Your Privacy

Privacy Policy & Data Protection Notice

How we collect, store, and protect your personal and health information.

Last updated: April 2026

1. Who We Are

Meridian Clinical Laboratories ("we," "us," or "our") is a diagnostic laboratory operated as a division of Amadeo Medical Limited. Our Medical Director is Dr. Charles Dane Rockhead, MBBS, DM OBGYN.

We operate from the following locations: Kingston (main laboratory), Spanish Town, Portmore, and Kingston satellite.

2. Jamaica Data Protection Act 2020

We comply with the Jamaica Data Protection Act 2020 (DPA). Under the DPA, your personal data — including health information — is classified as sensitive personal data requiring enhanced protections.

You have the right to:

Access your data
Correct inaccuracies
Request deletion (subject to retention requirements)
Object to processing
Data portability

Our lawful basis for processing your data:

Consent: Given at registration
Legitimate interests: Providing diagnostic services
Legal obligation: Ministry of Health reporting requirements

3. What We Collect

Personal information: Name, email, phone, date of birth, address
Health information: Test orders, test results (PDFs), appointment history, AI-generated result explanations
Technical information: IP address, browser type, pages visited (via analytics)
Communication records: WhatsApp/email notifications, chat conversations

4. How We Use Your Information

Processing and delivering your test results
Generating AI-powered plain-English explanations of your results
Sending appointment confirmations, reminders, and result notifications
Responding to your enquiries
Improving our services via anonymised analytics
Complying with Ministry of Health reporting requirements

5. How We Store & Protect Your Data

Test result PDFs stored on encrypted Amazon Web Services (AWS) S3 servers with AES-256 encryption
PDFs never pass through our application servers — your browser receives a temporary link (valid 15 minutes) direct to AWS
Patient profile data stored in encrypted AWS RDS PostgreSQL database
All data encrypted in transit (TLS 1.3) and at rest
Access logs maintained for 7 years per Jamaica DPA requirements
Every access to your results is logged with timestamp, IP address, and action taken

6. Patient Portal Security

Multi-factor authentication (MFA) required for all logins
JWT tokens with 15-minute expiry
Password reset via secure time-limited tokens
Portal sessions automatically expire after inactivity

Your referring physician (if you were referred and consent)
Ministry of Health & Wellness (as required by law for notifiable conditions)
Amazon Web Services (data storage — encrypted, no access to content)

We NEVER sell, rent, or share your personal data for marketing or advertising.

We NEVER include health information in WhatsApp or email notifications — only a secure link to your portal.

8. Cookies & Analytics

We use Google Analytics 4 and Microsoft Clarity for website analytics. These are only activated after you consent via our cookie banner.

Analytics data is anonymised and never linked to your medical records. You can reject cookies at any time.

9. Data Retention

Test results and patient records: 7 years from date of last service
Access/audit logs: 7 years
Website analytics: 26 months

After the retention period, data is securely deleted.

10. Your Rights Under the DPA

Right of access: Request a copy of all data we hold about you
Right to rectification: Correct any inaccurate information
Right to erasure: Request deletion (subject to legal retention requirements)
Right to restrict processing
Right to data portability: Receive your data in a structured format
Right to object: Opt out of non-essential processing

To exercise any right, email info@meridian-labs.com or call (876) 618-0552.

11. Data Breach Notification

If we discover a breach affecting your data, we will notify you within 72 hours of discovery. We will also notify the Office of the Information Commissioner as required by the DPA.

12. Changes to This Policy

We may update this policy. Changes will be posted on this page with an updated date.