DNAFit - Privacy Policy

PRIVACY STATEMENT

At DNAFit, we are committed to protecting your privacy. All genetic test results and any Personal Information are maintained under a strict policy of confidentiality. This Privacy Policy is applicable to all new and existing Users. To use any DNAFit service, you must agree to the Privacy Policy. You may not use the services if you do not accept as it forms part of the DNAFit Terms of Service (“TOS”). Capitalised terms not defined in this Privacy Policy have the same meaning as those in in the TOS.

WHAT PERSONAL INFORMATION WE COLLECT

DNAFit collects the following types of Personal Information:

  • Registration information - when registering for our services and/or purchasing a product an account will be set up with personal login credentials and will be used to provide you with your chosen services. You will be asked to provide details such as name, contact details and DOB to facilitate service delivery, communicate with you and perform identity verification during inbound and outbound contact;
  • Payment information – card details will be taken at point of sale using card processing platforms to facilitate purchases. We do not store credit/debit card information as this is held by our card processing providers;
  • Genetic Information – data related to your genotype (e.g. A, T, C, and G at different genetic markers), generated through the analysis of your saliva test undertaken by Helix. The genetic variants provided by Helix to DNAFit enable our product to personalise your experience to your DNA;
  • Self-Reported Information - Personal Information, including medical conditions, sports-related information, ethnicity, family history, and other information that you enter in surveys, forms or features while entering Our Site. Self-Reported Information may be used, anonymously, in approved DNAFit Research. Should we hope to use research for scientific publication, this would be subject to full IRB approval and for this, we will issue a separate Consent Document to gain your permission to participate in these studies at a later date;
  • Web behaviour information - information on how Users make use of Our Site or DNAFit backend portal or DNAFit software solutions, which is collected through log files; cookies; and web beacon, analytical and advertising technologies.

This information will be held by DNAFit as Data Controller. Personal Information will only be used as described in the Privacy Policy and the Consent Document. You will agree to these uses when you formally acknowledge the consent document.

Providing your Personal Information other than registration information is voluntary and there are ways you can control your information held by DNAFit. You can access personal details through your account profile, set your browser settings to determine how we track your web behaviour, opt out of direct marketing and R&D and choose when to share information on public forums, discussion boards and social media.

As stipulated in the TOS, DNAFit does not provide direct to consumer services to anyone under the age of 18 years and therefore does not knowingly collect, process, share or store data for such individuals. All reasonable effort is made to ensure Users are not minors but should we discover a User to be under the age threshold then this would be considered a violation of the TOS and all contracts will be terminated, services revoked and data will be deleted as detailed in ‘ACCOUNT CLOSURE AND DATA RETENTION’.

HOW YOUR INFORMATION IS USED

DNAFit collects Personal Information from you to meet our contractual commitments. This includes the availability, provision and improvement of our services and the set-up and maintenance of User accounts.

We may also use the information to offer new products and services to you, inform you about events, invite you to participate in relevant research projects; obtain testimonials for promotional purposes, perform quality control checks and to conduct other R&D.

To receive your DNAFit Service, with the associated analysis from DNA testing, you will be required to create and access a free online account which will be subject to this Privacy Policy, TOS and Terms of Use.

Except as otherwise stated in our Privacy Policy and TOS we will never release your information to a third party without asking and getting explicit consent from you to do so, unless we are required to by law. If we are legally required to disclose such information, we will make reasonable efforts to notify you unless we are legally prohibited from doing so.

  • Genetic Information - DNAFit receives from Helix, under the user's approval, only the relevant genetic information and details necessary to generate the user's products. This information will then be stored securely on the DNAFit database.
  • Aggregated Genetic and Self-Reported Information - We may disclose to third parties Aggregated Genetic and Self-Reported Information. If we use your information we will take steps to protect your privacy by making this information non-identifiable. To do so, we will take out any details that could identify you with ease, such as name and email address. Meaning that it would not be reasonably foreseeable that the information could be utilised, either alone or with other information readily available, to identify an individual or to connect an individual to any specific data. We will also use contractual means with third parties to protect the privacy and security of your Aggregated Genetic and Self-Reported Information.

    If you have provided consent for your Genetic and Self-Reported Information to be used in any DNAFit Research and R&D as defined in the TOS, we can provide this information to third party researchers who will use it for scientific research. Further details on how data is used in research can be found in the TOS.

    Giving consent to DNAFit to use your Genetic and Self-Reported Information for DNAFit Research and R&D is completely voluntary.
  • Web behaviour information - As you interact with DNAFit, web behaviour information will be captured to understand how Users make use of Our Site, for DNAFit Research, R&D purposes, for quality control to improve our services, and to provide targeted advertising on our products and services. You can block and delete cookies through your device but please note this may alter your overall service experience.
  • Marketing and Advertising - From time to time we may wish to send you details about new services available to you, discounts and event invitation. We may also direct advertising to you via third party sites including social media. Marketing and advertising may be originated from User registration, point of sale or from observation of web behaviour. You will be able to select your preferences in the consent document or you can change your settings at any time by emailing us.
  • Location – We use device and IP locations to determine the regional site to be displayed relevant to the country of the User. You can manage your location privacy settings from your device or computer but please note if these are switched off, the default UK site will only be displayed.
  • Messages – We collect information when you send, receive, or engage in messaging with DNAFit to delegate inquiries to the correct department and in analytics to determine ongoing service and resource needs.
  • Complaints – We may use your Personal Information to investigate, respond and resolve complaints and service issues.

INFORMATION DISCLOSURE

We will not share your Personal Information with any third party, except with those listed below under these circumstances and as detailed in the Consent Document:

  1. Nutrition information will be passed to our third-party application known as “Meal Planner”;
  2. Current or future DNAFit global entities. As the organisation grows, restructuring may take place and it may be appropriate for more than one entity to control and process the data. This Privacy Policy will apply to all DNAFit entities unless otherwise stated;
  3. Contracted consultants, suppliers and partners used to undertake fundamental activities to enable us to provide our services, enhance the User experience; and to effectively operate and manage our organisation;
  4. Card processing service providers;
  5. If you have given consent to participate in DNAFit Research and R&D projects then research contractors will be granted access to your Genetic and Self-Reported Information online and at DNAFit’s offices for scientific research purposes provided that these research contractors will be screened and will be subject to the rules established by DNAFit;
  6. We are required by law and by the appropriate authorities to do so (see the section “INFORMATION DISCLOSURE AS REQUIRED BY LAW”);
  7. You have provided us with explicit consent to do so.

Personal Information may be processed, transferred and stored outside the UK for operational purposes. In doing so, relevant data protection regulations and directives will be observed to protect your individual rights and we require all Data Processors to have appropriate security measures to protect that information. You will provide specific consent allowing information to be transferred to our global teams to enable DNAFit to provide the services as requested.

Any Data Processors or other third-party service providers will be required to contractually comply with the principles and objectives of the DNAFit policies and will be asked to sign a confidentiality agreement to confirm that data will not be collected, used, shared or stored for any other purpose than that instructed by DNAFit at the consent of Users.

SELF-DIRECTED SHARING AND DISCLOSURE

We provide you with the ability to engage with other Users and share your information through Our Site, including your Genetic Information. Sharing information is voluntary and you control what you share. Please do not post any information you do not want publicly accessible.

We would like Users to have the freedom to share their journey, express opinion and review their experience with us. However, DNAFit reserves the right to remove without notice any posts that are deemed in violation of the TOS.

INFORMATION DISCLOSURE AS REQUIRED BY LAW

Under some circumstances we may need to disclose information about you when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary. These details may include your Genetic Information. You understand and accept that DNAFit will only share these details if we are compelled by law to do so, or in the good faith that such disclosure is necessary in such cases but not limited to:

  1. Investigation, prevention or action regarding suspected or actual illegal activities or to assist with government enforcement agencies;
  2. enforce the DNAFit Terms of Service;
  3. respond to claims or allegations made by third parties against DNAFit;
  4. protect the rights, property or DNAFit’s safety and the public.

Unless prohibited by law or court order and where time permits, we will let you know when we must share information. We will verify demands as genuine and challenge demands if we feel the request is not appropriate.

SECURITY

While we cannot guarantee unauthorised access, disclosure, misuse or loss of Personal Information, DNAFit frequently reviews and implements physical, technical, and administrative measures to prevent information security incidents and to maintain the integrity of information.

All connections to Our Site and our mobile applications are encrypted using Secure Socket Layer (SSL) technology and internal systems protected with anti-virus software.

Only authorised personnel of DNAFit and contracted third parties have access to data.

Please understand that protecting your Personal Information is also your responsibility. We ask that you keep your login credentials secure and not share them with any third parties. Your password for your account will be used only for online login. We will not ask for your password under any other circumstances. Inform DNAFit immediately of any unauthorised use of your account. Should you wish to reset or change your password, you can do so by clicking on the relevant links on your my.dnafit.com portal

Sharing self-reported information through surveys, or other website features, is voluntary and your liability. DNAFit cannot take responsibility for information that you release or that you request us to release publicly.

In the event of a security incident, DNAFit internal procedures and those prescribed by the EU data protection regulation will be followed. You will be notified of any material impacts or direct consequences to you as an individual.

MANAGING PRIVACY SETTINGS, CORRECTING PERSONAL INFORMATION AND INFORMATION REQUESTS

If there are any changes in your Personal Information, you can correct or update them by accessing ‘Edit Profile’ in your account.

To change any other privacy settings from that specified during registration or consent, you should request this by emailing info@dnafit.com .

You have the right to obtain access to your personal data any time by sending your request via email. We will contact you to undertake identity verification before any disclosure and discuss your needs fully. We will provide this within one month of your request or two months for complex requests.

ACCOUNT CLOSURE AND DATA RETENTION

Accounts will be closed within 30 days upon request of the User. In circumstances where DNAFit terminate the agreement as detailed in the TOS, account closure may be immediate but no later than 30 days.

All Genetic Information will be deleted from your account and the DNAFit database with the following exceptions:

  1. As stated in the appropriate Consent Document, Genetic Information and/or Self-Reported information that you have provided previously and for which you have given consent to use in DNAFit Research will not be removed from ongoing or completed studies that use this information; your data will be removed and not used in any future research;
  2. We keep Registration Information as it is related to your order history for accounting purposes;
  3. Any information required to meet legal or regulatory obligations.

All Data Processors will be instructed to delete any information stored unless subject to the above exceptions.

Your Genetic Information will not be used in any new DNAFit research or R&D after your account is closed.

Personal Information will be retained for as long as accounts are active and only thereafter in the exceptions as detailed in this section for as long as necessary.

BUSINESS TRANSITIONS

If DNAFit or an entity of DNAFit is bought, sold, transferred, spun-out or merged with another entity, you will be given notice and your Personal Information will be transferred along with the other assets. In this case, your information would remain subject to the promises that were made to you in the Privacy Policy until such a time as a replacement Privacy Policy is issued. If you do not agree to new policies and terms, you will have the right to terminate your relationship and close your account.

PRIVACY POLICY CHANGES

The Privacy Policy may change at any time in the future. Any material changes to the policy or how we use your data will be notified either via Our Site or services, by notice posted to User accounts or by email to existing Users if appropriate. If you do not agree to any changes, you may request to discontinue use of the DNAFit services. Please revisit your account and/or this page regularly and your continued access to or use of Our Site and/or services after effective date will mean that you agree to any changes.

Previous versions of the Privacy Policy are available on request by emailing us.

HOW TO CONTACT US

Questions regarding our Privacy Policy and how DNAFit handles your Personal Information, or to request your information held by DNAFit or change any of your privacy settings then please email info@dnafit.com

;