Project Screen by Prenetics is a COVID-19 testing initiative offering WHO-recommended solutions to get diagnosed for COVID-19 in the United Kingdom. Project Screen is provided by Prenetics EMEA Limited, (formerly trading as DNAfit Life Sciences Limited) with company registration No. 08834823 and registered office at Unit 2 Orpington Business Park, Faraday Way, Orpington, Kent, England, BR5 3AA together with Prenetics Group Companies (“Prenetics”,” we”, “us”, “our”).
This privacy notice (“Privacy Notice”) applies to any individual (“you”, “yours”) who interacts with us about our products or services (together the “Services”) such as:
This notice provides you with the key information on how we process and manage your personal information when undergoing the COVID-19 laboratory test (“COVID-19 test”) so that you feel you can trust us and have confidence in the way we handle your personal information. We are committed to treat your personal information with the importance it deserves by handling it responsibly and securely. We only process your personal information for the legitimate purposes disclosed below. All COVID-19 results and any personal information are maintained under a strict policy of confidentiality.
HOW WE COLLECT AND USE YOUR PERSONAL INFORMATION?
We will be transparent with what personal information we hold, collect and process, and, to the extent possible, we will also give you control of the personal information you provide us. We will collect your personal information through your contract with us whether written or by phone, email, through our Website (see Cookies below) or our applications.
We may receive your personal information from your Company if they have commissioned the testing or directly from you if you have purchased the test independently through our Services.
Depending on the type of Services, Prenetics can be acting as a data controller or as a data processor. We will be acting on behalf of a third party who will themselves be the data controllers for example companies such as your employers, or service providers or healthcare providers (“Company”). When acting as a data processor, Prenetics will be required to act on the instructions of the data controller. If you provide us with information about other people you must make sure that they have seen a copy of this privacy notice and are conformable with you giving us their information.
Create your Prenetics Account and for ordering Test to Release and Travel Testing Package:
We will use your personal information to create and maintain your Prenetics Account record once you have registered and to notify you about any changes to our Services as well as to send you service emails; when you make a purchase or attempt to make a purchase through the Website, we collect certain information from you and any other profile created against your account, including your:
Order At-Home Test-Kit: You will be required to provide your address for us to deliver the test kit for self-testing at home. You will complete a sample self-collection at home and return the sample to us for laboratory analysis by return mailer, drop-off at one of our drop off locations, or by self-organised courier collection.
Book On Site Test: To register and book service via Prenetics Account you will have to select your on-site location for testing. Order Test-Kit through Prenetics Concierge Collection: You will have to provide your address for our sample collection staff to arrive at your home to take your test.
Receive test results for Direct Customers: Your results will be available to you via our secure online platform. You will log-in to your account and view all of the results available for your linked profiles.
Tests booked by the Company: Your test results will be sent back to you via our secure online platform. Your account will be created by formal request of your Company’s designated administrator. The first time you log-in to the Application you will be asked to use your email address (as shared by your Company’s designated administrator) and set a password. Your initial log-in will require authentication via a one-time password (OTP) sent to your email. Depending on the Services chosen by the Company, you may also receive results via email address or via your Company’s designated advisor.
Marketing and Advertising:
From time to time we may send you communications, across our brands, within the Prenetics group, about new services available to you as well as discounts, events, and invitations for you to participate in relevant Prenetics Research or obtain testimonials for promotional purposes.
We may also do direct advertising to you via third party sites including social media. We will only send marketing material to you in accordance with this Privacy Notice where we have a legitimate interest to do so, where you have opted-in to such communications or as determined by your web browser/cookie settings. You may change your marketing preferences at any time via your account settings.
CATEGORIES OF PERSONAL INFORMATION WE COLLECT
Standard personal data: To manage our contractual relationship with you we will process the following categories of personal information about you such as:
Special category personal data: To provide you with test results, and where we have statutory duty to report your personal data to the public health*, will need to process information that can include special categories of personal.
*When Prenetics analyse your test results as a diagnostic laboratory, it has a statutory duty of reporting notifiable diseases as per the Public Health (Control of Disease) Act 1984 and the Health Protection (Notification) Regulations 2010. The regulation states that all COVID-19 test results (positive, indeterminate, negative, and void) from point of care testing (POCT) are mandated by law to be reported to the Public Health England (PHE) and the Department of Health and Social Care (DHSC). In which case, we will also ask you for additional information required by the healthcare regulators for laboratory reporting purposes. To support the reporting of the required infectious diseases, PHE developed the Second-Generation Surveillance System (SGSS) and the Real Time Testing Services (RTTS) platforms. This is the national surveillance system that holds all test results. To enable receipt of the reports, your following information will be required:
To process your personal information lawfully we need to rely on one or more valid legal grounds. All processing must be carried out in accordance with the Data Protection Act 2018, the EU’s GDPR and any associated codes of practice issued by the Information Commissioner's Office.
The grounds we may rely upon for the processing of your personal information include:
WHO WILL WE SHARE YOUR INFORMATION WITH?
In order for us to provide our Services to you, we will share your personal information within the Prenetics Group companies that are based in and outside of the UK and the EEA. We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law, are carefully managed to protect your privacy rights and interests and limited to countries which are recognized as providing an adequate level of legal protection or where alternative adequate arrangements are in place to protect your privacy rights. We will share your personal information with relevant health regulatory authorities such as Public Health England and Department for Health; our laboratories for analysing your test (when we send your sample to our laboratory, who adhere to strict clinical and industry standards for the analysis and processing of your results); healthcare practitioners. We will also engage service providers such as logistics providers for the transporting of your sample to our laboratory and our database storage provider to securely store your information. Any Processors or other third-party service providers will be required to contractually comply with the principles and objectives of any Prenetics policies, information security, data protection and regulatory requirements to confirm that information will not be collected, used, shared, stored or otherwise for any purpose other than those instructed by Prenetics.
Cookies and other tracking technologies
HOW WE PROTECT YOUR INFORMATION?
Prenetics is certified to ISO/IEC 27001:2013 Information Security Management System Standard and frequently reviews and implements physical, technical, and administrative measures to prevent information security incidents and to maintain the confidentiality, integrity, and availability of information. All Prenetics Group entities are subject to a high standard of security and data protection protocols aligned to ISO 27001. Network traffic to our application servers is TLS encrypted and access is controlled, restricted and password protected. Samples will be securely transferred to our laboratory, which adheres to approved clinical and industry standards: ISO 15189 and ISO 27001 where it will undergo the relevant processing. A number of steps and protocols are administered to ensure that your sample is processed accurately, remains safe, and as soon as your analysis is complete, is securely destroyed; the data store is segregated and encrypted in transit and at rest;people with access to your information will only see those parts relevant to their purpose; access to the web platform for test results and Health Passport status are secured by unique login and password; your information will not be shared with anyone other than the intended recipient. Anyone that processes information on our behalf will always be required by agreement to follow strict security protocols and maintain confidentiality and integrity.
HOW LONG WE WILL KEEP YOUR PERSONAL INFORMATION?
When you place an order through the Website, we will maintain your personal information for our records unless and until you ask us to delete this information. Your information is held and securely stored on our database provided on Amazon Web Services platform within the EU and Singapore. We will retain your information for no longer than required to fulfil our contractual and legal obligations.
You may have the following rights in respect of your personal information being processed, however we note these rights may not be absolute:
To exercise any of these rights, or to ask a question about these rights or any other provision of this statement, or about our processing of your personal information, please contact email@example.com. If you would like to lodge a complaint about the privacy notice please contact firstname.lastname@example.org. You have the right to lodge a complaint about how we handle your Information with your relevant regulatory authority in terms of the applicable law that applies to you.
|Regulatory authority||Contact details|
|The European Commission||Online complaint procedure: https://ec.europa.eu/info/about-europeancommission/contact/problems-and-complaints
Address: European Commission, Secretary-General B-1049 Brussels, BELGIUM
|The independent Data Protection Authority per member state||Website listing all DPA's per member state: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm|
|The Information Commissioner's Office||Website: https://ico.org.uk/global/contact-us/
Tel: 0303 123 1113
We may update this notice from time to time. You should check this page occasionally to ensure you are happy with any changes to this notice. We may notify you of significant changes to this notice by email or through the relevant notification platform.