Paternity For Life (collectively referred to as “us” or “we”) is committed to respecting your rights to privacy in accordance with all relevant legislation.
This Privacy Policy governs the way we collect, use, maintain, secure and disclose your personal information when disclosed electronically, or in hard copy, in connection with our genetic testing services or for any other product or service that we offer.
If you do not agree with this Privacy Policy, we ask that you refrain from using our services.
If you have any questions about how we use or collect your data, please contact us using any of the methods set out at the end of this policy.
What types of personal information do we collect?
Throughout this Privacy Policy we use the term “personal information” to describe any data that personally identifies you or makes you personally identifiable.
The personal information that we may collect includes your:
- name;
- gender;
- date of birth;
- residential or postal address;
- email address;
- telephone number;
- any “additional information” provided directly by you via our application form;
- health care related information such as Medicare details;
- payment details;
- medical information including genetic data relating directly to a requested test; and
- any information gathered from requests, feedback or complaints you may make.
How do we collect your personal information?
We may collect personal information from you directly by telephone, facsimile, email, post or via our website. We may also receive information via an intermediary we have a relationship with such as a doctor, healthcare provider or other service provider.
How do we use your personal information?
If you consent to us processing your personal information, we will not collect, use or disclose your personal information for any purposes other than those identified below except with your consent.
We may process your personal information for the following purposes:
- to process, analyse and deliver the services requested directly by you, or by your agent (including but not limited to a doctor, consultant or healthcare provider);
- to communicate the outcome of the services (including but not limited to the results of any tests undertaken);
- to process any required payments;
- to communicate information about our products and services to you;
- to keep your records up to date;
- to identify you (generally and including to identify whether you have requested for your data to be destroyed);
- to confirm whether your personal information has been destroyed; and
- to comply with any of our legal requirements.
We will not process your personal information for any other purposes which are incompatible with these purposes. If we intend to use your information in any other way than is described in this Privacy Policy, we will disclose this to you and request your consent.
You have the right to withdraw your consent at any time but it will not affect the lawfulness of processing based on consent before its withdrawal. This withdrawal may also impact on our ability to provide our services to you and may result in us cancelling the request for services.
Parental consent
In order to protect the privacy of children, we require parental or guardian consent for all children under the age of 18 for testing purposes and to be able to use their personal information. No sample or information will be handled without this explicit consent. If this consent is not provided, we will promptly remove any personal information provided from our database.
Do we process any anonymised or de-identified information?
We sometimes anonymise or de-identify information by removing all of the personally-identifiable information such as your name, date of birth and address. We may then use this de-identified information for the purpose of auditing, quality assurance and research on the basis that they are anonymous and unidentifiable. This data analysis helps the quality of information to comply with our regulatory requirements and improve the understanding of genetic variants.
None of your personally-identifiable information will ever be used in any reports or publications.
You may withdraw your consent to us processing your de-identified information in the future by contacting us using any of the methods set out at the end of this Privacy Policy. This withdrawal does not affect the lawfulness of processing based on consent given before this withdrawal.
Do we ever disclose your personal information to third parties?
We do not sell your data and do not pass your personal information to third parties for any marketing purposes. We will not disclose your personal information to any third party unless required to by law or as specified under this Privacy Policy.
In order to deliver our services, we may need to disclose your personal information to the following entities:
- Our genetic testing lab. DNA samples provided to us are sent to our third party laboratory.
- Consultants, doctors and other healthcare providers. We disclose your personal data to consultants, doctors and healthcare providers if they are the ones who provide the referral for our services.
- Credit reporting agencies. In certain circumstances we may disclose your personal information to a credit reporting agency in order to determine your creditability.
- Government and other regulatory authorities. We may be required by law to disclose your personal information to national security or law enforcement agencies.
Do we transmit your personal information internationally?
In order to provide our services to you, we may transfer, process or store personal information in countries outside where you are located.
In these cases, we have strict contractual requirements with our third parties and appropriate safeguards as to how they are able to collect, use, maintain, secure and disclose information.
If you do not consent to your personal information being stored or processed internationally, you should not use our services.
How is your personal information kept secure?
We take the security of your personal information seriously. In order to do so, we have implemented the following protocols:
- Password Policy. Strong and unique passwords are required for each staff member and must be changed regularly.
- Active Directory. Microsoft Active Directory with domain connected PCs to manage security and policies.
- File Shares. All file sharing between us and third parties is password protected.
- Antivirus. Market leading antivirus software is installed on each PC and is constantly monitored.
- Firewall. Sonic Wall Firewall is setup with protection policies put in place, limited NAT rules, multiple subsets and firewall rules to segregate and secure the network.
- Backups. Backup software is used to store regular incremental backups of the domain controller server (which contains critical data shares) to password protected NAS drives on the network.
- Static IP. A Static IP is used on the network to allow external providers to authenticate requests based on IP.
- File Transfer Protocol. FTP is used to transfer data to external data-providers.
- Encryption. All purchases made through us are passed through a secure server using the latest 128-bit Secure Sockets Layer (SSL) encryption technology.
How long do we hold onto your personal information?
We store your personal information:
- for as long as needed in order to provide the requested services to you as set out in this Privacy Policy;
- for as long as reasonably needed in order to respond to any queries you may have;
- for as long as you might legally bring claims against us; or
- for as long as the law requires in order to satisfy our legal, audit and compliance requirements.
Generally this means we will generally only hold your personal information for one to seven years.
You are able to request us to destroy to your personal information at any time, but you acknowledge that this may impact on our ability to provide services to you. Your personal information will then be destroyed, with the exception of your deletion request, a confirmation that the information was deleted and any data required in order for us to meet our legal obligations.
Are you able to request information or make changes?
You may ask us at any time to provide you with a list of the personal information we hold about you, and for copies of that personal information. We will endeavour to provide you with the data within 30 days of receiving your request. For more complicated matters, we may need to extend this deadline to 60 days.
We will endeavour to provide these requests free of charge. However, if a request is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee to cover our administrative costs or refuse to act on the request.
If you believe for any reason that we are holding inaccurate or incomplete data about you, you may ask us to correct it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment, then we will add a note to the personal information stating that you disagree with it.
Our ability to effectively process your data is reliant on true, complete and accurate information provided by you at the time that you engage us to provide the services. We will not update your information or release your results:
- unless we are able to verify your identify through your name, date of birth and email address;
or - if you have previously knowingly provided us with false information regarding your identity.
Members in “Designated Countries”
The following section only applies to individuals located within the European Economic Area, United Kingdom or Switzerland (collectively referred to as “Designated Countries”).
If something in this section conflicts with anything else contained in this Privacy Policy, this section shall apply for individuals located within Designated Countries.
What is our relationship to you?
We will generally act as the Data Controller of your personal information. Sometimes we will also be given personal data under contract with third parties. In this case, it is likely we will be acting as a Data Processor or as Joint Controllers.
What are your rights under current data protection laws?
The following is a summary of your rights given under the General Data Protection Regulation, noting that these rights are subject to certain exceptions:
- The right to withdraw consent. We rely on your explicit consent to process your personal information. You have the right to withdraw this consent at any time but it will not affect the lawfulness of processing based on consent before its withdrawal. This withdrawal may also impact on our ability to provide services to you.
- The right to access. You have the right to obtain confirmation as to whether or not we are processing your personal information. If we are, you have the right to request access to what personal information we possess and how we process it. We may reject part or all of your request if responding would adversely affect the rights or freedoms of others.
- The right to rectification. You have the right to have any inaccurate or incomplete personal information rectified unless the change would adversely affect the rights or freedoms of others.
- The right to erasure (the 'right to be forgotten'). You have the right to have your personal information erased if:
- that data is no longer necessary for the purposes for which it was collected or processed;
- that data is based on consent that you have since withdrawn; or
- you object to the processing of your personal information and there are no overriding legitimate grounds for our processing.
- The right to data portability. If we process your personal information based on a contract with you based on your consent, or the processing is carried out by automated means, you have the right to request your personal information in a structured, commonly used and machine-readable format, and have us directly transfer your personal information to another controller where technically feasible. We may reject part or all of your request if responding would adversely affect the rights or freedoms of others.
- The right to restriction of processing. You have the right to restrict the processing of your personal information in the following cases:
- the accuracy of your personal information is contested. We will then restrict the processing for a period to enable us to verify the accuracy;
- the processing of your personal information is unlawful and you request the restriction of processing opposed to erasure;
- the personal data is no longer needed for the purposes of processing, but is required by you for the establishment, exercise or defence of legal claims;
- you object to the processing of your personal information, pending the verification whether the legitimate grounds of our processing override your rights;
- Notification of erasure, rectification and restriction. We will communicate any requests made by you for the rectification, erasure or restriction of your personal information to each third party we have disclosed your information to, unless this proves impossible or involves a disproportionate effort.
- The right to object to processing. If we process your personal information based on consent, contract or legitimate interest, you have the right to object to our processing at any time and as permitted by applicable law.
- The right to lodge a complaint. If you believe we have infringed on your privacy rights, please contact us using the details provided below and we will work with you to try and resolve the issue. You also have the right to lodge a complaint with a competent supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
- If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Further Details:
- Google Analytics: Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies or IP-address to help the website analyse how users use the site, to monitor and analyse the use of our services. The information generated by the cookie or IP-address about your use of the website will be transmitted to and stored by Google on servers. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity, and providing us other services relating to website activity and internet usage. The IP-address that your Browser conveys within the scope of Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing: https://tools.google.com/dlpage/gaoptout?hl=en.
- Facebook Analytics: A facebook tracking pixel has also been placed on this website and is used to generate data such as lists of visitors who have come to the site and their interests. This is Facebook’s data as the business user does not have access to the specific details it gathers. When we use this data, we are able to target Facebook messages at the people who came to the site but not determine who they are on an individual level. In this instance, Facebook is the ‘data controller’. We do not then, in theory, have to gain specific permission from visitors before you track them with a pixel. The terms regarding the tracking will be laid out in Facebook’s conditions when you sign up for an account.
- Jot Forms: This website also uses Jotforms. JotForm is compliant with GDPR (General Data Protection Regulation). To learn more about Jotform’s compliance you can click here - https://www.jotform.com/gdpr-compliance/
- Media - If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
- Contact forms - We use the Contact Form 7 plugin to manage contact form submissions. The information is sent as email messages that only a select few are allowed to access.
- Cookies - A cookie is a small piece of data shared between a web server and a user's browser that websites use to give the server information about your visit. The use of cookies is standard, most websites use them and most internet browsers are pre-set to accept cookies. This means that information about each of your visits to our Website will be automatically collected through the use of session and browser cookies unless cookies are disabled. By visiting and using our Websites, you accept the use of cookies. If you prefer not to receive cookies, you can adjust your internet browser to refuse cookies or to warn you when cookies are being used. However, if you disable cookies, this may affect the functionality of the Websites for you and our ability to provide you with our Services.
To request any of your above rights, please contact us using any of the methods provided at the end of this policy.
How can we be contacted?
You can exercise your rights or make a complaint by contacting us using the below information.
Emailing us at:
admin@paternityforlife.co.uk
Writing to:
PO Box 78661
London
E3 9FX
Each request or complaint will be dealt with confidentially and we will be in contact with you within a reasonable time.
Disclaimer: This privacy policy is subject to amendment at any time without notice. Information received prior to an amendment will remain subject to the policy applicable before the amendment. Last Updated: 10/08/2018