Please take the time to read the following information carefully so that you fully understand our views and practices regarding your personal data and how we will use it. You must be over 18 years old to use our site/platform and DNA or COVID-19 Services.
We also recommend that you store this document in a safe place.
This privacy policy (together with our T & Cs and COVID-19 T & Cs) and any other documents referred to in it) (collectively referred to as this policy) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. By using our site and platform (collectively referred to as our site), you accept the practices described in this policy.
This policy was last updated on 15 September 2020. It applies to all users of our site, DNA Services and COVID-19 Services (as defined in our T&Cs and COVID-19 T&Cs). We may amend this policy at any time, and whenever we do so we will notify you by posting a revised version on our site. Please review this policy each time you visit our site as it may have been updated since your last visit.
For the purpose of the Data Protection Act 2018 and the General Data Protection Regulation ((EU) 2016/679) (DPA), the data controller is Chronomics Limited of 1 St James Court, Norwich, Norfolk, NR3 1RU (Chronomics, we or our). If you have any questions regarding this policy or believe we have breached the DPA, please contact us at support@chronomics.com.
WHO ARE YOU?
Children: We ask that persons under the age of 18 (which we treat as children and minors) refrain from using our site and Services or submitting any personal data to us. Persons under the age of 18 years are not eligible to use the Services and if we discover that someone under the age of 18 has registered an account, we will close it. A parent or legal guardian may use the Services, provide personal data about children, and send us the sample of a child for processing using an account for that child that is directly managed by the parent or legal guardian. By activating a Saliva/NPS collection kit for, or submitting any personal data about, a minor you represent that you are the minor's parent or legal guardian. You also agree that you have discussed the Services with the minor and the minor has agreed to the collection and processing of their saliva.
VISITORS TO OUR SITE (EXCLUDING USERS OF OUR SERVICES – SEE BELOW)
Personal data we collect: With regard to each of your visits to our site, we will automatically collect:
Cookies:Our site uses cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site. By continuing to browse our site, you are agreeing to our use of cookies. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive. You can read more about how we use cookies in our Cookie Policy. You can enable or disable cookies by modifying the settings in your browser. You can find out how to do this, and find more information on cookies, at www.allaboutcookies.org.
Using your personal data: We will use this information for the following legitimate interests (whether ours or a third party’s):
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by emailing support@chronomics.com.
Sharing your personal data: We will only share personal data with third parties in the following instances:
Retaining your personal data: This information is kept for up to one year and will then be deleted automatically. However:
Transferring your personal data outside the EEA:Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Your rights: Please see YOUR RIGHTS.
USERS OF OUR DNA SERVICES
Personal data we collect:When you subscribe to, or use, the DNA Services you will need to provide your name, address, email address, date of birth, phone number, debit/credit card and bank account details, and genetic and/or epigenetic data. You will also need to provide a password to enable you to create an account, but we will not have access to, and will therefore not share, your password. You have to create an account to buy the DNA Services.
You may also provide to us from time to time other sensitive personal data (e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, biometric data, health data or data concerning your sex life or sexual orientation) (which we will refer to in this policy as other sensitive data) but we will always obtain your explicit consent before any processing takes place.
Where you give permission to a third party improvement provider (e.g.,. doctors, health coaches, nutritionists, dieticians, personal trainers, genetic counsellors and DNA counsellors) from your clinic, from who you purchased your product, or whom you are accessing to discuss or arrange support to access your profile on our platform, they will upload further personal data on your behalf. We are not responsible for any personal data about you that they upload to our platform. Please ensure that you read their statements; we are not responsible for their privacy statements or compliance with data protection laws. If you believe any personal data about you that they have uploaded to our platform is inaccurate or incomplete, please contact your improvement provider.
We may also collect information about you from social media platforms including when you interact with us on those platforms or access our social media content. The information we may receive is governed by the privacy settings, policies, and/or procedures of the applicable social media platform, and we encourage you to review them.
We may also collect information about you through your account, using questionnaires or other means (such as widgets or apps in our platform).
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We do not record calls.
Using your personal data: We will use your personal data where it is necessary to
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by emailing support@chronomics.com.
Sharing your personal data: We will share this information with:
In relation to other sensitive data that you may share with us from time to time, we will inform you at the time of collection who (if anyone) it will be shared with (such sharing will always be done on an anonymous basis, so the third party cannot identify you).
We use telephony services, which would get to see phone numbers if we call you, and a broadband supplier which could see email addresses (but not the content of what you send us, if you encrypt it).
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Retaining your personal data:All of this information is kept for as long as your account remains open and then up to 6 years thereafter. However:
In relation to other sensitive data that you may share with us from time to time, we will inform you at the time of collection how long it will be retained for.
Transferring your personal data outside the EEA:Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
In relation to other sensitive data that you may share with us from time to time, we will inform you at the time of collection if it will be transferred outside the EEA.
Your rights: Please see YOUR RIGHTS.
If you have visited our site, please also see VISITORS TO OUR SITE.
USERS OF OUR COVID-19 SERVICES
Personal data we collect:When you subscribe to, or use, the COVID-19 Services you will need to provide your name, email address, date of birth, phone number, gender and RNA sample. You will also need to provide a password to enable you to create an account, but we will not have access to, and will therefore not share, your password. You have to create an account to buy the COVID-19 Services.
You may also provide to us from time to time other sensitive personal data (e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, biometric data, health data or data concerning your sex life or sexual orientation) (which we will refer to in this policy as other sensitive data) but we will always obtain your explicit consent before any processing takes place.
We may also collect information about you from social media platforms including when you interact with us on those platforms or access our social media content. The information we may receive is governed by the privacy settings, policies, and/or procedures of the applicable social media platform, and we encourage you to review them.
We may also collect information about you through your account, using questionnaires or other means (such as widgets or apps in our platform).
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We do not record calls.
Using your personal data: We will use your personal data where it is necessary to
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by emailing support@chronomics.com.
Sharing your personal data: We will share this information with:
In relation to other sensitive data that you may share with us from time to time, we will inform you at the time of collection who (if anyone) it will be shared with (such sharing will always be done on an anonymous basis, so the third party cannot identify you).
We use telephony services, which would get to see phone numbers if we call you, and a broadband supplier which could see email addresses (but not the content of what you send us, if you encrypt it).
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Retaining your personal data:All of this information is kept for as long as your account remains open and then up to 6 years thereafter. However:
In relation to other sensitive data that you may share with us from time to time, we will inform you at the time of collection how long it will be retained for.
Transferring your personal data outside the EEA:Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
In relation to other sensitive data that you may share with us from time to time, we will inform you at the time of collection if it will be transferred outside the EEA.
Your rights: Please see YOUR RIGHTS.
If you have visited our site, please also see VISITORS TO OUR SITE.
THIRD PARTY CLINICS, AFFILIATES, DISTRIBUTORS OR IMPROVEMENT PROVIDERS
Personal data we collect: If you:
We will hold your name, job title/profession, specialties, employer details, qualifications, registration numbers, email address(es), phone number(es), location and bios and photos where you provide these.
You will also need to provide a password to enable you to create an account, but we will not have access to, and will therefore not share, your password. You have to create an account to use our platform.
We may also collect information about you from social media platforms including when you interact with us on those platforms or access our social media content. The information we may receive is governed by the privacy settings, policies, and/or procedures of the applicable social media platform, and we encourage you to review them
We may also collect information about you through your account, using questionnaires or other means (such as widgets or apps in our platform).
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We do not record calls
Using your personal data: We will use your personal data where it is necessary to:
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by emailing info@chronomics.com.
Sharing your personal data: We will share this information with:
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Retaining your personal data: This information will be kept for the duration of our contract with (as applicable) you or the company who is supplying services to us and then for 7 years in the event on legal claims. However:
Transferring your personal data outside the EEA: Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
In relation to other sensitive data that you may share with us from time to time, we will inform you at the time of collection if it will be transferred outside the EEA.
Your rights: Please see YOUR RIGHTS.
If you have visited our site, please also see VISITORS TO OUR SITE.
CONTACTING US VIA OUR CONTACT PAGE OR JOINING OUR NEWSLETTER
Personal data we collect: If you contact us via our “Contact” page or join our newsletter and we respond (by phone, email or otherwise), we will hold your email address and any other information you give us.
We do not record calls.
Using your personal data: We will use this information for the following legitimate interests:
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by emailing info@chronomics.com.
Sharing your personal data: We will only share personal data with third parties in the following instances:
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Retaining your personal data: This information will be kept for the duration of your enquiry and for up to one year thereafter. However:
In relation to other sensitive data that you may share with us from time to time, we will inform you at the time of collection how long we will retain it for.
Transferring your personal data outside the EEA: Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
In relation to other sensitive data that you may share with us from time to time, we will inform you at the time of collection if it will be transferred outside the EEA.
Your rights: Please see YOUR RIGHTS.
If you have visited our site, please also see VISITORS TO OUR SITE.
YOUR RIGHTS
In relation to personal data we hold about you, you have the right to:
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
If you would like to exercise any of these rights, please contact info@chronomics.com (we may ask you to verify your identity - please cooperate with us in our efforts to verify your identity). Please note that we may need certain personal data to enable us to provide the DNA/RNA Services and/or information you ask for, so changes you make to your preferences, or restrictions you ask us to make on how we use personal data, may affect what information we can provide.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We try to respond to all legitimate requests within one calendar month (starting from the day after we receive your request). Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
HOW WE PROTECT YOUR PERSONAL DATA
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We update and test our security technology on an ongoing basis. In addition, we train our staff about the importance of confidentiality and maintaining the privacy and security of your personal data. Any payment transactions will be encrypted.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet isn’t completely secure. Although we will do our best to protect your personal data, we can’t guarantee the security of your personal data transmitted to our site; any transmission is at your own risk.
Once we have received your personal data, we will use physical, technical and administrative safeguards to try to prevent unauthorised access. Our cloud platforms use state-of-the art encryption technologies for data in transit and at rest and are among the most secure providers available in the market.
DIRECT MARKETING
We will inform you (before collecting your personal data) if we intend to use your personal data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by contacting us at info@chronomics.com. Furthermore, if you are on our mailing list for periodic email updates including about the DNA/RNA Services, and no longer want to receive such information, you can also contact us on the above details or by clicking the “unsubscribe” link in our marketing communications. We will honour your choice and refrain from sending you such direct marketing and email updates. Please note that if you ask us not to contact you by email at a certain email address, we will retain a copy of that email address on a “suppression list” in order to comply with your no-contact request. You are free to change your marketing choices at any time.
LINKS TO OTHER WEBSITES
Our site may, from time to time, contain links to and from the websites of third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we don’t accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Our site uses interfaces with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to "like" or share information from our site through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal data.