General Enquiries
General Enquiries
Over 2 Metres

Privacy Policy

1. Who we are

This is V-Health Passport Limited’s (“VHP”, “we” or “us”) privacy policy (the “Privacy Policy”) and shall apply to any personal data that we collect from or about you when you use the services offered by VHP through its V-Health Passport product at [] (“the V-Health Passport”) [and/or the VPassport Application for mobile telephones and handheld devices (the “APP”)], including all online and wireless services and functions provided thereon (together “the Services”). This privacy policy sets out the basis on which we will process such personal data. We comply with current requirements to notify our data processing activities to the Information Commissioner’s Office and we are registered under number ZA785511.

When we use the term “personal data” we mean any information permitting a person to be identified, directly or indirectly. For example, this may be by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, biometric, mental, economic, cultural or social identity of that person. The term “process” means anything that we do with personal data, including when we collect, record, organise, structure, store, adapt, alter, retrieve, consult, use, share, combine, restrict, erase or destroy it.

VHP is accountable for demonstrating compliance with the six basic principles of processing personal data. These provide that personal data we deal with must be:

  1. processed fairly, lawfully and in a transparent manner;
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  3. adequate, relevant and limited to what is necessary;
  4. accurate and, where necessary, kept up to date;
  5. not kept for longer than necessary; and
  6. processed securely, maintaining integrity and confidentiality.


Our appointed Data Protection Officer, or “DPO”, is VST Enterprises Ltd, Crowe UK LLP, The Lexicon, 10-12 Mount Street, Manchester M2 5NT.

2. Information we may collect

We may collect and process the following data from you:

  • You may give us information about you by filling in forms when you register to download or use the V-Health Passport and/or the APP and/or use the Services or by corresponding with us (for example, by e-mail). The information you give us may include your name, address, e-mail address and phone number; date of birth; username, password and other registration information; nationality; demographic information; personal description; photograph; if you are a medical professional your registration details and other details evidencing your eligibility to practise. Please let us know if there are any changes to your personal details while you are registered with us.
  • You may upload copies of passports, driving licences and other means of identification.
  • Each time you visit the V-Health Passport or use the APP we may automatically collect the following information about you and your device:
    • technical device information, including the type of mobile device you use (“Device”); a unique device identifier (for example, your Device’s IMEI number, the MAC address of the Device’s wireless network interface, or the mobile phone number used by the Device); mobile network information; your mobile operating system; the type of mobile browser you use; time zone setting;
    • content information stored on your Device, such as contact information; login information; photos, videos or other digital content; checkins;
    • log information such as details of your use of any of the APP or your visits to the V-Health Passport including, but not limited to, traffic data, location data, weblogs and other communication data; resources that you access, including the nature of the content that is viewed, related transfer rates and length of viewing.
  • Our Services will make use of location data sent from the Device. If you use the Services, you consent to our and our affiliates’ transmission, collection, retention, maintenance, processing and use of your location data to enable us to provide the Services and the relevant functionality in accordance with our Terms and Conditions which are available at and this Privacy Policy. You will be asked to consent to the use of location services when you download the APP for the first time and/or sign up to the V-Health Passport. You may withdraw this consent at any time by turning off the location services settings on your Device’s ‘location settings’ pane or on the V-Health Passport; however this may mean that you can no longer access some or all of the Services.
  • Unique application numbers: When you install or uninstall a Service containing a unique application number or when such a Service searches for automatic updates, that number and information about your installation, for example, the type of operating system, may be sent to us.

We may also collect and process the following data about you, which we obtain from other sources:

  • Where anyone under 16/18 has a V-Health Passport OR is included on the V-Health Passport of a parent or guardian, we collect personal data from their parent or guardian.
  • We assign each user an identification number, which is used to identify users for the purposes of data minimisation but which can be linked back to an individual’s identity.
  • We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.

3. Uses made of your information

We will only use personal data when the law allows us to do so and relying on a relevant basis for lawful processing in each instance. We will use your personal data in the following circumstances, relying on the basis of processing indicated:

Basis of processing: Where we need to perform a contract we are about to enter into or have entered into with you.

  • To provide you with information or services that you request from us (contact details, medical information, any photograph you upload and identification documents needed for medical professionals to verify your identity).
  • To provide you with specific approvals arising from the Services, such as contact tracing, “Fit To Fly” certification or other evidence of your test status (contact details, your V-Health Passport identification number, medical information, location data).
  • To carry out our obligations arising from any contract entered into between you and us, which will include: (i) sharing your data with medical professionals and covid-19 test centres and contacting you with status updates if you are an individual user; and (ii) verifying your professional status if you are a medical professional user (contact details, payment information, your V-Health Passport identification number and any information relating to personalisation status; details relating to eligibility for medical professionals to practise).

Basis of processing: Where it is necessary for our legitimate interests (or those of a third party, such as our other users who opt in to contact tracing services) and we have undertaken an assessment to determine that processing for those interests does not outweigh your interests and fundamental rights (considering the nature and impact of the processing and any relevant safeguards we can put in place).

  • To ensure that content from our website or APP is presented in the most effective manner for you and for your device (online identifiers, location data and other technical information).
  • To provide you with contact tracing services or other information or services that we feel may interest you (where you have consented to be contacted for such purposes to the extent consent is required by law) (contact details, location data, medical information, your V-Health Passport identification number and any information relating to personalisation preferences).
  • To co-operate with regulators, like Public Health England, and other official bodies in order to deal appropriately with any risk to public health (contact details, location data, medical information).
  • To allow you to participate in interactive features of our Services, when you choose to do so (online identifiers, location data and other technical information).
  • To notify you about changes to our Services (contact details).
  • To maintain a basic amount of information about you and your transaction history, in order to provide you with a service tailored to your preferences (contact details, payment history and any information relating to personalisation status).

Basis of processing: Where we need to comply with a legal or regulatory obligation.

  • To retain basic transaction details for the purpose of tax reporting (contact details and transaction history).
  • We may share information with individuals or organisations if we are legally required to do so, for example if this is specified in a warrant or court order or we are required to cooperate in any medical regulatory investigation.

Basis of processing: Where you have consented to the processing.

  • To use non-essential cookies on the V-Health Passport or APP (see “Cookies” section below for further information) (online identifiers, your V-Health Passport identification number, location data and other technical information). You have the right to withdraw consent to such use at any time by contacting us but please note that some or all parts of our Services may no longer be accessible to you.
  • To send you direct marketing communications via email, text message, post or telephone call (contact details). You have the right to withdraw consent to any such use at any time by contacting us.

Other issues about how we use personal data:

  1. Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact our DPO if you need details about the specific legal basis we are relying on to process your personal data – contact details are below.
  2. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please contact us if you would like further details of any additional purposes of processing. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis that allows us to do so.
  3. Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with Services). If this happens, we may have to cancel, or be unable to provide, any Services you have requested.
  4. Please note that we may process your personal data without your knowledge or consent where required or permitted by law.
  5. We may collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered “personal data” in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your website usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
  6. If you provide us with any personal data relating to relatives, partners or other individuals it is your duty to make such persons aware that their personal data may be shared with us and to provide them with appropriate information about how their personal data may be processed by us.

4. Consent

In this policy, where we have referred to needing your consent for any processing, we will make sure that the consent:

  • is specific consent for one or more specified purposes; and
  • is given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of your agreement to the relevant processing of personal data.

In the case of users under the age of [16/18], to the extent we need consent we will gain that consent from their parent or guardian.

5. How we use sensitive personal data

Processing of sensitive personal data requires higher levels of protection. This sensitive personal data is any information about someone’s:

  • health or medical conditions
  • sex life
  • sexual orientation
  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership

It also includes genetic data and biometric data, such as fingerprints, if that information is used to identify an individual.

We may process sensitive personal data about an individual in the following circumstances:

  • We will process information about a user’s ethnicity when sharing this data with a medical professional for the purposes of identification in connection with covid-19 tests or vaccinations. This is on the basis of GDPR Article 9(2)(h) – healthcare and social care purposes – and Paragraph 2, Schedule 1, Data Protection Act 2018.
  • We will process information about a user’s physical health when recording information relating to covid-19 test results or any vaccination status, as part of your records on the app and in any “Fit To Fly” or other certification we agree to issue. This is on the basis of GDPR Article 9(2)(h) – healthcare and social care purposes – and Paragraph 2, Schedule 1, Data Protection Act 2018.
  • We will process information about a user’s (i) ethnicity; and (ii) physical health when sharing information relating to covid-19 test results when cooperating with regulatory bodies. This may be on the basis of GDPR Article 9(2)(h), as above, or GDPR Article 9(2)(i) – public health – and Paragraph 3, Schedule 1, Data Protection Act 2018 where the processing is overseen by a medical professional.

6. Disclosure of your information

We may disclose your personal data to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.

We may share your information with selected third parties including:

  • business partners, suppliers and sub-contractors who provide Services on our behalf;
  • if you are an individual user, we will permit access to your details by: (i) any medical professional you authorise as custodian of your account from time to time (until you end that authorisation or appoint a new medical professional as custodian); (ii) representatives of test centres with whom we work and who provide or record your covid-19 test results; and (iii) Public Health England and other governmental or regulatory bodies who may require such information for assessing the level of public health risk and/or monitoring progress in combatting covid-19;
  • if you are a medical professional user, we will permit access to your basic details by: (i) test centre representatives; and (ii) Public Health England or other governmental or regulatory bodies, to the extent they need to verify a user’s medical records or identification checks;
  • if you are a user representing a test centre, we will permit access to your basic details by: (i) medical professionals; and (ii) Public Health England or other governmental or regulatory bodies, to the extent they need to verify a user’s covid-19 test history; and

We may also disclose your personal data to third parties:

  • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • if VHP or substantially all of its assets are acquired by a third party, in which case personal data held by it about its users will be one of the transferred assets;
  • if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request; or
  • in order to: (i) enforce or apply the App Terms and Conditions and other agreements or to investigate potential breaches; or (ii) protect the rights, property or safety of VHP, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

7. Protection of minors

If you are under the ages of 16 and 18 (or classed as a minor) your registration must be with the permission of your parent or guardian. If you do not have such permission please do not register. In the event that we find out that you are between the age of 16 to 18 and you do not have such permission your account will be deleted. The above relates to direct registration with VHP or through any third party website.

NOTE TO PARENTS AND GUARDIANS. If you become aware that your child has provided us with personal data without your consent, please contact us at VHP does not knowingly collect personal data from children under 16 without parental or guardian consent. If we become aware that a child under 16 has provided us with personal data without consent, we will take all reasonable steps to remove such information and terminate the child’s account.

8. Cookies and log information

When you use the V-Health Passport or APP, VHP sends one or more cookies (which is a small file containing a string of characters), and/or similar tracking technology, to your computer or Device that uniquely identifies your browser. VHP uses cookies and such other technologies to improve the quality of the Services, including for storing account preferences, improving search results and ad selection, and tracking user trends, such as how people search and interact with our Services.

VHP servers automatically record information that your browser sends whenever you access the V-Health Passport, the APP or the Services. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of the V-Health Passport or the APP. They include, for example, cookies that enable you to log into secure areas.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the V-Health Passport or the APP. This helps us to improve the way our Services work, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies. These are used to recognise you when you return to the V-Health Passport or the APP. This enables us to personalise our content for you and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to the V-Health Passport or the APP, the pages you have visited and the links you have followed. We will use this information to make our Services and any advertising displayed more relevant to your interests. We may also share this information with third parties for this purpose.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you block cookies you may not be able to access all or parts of the V-Health Passport or the APP.

9. Marketing communications

VHP may use your username and email address to provide you with email newsletters, announcements, VHP news about products and/or services. If you did “opt in” at registration and no longer wish to receive these kinds of marketing communications, you may “opt out” by unchecking the email newsletters and announcements within your user profile.

10. Linking to third party websites

The V-Health Passport and/or the APP may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates (including, but not limited to, websites on which the APP or the Services are advertised). If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. Please check these policies before you submit any personal data to these websites or use these services.

11. Where and how we store your personal data

International data transfers

By law, the transfer of any personal data to countries outside the EEA is only permitted where the receiving country has an adequate level of protection or where the data subject consents to such transfer.

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. These staff may, for example, be engaged in the processing of your payment details and/or the provision of the Services on our behalf. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

All information you provide to us is stored on our secure servers.

Data security

Any payment transactions carried out by our chosen third-party provider of payment processing services will be encrypted using Secured Sockets Layer technology. Where we have given you (or where you have chosen) a password that enables you to access certain parts of the APP or certain Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to or via the any websites, the V-Health Passport and/or the APP; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We have put in place internal procedures to deal with any suspected data security breach and will notify you (and any applicable regulator) of a suspected breach where we are legally required to do so.

12. Data retention

We will not keep personal data in a form that permits identification of individuals for longer than is necessary for the purpose or purposes for which it was collected. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process information and whether we can achieve those purposes through other means and the applicable legal requirements.

We will only keep personal data for as long as is necessary for the purpose or purposes for which that personal data is processed; and we will let anyone about whom we process data know how long that is or the criteria that go into deciding how long that is.

We may sometimes anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

13. Your rights under applicable data protection laws

If you live in the United Kingdom or the European Union, your rights under applicable data protection laws as at the date of this Privacy Policy include:

  • The right to be informed about the processing of your personal data
  • The right to have your personal data corrected or completed if it is inaccurate or incomplete
  • The right to object to the processing of your personal data
  • The right to restrict the processing of your personal data
  • The right to have your personal data erased
  • The right to request access to your personal data and information about how it is processed
  • The right to move, copy and/or transfer your personal data
  • The right to object to automated decision-making including profiling

Some of these rights may not be available to you depending on the circumstances, for example where we have a legal right to continue processing your data.

We will seek to deal with any request or complaint with regard to our dealings with your personal data within one month of formal notification from you. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests, in which case we will notify you and keep you updated.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive - alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights); this is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.

You have the right at any time to complain to the Information Commissioner’s Office at but we would prefer you contact us in the first instance to see if we can resolve your problem.

14. Changes to our Privacy Policy

VHP may update this Privacy Policy from time to time as VHP’s business and services expand and change. Updates to this policy will be posted on this page. The new terms may be displayed on-screen and you may be asked to read and accept them to continue your use of the App or the Services. VHP encourages you to review this Privacy Policy periodically to review any changes that have been posted. VHP will never change its commitment to your privacy.

15. Questions

If you have any questions, comments or feedback about VHP’s use of your personal data or about this Privacy Policy, please contact us at We will use reasonable efforts promptly to investigate any complaint you may have regarding our use of your personal data and to comply fully with the legal and regulatory supervisory authorities responsible for enforcing VHP’s adherence to the privacy principles stated above.