Last updated: 18-11-2020
Forensic Genomics Innovation Hub Limited (FGIH) is committed to ensuring your personal information is protected. This Privacy Notice describes who we are, how we collect, share and use and protect your information, and how you can exercise your privacy rights.
FGIH acts as a controller of your personal information under data protection law.
If you have any questions or concerns about our use of your personal information, please contact us using the contact details provided at the bottom of this Privacy Notice.
What does FGIH do?
FGIH is a scientific testing company. We provide testing services, including Covid-19 and pre-natal paternity testing services to individuals based in the UK. You may find further information about the Forensic Genomics Innovation Hub here.
This Privacy Notice covers the processing activities carried out by FGIH in relation to its website users (registered or not) and individuals who undergo a test.
How we collect your information
The personal information that we may collect about you broadly falls into the following categories.
Information that you provide voluntarily or when requesting or receiving our services
The information we collect about you comes from the way you engage with us, such as if you enquire about our services, or request or undergo one of our tests (including pre-natal paternity test and Covid-19 tests). We collect information about you online through our website, via email, the post, over the phone or when our phlebotomist visits you to take the test.
Certain parts of our website may also ask you to provide personal information voluntarily: for example, we may ask you to provide your contact details in order to register an account with us, to subscribe to marketing communications from us, and/or to submit enquiries to us. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear if this is not covered in this privacy notice at the point we ask you to provide your personal information.
Information that we collect automatically
When you visit our website, we may also collect certain information automatically from your device. In some countries, including the UK and countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.
Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser type, traffic data, location data, weblogs and other communications data and the resources that you access.
Collecting this information enables us to better understand the visitors who come to our website, where they come from, and what content on our website is of interest to them.
The type of information we hold
The personal information we hold will include your name, address, contact telephone number(s), email address, date of birth, credit card details, bank details and transaction history. We also take a digital picture of you and copies of photographic ID documents, such as your driving licence or passport.
The “special category” information we hold about you may include your non-coding genetic profile, racial background and health data.
How we use your information; legal basis for processing your personal information
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
To perform a contract with you
We lawfully process some of your personal information to fulfil the contract of service with you. Where this is the case, we use some of your information in the following ways:
- To provide you with the services and information you request (such as test results).
- To process your order and organise the test.
- To process your payments.
- To provide you with the test.
The provision of your personal information is a requirement necessary to enter into a contract with us – without your personal information, we will be unable to provide you with, or process, the test that you have requested.
To comply with legal requirements
We may also lawfully process some of your personal information to comply with legal requirements. Where necessary, we may process your date of birth, photograph, and photo ID to verify your age and identity in order to comply with the Human Tissue Act 2004 and other UK law that requires us to confirm you are over the age of 18 (when you order a test on your own behalf or on behalf of a child under the age of 18) and allowed to consent to a DNA test.
With your consent
We may also lawfully process your “special category” information (such as racial background data, genetic data and health data) with your explicit consent. We will use information about your race when conducting a pre-natal paternity test for population statistics and probability matching in order to provide you with a more accurate result. We will process data on your DNA profile data for human identification purposes when carrying out our paternity tests.
Our legitimate interests (or those of a third party)
If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our platform and communicate with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and, if appropriate, we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information (including how we balance our legitimate interests against your rights when using your personal information), please contact us at firstname.lastname@example.org.
Sharing your information
We may disclose your personal information to the following categories of recipients.
- Ourindependent phlebotomists (who will collect your blood samples) for the collection of the samples.
- Our third party services providers and partners who provide data processing services to us (for example, payment service providers, providers of IT services, or who otherwise process personal information for purposes that are described in this Privacy Notice or notified to you when we collect your personal information.
- Any competent law enforcement body, regulatory, government agency, court or other third partywhere we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
- An actual or potential buyer(and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice.
- Any other persons with your consentto the disclosure.
International data transfers
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country. Specifically, our parent company in South Africa may have access to your personal information, which is otherwise stored in the UK/EU.
However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. These include implementing European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies, which require all group companies to protect personal information they process from the EEA/UK in accordance with European Union/UK data protection law.
Our Standard Contractual Clauses can be provided on request.
Storing your information
Your personal information will be stored on systems owned or operated by FGIH or those of our specific suppliers and will only be stored inside the UK or the European Economic Area (EEA).
We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Within FGIH, your information will be stored on our secured systems in accordance with FGIH’s Information Security Policy.
We will retain your personal information in accordance with legal and regulatory requirements and/or guidance (as amended). We will only retain your information while we are actively engaged with you and we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
DNA samples are retained for six months (twelve months for records created as a result of a court-directed test). Our laboratory records will normally be retained for eight years.
Any other records will normally be kept for three years from our latest interaction, except for those relating to your order which we will normally keep for 6 years. Where we have had no interaction with you for a period of three years, we will delete any remaining personal information, if we hold any (except where a longer data retention period applies – as relevant).
How you can access your information
You have the right to access the information we hold about you. To make a request for your personal information, please contact us using the contact details provided under the “Contact Us” heading.
You have the right to:
- access, correct andupdate your personal information;
- object to processingof your personal information, ask us to restrict processing of your personal information or request portability of your personal information;
- have inaccurate personal information rectified;
- opt out of marketing communicationswe send you at any time. You can do this by clicking on the “unsubscribe” link in the marketing emails we send you, or by contacting us using the contact details provided below to opt out of other forms of marketing (such as postal marketing or telemarketing);
- withdraw your consentat any time, where we collect and process your personal information with your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, not will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent; and
- request deletion of your information, and if we can comply with this, we will – but sometimes we must maintain some records for legal reasons.
You can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
If you are not happy how we are using your information or how we have responded to your request, you have the right to complain to the Information Commissioner’s Office at https://ico.org.uk/.
How we will tell you about future changes to this Privacy Notice
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. Any changes we make to our Privacy Notice will be put on our website. Please check for updates from time to time so you are always fully aware of what information is collected and how it is used.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
How to contact us
FGIH is the controller of your personal information.
If you have any questions or concerns about our use of your personal information, please contact us at:
Forensic Genomics Innovation Hub Limited
2 Swan Lane
You can also contact our Privacy Manager at email@example.com