Privacy

In order to keep things simple for our readers, we've written different versions of our Privacy Notice.

• If you're a customer, interested in purchasing a Pastest product, or simply browsing the website, this is the correct Privacy Notice for you - keep reading. 
  
  

• If you're a third party supplier, writer, editor, or other equivalent contributor/service provider then please read our Privacy Notice for Third Parties and Suppliers.

We are Pastest Ltd (Pastest), a company providing online medical revision tools and books. We are the Data Controllers for any personal data you share with us.

We receive your information in the following ways:

• When you communicate with us in person, via a letter, email, telephone, or direct message via social media or live chat.
• When you sign up to one of our mailing lists, or take part in competitions or promotions, or surveys.
• When you subscribe to an online resource or purchase a book.
• When you use our websites and mobile apps, or interact with us via social media through messages, posts or by providing your email address to receive further information.
• Through audio, image, video or data recording.
• By collating data freely available on the internet.

We may collect any of the following data about you:

• Name, email address, address, telephone number.
• Visual and audio media and images.
• Current level of study/job title or role, current medical institution, upcoming exam dates.
• Order, subscription, transactional history and session usage data.
• Digital identification data - e.g. browser type and version, cookies, app device ID, current device, operating system, version, internet service provider (ISP), IP address, domain name, device screen resolution.

• To administer the purchase and delivery of our products and services.
• To share with selected third parties (Data Processors) to deliver key business functions.
• This could include sending you emails about your performance, delivering books, advertising on a third-party platform, or verifying your address.
• See below for our list of third parties.
• To serve website content, relevant advertisements and communications to you.
• For analytical, statistical or survey purposes to improve our services to you.
• To answer and resolve queries.
• To manage risk for ourselves and our customers.
• To obey laws and regulations.
• To exercise our rights as set out in contracts and agreements.

To read more about grounds for processing information, please view the ICO Website.

Consent

• To collate customer feedback, industry knowledge and insight.
• To send you emails, and targeted online ads from our non-customer mailing lists.
• To inform you of potential employment or contractual opportunities.
• To use quotations, images or other personal data for our marketing and advertising purposes.
• To use your information for competitions, and contact you if you win.
• To pay you, when it is appropriate to do so.

Legitimate Interests

• To solve customer enquiries that arise through email, telephone, letters, social media direct messages or live chat.
• To send marketing emails, surveys, and targeted online ads to website visitors, current and previous customers.
• To inform current and previous customers of potential employment or contractual opportunities.
• To disseminate information to relevant parties whose contact information is freely available in the public domain.
  • In some instances, we will contact you using information that we collect. This may be because you are a student governor, med school representative, or other relevant interested party.
    • The extent of the information we may collect and process will be your name, email address, telephone contact details, Medical School/University/Hospital (if appropriate) and your job title/role.
    • You can ask to be removed from our mailing lists at any time by emailing DataControl@pastest.com, and we promise to only share relevant news and resources with you.
  • To deploy Cookies - our online ordering system uses a 'cookie' to record a unique reference on your computer so that we can keep track of your order as you use the system. This cookie, that is saved to your system, is only valid for a single visit and each new visit will result in a new cookie overwriting any previous cookies that were generated on previous visits to our site.
    • Most web browsers allow some control of cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit aboutcookies.org or www.allaboutcookies.org.
    • If your internet browser is set to reject cookies or if your network firewall won't allow them, you will not be able to use our online store or services.
  • To analyse the users of our website through tracking services (Google Analytics, Hotjar).
    • To opt out of being tracked by Google Analytics across all websites you can use a browser extension provided by Google.
    • You may opt-out from having Hotjar collect your information when visiting a Hotjar Enabled Site at any time by visiting the HotJar Opt-out page and clicking ‘Disable Hotjar’ or enabling Do Not Track (DNT) in your browser.

Contractual

If you are a customer of ours, having subscribed online or purchased a book, we use your personal data for the following reasons:

• To provide customer feedback surveys.
• To serve website content and advertisements to a specific customer.
• To administer the website and our online products, including the app.
• To notify customers of products or special offers that may be of interest.
• To back up your data in case of disaster recovery.
• For statistical or survey purposes to improve the website and services to users.
• To store and backup user-generated content.

It is a contractual requirement that you provide all data in the subscription process. If you fail to provide data or request erasure of data or restriction of processing during a subscription, we may be unable to deliver the service.

Legal Duty

• For example, to ensure compliance with various regulations, e.g. taxation as administered by HMRC.

Vital Interests

• If we have serious concerns about your wellbeing, we may disclose your information to the police or other relevant authorities.

• As a customer, we will keep your data for as long as we need to, in order to administer your subscription or deliver a book. After that date, we may keep your records on file for up to ten years for legal reasons and in order to contact you about relevant products, services and opportunities. You can unsubscribe from marketing emails at any time, however, this may impact your experience of an online subscription.
• As an active subscriber to our mailing lists, we will keep your data indefinitely or until you request that it is deleted.
• If you contact us via our enquiries email inbox, we will keep a record of that enquiry for up to two years. If you contact us via live chat, we will keep a record of that enquiry for up to 365 days. Social media direct messages are kept indefinitely, although you can request deletion of your data from those platforms at any time.
• If you have provided your details on the basis of consent, we will tell you at that time how long we shall keep your data for.

We may share your data with a variety of third party suppliers. Please see the table below for further details.

• In limited instances, we may share your data with selected, GDPR-compliant companies based outside of the European Economic Area (EEA). We will obtain your explicit consent prior to doing so.
• If your online subscription was purchased by a university / medical school / other educational institution outside the EEA, then we may share some personal identification data with that institution only e.g. name / email address. We will make this clear to you at the point at which you sign up for a subscription.
• For deliveries outside of the EEA, we will pass your delivery information to selected, GDPR-compliant, third-party distributors or couriers in order to deliver your item(s).

No. Should this ever change, we will notify you, and obtain your specific consent for this purpose.

• We strongly recommend you DO NOT send anything confidential to us by email. We have rigorous procedures and comprehensive security features to protect any information we receive from you.
• We remind you of the importance of logging out of public devices. Ensure that any device you use to access our online subscriptions or apps has enough security (e.g. PIN code) to stop unwanted users from viewing your personal data.

You have the right to be informed.

• We have to tell you about the ways in which we collect and process your data, how long we will hold it for, who we share it with and what they do with it.
• We have to tell you whether your data will be transferred out of the European Economic Area (EEA), where and whether it will be safe.
• We have to tell you whether you will be subject to automated decision making.
• We have to tell you what rights you have in respect of the personal data we hold about you, and the consequences of not providing your data.
• We have to tell you what you can do in the event of your rights being violated.
• We have to tell you where we obtained your data from if not directly from you.

You have the right of access.

• We hold various types of personal information about you, as highlighted in this privacy notice. We are legally obliged to provide you with a copy of this data, should you request it.
• We will try to resolve queries of this nature informally with you, if appropriate. This may involve telling you the information that you need via email, or over the phone.
• If you have any doubt about the accuracy or lawfulness of the processing of your personal data, you have the right to make a ‘Subject Access Request’ (SAR).
  • In this instance, we (the Data Controller) must provide you with:
    • Confirmation that we are processing your data (if applicable).
    • Access to the data that we hold about you, in a reasonable, easily accessed format (e.g a pdf or spreadsheet).
  • We will provide this information to you within one month of receiving the request.
  • If the request is excessive or complex, we may extend the duration of this response period by two months, and reserve the right to charge a reasonable fee to cover administrative costs.
• We will not provide personal data where it adversely affects the rights of other individuals, or is protected by legal privilege.

To request any information or make a SAR, please email DataControl@pastest.com.

You have the right to rectification.

• If you discover an error in the personal information that we hold about you, you have the right to rectification.
• If you notify us of a rectification, we will, without undue delay, and within one month, correct the records that we hold internally, and with any third party data processors that we employ.
• As with a Subject Access Request, If the request is excessive or complex, we may extend the duration of this response period by two months.

To exercise these rights, please email DataControl@pastest.com.

You have the right to restrict processing.

• If we dispute the fact that our information is inaccurate, and request more time to verify this, you have the right to request that data processing is restricted.
  • We need to inform you when this restriction is lifted, and ensure that third parties are restricted appropriately too, provided it doesn’t require disproportionate effort.

To exercise these rights, please email DataControl@pastest.com.

You have the right to object.

• You have the right to object to the following:
  • Direct marketing.
  • Processing for research or statistical purposes.
  • Processing based on legitimate interests.

To exercise these rights, please email DataControl@pastest.com.

You have the right to erasure.

• If there is a problem with the underlying legality of the data processing activity, you may request that your data is erased.

To exercise these rights, please email DataControl@pastest.com.

You have the right to data portability.

• Due to the nature of our service, this right has limited applications. We can provide you with name, email address, and other such personal data you have registered with us, but you will appreciate we cannot divulge copyrighted material, e.g. questions.

To exercise these rights, please email DataControl@pastest.com.

If you feel that your rights have been violated, you can make a complaint to the Pastest Data Protection Team by emailing DataControl@pastest.com. You also have the right to complain to the supervisory authority, the Information Commissioner’s Office, at www.ico.org.uk/concerns or telephone 0303 123 1113 for further information about your rights, and how to make a complaint.

You have the right to object to the following:

• Direct marketing.
• Processing for research or statistical purposes.
• Processing based on legitimate interests.

You can object to data processing by emailing DataControl@pastest.com. If you wish to unsubscribe from marketing emails, simply click the unsubscribe link at the bottom of any email.

If you feel that your rights have been violated, you can make a complaint to the Pastest Data Protection Team by emailing DataControl@pastest.com. You also have the right to complain to the supervisory authority, the Information Commissioner’s Office, at www.ico.org.uk/concerns or telephone 0303 123 1113 for further information about your rights, and how to make a complaint.

This privacy notice was updated on 31 May 2023 to update our Third-Party Suppliers list, and clarify use of personal data.

You can contact the Data Protection Team by emailing DataControl@pastest.com.

You can write to us at:

Pastest Ltd.
No. 3 Booths Park
Chelford Road
Knutsford
Cheshire
United Kingdom
WA16 8GS

In order to keep things simple for our readers, we've written different versions of our Privacy Notice.

• If you're a third party supplier, writer, editor, or other equivalent contributor/service provider, this is the correct Privacy Notice for you - keep reading.

• If you're a customer, interested in purchasing a Pastest product, or simply browsing the website then please read our Privacy Notice for Customers and Website Users.

We are Pastest Ltd (Pastest), a company providing online medical revision tools and books. We are the Data Controllers for any personal data you share with us.

We receive your information in the following ways:

• When you communicate with us in person, via a letter, email, telephone, or direct message via social media or live chat.
• When you sign up to one of our mailing lists, or take part in competitions or promotions, or surveys.
• When you subscribe to an online resource, or purchase a book.
• When you use our websites and mobile apps, or interact with us via social media.
• Through audio, image, video or data recording.
• By collating data freely available on the internet.

We may collect any of the following data about you:

• Name, email address, address, telephone number.
• Visual and audio media and images.
• Current level of study/job title or role, current medical institution, upcoming exam dates.
• Order, subscription, transactional history and session usage data.
• Digital identification data - e.g. browser type and version, cookies, app device ID, current device, operating system, version, internet service provider (ISP), IP address, domain name, device screen resolution.

• To administer the purchase and delivery of our products and services.
• To share with selected third parties (Data Processors) to deliver key business functions.
  • See below for our list of third parties.
• To serve website content, relevant advertisements and communications to you.
• For analytical, statistical or survey purposes to improve our services to you.
• To answer and resolve queries.
• To manage risk for ourselves and our customers.
• To obey laws and regulations.
• To exercise our rights as set out in contracts and agreements.

To read more about grounds for processing information, please view the ICO Website.

Consent

• To collate customer feedback, industry knowledge and insight.
• To send you emails and targeted online ads from our non-customer mailing lists.
• To inform you of potential employment or contractual opportunities.
• To use quotations, images or other personal data for our marketing and advertising purposes.
• To use your information for competitions, and contact you if you win.
• To pay you, when it is appropriate to do so.

Legitimate Interests

• To solve customer enquiries that arise through email, telephone, letters, social media direct messages or live chat.
• To send marketing emails, surveys and targeted online ads to website visitors, current and previous customers.
• To inform current and previous customers of potential employment or contractual opportunities.
• To disseminate information to relevant parties whose contact information is freely available in the public domain.
  • In some instances, we will contact you using information that we collect. This may be because you are a student governor, med school representative, or other relevant interested party.
    • The extent of the information we may collect and process will be your name, email address, telephone contact details, Medical School/University/Hospital (if appropriate) and your job title/role.
    • You can ask to be removed from our mailing lists at any time by emailing DataControl@pastest.com, and we promise to only share relevant news and resources with you.
  • To deploy Cookies - our online ordering system uses a 'cookie' to record a unique reference on your computer so that we can keep track of your order as you use the system. This cookie, that is saved to your system, is only valid for a single visit and each new visit will result in a new cookie overwriting any previous cookies that were generated on previous visits to our site.
    • Most web browsers allow some control of cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit aboutcookies.org or www.allaboutcookies.org.
    • If your internet browser is set to reject cookies or if your network firewall won't allow them, you will not be able to use our online store or services.
  • To analyse the users of our website through tracking services (Google Analytics, Hotjar).
    • To opt out of being tracked by Google Analytics across all websites you can use a browser extension provided by Google.
    • You may opt-out from having Hotjar collect your information when visiting a Hotjar Enabled Site at any time by visiting the HotJar Opt-out page and clicking ‘Disable Hotjar’ or enabling Do Not Track (DNT) in your browser.

Contractual

If you are a customer of ours, having subscribed online or purchased a book, we use your personal data for the following reasons:

• To provide customer feedback surveys.
• To serve website content and advertisements to a specific customer.
• To administer the website and our online products, including the app.
• To notify customers of products or special offers that may be of interest.
• To back up your data in case of disaster recovery.
• For statistical or survey purposes to improve the website and services to users.
• To store and backup user generated content.

It is a contractual requirement that you provide all data in the subscription process. If you fail to provide data or request erasure of data or restriction of processing during a subscription, we may be unable to deliver the service.

Legal Duty

• For example: to ensure compliance with various regulations, e.g. taxation as administered by HMRC.

Vital Interests

• If we have serious concerns about your wellbeing, we may disclose your information to the police or other relevant authorities.

• As a customer, we will keep your data for as long as we need to, in order to administer your subscription, or deliver a book. After that date, we may keep your records on file for up to ten years for legal reasons and in order to contact you about relevant products, services and opportunities. You can unsubscribe from marketing emails at any time, however, this may impact your experience of an online subscription.
• As an active subscriber to our mailing lists, we will keep your data indefinitely or until you request that it is deleted.
• If you contact us via our enquiries email inbox, we will keep a record of that enquiry for up to two years. If you contact us via live chat, we will keep a record of that enquiry for up to 365 days. Social media direct messages are kept indefinitely, although you can request deletion of your data from those platforms at any time.
• If you have provided your details on the basis of consent, we will tell you at that time how long we shall keep your data for.

We may share your data with a variety of third party suppliers. Please see the table below for further details.

• In limited instances, we may share your data with selected, GDPR-compliant companies based outside of the European Economic Area (EEA). We will obtain your explicit consent prior to doing so.
• For deliveries outside of the EEA, we will pass your delivery information to selected, GDPR-compliant, third-party distributors or couriers in order to deliver your item(s).

No. Should this ever change, we will notify you, and obtain your specific consent for this purpose.

• We strongly recommend you DO NOT send anything confidential to us by email. We have rigorous procedures and comprehensive security features to protect any information we receive from you.
• We remind you of the importance of logging out of public devices. Ensure that any device you use to access our online subscriptions or apps has enough security (e.g. PIN code) to stop unwanted users from viewing your personal data.

You have the right to be informed.

• We have to tell you about the ways in which we collect and process your data, how long we will hold it for, who we share it with and what they do with it.
• We have to tell you whether your data will be transferred out of the European Economic ARea (EEA), where and whether it will be safe.
• We have to tell you whether you will be subject to automated decision making.
• We have to tell you what rights you have in respect of the personal data we hold about you, and the consequences of not providing your data.
• We have to tell you what you can do in the event of your rights being violated.
• We have to tell you where we obtained your data from if not directly from you.

You have the right of access.

• We hold various types of personal information about you, as highlighted in this privacy notice. We are legally obliged to provide you with a copy of this data, should you request it.
• We will try to resolve queries of this nature informally with you, if appropriate. This may involve telling you the information that you need via email, or over the phone.
• If you have any doubt about the accuracy or lawfulness of the processing of your personal data, you have the right to make a ‘Subject Access Request’ (SAR).
  • In this instance, we (the Data Controller) must provide you with:
    • Confirmation that we are processing your data (if applicable).
    • Access to the data that we hold about you, in a reasonable, easily accessed format (e.g a pdf or spreadsheet).
  • We will provide this information to you within one month of receiving the request.
  • If the request is excessive or complex, we may extend the duration of this response period by two months, and reserve the right to charge a reasonable fee to cover administrative costs.
• We will not provide personal data where it adversely affects the rights of other individuals, or is protected by legal privilege.

To request any information or make a SAR, please email DataControl@pastest.com.

You have the right to rectification.

• If you discover an error in the personal information that we hold about you, you have the right to rectification.
• If you notify us of a rectification, we will, without undue delay, and within one month, correct the records that we hold internally, and with any third party data processors that we employ.
• As with a Subject Access Request, If the request is excessive or complex, we may extend the duration of this response period by two months.

To exercise these rights, please email DataControl@pastest.com.

You have the right to restrict processing.

• If we dispute the fact that our information is inaccurate, and request more time to verify this, you have the right to request that data processing is restricted.
  • We need to inform you when this restriction is lifted, and ensure that third parties are restricted appropriately too, provided it doesn’t require disproportionate effort.

To exercise these rights, please email DataControl@pastest.com.

You have the right to object.

• You have the right to object to the following:
  • Direct marketing.
  • Processing for research or statistical purposes.
  • Processing based on legitimate interests.

To exercise these rights, please email DataControl@pastest.com.

You have the right to erasure.

• If there is a problem with the underlying legality of the data processing activity, you may request that your data is erased.

To exercise these rights, please email DataControl@pastest.com.

You have the right to data portability.

• Due to the nature of our service, this right has limited applications. We can provide you with name, email address, and other such personal data you have registered with us, but you will appreciate we cannot divulge copyrighted material, e.g. questions.

To exercise these rights, please email DataControl@pastest.com.

If you feel that your rights have been violated, you can make a complaint to the Pastest Data Protection Team by emailing DataControl@pastest.com. You also have the right to complain to the supervisory authority, the Information Commissioner’s Office, at www.ico.org.uk/concerns or telephone 0303 123 1113 for further information about your rights, and how to make a complaint.

You have the right to object to the following:

• Direct marketing.
• Processing for research or statistical purposes.
• Processing based on legitimate interests.

You can object to data processing by emailing DataControl@pastest.com. If you wish to unsubscribe from marketing emails, simply click the unsubscribe link at the bottom of any email.

If you feel that your rights have been violated, you can make a complaint to the Pastest Data Protection Team by emailing DataControl@pastest.com. You also have the right to complain to the supervisory authority, the Information Commissioner’s Office, at www.ico.org.uk/concerns or telephone 0303 123 1113 for further information about your rights, and how to make a complaint.

This privacy notice was updated on 31 May 2023 to update our Third-Party Suppliers list, and clarify use of personal data.

You can contact the Data Protection Team by emailing DataControl@pastest.com.

You can write to us at:

Pastest Ltd.
No. 3 Booths Park
Chelford Road
Knutsford
Cheshire
United Kingdom
WA16 8GS