Lifestyle Genomics Research Centre Limited places great importance on the security of all personally identifiable information associated with our Users. We have security measures in place to attempt to protect against the loss, misuse or alteration of User data under our control. For example, the security and privacy practices are periodically reviewed and enhanced as necessary and only authorized personnel have access to personal information. Lifestyle genomics Research Centre Limited company works with laboratories and third parties who have met and committed to the company’s security standards. It is also important for you to guard against unauthorized access to your files and the unauthorised use of your computer.
Lifestyle genomics Research Centre Limited will not disclose any of your personal information to third parties except in very limited circumstances which are set out below. Before the testing company begins to transfer personal information to any third party acting as our agent, we will confirm that they have adopted, are subject to, or are contractually obligated to comply with the principles and objectives of this Privacy Statement. Lifestyle Genomics Research Centre Ltd. may disclose your personal information to third parties: (a) with your knowledge and any relevant consents (for example, when you decide to share your Results with others); (b) as described in this Privacy Statement; (c) as may be required or permitted by law, regulatory authorities, legal process or to protect the rights or property of the testing company, its group companies and Lifestyle Genomics Research Centre Ltd. or other Users (including outside your country of residence); (d) to enforce our terms and conditions; (e) to prevent fraud or cybercrime; or (f) to permit us to pursue available remedies or limit the damages that we may sustain.
Our communications with you will be via email but may be made via telephone, direct mail or another method of communication in select circumstances. You may also receive promotional offers from Lifestyle Genomics Research Centre Ltd. If you do not want to continue to receive promotional emails, you may opt-out at any time by contacting us via the contact page on our website.
Please note: If you click away from our Website to visit the site of any third-party advertiser or sponsor, you may be asked for your payment card or other personal information in order to purchase or use the products and services that those third parties offer. These companies have their privacy and data collection practices. We have no responsibility or liability for these independent third-party policies. You should, therefore, review their privacy notices carefully if you have concerns about how your information may be used.
What Does This Policy Cover?
This Policy covers how Lifestyle Genomics Research Centre Limited treats personal information that Lifestyle Genomics Research Centre Limited collects and receives, including via www.mthfr-genetics.co.uk, all related websites, networks, embeddable widgets, downloadable software, mobile applications (including tablet applications), DNS Hosting, dynamic DNS, URL Redirection, email hosting, domain name registration, server monitoring, SSL certificates and software utilities provided by us. This includes information related to your use of Lifestyle Genomics Research Centre Limited products and services, and information about you that is personally identifiable - such as your name, address, email address, IP address and phone number.
The website contains links to other sites. Lifestyle Genomics Research Centre Limited is not responsible for the content or privacy practices of these sites and this Policy does not apply to the practices of those companies that are not affiliated with Lifestyle Genomics Research Centre Limited.
Visiting And Engaging With The Content On Our Website (s)
Our website, shop platform, sample registration page, Practitioner contact form pages, Gene Variant Upload and processing page and the DNA Results platform, all use SSL certified layer of protection.
SSL certificates create a secure environment for visitors. It ensures that all data between the browser and the webserver is encrypted. If a malicious actor were to intercept web traffic to our site, it would be jumbled up. This keeps data such as personal and credit card information from falling into the wrong hands.
SSL certificates also allow websites to authenticate themselves. An authenticated website prominently displays a lock in the address bar on all major browsers. Conversely, browsers like Chrome label websites without SSL as ‘Not Secure’ in red.
How Do We Protect Our Website From Hackers and Malware Activities?
We use SiteLock which is designed to defend our website against hackers. SiteLock automatically scans our site every day to keep it malware-free.
What Information Do We Collect?
Information You Provide
When you register for or use the Service or purchase our products, Lifestyle Genomics Research Centre Limited collects what is generally called "personally identifiable information," "personal information," or "personal data”. All these terms refer to information that specifically relates to or identifies a particular individual. Personal information also includes information that when linked to other information identifies a specific individual. Our site's shop area requires customers to supply contact information, such as name and email address, and demographic information, such as your postcode. Lifestyle Genomics Research Centre Limited also collects information about your transactions with us, including information about your use of our Service. When you place an order, Lifestyle Genomics Research Centre Limited requests additional personal data, such as credit card number. Your financial data is used for the sole purpose of billing you for products and services, you will also be required to supply contact and demographic information such as postcode.
"Automatically Collected" Information
When you use the website and buy our products, we automatically record certain information about your requests and interactions with the Service, including information from your device, by using various types of technology. This "automatically collected" information may include your IP address or other device address or ID, web browser and/or device type, and the dates and times that you visit, access, or use the Service. We also may use these technologies to collect information regarding your interaction with email messages we send you, such as whether you opened, clicked on, or forwarded a message.
If you use our Service, we may receive your generic location such as a city or country.
Why We Collect Your Information
We collect information about you:
to allow you to use services on our website and to purchase the products that we offer on our website.
to allow you to request a service, including customer support, give you access to your DNA results, to send DNA collection devices.
to allow you to register your sample and DNA collection kit.
to generate and store your account on our DNA Results platform and server.
to allow you to get involved with our company;
to enable online payments to be made;
to allow you to make a complaint;
to allow us to consider your comments, queries and suggestions and respond if necessary;
to allow us to respond to your enquiries for information/further information;
for registration to certain areas of the website, including the DNA Results portal;
to request consultations or contact from a Practitioner listed in our Practitioner Directory;
to be able to generate your Gene Variant Report through our Gene Variant Report services;
to inform you about updates, promotions and to provide you with educational content;
to create affiliate and partnership profiles;
to allow you to register as a Practitioner on our Practitioner Directory.
to label and ship your purchased products to your shipping address.
to improve our Website and the Services (or to develop new products and services), we may use your personal information for internal data analysis, studying how our Website is used, identifying usage trends and determining the effectiveness of promotional campaigns.
When you are directed to one of the online payment web pages, some contact details and card details will be collected to enable your payment to be made. These will be obtained using a secure third-party provider, such as PayPal and Stripe. Lifestyle Genomics Research Centre Limited does not store your credit card details.
How We Collect and Use Your Information
We use the following channels to collect and process your information:
Products Purchasing process
To make it possible for you to purchase our products and services as featured on our shop page, we use the shopping platform provided to us via our website host: one.com.Your data collected during the purchasing process is stored on One.com’s servers and we act as data processor for this information. As One.com’s customer, we are the data controller for this data.
All data of customers residing in the European Union is hosted in One.com’s data centres in Denmark within the European Union. This DOES NOT include DNA data which is processed and stored totally independently of the systems used for the purposes of orders processing.
One.com does not monitor data we have stored on their webspace or in emails. It is our own responsibility to comply with the GDPR and other regulations.
The one.com data centre is designed to meet the highest standards of security. All customer data and one.com’s system data are secured through a daily remote backup of all servers via a private 10 Gbit fibre connection to a separate backup data centre located 10 km from the main data centre.
Our shop offers 3 options for making payments
3. Manual payment -Bank transfer - You can also choose the Manual Payment option which will require you to transfer the amount directly from your bank account.
Connecting with a Practitioner
Data submitted via any of our Practitioner contact forms is stored in our email inbox and also forwarded to the email inbox of the Practitioner you want to connect with.
We may use your email address collected via these forms to contact you about updates, educational content and product offers.
Sample Registration And Processing Of Sample Registration Data
Online Sample Registration is a mandatory requirement for all users of our services who wish to have their DNA analysed at our designated laboratory,
We use Cognito LLC, who provide the online platform through which you can complete our Sample Registration form online and they store the completed form on our behalf. Cognito Forms LLC is based in the United States, however, Cognito Forms LLC participates in and has certified its compliance with the EU-US Privacy Shield Framework, as part of which Cognito LLC has agreed to comply with data protection standards similar to those available in the UK when it holds and uses your personal information. More information is available here: https://www.cognitoforms.com/privacy and https://www.cognitoforms.com/terms.
To ensure that all data storage and processing activities performed by Cognito LLC adhere to the GDPR regulations, Lifestyle Genomics Research Centre Limited and Cognoto LLC have signed the Data Processing Addendum agreement between the two companies.
Cognito LLC uses SSL encryption and is always accessed over HTTPS 100% of the time for all users. SSL (Secure Sockets Layer) is the standard for ensuring data is encrypted when being sent to a web server from a browser.
This adds on another layer of entered data protection, in addition to our www.mthfr-genetics.co.uk website, which is also SSL certified.
We use Cognito LLC to collect email addresses, passwords, names and surnames of sample donors and names and surnames of persons submitting samples on behalf of sample donors.
The primary purpose of collecting this information is to enable us to create your account on our DNA Results platform and to share your results with you.
We also use this information to match the sample barcode with your account, to make sure that we issue DNA data only to the data owner (the person who registered and submitted DNA sample).
Data gathered via our Sample Registration Form is subject to the following security measures:
TLS 1.2/SSL encryption.
Hosted securely on the Microsoft Azure cloud platform, which is PCI (DSS) Level 1
Customer data is carefully segregated at the lowest architectural level in Cognito Forms to ensure that data for one organisation cannot be accessed by another organisation.
Architecture is unique and highly specialized for massive scale while maintaining data isolation. It does not use transitional databases and is not vulnerable to SQL injection attacks.
Sensitive data, and other personally identifiable information, is required to be encrypted at rest using 256-bit AES encryption
Practitioners And Partner Users Purchasing Our Products On Behalf Of Their Clients - Drop Shipping
Sample Registration Confirmation Email Notifications
We will use the following details, given by you, during the Sample Registration process, in order to inform you that your sample arrived at our Sorting Office: Name and Surname of the sample donor, the email address registered with your sample, part of your sample barcode.
Practitioners And Purchasing Partners Registering Samples On Behalf Of Their Clients
Creating and Hosting Your Account on our private DNA Results Platform/Server
Some of the data collected via our Sample Registration Form is used to create and host your account on our DNA Results Platform.
We use the following data in order to create and host your account: Name, Surname, Email address and Password.
When your account has been created successfully on our DNA Results Platform, you will receive an email notification with your account access link.
This email will be sent from our email address: firstname.lastname@example.org
To access your account and your results, you will still be required to enter the login details you registered via our Sample Registration Form.
Our private server IP allows you to access your DNA raw data file and your Gene Variant Report from most locations, on most devices.
How Secure is our server (aka. DNA Results Platform)?
Our server interface supports HTTPS and offers server-side encryption. Our server infrastructure automatically generates a 4096-bit strong private/public key-pair for each user. Private keys are encrypted with the user’s login password and thus nobody can get at your data if you are not logged in on our server.
Our Private server webspace, aka. DNA Results Platform can also be accessed through the Access Your Results Button, located in the right, upper corner on our website.
By clicking on this button, you navigate away from our www.mthfr-genetics.co.uk and are redirected to our https://mthfrdnaresults.ddns.net/ domain, assigned to our private server.
Who is involved in the generation and processing of your DNA raw data?
Raw data files are generated using GenomeStudio and Issued by the UCL genomics via UCL Dropbox connection. Each time a raw data set is issued, UCL Genomics assigns a unique access code granting us permission to collect this data. The DNA raw data sets are stored at the UCL Dropbox location for 10 days.
Your DNA data may be additionally checked for accuracy and quality by Illumina, which is the company responsible for the design and the manufacturing process of our customised chip. In the event that your raw DNA data is subject to additional quality checks by Illumina, it will be shared with us via Illumina’s secure box portal Once the datasets are successfully collected by Lifestyle Genomics Research Centre Limited, they will be deleted from Illumina’s box portal.
Neither the UCL Genomics nor Illumina has access to your identifiable information and any work carried out by either of these entities, deals with anonymised DNA data.
Your DNA raw data is then processed and converted by Lifestyle Genomics research centre Limited, using our in-house methods, to issue Gene Variant Reports and the final version of your raw data file,
The final version of your raw data file and your Gene Variant Report are uploaded to and stored on our private, secure server in the United Kingdom.
You may choose to delete your raw data file and your Gene Variant Report from our server, at any time.
We may also store a backup version of your raw data file on an offline storage device. If you decide to remove your raw data file from our server, please remember to email us on email@example.com, with a request to remove the backup copy of your raw data file, from our backup device.
Sharing DNA results
If you are the Administrator of a DNA Test, you can choose to invite others to access your DNA Results, which will give those Users permission to see your DNA Results on our DNA Results Platform and, in certain cases, edit some of your information.
Downloading your data
If you so choose, you can download your report (s) and your raw data files.
We strongly advise you to download and save all of your results and accompanying files as we can not guarantee to store these files indefinitely.
Please note: if you or we delete Results, copies of that information may remain viewable elsewhere to the extent any such copy has been shared with others and copied and stored. If you have given third-party applications or websites access to your information, they may retain your information to the extent permitted under their terms of service or privacy policies but they will no longer be able to access the information through our platform after you disconnect from them. Information that is removed or deleted may also persist in backup copies for a reasonable time for our internal and the testing company’s internal business purposes but will not be available to you or others.
Please note that once your data is downloaded onto any device, it will no longer be protected by our security measures.
Gene Variant Reports
Your Gene Variant will contain the following information you provide during the online sample registration process: name, surname, sample barcode number.
Gene Variant Reports included with your results are populated with hyperlinks to our Research Library. Our Research Library contains links to other public libraries and online resources.
Lifestyle Genomics Research Centre Limited is not responsible for the content or privacy practices of these sites and this Policy does not apply to the practices of those companies that are not affiliated with Lifestyle Genomics Research Centre Limited.
How We May Use Your DNA Data
The testing company may INTERNALLY analyse Users’ results to make discoveries in the study of medicine and other topics. In addition, if you voluntarily agree to the Research Projects Informed Consent, the testing company may use the Results and other information for the purposes of collaborative research and publication and in accordance with the Informed Consent.
As Lifestyle Genomics Research Centre Ltd. continues to grow and change, they might restructure, buy, or sell subsidiaries or business units. In these transactions, customer information is often one of the transferred assets, remaining subject to promises made in then prevailing privacy statements. Also, in the event that the testing company or substantially all of its assets or stock are acquired, transferred, disposed of (in whole or part and including in connection with any insolvency or similar proceedings), personal information will as a matter, of course, be one of the transferred assets.
We inform you that, as a data subject, you are entitled to exercise the below-listed rights under Articles 15, 16, 17, 18, 19, 20, 21, 22, 23 of the Regulation. To exercise these rights, please email us on firstname.lastname@example.org
Ask and obtain information about whether or not Lifestyle Genomics Research Centre Limited is holding any of your personal data or whether or not your personal data are being processed and, in this case, you may have access to them;
Ask and obtain a copy of your personal data that are processed by automated means in a structured, commonly used and machine-readable format; you can also claim the right to transmit those data to another controller;
Ask and obtain the alteration and/or rectification of your personal data when you consider them to be inaccurate or incomplete;
Ask and obtain the erasure – and/or a processing restriction – of your personal data whenever they are not necessary – or no longer necessary – to fulfil the purposes for which they were collected, hence upon expiry of the retention period.
Please note that you can lodge a complaint with the supervisory authority whenever your personal data is unlawfully processed.