Menu

Το καλάθι μουShopping Cart

Είσοδος

Register Kit

Privacy Policy

PRIVACY STATEMENT

At DNAFit, we treat your Information with the importance it deserves. We are committed to protecting your Information, handling it responsibly and securing it with administrative, technical and physical measures and safeguards and only Processing it for the legitimate Purposes disclosed. All genetic test results and any Personal Information are maintained under a strict policy of confidentiality. This Privacy Policy is applicable to all new and existing Users of our Services.

We will be transparent with what Information we hold, collect and Process, and, to the extent possible, we will also give you control of the Information you provide us with.

To use any DNAFit Services, you must agree to this Privacy Policy. You may not use our Services if you do not accept this Privacy Policy as it forms part of the DNAFit Terms of Service.

DEFINITIONS

Capitalised terms not defined in this Privacy Policy have the same meaning as those defined in the Terms of Service.

"Anonymised Information" - means any Information that we have anonymised in a manner to result in the Information no longer being able to identify you, whether directly or indirectly, and is therefore no longer Personal Information.

"Applicable Law" - means any law, by-law, ordinance, proclamation and/or statutory regulation which the Parties are required to observe by reason of this Privacy Policy and matters incidental thereto, including, but not limited to, the GDPR.

"Data Subject" - means the person who is the subject of Personal Information.

"DNAFit", "we", "us" and "our" - means DNAFit Life Sciences Limited (United Kingdom company registration No. 08834823) whose registered address is TMS House, Cray Avenue, Orpington, Kent, BR5 3QB, United Kingdom, email: compliance@dnafit.com.

"GDPR" - means the European Union's General Processing Regulations, 2016/679.

"Processing", "Process" and "Processed" - means any operation or set of operations which is performed on Information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Purpose" - means the purposes for which we Process Information.

"Sensitive Personal Information" - means Personal Information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that may be deemed to be sensitive under Applicable Law.

"Terms of Service" - means the specific terms that apply to our relationship when we provide you with Services.

YOUR RIGHTS

Subject to Applicable Law, you may have certain rights regarding the Processing of your Information, including:

  • the right not to provide your Information to us (exercising this right may result in us not being able to provide you with the full benefits of Our Site and/or Services);
  • the right to object to the Processing of your Information;
  • the right to request access to, or copies of, your Information, along with information about the nature, Processing and disclosure of your Information;
  • the right to request that your Information be corrected and/or updated;
  • the right to request erasure of or restriction of Processing of your Information (this right may be limited on certain legal grounds as discussed in this Privacy Policy);
  • the right to have your Information transferred to another Controller, to the extent applicable;
  • the right to withdraw your consent that was given to us for Processing your Information (exercising this right does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Information based on any other available legal bases); and
  • the right to lodge complaints with a Protection Authority regarding the Processing of your Information by us or on our behalf.

To exercise one or more of the rights described in this Privacy Policy, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Information, please use the contact details provided in the ‘CONTACT AND COMPLAINTS’ section below and note that we may require proof of your identity before we can give effect to these rights.

THE INFORMATION WE COLLECT

DNAFit collects the following categories and types of Information:

  1. Registration Information – when registering for our Services and/or purchasing a product, an account will be set up with personal login credentials and will be used to provide you with your chosen Services. You will be asked to provide your certain Personal Information, including your name, contact details and date of birth, to facilitate Service delivery, communicate with you and perform identity verification during inbound and outbound contact;
  2. Payment Information – when transacting on Our Site, banking card details will be taken at point of sale using card processing platforms to facilitate purchases. We do not store credit/debit card information as this is held by our payment processing providers;
  3. Genetic Information– Personal Information related to your genotype (e.g. A, T, C, and G at different genetic markers), generated through the analysis of your saliva test which will be Processed by us. The genetic variants identified enable our product to personalise your experience to your DNA. Once your results have been generated, your DNA is securely destroyed as per our lab quality manual and process;
  4. Self-Reported Information– Personal Information, including medical conditions, sports-related information, ethnicity, family history, and other Information that you enter in surveys, forms or features while entering Our Site may be collected by us should you choose to voluntarily share such Personal Information with us. Self-Reported Information may be converted into Anonymised Information and used in approved DNAFit research ("DNAFit Research") which is subject to separate consent in the form of the Consent Document and as detailed in the ‘HOW YOUR INFORMATION IS USED’ section; and
  5. Web behaviour Information – we may collect Information on how Users make use of Our Site, DNAFit backend portals or DNAFit software solutions. This Information is collected through log files, cookies, and web beacon-, analytical- and advertising technologies.

Any Information collected by us will be held by DNAFit as a Controller. Information will only be used for the Purposes as described in this Privacy Policy and any additional Consent Document or agreement that we may enter with you. You agree to these Purposes when you formally acknowledge the Consent Document.

Providing Personal Information other than Registration Information is voluntary. You can access and control your Personal Information through your MyDNAFit account profile, set your browser settings to determine how we track your web behaviour, opt-out of direct marketing and research and development ("R&D"), and choose when to share Information on public forums, discussion boards and social media.

As stipulated in the Terms of Service, DNAFit does not provide direct to consumer Services directly to anyone under the age of 18 (eighteen) years old or as otherwise provided by the rules of a member state of the European Union or other Applicable Law, and therefore does not knowingly Process Information for such Data Subjects ("Children's Personal Information"). All reasonable effort is made to ensure Users are not under age, but should we discover a User to be under the age threshold then this would be considered a violation of the Terms of Service and all agreements with such User will be terminated, Services revoked, and Children's Personal Information will be deleted as detailed in the ‘ACCOUNT CLOSURE AND INFORMATION RETENTION’ section of this Privacy.

We collect Personal Information from the following sources:

  1. from you, the User, directly;
  2. through your use of Our Site or Services;
  3. from any public sources where you have chosen to make your Information public, such as social media platforms;
  4. from content and advertising third parties with whom you have interacted on our Site; and
  5. from third parties who lawfully provide it to us.

HOW YOUR INFORMATION IS USED (PURPOSES AND JUSTIFICATIONS)

General use of Information:

  • In terms of your consent - Once we have received your consent to Process your Information for the specified Purposes, this consent gives us the legal basis to Process your Information, including your Personal Sensitive Information, for providing the Services. We also rely on your explicit consent to Process your Genetic Information (as detailed below) and you have the right to withdraw your consent at any time.
  • In terms of contractual commitments with you - We also will Process your Information on the basis of a contractual commitment to you in terms of the agreement that we have entered with you. For example, we will need to Process your Payment Information and other Information necessary for purposes of our agreement with you.
  • On the bases of our legitimate interests - We may also Process your Information on the bases of our legitimate interests, including to offer new products and Services to you, inform you about events, invite you to participate in relevant DNAFit Research; obtain testimonials for promotional purposes, perform quality control checks and to conduct R&D. Where we rely on a legitimate interest to Process your Information, you have the right to object to such Processing and this can be stopped at any time via your MyDNAFit account settings. We will not rely on our legitimate interests to Process your Information where such Processing overrides your fundamental rights, interests or freedoms or where we have another legal justification for Processing your Information.
  • In terms of contractual commitments with you - We may Process your Information to enable you to create and access a free online account (which will be subject to this Privacy Policy, the Terms of Service and Terms of Use). This account will allow you to receive the Services, access your Information, and control your preferences in respect of your Information and is necessary for the agreement that we have entered with you. Related Processing may include communications requesting you to review and update your Information.

Processing of your Sensitive Personal Information:

  • In terms of your prior consent - We will Process your Sensitive Personal Information only with your prior, written and express consent in order to provide you with the Services in terms of the agreement entered with you. We will obtain this consent from you when entering into an agreement or in terms of the Consent Document, depending on the circumstances;
  • As required by a legal obligation - We may also Process your Sensitive Personal Information where the Processing is required or permitted by Applicable Law or for the detection or prevention of crime (including the prevention of fraud); or
  • When necessary for the establishment, exercise or defence of legal rights - Where the Processing is necessary for the establishment, exercise or defence of legal rights, we may Process your Sensitive Personal Information.

Processing to create Information:

  • We may Process your Information to create Anonymous Information which may be disclosed to third parties. If we use your Information in terms of this clause, your privacy will not be able to identify you.

Processing for DNAFit Research and R&D:

  • We may Process your Information if you have provided prior, express and voluntary consent for your Genetic Information and Self-Reported Information to be used in any DNAFit Research and R&D. This Processing includes sharing your Information with contracted third parties for Purposes of DNAFit Research and R&D.
  • If we want to use any DNAFit Research that includes your Information, even if only Anonymised Information, for scientific publication, such publication will be subject to full IRB (Institutional Review Board) approval and we will also obtain your consent with a Consent Document before authorising any such publication.
  • We will request your express written prior consent before sharing or publishing your Information for DNAFit Research or R&D Purposes through a Consent Document.

Additional Purposes for Processing Information:

  • Marketing and Advertising - From time to time we may send you communications not directly related to the provision of the Services, but about new services available to you, discounts and event invitations. We may also direct advertising to you via third party sites including social media. We will only send marketing material to you in accordance with this Privacy Policy, where we have a legitimate interest to do so, where you have opted-in to such communications or as determined by your web browser/cookie settings. You may change your marketing preferences at any time via your MyDNAFit account settings.
  • Location - We use device and IP locations to determine the regional version of Our Site to be displayed relevant to the country from which you are accessing Our Site. You can manage your location settings from your device or computer but please note if these are switched off, the default version of Our Site (the United Kingdom version) will be displayed.
  • Messages - We collect Information when you send, receive, or engage in messaging with DNAFit. We do this to delegate your inquiries to the correct department. We also use analytics from your messages to determine ongoing service and resource needs.
  • Complaints - We may use your Personal Information to investigate, respond to and resolve complaints and Service issues.

INFORMATION DISCLOSURE

Except as otherwise stated in this Privacy Policy or the Terms of Service, we will never share your Information with a third party without first asking and getting your explicit prior consent to do so, unless we are required to do so by law. If we are legally required to disclose any Information, we will make reasonable efforts to notify you unless we are legally prohibited from doing so.

We will only share your Personal Information with those categories of third parties listed below and under these circumstances or as detailed in the Consent Document:

  1. Nutrition information will be shared with our third-party application known as “Meal Planner”;
  2. Current or future DNAFit global entities. As DNAFit grows, restructuring may take place and it may be appropriate for more than one entity to control and process Information. This Privacy Policy will apply to all DNAFit entities unless otherwise stated;
  3. Contracted consultants, suppliers and partners used to undertake fundamental activities to enable us to provide our services, enhance the User experience; and to effectively operate and manage our organisation;
  4. Card processing service providers;
  5. Research contractors where you have given consent to participate in DNAFit Research and R&D. Research contractors will only be granted access to your Genetic Information and Self-Reported Information through online channels and at DNAFit’s offices for approved scientific research purposes. Research contractors will be screened and will be subject to the rules established by DNAFit, any Information sharing agreements that we may implement, this Privacy Policy and the Consent Document;
  6. Where we are required by Applicable Law and by the appropriate authorities to do so as further set out in the "INFORMATION DISCLOSURE AS REQUIRED BY LAW" section; or
  7. With anyone else as provided for in terms of your explicit prior consent to do so.

Any Processors or other third-party service providers will be required to contractually comply with the principles and objectives of any DNAFit policies, including this Privacy Policy, as well as the requirements of the GDPR and other Applicable Law and will be required to sign a data processing agreement to confirm that Information will not be collected, used, shared, stored or otherwise for any Purpose other than those instructed by DNAFit.

SELF-DIRECTED SHARING AND DISCLOSURE

We may provide you with the ability to engage with other Users and share your Information through Our Site and social media channels.

You may choose which Information to share in this manner and may include your Sensitive Personal Information, such as your Genetic Information. Sharing Information in terms of this clause is voluntary and you control what you share. Please do not post any Information that you do not want publicly accessible.

INFORMATION DISCLOSURE AS REQUIRED BY LAW

Under some circumstances, we may need to disclose certain Information when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary.

These details that we may share in terms of this clause may include your Genetic Information. You understand and accept that DNAFit will only share these details if we are compelled by law to do so, or in good faith believe that such disclosure is necessary in such cases, but this disclosure is not limited to:

  1. Investigation, prevention or action regarding suspected or actual illegal activities or to assist with government enforcement agencies;
  2. Enforce the DNAFit Terms of Service;
  3. Respond to claims or allegations made by third parties against DNAFit; or
  4. Protect the rights, property or DNAFit’s safety and the public.

Unless prohibited by law or court order, and where time permits, we will let you know when we must share any Information in terms of this clause. We will verify demands as genuine and challenge demands if we feel the request is not appropriate.

CROSS-BORDER TRANSFERS OF INFORMATION

We make Our Site and Services available to Users across the world, and similarly, make use of service providers in jurisdictions outside the European Economic Area ("EEA"). Therefore, your Information may be transferred outside the EEA to Processors for various Processing Purposes.

Where we transfer Information to countries outside the EEA, the Processors who Process the Information will be required to enter into a data processing agreement setting out how they may Process the Information and further requiring them to comply with the GDPR and other relevant Applicable Laws to protect your individual rights. We require all Processors to have appropriate technical and security safeguards and measures to protect that Information.

SECURITY

While we cannot guarantee that unauthorised access, disclosure, misuse or loss of Information will never occur, DNAFit is certified to ISO/IEC 27001:2013 Information Security Management System Standard and frequently reviews and implements physical, technical, and administrative measures to prevent information security incidents and to maintain the confidentiality, integrity and availability of information.

All connections to Our Site and our mobile applications are encrypted using Secure Socket Layer (SSL) technology and internal systems protected with anti-virus software.

Only authorised personnel of DNAFit and contracted third parties have access to Information that is necessary for them to perform their jobs or services.

You must keep your account credentials secure and not share them with anyone. Your password for your account will be used only for online login. We will not ask for your password under any other circumstances. Inform DNAFit immediately of any unauthorised use of your account. Should you wish to reset or change your password, you can do so by clicking on the relevant links on Our Site.

Sharing Self-Reported Information through surveys, or other features on Our Site, is voluntary and done at your sole risk. DNAFit cannot take responsibility for Information that you release or that you request us to release publicly.

In the event of a security incident, DNAFit's internal procedures and those prescribed by the GDPR will be followed. You will be notified of any material impacts or direct consequences to you as a User without undue delay.

MANAGING PRIVACY SETTINGS, CORRECTING PERSONAL INFORMATION AND INFORMATION ACCESS REQUESTS

If there are any changes in your Information, you can correct or update it through your MyDNAFit account on Our Site.

You have the right to obtain access to your Information any time by sending your request via email to compliance@dnafit.com. We will contact you to undertake identity verification before any disclosure and discuss your needs fully. We will provide this within the timeframes as determined by the GDPR or other Applicable Law.

Please note that your request to access your Information that we hold about you might be limited and/or subject to a reasonable fee in terms of Applicable Law where the request is manifestly unfounded or excessive.

ACCOUNT CLOSURE, INFORMATION DELETION AND RETENTION

Information will be retained for as long as a User's account is active. Accounts will be closed within 30 (thirty) calendar days of a written request by the User or termination of an agreement with a User in terms of the Terms of Service.

All Information will be deleted from your account and the DNAFit database with the following exceptions:

  1. Genetic Information and/or Self-Reported Information that you have previously disclosed and for which you have completed the Consent Document for use in DNAFit Research and/or R&D will not be removed from ongoing or completed studies that use such Information unless you expressly revoke your consent in respect of such Information being used for those Purposes. We will however inform any recipient of your Information for DNAFit Research or R&D that you have closed your account and not use the Information in any new DNAFit Research and/or R&D after your account is closed. We will keep a record of any Processors that will retain your information for this Purpose;
  2. Electronic Consent Documents (e.g. scanned paper forms or online consent history) will be retained indefinitely under strict access control on our database to maintain the record that DNA testing was completed with your permission. Paper Consent Documents will be securely destroyed 5 years from the date the account closure or data deletion request is received by DNAFit;
  3. We must keep Information relating to orders for Services and payment history for accounting purposes for 7 (seven) years to meet HMRC requirements; and
  4. Any Information required to meet legal or regulatory obligations in terms of Applicable Law as necessary.

All Processors will be instructed to delete any Information stored by them subject to the above exceptions.

BUSINESS TRANSITIONS

If DNAFit or an entity of DNAFit is bought, sold, transferred, spun-out or merged with another entity, you will be given notice and your Information will be transferred to such entity, along with the other assets of DNAFit. In this case, your Information would remain subject to this Privacy Policy until such a time as a replacement privacy policy is issued. If you do not agree to any new policies and terms published or to the transfer of your Information in terms of this clause, you have the right to terminate your relationship with us, close your account and request that your Information be deleted (in so far as your right to deletion is not limited).

PRIVACY POLICY CHANGES

This Privacy Policy may be amended from time to time as necessary and/or required by Applicable Law. Any material changes to the Privacy Policy or how we use your Information will be notified either via Our Site or Services, by notice posted to User accounts or by email to existing Users if appropriate.

If you do not agree to any changes, you may request to discontinue your use of the DNAFit Services and Our Site.

Please revisit your account and/or this Privacy Policy regularly for any changes as your continued access to or use of Our Site and/or Services after the publication of any changes to this Privacy Policy will mean that you agree to any such changes.

Previous versions of this Privacy Policy are available on request by emailing compliance@dnafit.com.

CONTACT AND COMPLAINTS

If you have questions regarding our Privacy Policy and how DNAFit handles your Information, or to request access to your Information held by DNAFit or to change any of your privacy settings, you can find further details at the Ethics and Data Protection section of our Help Centre https://dnafit.zendesk.com/hc/en-gb or please email our Data Protection Officer at compliance@dnafit.com.

In terms of Applicable Laws, you have the right to lodge a complaint about how we handle your Information with your relevant regulatory authority in terms of the applicable law that applies to you.

Regulatory authority Contact details
The European Commission Online complaint procedure: https://ec.europa.eu/info/about-european-commission/contact/problems-and-complaints/how-make-complaint-eu-level/submit-complaint_en

Address: European Commission, Secretary-General, B-1049 Brussels, BELGIUM
Fax: 3222964335
The independent Data Protection Authority per member state Website listing all DPA's per member state: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
The Information Commissioner's Office Website: https://ico.org.uk/global/contact-us/
Tel: 0303 123 1113
Lloyds Business Awards BT Awards Flame Awards