Privacy Policy
1. Introduction
1.1. Purpose of the Privacy Policy:
This Privacy Policy serves as a legally binding document outlining GeneGPS's procedures for the collection, processing, and protection of personal information. It establishes the framework within which we operate in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), UK Privacy Laws, and European Communities Regulations.
1.2. User Consent:
By accessing our website, using our products, or engaging with our services, users implicitly consent to the terms outlined in this Privacy Policy. This consent is a crucial legal requirement for the lawful processing of personal data under GDPR and other relevant legislation.
1.3. Partner Company Handling of Genetic Data:
GeneGPS does not store any genetic data. The packages offered by GeneGPS are services distributed by our company. The processing of samples, data extraction, data compiling, report generation, and genetic data storage are exclusively handled by our partnership company, 24 Genetics. By agreeing to browse our website, purchase our services, make contact through our website, or engage with our platform, you automatically agree to the privacy policy set out by our partner company both in terms of privacy policy as well as gene data storage policy. For further details regarding the handling of your data by 24 Genetics, please refer to their general privacy policy linked https://24genetics.com/general-privacy-policy/ as well as the genetic data storage policy outlined in the link https://24genetics.com/protection-of-genetic-data/
​
2. Information We Collect
2.1. Data Controller/DPO:
GeneGPS Limited acts as the Data Controller responsible for determining the purposes and means of processing personal data. Our Data Protection Officer (DPO) can be contacted at gdpr@genegps.co.uk. This information is provided in compliance with Article 13 of the GDPR, ensuring transparency and accountability in data processing activities.
2.2. Information provided by you:
When users interact with GeneGPS, such as by becoming a patient or consenting to our terms and conditions, we collect personal data necessary for identity verification and service provision. This includes but is not limited to names, addresses, email addresses, telephone numbers, and relevant medical information. Such data collection is essential for the performance of a contract or in preparation for entering into a contract, as outlined in Article 6(1)(b) of the GDPR.
2.3. Special Category Data:
With explicit user consent, GeneGPS may collect and process sensitive personal data, including genetic or health-related information. Such data processing falls under Article 9(2)(a) of the GDPR, which permits processing for the provision of health or social care services.
2.4. Information from Medical Professionals:
In cases where users engage with GeneGPS through medical professionals, we may receive personal data provided by these professionals for processing purposes. This data transfer is conducted in compliance with GDPR requirements, ensuring appropriate safeguards are in place for the lawful processing of personal data.
2.5. Automatically Collected Information:
We may also collect certain information automatically when you interact with our website or services. This may include IP addresses, device information, browser type, pages visited, and other usage data. This information helps us analyze trends, administer the site, track user movements, and gather demographic information for aggregate use.
3. Use of Your Information
3.1. Purpose of Data Processing:
GeneGPS processes user information for various legitimate purposes, including identity verification, service provision, advisory functions, and marketing communications. These processing activities are conducted in accordance with Article 6 of the GDPR, which sets out lawful bases for processing personal data.
3.2. Consent Withdrawal:
Users have the right to withdraw consent for the processing of their personal data at any time. GeneGPS respects this right and ensures that mechanisms are in place to facilitate easy withdrawal of consent, as required by Article 7(3) of the GDPR.
3.3. Personalization and Improvements:
We may use the information collected to personalize your experience with our services and to improve our products and offerings. This may include analyzing user preferences, tailoring content, and optimizing our website and services based on user feedback and usage patterns.
3.4. Communication:
We may use your contact information to communicate with you about our products, services, promotions, and events. You may opt-out of receiving such communications at any time by following the unsubscribe instructions provided in the communication or by contacting us directly.
4. Legal Obligations
4.1. Compliance with Legal Obligations:
GeneGPS may engage in processing user information to fulfill legal obligations imposed by applicable laws and regulations. This includes safeguarding our rights, complying with judicial proceedings, and cooperating with law enforcement agencies when required by law.
4.2. Regulatory Compliance:
We may process personal data to comply with regulatory requirements, industry standards, and professional guidelines applicable to our business operations.
4.3. Contractual Obligations:
In some cases, we may process personal data to fulfill contractual obligations with our users, partners, or service providers. This includes processing necessary data to perform services requested by users or to enforce contractual agreements.
5. Specific Uses
5.1. Predefined Purposes of Data Processing:
Personal data collected by GeneGPS is utilized for predefined purposes, including communication with users, notifications of relevant information, and enhancements to service offerings. These purposes are clearly defined to ensure transparency and accountability in data processing activities.
5.2. Service Provision:
We may use personal data to provide the services requested by users, including processing orders, delivering products, providing support, and managing user accounts.
5.3. Research and Development:
We may use anonymized or aggregated data for research and development purposes, such as to improve our products, develop new features, or conduct scientific studies. Any such data used for research purposes will be de-identified to the extent possible to protect user privacy.
6. Your Rights
6.1. User Rights under GDPR:
Users are entitled to various rights concerning their personal data, as outlined in Articles 15-22 of the GDPR. These rights include the right to access, rectify, erase, or restrict the processing of personal data, as well as the right to data portability and the right to object to processing.
6.2. Exercise of Rights:
To exercise your rights regarding your personal data processed by GeneGPS, please contact our Data Protection Officer at gdpr@genegps.co.uk. We will respond to your request within the timeframes required by applicable data protection laws.
7. Complaints Procedure
7.1. Procedure for Lodging Complaints:
GeneGPS encourages users to voice any concerns regarding the handling of their personal data. Users can lodge complaints directly with GeneGPS or with the relevant supervisory authority, as provided for in Articles 77-79 of the GDPR.
7.2. Complaint Resolution:
We are committed to resolving complaints about our collection or use of your personal information. If you have a complaint, please contact us at gdpr@genegps.co.uk, and we will investigate and attempt to resolve the issue in a timely manner.
8. Contacting Us
8.1. Data Collection for Communication Purposes:
When users contact GeneGPS, personal data may be collected and securely stored to facilitate communication and maintain accurate records. This data collection is conducted in compliance with GDPR requirements, ensuring the lawful processing of personal data.
8.2. Data Accuracy:
We strive to ensure that the personal information we hold about you is accurate and up-to-date. If you believe that any information we are holding is incorrect or incomplete, please
contact us as soon as possible at gdpr@genegps.co.uk, and we will promptly correct any inaccuracies.
9. Cookies
9.1. Use of Cookies for Website Analytics:
GeneGPS employs cookies for website analytics purposes to enhance user experience. These cookies do not collect personal data unless explicitly provided by users, and users are provided with options to manage cookie preferences in accordance with GDPR requirements.
9.2. Cookie Consent:
By using our website, you consent to the use of cookies as described in this Privacy Policy. You can manage your cookie preferences through your browser settings or by using the cookie consent tool provided on our website.
10. Personal Identifiers
10.1. Monitoring of Browsing Activity:
GeneGPS may monitor browsing activity for analytical purposes but refrains from associating this data with personal identifiers unless deemed necessary for specific purposes. Such data processing is conducted in compliance with GDPR requirements and principles of data minimization and privacy by design.
10.2. Anonymization and Pseudonymization:
Where feasible and appropriate, we anonymize or pseudonymize personal data to protect user privacy and minimize the risk of re-identification.
11. Re-marketing and Call Tracking
11.1. Use of Re-marketing and Call Tracking Services:
GeneGPS may engage re-marketing and call tracking services to refine marketing strategies while safeguarding user personal data against misuse. These services are selected based on their compliance with GDPR requirements and adherence to data protection principles.
11.2. Transparency and Opt-out:
We provide transparency regarding the use of re-marketing and call tracking services and offer users the option to opt-out of such tracking where possible.
12. Access to Your Data
12.1. Right to Access Personal Data:
Users retain the right to request access to their personal data held by GeneGPS, as provided for in Article 15 of the GDPR. GeneGPS commits to providing access to personal data within a 30-day timeframe, subject to verification of user identity.
12.2. Data Portability:
Upon request, we will provide users with their personal data in a structured, commonly used, and machine-readable format, allowing for easy transfer to another data controller.
13. Disclosure of Personal Data
13.1. Non-sale and Limited Disclosure of Personal Data:
GeneGPS pledges not to sell user personal data and discloses personal data solely as necessary for service provision or as mandated by legal statutes. This commitment ensures compliance with GDPR requirements and principles of data minimization and purpose limitation.
13.2. Third-party Data Processors:
We may engage third-party service providers to process personal data on our behalf, such as cloud hosting providers, payment processors, or marketing agencies. Any such third parties are contractually obligated to process personal data only as instructed by GeneGPS and in compliance with applicable data protection laws.
14. Encryption and Transfers
14.1. Use of Encryption for Data Security:
GeneGPS employs encryption techniques to bolster data security and ensure that transfers of personal data adhere to relevant regulations, including GDPR requirements for the protection of personal data during transmission and storage.
14.2. International Data Transfers:
If personal data is transferred to countries outside the European Economic Area (EEA), we ensure that adequate safeguards are in place to protect the privacy and security of your personal data, such as by implementing standard contractual clauses approved by the European Commission or obtaining your explicit consent where necessary.
15. Compliance with Data Protection Law
15.1. Adherence to Data Protection Laws:
GeneGPS adheres meticulously to data protection laws, including the GDPR, and implements robust safeguards to protect user personal data against unauthorized access, alteration, disclosure, or destruction.
15.2. Data Protection by Design and Default:
We integrate data protection principles into our business processes, products, and services from the outset to ensure that user privacy is prioritized and protected by design and by default.
16. Review of Privacy Policy
16.1. Right to Update Privacy Policy:
GeneGPS retains the prerogative to update this Privacy Policy as necessary to reflect changes in legal requirements, business practices, or technological advancements. Users are encouraged to review the Privacy Policy periodically for any updates or changes. Continued use of GeneGPS services signifies acceptance of any revisions implemented.
16.2. Notification of Changes:
In the event of material changes to this Privacy Policy, we will notify users by email or through prominent notice on our website before the changes take effect. It is important to review any changes to ensure that you are still comfortable with how your personal information is being used and protected.