, ‘our’ or ‘us’) provides the following preventative healthcare services through the Qured app via Apple and Android, and associated website:

Ordering of Diagnostic testing kits and display of results,
Appointment booking,
Facilitation of appointments with healthcare professionals, and
Access to educational resources.

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your information).

It also explains your rights in relation to your information and how to contact us or the relevant regulator in the event you have a complaint. Our collection, storage, use and sharing of your information is regulated by law, including under the UK General Data Protection Regulation (UK GDPR).

We are the controller of your information obtained via the website and app, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.

If you are aged under 18 you must not use the service as it is not designed for you. We do not intend to collect the information of anyone under 18. If you are aware that any information of anyone under 18 has been shared with the app, please let us know so that we can delete that data.

The service is available only in the UK and is solely intended for use by people in the UK.

This privacy policy is divided into the following sections:

What this policy applies to
Information we collect about you
How your information is collected
How and why we use your information
Marketing
Who we share your information with
How long your information will be kept
Transferring your information out of the UK
Your rights
Keeping your information secure
How to complain
Changes to this privacy policy
How to contact us

1. What this policy applies to

This privacy policy relates to your use of our website and app.

The app may link to other websites and services owned and operated by certain trusted third parties to provide support, information, and services to you. These other apps, websites or services may also gather information about you in accordance with their own separate privacy policies. If you do connect to another app or website using a link, you do so through your own choice, and must accept the Privacy Policy and conditions of that site, which will be made clear to you and you will have the opportunity to do before connecting.

2. Information we collect about you

The information we collect about you depends on the particular activities carried out through the website or the app. We will collect and use the following information about you:

Category of data and detail

Contact details

Your name and contact information, including email address and telephone number (and company details if applicable) when you submit an enquiry about our services

Other data the website collects automatically when you use it

Your activities on, and use of, the website which reveal your preferences, interests or manner of use of the website and the times of use
Technical Data such as IP address, device operating system, browser type and version

For more information, see our Cookies Policy

If you register to use the Qured app:

Identity and account data you input into the app (Registration is mandatory in order to use the app)

Your name, address and contact information, including email address and telephone number (and company details if applicable)
Information to check and verify your identity, eg date of birth
Your gender
Your account details, such as username and password
Your replies to security questions

Data collected when you use specific functions in the app

All data you store online with us using the app including answers to health questionnaires

Test results

Test results from the laboratories that process your tests

We collect and use your information for the purposes described in the section ‘How and why we use your information’ below.

3. How your information is collected

We collect information from you directly or indirectly, such as your activity while using the app or website.
We also collect information about you from other sources as follows:

-Where you are accessing this service as an employee benefit, we may collect some or all of the following data from your employer or benefit provider:

Name;
Email address;
Phone number;
Date of Birth;
Home address;
Gender.

4. How and why we use your information

Under data protection law, we must have a valid lawful basis for using your personal data. Depending on how we use your information, we rely on one or more of the following legal bases:

where you have given consent
to comply with our legal and regulatory obligations
for the performance of a contract with you or to take steps at your request before entering into a contract, or
for our legitimate interests or those of a third party

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).
The table below explains what we use your information for and the lawful basis we rely on.

To create and manage your account with us

Processing is necessary for our contract with you, or because you have asked us to take specific steps before entering into a contract (Article 6(1)(b)).

To determine which healthcare services would be best for you.

Processing is necessary to perform our contract with you (Article 6(1)(b)). The processing of health data is subject to additional safeguards under UK GDPR, as set out in Article 9(2)(h), including where necessary for the provision of health or social care.

To provide preventative healthcare to you

To provide the functionalities of the app to you

Our legitimate interests (Article 6(1)(f)), which is to be as efficient as we can so we can deliver the best service to you.

To generate and provide referral information to you for continuity of your healthcare journey, where you and your clinician agree a referral is appropriate

Communications with you not related to marketing, including about changes to our terms or policies or changes to the app or service or other important notices

Our legitimate interests (Article 6(1)(f)), to ensure our services are delivered effectively

To conduct checks to identify you and verify your identity or otherwise to help prevent and detect fraud against you or us

Our legitimate interests (Article 6(1)(f)), including preventing fraud and protecting you, us and third parties from harm.

To maintain the security of our systems and protect personal data from unauthorised access, loss or misuse, including by monitoring system activity, detecting suspicious behaviour and investigating potential security incidents

Our legitimate interests (Article 6(1)(f)).

Disclosures and other activities necessary to comply with legal and regulatory obligations or defend or undertake legal proceedings

Processing is necessary for compliance with a legal obligation to which we are subject (Article 6(1)(c))

Operational reasons, such as improving efficiency, training, auditing and quality control or to provide support to you

Our legitimate interests (Article 6(1)(f)), which is to be as efficient as we can so we can deliver the best service to you

Statistical analysis to help us understand our customer base

Our legitimate interests (Article 6(1)(f)), which is to be as efficient as we can so we can deliver the best service to you

Updating and enhancing customer records

Our legitimate interests (Article 6(1)(f)), which is to be as efficient as we can so we can deliver the best service to you, for example, to ensure that our records are accurate and up to date.

Marketing our services to existing and former customers (to which you can unsubscribe at any time) See ‘Marketing’ below for further information

Our legitimate interests (Article 6(1)(f)), which is to promote our service to existing and former customers where permitted by law, and/or your consent (Article 6(1)(a)) where required.

5. Marketing

We will only send you direct marketing communications if we have your consent. You have the right to opt out of receiving marketing communications at any time by:

contacting us at mkt@qured.com or
using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts.

We will always treat your information with the utmost respect and never share it with other organisations for marketing purposes.
For more information on your right to object at any time to your information being used for marketing purposes, see ‘Your rights’ below.

6. Who we share your information with

We may share your data with service providers (who act as data processors) we use to help us run our business or provide the services or functionalities in the app. These include the accredited laboratories that process your samples, medical practitioners who will provide consultations, the teleconsultation communication software and customer contact softwares.
We only allow the companies referred to above to handle your information if we are satisfied they take appropriate measures to protect your information. We also impose contractual obligations on service providers to ensure they can only use your information to provide services to us and to you.

We or the third parties mentioned above occasionally also need to share your information with:

our (or their) external auditors; the recipient of the information will be bound by confidentiality obligations
our or their professional advisors (such as lawyers and other advisors)—the recipient of the information will be bound by confidentiality obligations
law enforcement agencies, courts or tribunals and regulatory bodies to comply with legal and regulatory obligations
other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your information will be bound by confidentiality obligations

We will not share your information with any other third party, and we will never sell your information to other organisations.

If you would like more information about who we share your information with and why, please contact us (see ‘How to contact us’ below).

7. How long your information will be kept

Qured retains personal data and test results in accordance with our Data Retention Policy and applicable UK GDPR requirements. Retention periods vary depending on the type of data and the purpose for which it was collected.

In particular, health data and test results are retained only for as long as necessary to provide healthcare services, meet clinical governance requirements, and comply with applicable legal and regulatory obligations.

We may also retain personal data where necessary to:

comply with legal, accounting or reporting requirements; and
establish, exercise or defend legal claims.

Further details on applicable retention periods are available in our Data Retention Policy, which you can request by contacting us.

Once the applicable retention period has expired, your personal data will be securely deleted or anonymised in line with our internal policies.

8. Transferring your information out of the UK

All Qured data storage is within the UK; however it may sometimes be necessary for us to transfer your information to countries outside the UK. For countries within the EU there remains an Adequacy Agreement in place with the UK which allows for free flow of data without additional measures. The UK also has Adequacy Agreements in place with certain other countries.

However, in those cases where an Adequacy Agreement does not exist (ie. 3rd countries), we will comply with applicable UK laws and additional protection measures designed to ensure the privacy of your information is maintained to the same privacy standards as afforded by the UK GDPR for such international transfers.

We will use, as appropriate, either an International Data Transfer Agreement (IDTA) or the UK Addendum alongside existing Standard Contractual Clauses as a transfer tool to comply with Article 46 of the UK GDPR when making such restricted transfers.

If you would like further information about any such transfer and how we specifically protect your data, please contact dataprotection@qured.com

9. Your rights

Under UK data protection law, you have a number of rights in relation to your personal data. These rights may apply in certain circumstances and are subject to some limitations.

Right of access
You have the right to request a copy of the personal data we hold about you, as well as information about how we use it.

Right to rectification
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to erasure
You have the right to request that we delete your personal data in certain circumstances. This is not an absolute right, and we may need to retain some information, for example where we are required to do so for legal or regulatory reasons.

Right to restrict processing
You have the right to request that we restrict how we use your personal data in certain circumstances, for example if you contest its accuracy.

Right to data portability
You have the right, in certain circumstances, to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and to request that it is transmitted to another organisation where technically feasible.

Right to object
You have the right to object:

at any time to your personal data being used for direct marketing; and
in certain other circumstances, to our continued use of your personal data where we rely on legitimate interests, unless we can demonstrate compelling legitimate grounds to continue or the processing is required for legal claims.

Right to withdraw consent
Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

If you would like to exercise any of those rights, please contact us at dataprotection@qured.com

You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR.

10. Keeping your information secure

We have appropriate security measures to prevent your information from being accidentally lost, or used or accessed unlawfully. We limit access to your information to those who have a genuine business need to access it.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

11. How to complain

You also have the right to lodge a complaint with the Information Commissioner. The Information Commissioner can be contacted using the details at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.

12. Changes to this privacy policy

We may change this privacy policy from time to time. When we make significant changes we will take steps to inform you, for example via the app or by other means, such as email.

13. How to contact us

You can contact us and/or our Data Protection Officer by post, email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.

Our contact details
Qured Health Ltd t/a Qured
71-75 Shelton Street
London
WC2H 9JQ
dataprotection@qured.com
03330164411

Our Data Protection Officer’s contact details
Ametros Group Limite
Lakeside Offices,
Thorn Business Park,
Hereford, Herefordshire,
HR2 6JT, England
0330 223 2246
dpo@ametrosgroup.com
www.ametrosgroup.com