Privacy Statement

TestingToday Privacy Statement


We are TestingToday is a PEI company. PEI is a specialist medical distribution company incorporated in Ireland (registered no. 378636) with registered office at M50 Business Park, Ballymount Road Upper, Ballymount, Dublin 12 (“TestingToday”, “us”, “we”, or “our”). We offer solutions (both products and services) which can support an organisation’s COVID-19 Response Plan and help create the safest and most productive workplace environment possible (the “Products”).


At TestingToday we are committed to protecting and respecting your privacy.


This Privacy Statement will let you know how we look after the personal data which we collect from you in connection with your use of the Products, and any related content, products and services.


This Privacy Statement also informs you as to our obligations and your rights under data protection law.


Click on the headings below to find out more about how we collect and process your personal data:





  1. Who is responsible for your personal data?


For the purposes of the EU General Data Protection Regulation (EU Regulation 679/2016) (the “GDPR”), TestingToday is the data controller with regard to the personal data described in this Privacy Statement.


Data controllers” are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed, who/which make independent decisions in relation to the personal data and/or who/which otherwise control that personal data.


In particular, we have appointed a Data Protection Officer within TestingToday to monitor compliance with our data protection obligations and with this Privacy Statement and related policies. If you have any questions about this policy or about our data protection compliance please contact us.





  1. What personal data do we collect?


Personal data” means any information relating to an identified or identifiable natural person. Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions and/or behaviour.


Special categories of personal data” of particularly sensitive personal data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data.


When you register for and use our Products:


When you register to use our Products you will be asked to provide the following information:




  • Name
  • Email address
  • Postal address
  • Contact number
  • Financial details
  • Record of billable services provided
  • Billing and payment records



Through our website:


We have a contact portal on our website ( through which you may elect to make the following information available to us:


  • Name
  • Email address
  • Contact number
  • Comments which you submit which might occasionally contain personal data


In addition to the above we may collect, use, store and transfer different kinds of personal data about people using our website which we have grouped together as follows:


  • Analytical Information: includes information on how you interact with the website, such as IP address, date, time, information about your browser, operating system and computer or device, pages viewed, and items clicked. We may also collect location information, including location information automatically provided by your computer or device.




  1. How do we collect your personal data?


We collect the administrative and special categories of personal data directly from you.


We collect certain personal data via our website through use of contact forms and use of cookies.







  1. For what purposes do we process your personal data and what is our legal basis?


We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.


Type of data


Purposes of processing


Lawful basis for processing


Name, email, phone number, postal address ·     So that we can communicate with you with regard to the delivery and set up of the Products.

·     To send you any additional information or replacement parts you might need

Necessary for the purposes of performing our contract with you.
Financial details: billing records, payment records etc ·     To process and deliver your order including:


(a)   Manage payments, fees and charges

(b)   Collect and recover money owed to us

Necessary for the performance of a contract with you; and

Necessary for our legitimate interests (to recover debts due to us)

Name, email, phone number, comments To respond to you where you have provided comments to us or asked us questions via our website. Consent
Analytical information To make our website function more efficiently and effectively in order to improve your online experience with us Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security etc.)




Where we need to collect personal data under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the Products or associated services). In this case, we may have to cancel a Product or service you have with us, but we will notify you if this is the case at the time.


Where we rely on consent as a legal basis, you may withdraw consent at any time by contacting us.


Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.


We use cookies to facilitate the use of our website. For detailed information on the cookies we use and the purposes for which we use them, see our cookie policy here.




  1. Do we share your personal data with anyone else?


We may share your personal data with the following parties in connection with our processing of your personal data:


  • Third party service providers for the purpose of system support


We require all third parties to enter into a data processing agreement/data sharing agreement with us which complies with our obligations under the GDPR. This agreement requires third parties to have appropriate security systems in place and only to use your personal data on our instructions and in accordance with data protection law.


Under certain circumstances, TestingToday may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).




  1. Links to third party websites


Our website may contain links to and from websites operated by third parties unaffiliated with TestingToday. We do not control these third-party websites and we make no endorsements, warranties, or representations whatsoever regarding, nor do we assume any responsibility whatsoever in respect of, such third-party websites or the materials, information and content contained therein. We strongly advise that you carefully review the terms and conditions and privacy policies of all linked third-party websites. We also reserve our right to discontinue any and all links to our website from third party websites, at any time, at our sole and exclusive discretion.




  1. Keeping your personal data secure


We take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. We limit access to your personal data to those employees, agents and other third parties who are required to have access to your personal data and where they have agreed that they are subject to a duty of confidentiality.


We have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction.  We have procedures in place to deal with actual and suspected data breaches which include an obligation on us to notify the supervisory authority and/or you, the data subject, where legally required to do so.




  1. Transferring personal data out of the EEA


We do not currently transfer any of your personal data out of the European Economic Area.


If circumstances arise in which we have to transfer your personal data out of the European Economic Area for the purposes of carrying out the services we provide to you, we will always ensure that there are appropriate safeguards in place to protect your personal data such as:


  • the European Commission has issued a decision confirming that the country to which we transfer the personal data ensures an adequate level of protection for the data subjects’ rights and freedoms;


  • appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from us on request;


  • you have provided explicit consent to the proposed transfer after being informed of any potential risks; or


  • the personal data is being transferred to a company in the US which has self-certified its compliance with the EU-US Privacy Shield which has been found by the European Commission to provide an adequate level of protection to the personal data of EU citizens.




  1. For how long do we keep your personal data?


Your personal data will be deleted when it is no longer reasonably required for the purposes described above or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data.


In determining our retention period for categories of personal data we at all times will consider our obligations under the data protection legislation, guidance from the Data Protection Commission, any other specific legislative requirements as well as the amount and nature of the data itself.




  1. Your data protection rights


Under certain circumstances, by law you have the right to:


  • Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.


  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.


  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.


  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).


  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.


  • Object to automated decision-making including profiling, that is not to be the subject of any automated decision-making by us using your personal information or profiling of you. We do not engage in any automated decision making.


  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.


  • Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.


In the event that you wish to make a complaint about how your personal data is being processed by TestingToday, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority who can be contacted as follows:


Contact Data Protection Commission
Telephone +353 57 8684800/+353 761 104 800
Post Data Protection Commission

21 Fitzwilliam Square South
Dublin 2
D02 RD28





  1. Contact us


You can contact us with any queries, complaints or requests to exercise your data protection rights using the details below:


Contact: Data Protection Officer
Telephone: 01 4196900
Post: M50 Business Park, Ballymount Road Upper, Ballymount, Dublin 12





  1. Updates to this Privacy Statement


Our Privacy Statement may change from time to time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.