We will be transparent with what Information we hold, collect and Process, and, to the extent possible, we will also give you control of the Information you provide us with.
"Anonymised Information" - means any Information that we have anonymised in a manner to result in the Information no longer being able to identify you, whether directly or indirectly, and is therefore no longer Personal Information.
"Data Subject" - means the person who is the subject of Personal Information.
"DNAfit", "we", "us" and "our" - means DNAfit Life Sciences Limited (United Kingdom company registration No. 08834823) whose registered address is TMS House, Cray Avenue, Orpington, Kent, BR5 3QB, United Kingdom, email: compliance@DNAfit.com.
"GDPR" - means the European Union's General Processing Regulations, 2016/679.
"Processing", "Process" and "Processed" - means any operation or set of operations which is performed on Information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Purpose" - means the purposes for which we Process Information.
"Sensitive Personal Information" - means Personal Information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that may be deemed to be sensitive under Applicable Law.
"Terms of Service" - means the specific terms that apply to our relationship when we provide you with Services.
Subject to Applicable Law, you may have certain rights regarding the Processing of your Information, including:
DNAfit collects the following categories and types of Information:
Providing Personal Information other than Registration Information is voluntary. You can access and control your Personal Information through your MyDNAfit account profile, set your browser settings to determine how we track your web behaviour, opt-out of direct marketing and research and development ("R&D"), and choose when to share Information on public forums, discussion boards and social media.
As stipulated in the Terms of Service, DNAfit does not provide direct to consumer Services directly to anyone under the age of 18 (eighteen) years old or as otherwise provided by the rules of a member state of the European Union or other Applicable Law, and therefore does not knowingly Process Information for such Data Subjects ("Children's Personal Information"). All reasonable effort is made to ensure Users are not under age, but should we discover a User to be under the age threshold then this would be considered a violation of the Terms of Service and all agreements with such User will be terminated, Services revoked, and Children's Personal Information will be deleted as detailed in the ‘ACCOUNT CLOSURE AND INFORMATION RETENTION’ section of this Privacy.
We collect Personal Information from the following sources:
General use of Information:
Processing of your Sensitive Personal Information:
Processing to create Information:
Processing for DNAfit Research and R&D:
Additional Purposes for Processing Information:
We will only share your Personal Information with those categories of third parties listed below and under these circumstances or as detailed in the Consent Document:
We may provide you with the ability to engage with other Users and share your Information through Our Site and social media channels.
You may choose which Information to share in this manner and may include your Sensitive Personal Information, such as your Genetic Information. Sharing Information in terms of this clause is voluntary and you control what you share. Please do not post any Information that you do not want publicly accessible.
Under some circumstances, we may need to disclose certain Information when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary.
These details that we may share in terms of this clause may include your Genetic Information. You understand and accept that DNAfit will only share these details if we are compelled by law to do so, or in good faith believe that such disclosure is necessary in such cases, but this disclosure is not limited to:
Unless prohibited by law or court order, and where time permits, we will let you know when we must share any Information in terms of this clause. We will verify demands as genuine and challenge demands if we feel the request is not appropriate.
We make Our Site and Services available to Users across the world, and similarly, make use of service providers in jurisdictions outside the European Economic Area ("EEA"). Therefore, your Information may be transferred outside the EEA to Processors for various Processing Purposes.
Where we transfer Information to countries outside the EEA, the Processors who Process the Information will be required to enter into a data processing agreement setting out how they may Process the Information and further requiring them to comply with the GDPR and other relevant Applicable Laws to protect your individual rights. We require all Processors to have appropriate technical and security safeguards and measures to protect that Information.
While we cannot guarantee that unauthorised access, disclosure, misuse or loss of Information will never occur, DNAfit is certified to ISO/IEC 27001:2013 Information Security Management System Standard and frequently reviews and implements physical, technical, and administrative measures to prevent information security incidents and to maintain the confidentiality, integrity and availability of information.
All connections to Our Site and our mobile applications are encrypted using Secure Socket Layer (SSL) technology and internal systems protected with anti-virus software.
Only authorised personnel of DNAfit and contracted third parties have access to Information that is necessary for them to perform their jobs or services.
You must keep your account credentials secure and not share them with anyone. Your password for your account will be used only for online login. We will not ask for your password under any other circumstances. Inform DNAfit immediately of any unauthorised use of your account. Should you wish to reset or change your password, you can do so by clicking on the relevant links on Our Site.
Sharing Self-Reported Information through surveys, or other features on Our Site, is voluntary and done at your sole risk. DNAfit cannot take responsibility for Information that you release or that you request us to release publicly.
In the event of a security incident, DNAfit's internal procedures and those prescribed by the GDPR will be followed. You will be notified of any material impacts or direct consequences to you as a User without undue delay.
If there are any changes in your Information, you can correct or update it through your MyDNAfit account on Our Site.
You have the right to obtain access to your Information any time by sending your request via email to compliance@DNAfit.com. We will contact you to undertake identity verification before any disclosure and discuss your needs fully. We will provide this within the timeframes as determined by the GDPR or other Applicable Law.
Please note that your request to access your Information that we hold about you might be limited and/or subject to a reasonable fee in terms of Applicable Law where the request is manifestly unfounded or excessive.
Information will be retained for as long as a User's account is active. Accounts will be closed within 30 (thirty) calendar days of a written request by the User or termination of an agreement with a User in terms of the Terms of Service.
All Information will be deleted from your account and the DNAfit database with the following exceptions:
All Processors will be instructed to delete any Information stored by them subject to the above exceptions.
If you do not agree to any changes, you may request to discontinue your use of the DNAfit Services and Our Site.
In terms of Applicable Laws, you have the right to lodge a complaint about how we handle your Information with your relevant regulatory authority in terms of the applicable law that applies to you.
|Regulatory authority||Contact details|
|The European Commission||Online complaint procedure: https://ec.europa.eu/info/about-european-commission/contact/problems-and-complaints/how-make-complaint-eu-level/submit-complaint_en
Address: European Commission, Secretary-General, B-1049 Brussels, BELGIUM
|The independent Data Protection Authority per member state||Website listing all DPA's per member state: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm|
|The Information Commissioner's Office||Website: https://ico.org.uk/global/contact-us/
Tel: 0303 123 1113