Privacy Policy

INTRODUCTION

Project Screen by Prenetics is a COVID-19 testing initiative offering WHO-recommended solutions to get diagnosed for COVID-19 in the United Kingdom. Project Screen is provided by Prenetics EMEA Limited, (formerly trading as DNAfit Life Sciences Limited) with company registration No. 08834823 and registered office at Unit 2 Orpington Business Park, Faraday Way, Orpington, Kent, England, BR5 3AA together with Prenetics Group Companies (“Prenetics”,” we”, “us”, “our”).

SCOPE

This privacy notice (“Privacy Notice”) applies to any individual (“you”, “yours”) who interacts with us about our products or services (together the “Services”) such as:

  • The provision of the COVID-19 screening self-collection home test kit.
  • The provision of the COVID-19 on-site observed self-collection test.
  • The collection of your deep nose and throat sample.
  • The collection of your deep nose sample.
  • Sample processing in our accredited laboratory.
  • Analysing your results for SARS-CoV-2 - the coronavirus that causes COVID-19.
  • Access to the Project Screen online platform to interact with our products and to create an account (the “Website”, “Our Site”).
  • Obtaining Services via the Test to Release website.
  • The provision of account and Service-related support
  • Cookie and similar technologies.

This notice provides you with the key information on how we process and manage your personal information when undergoing the COVID-19 laboratory test (“COVID-19 test”) so that you feel you can trust us and have confidence in the way we handle your personal information. We are committed to treat your personal information with the importance it deserves by handling it responsibly and securely. We only process your personal information for the legitimate purposes disclosed below. All COVID-19 results and any personal information are maintained under a strict policy of confidentiality.

HOW WE COLLECT AND USE YOUR PERSONAL INFORMATION?

We will be transparent with what personal information we hold, collect and process, and, to the extent possible, we will also give you control of the personal information you provide us. We will collect your personal information through your contract with us whether written or by phone, email, through our Website (see Cookies below) or our applications.

We may receive your personal information from your Company if they have commissioned the testing or directly from you if you have purchased the test independently through our Services.

Depending on the type of Services, Prenetics can be acting as a data controller or as a data processor. We will be acting on behalf of a third party who will themselves be the data controllers for example companies such as your employers, or service providers or healthcare providers (“Company”). When acting as a data processor, Prenetics will be required to act on the instructions of the data controller. If you provide us with information about other people you must make sure that they have seen a copy of this privacy notice and are conformable with you giving us their information.

Create your Prenetics Account and for ordering Test to Release and Travel Testing Package:

We will use your personal information to create and maintain your Prenetics Account record once you have registered and to notify you about any changes to our Services as well as to send you service emails; when you make a purchase or attempt to make a purchase through the Website, we collect certain information from you and any other profile created against your account, including your:

  • name, gender, date of birth, email, phone number, ethnicity, passport/ID number, permanent address, delivery/self-isolation address (if applicable), and payment information (including credit card numbers).

Order At-Home Test-Kit: You will be required to provide your address for us to deliver the test kit for self-testing at home. You will complete a sample self-collection at home and return the sample to us for laboratory analysis by return mailer, drop-off at one of our drop off locations, or by self-organised courier collection.

Book On Site Test: To register and book service via Prenetics Account you will have to select your on-site location for testing. Order Test-Kit through Prenetics Concierge Collection: You will have to provide your address for our sample collection staff to arrive at your home to take your test.

Receive test results for Direct Customers: Your results will be available to you via our secure online platform. You will log-in to your account and view all of the results available for your linked profiles.

Tests booked by the Company: Your test results will be sent back to you via our secure online platform. Your account will be created by formal request of your Company’s designated administrator. The first time you log-in to the Application you will be asked to use your email address (as shared by your Company’s designated administrator) and set a password. Your initial log-in will require authentication via a one-time password (OTP) sent to your email. Depending on the Services chosen by the Company, you may also receive results via email address or via your Company’s designated advisor.

Marketing and Advertising:

From time to time we may send you communications, across our brands, within the Prenetics group, about new services available to you as well as discounts, events, and invitations for you to participate in relevant Prenetics Research or obtain testimonials for promotional purposes.

We may also do direct advertising to you via third party sites including social media. We will only send marketing material to you in accordance with this Privacy Notice where we have a legitimate interest to do so, where you have opted-in to such communications or as determined by your web browser/cookie settings. You may change your marketing preferences at any time via your account settings.

CATEGORIES OF PERSONAL INFORMATION WE COLLECT

Standard personal data: To manage our contractual relationship with you we will process the following categories of personal information about you such as:

  • Your name; Your email address; Your mobile number; Your date of birth; Your contact details including address and postcode; Your photo (if you use the Health Passport); Your payment details.

Special category personal data: To provide you with test results, and where we have statutory duty to report your personal data to the public health*, will need to process information that can include special categories of personal.

*When Prenetics analyse your test results as a diagnostic laboratory, it has a statutory duty of reporting notifiable diseases as per the Public Health (Control of Disease) Act 1984 and the Health Protection (Notification) Regulations 2010. The regulation states that all COVID-19 test results (positive, indeterminate, negative, and void) from point of care testing (POCT) are mandated by law to be reported to the Public Health England (PHE) and the Department of Health and Social Care (DHSC). In which case, we will also ask you for additional information required by the healthcare regulators for laboratory reporting purposes. To support the reporting of the required infectious diseases, PHE developed the Second-Generation Surveillance System (SGSS) and the Real Time Testing Services (RTTS) platforms. This is the national surveillance system that holds all test results. To enable receipt of the reports, your following information will be required:

  • You name and Surname, sex, date of birth, NHS number (if known), ethnicity, current address (including postcode), telephone number, email address.

LAWFUL BASIS

To process your personal information lawfully we need to rely on one or more valid legal grounds. All processing must be carried out in accordance with the Data Protection Act 2018, the EU’s GDPR and any associated codes of practice issued by the Information Commissioner's Office.

The grounds we may rely upon for the processing of your personal information include:

  • legitimate interests we pursue as a business, except where such interests are overridden by your interests and fundamental rights.
  • compliance with any legal obligation to which we are subject, for example, the processing for the purposes of complying with applicable law.
  • for the purpose of preventive or occupational healthcare required by regulators such as the Public Health England.
  • as part of the performance of the Services set out in a contract with you or with your Company.
  • in our third party’s legitimate interest for example your employer/your Company, considering your interest rights and freedoms.

WHO WILL WE SHARE YOUR INFORMATION WITH?

In order for us to provide our Services to you, we will share your personal information within the Prenetics Group companies that are based in and outside of the UK and the EEA. We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law, are carefully managed to protect your privacy rights and interests and limited to countries which are recognized as providing an adequate level of legal protection or where alternative adequate arrangements are in place to protect your privacy rights. We will share your personal information with relevant health regulatory authorities such as Public Health England and Department for Health; our laboratories for analysing your test (when we send your sample to our laboratory, who adhere to strict clinical and industry standards for the analysis and processing of your results); healthcare practitioners. We will also engage service providers such as logistics providers for the transporting of your sample to our laboratory and our database storage provider to securely store your information. Any Processors or other third-party service providers will be required to contractually comply with the principles and objectives of any Prenetics policies, information security, data protection and regulatory requirements to confirm that information will not be collected, used, shared, stored or otherwise for any purpose other than those instructed by Prenetics.

Cookies and other tracking technologies

We collect Information on how Users make use of Our Site, Prenetics backend portals or Prenetics software solutions through cookies and other tracking technologies. A cookie is a small text file which is placed onto your device (computer, smartphone or other electronic device) when you use our Website. The information is collected through log files, cookies, web beacons, and analytical and advertising technologies. For further information on cookies, our use of cookies, and cookie consent, please see our Cookie Policy.

HOW WE PROTECT YOUR INFORMATION?

Prenetics is certified to ISO/IEC 27001:2013 Information Security Management System Standard and frequently reviews and implements physical, technical, and administrative measures to prevent information security incidents and to maintain the confidentiality, integrity, and availability of information. All Prenetics Group entities are subject to a high standard of security and data protection protocols aligned to ISO 27001. Network traffic to our application servers is TLS encrypted and access is controlled, restricted and password protected. Samples will be securely transferred to our laboratory, which adheres to approved clinical and industry standards: ISO 15189 and ISO 27001 where it will undergo the relevant processing. A number of steps and protocols are administered to ensure that your sample is processed accurately, remains safe, and as soon as your analysis is complete, is securely destroyed; the data store is segregated and encrypted in transit and at rest;people with access to your information will only see those parts relevant to their purpose; access to the web platform for test results and Health Passport status are secured by unique login and password; your information will not be shared with anyone other than the intended recipient. Anyone that processes information on our behalf will always be required by agreement to follow strict security protocols and maintain confidentiality and integrity.

HOW LONG WE WILL KEEP YOUR PERSONAL INFORMATION?

When you place an order through the Website, we will maintain your personal information for our records unless and until you ask us to delete this information. Your information is held and securely stored on our database provided on Amazon Web Services platform within the EU and Singapore. We will retain your information for no longer than required to fulfil our contractual and legal obligations.

YOUR RIGHTS

You may have the following rights in respect of your personal information being processed, however we note these rights may not be absolute:

  • The right to be informed: You have the right to be provided with clear and easy-to-understand information about how we use your personal information. Therefore, we are providing you this Notice and we may provide other forms of notice, as appropriate or required by law, in the Services.
  • The right of access: You have the right to access and receive a copy of personal information we hold about you.
  • The right to rectification: You have the right to correct or update your personal information if it is outdated, incorrect or incomplete.
  • The right to erasure: You can ask for the data we hold about you to be erased from our records.
  • The right to restrict processing: You can ask for us to restrict the way we process your data.
  • The right to data portability: You have the right to have the data we hold about you transferred to another organisation.
  • The right to object to processing: You may object to processing of personal information that is based on legitimate interest. You may withdraw consent for processing that is based on consent (this includes the right to opt out of direct marketing). The rights in relation to automated decision making and profiling.

CONTACT DETAILS

To exercise any of these rights, or to ask a question about these rights or any other provision of this statement, or about our processing of your personal information, please contact compliance@dnafit.com. If you would like to lodge a complaint about the privacy notice please contact compliance@dnafit.com. You have the right to lodge a complaint about how we handle your Information with your relevant regulatory authority in terms of the applicable law that applies to you.

Regulatory authority Contact details
The European Commission Online complaint procedure: https://ec.europa.eu/info/about-europeancommission/contact/problems-and-complaints

Address: European Commission, Secretary-General B-1049 Brussels, BELGIUM

Fax: 3222964335
The independent Data Protection Authority per member state Website listing all DPA's per member state: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
The Information Commissioner's Office Website: https://ico.org.uk/global/contact-us/

Tel: 0303 123 1113

We may update this notice from time to time. You should check this page occasionally to ensure you are happy with any changes to this notice. We may notify you of significant changes to this notice by email or through the relevant notification platform.

Company Address: Prenetics EMEA Ltd, Unit 2, Orpington Business Park, Faraday Way, Orpington, Kent BR5 3AA, United Kingdom

Company Registration Number: 08834823

© 2021 Project Screen | Privacy Policy | Terms of Service | All rights reserved