Privacy Policy

Privacy Policy Statement Summary

What is Personal Data?

Personal data relates to a living individual (not animals) who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by The General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679.

Who are we?

Cytopath Ltd (Registered Company # 8610576) acts as the data controller (see contact details below). This means it decides how your personal data is processed and for what purposes.

Our commitment to you

At Cytopath Ltd., we respect the privacy of our veterinary clients and the pet owners who use our services. We consider our company to be a low-risk for abuse or breach of any personal information, however, we take all reasonable measures to keep all your personal information secure and confidential.

We operate from a single laboratory site and, with the exception of portable backed-up data material, all personal information, both digital and physical is kept on this site.

We will not share any personal information with any third party without the veterinary clients’ prior consent or instruction and only that information that relates to identification of the patient and client shall be shared so as to facilitate accurate pathology reporting.

We will maintain internet security measures at all times and our website will not contain any personal owner or client information.

Our database is maintained separately from our website.

We currently do not use Cookies on our website.

As of 25 May 2018, the personal patient and owner information stored on our database will be restricted to the pet’s name, the owner’s surname and any (anonymised) identifying numbers submitted by you (our clients).

We will comply with our obligations under the GDPR by keeping personal data up to date by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure.

We will undertake to ensure that all storage and disposal (incineration/shredding) of documents containing personal information is done so with assurances of appropriate privacy measures by our staff and any third parties.

The Cytopath Privacy Policy

This following policy outlines in detail what information we gather from you and how we may use or disclose that information, and describes our efforts to protect it.

If you have any questions regarding the content or if you have any concerns about the policy, please feel free to contact us:

  • Email:
  • Phone: 01531 630063
  • Fax: 01531 634 683 (Attention: Data Protection Officer)
  • Mail: PO Box 24, Ledbury, Herefordshire, HR8 2YD

1. The Information That We Collect

1.1 Types of Information Collected and Held

We may collect personal information about you (the veterinarian/veterinary public) and/or your clients in connection with the offer and sale of our pathology services, including

  1. Accounts: information about your transactions with us, including account activity records, such as purchases of various services;
  2. Businesses: information regarding veterinary businesses, including addresses, fax and phone numbers, email addresses and staff names.
  3. Veterinarians: email addresses (business and personal), telephone numbers, professional role/position in the practice.
  4. Patients: patient owner information, including surname and animal identification and/or first line of address

1.2 How the Information May be Collected

  1. Filling in of pathology submission forms by you
  2. Filling in of supply/contact request forms on our website
  3. Correspondence with Cytopath Ltd in person, by telephone, fax, post, email or otherwise.

2. How the Personal Data is Used

Cytopath Ltd uses your personal information solely:

  • to respond to your request for services, or information;
  • to fulfil our contractual obligations to you with regard to providing pathology testing;
  • to arrange for and process payments owed by you in connection with services and contracts;
  • customer support;
  • to contact you in relation to obtaining consent and information for the purposes of scientific publications and/or presentations

Your contact details will not be shared with third parties but may be used by us for periodic mailings, telephone calls, faxes, or emails, with information on new/altered tests and services, opening hours, price lists information, newsletters, Cytopath promotional material or notification of upcoming events.

3. The Legal Basis for processing your Data and Your Rights

3.1 Cytopath Ltd reserves the right to collect and hold patient and client personal information for the following purposes:

  1. carrying out its business as a veterinary diagnostic pathology firm.
  2. fulfilling its contractual obligations to the veterinary client with respect to timely and appropriate reporting of diagnostic cases (Article 6, 1b of the GDPR).
  3. to enable accurate identification of diagnostic samples.

3.2 Your rights:

3.2.1 You may have right of access to the personal information that we hold about you.

3.2.2 You may request that inaccurate information held is corrected or deleted.

3.2.3 You may object to the use of your personal information being used for direct marketing purposes.

3.2.3 You may request that your personal information is transferred to you or a new lab/data controller/service provider.

3.2.4. You may request that the personal data held by Cytopath is erased where it is no longer necessary for us to hold such data.

3.2.5 You have the right to withdraw your consent to the processing of your personal data. Note that this may impact on our ability to provide an accurate and timely service to you.

3.2.6 You have the right to object to the processing of your personal data. Note that this may impact on our ability to provide an accurate and timely service to you.

3.2.6 You have the right to lodge a complaint with the Information Commissioners Office (ICO).

4. Disclosure of Information

Our policy is to notify and request consent from our (veterinary) clients of any requests for their information prior to our disclosure of it.

We may disclose your personal information where consent has been attained or where reasonably necessary for the purposes below:

4.1 exchanged between Cytopath Ltd and third-parties (e.g. reference laboratories) only where needed for patient identification, transaction processing and reporting. Cytopath will seek privacy statements and assurance from the third parties that any personal data is similarly protected by the GDPR.

4.2 where disclosure is required by law for information requests by government, regulatory bodies, prosecution/litigation parties.

4.3 to any persons/company/ies that takes over our business and assets.

4.4 Your information may be used by us in connection with scientific publications and presentations. In most cases the information will be made anonymous. However, if this is not possible, we will request consent from you before proceeding.

5. Retention and Deletion/Disposal of Personal Data

We will keep your personal data for no longer that is reasonably necessary to:

5.1 Provide and undertake our services to you

5.2 Maintain a reasonable archive of files and related samples for retrospective medical and legal requirements

This is approximately:

Submission forms: 3 years.

Email correspondence: up to 7 years.

Active electronic database: 3 years.

Backups of live electronic database (portable external hard drives): 1 year.

Electronic database archives (on site external hard drive): Indefinitely (this archived information would serve purely for processing of diagnostic pathology data for the use in retrospective studies and to advance the veterinary field).

Patient samples/specimens (often with attached identifying data): up to 1 year.

At the end of these periods, any paper documentation or samples containing personal data will be incinerated and/or shredded. Electronic files shall be deleted/erased from storage sites.

5.3 We may retain limited information about you even if you leave your current employer so as to maintain a continuous professional relationship and to facilitate medical follow-up of your patients and/or for legal requirements.

5.4 We will endeavour to keep your personal data accurate and up-to-date.


We use all reasonable physical, procedural and technical safeguards to deter unauthorised access, destruction or use of individual identifiable information.

Commercial computer and internet security is maintained to protect databases containing personal information.

Internal networked laboratory computers shall only have internet access where required.

All Cytopath computers are password protected.

There is no direct connection between the Cytopath Ltd website and the laboratory database.

As of 25th May, 2018, other than surnames, no other owner identifying parameters are to be stored in a digital format.

Email addresses and patient reports may be stored within the Cytopath database, in Outlook programs and in a (back-up) Gmail account under appropriate passcode security.

Submission forms (containing client and patient information) are archived on site at the laboratory. Disposal of these forms is by incineration.

We instruct our employees that all personal information must be handled in accordance with this Privacy Policy, and that any misuse or disclosure of this information by employees may be subject to disciplinary action.

7. Data Breaches

Personal data breach refers to a breach in security resulting in destruction, loss, alteration, unauthorised disclosure or access to personal/identifying data.

If the breach involves information that is likely to result in a high risk to the rights and freedoms of individuals, the individuals involved will be contacted directly.

8. Enforcement

Our staff will all be made aware of their obligations and responsibilities and will be familiar with our privacy policy. We will also have procedures in place to address any complaints, requests/enquires or breaches in security. We will investigate and attempt to resolve these issues with reference to the principles contained in this policy. If you have any enquiries in this regard please contact our ‘Data Protection Officer’ using the contact details above.

9. Changes to Privacy Policy

It may be necessary from time to time for us to modify this policy to reflect changes in the way we collect and use information or changes in privacy-related laws, regulations, and industry standards. We will provide reasonable notice of material changes to this policy. Visitors should review this page on our website from time to time to check for any changes.