In this Statement we, Living DNA Limited of K10 The Courtyard, Jenson Avenue Commerce Park, Frome, Somerset, United Kingdom, BA11 2FG, provide guidance on how and why we collect personal information from you, how we use that information, and how we protect it. Broadly speaking, personal information is information from which you can be personally identified.
This Statement does not provide information on what personal information that we collect for research purposes, and how that information is used. That is covered by our separate and specific Research Consent. Anyone who chooses to participate in our research initiatives must read and sign our Research Consent.
This statement is not intended to be exhaustive; it is intended to provide you, our customers, with information about our approach to privacy which we think will be of most relevance to you. If you require further information, or if you have any queries about this statement, please contact us by email at firstname.lastname@example.org, or using the ‘Contact Us’ page on our site, www.livingdna.com.
Our starting point is that you are in charge of your DNA, and that our role is to carry out your DNA test, to provide you with your Living DNA ancestry test results, and to store your DNA sample, and genetic information for you if you so wish. If and when you want us to destroy your DNA sample and/or delete your genetic information we will.
What information we collect and how we use it
It is important to be aware that once your DNA test has been completed, the information that we will hold about you will include sensitive information such as information about your ethnicity. We will also hold your genetic information, which can reveal a lot about you. For example, through further analysis, your genetic information could potentially reveal whether you have an elevated risk of having, developing or passing on certain medical conditions, although because of the nature of our test, the genetic information we record should NOT be used for medical diagnostic purposes.
When you open your account with us, we collect personal information from you such as your name, address, date of birth and payment information. We do this in order to perform the services which you have requested, including carrying out your Living DNA ancestry test and providing the results to you, for account management, and billing and payment processing purposes and generally to respond to your customer service requests. We also use that information to operate your account with us and to provide our web based services to you. If you do not wish to provide the information requested, please do not proceed to order a Living DNA ancestry test and to open an account with us, as we are unable to provide our ancestry services without this information.
We also request some information about your relatives in order to be able to provide our Living DNA ancestry test results. We do this to help us improve the information that we are to provide to customers generally. It will not impact on your results. You do not need to provide this information in order for us to carry out your Living DNA test, it is optional.
As part of our Living DNA ancestry testing Service we will not process the results of your DNA test, i.e. your genetic information so as to derive any personal information about you, unless it is necessary to provide you with your Living DNA ancestry test results, or as separately and specifically requested by you. This may include if we offer further services that make use of the data, and you specifically choose to make use of these services
We will use your personal information to let you know about services which we, or our parent company (DNA Worldwide Group Limited) or any related company are offering where that service is related to DNA testing, related testing or to the use of DNA test results, but we will not make your information available to any other third party for marketing purposes. We may use electronic means such as email to provide this information to you. If you do not want us to send you any information about our or a related company’s products or services, please let us know. One of the ways that you can do this is this by ticking the relevant box on our application form.
We will use your information in an anonymized or aggregated form. For example, we may use your information in our laboratories for validation and verification purposes and to help us to improve the accuracy of our testing, and we may use it for business management, planning and tracking purposes. In thisform it is not possible to identify you from the information that is being used. We may record any telephone you make to us for verification and training purposes.
How We Keep Your Personal Information
General information that you provide to us such as your name, address and information provided for billing purposes will be held by us on our computer systems.
Your DNA Sample
Your DNA sample will be sent to our partner laboratory that we have carefully selected to work with us for the purposes of DNA testing.
The laboratory will receive your sample, and a record of your gender. Your sample will be identified by a barcode. We will retain on our systems the information which enables you to be identified from the barcode. We will only provide this information to the laboratory in exceptional circumstances, such as where they are required by a competent regulatory authority to have this information, or where otherwise required by law to do so.
Your ‘Raw Data’
The basic results of your DNA test, being your genetic data, which we refer to as ‘raw data’, will be stored by us electronically on our secure and encrypted computer systems.
Your Test Results
We will retain your test results which will show your raw data and our analysis which enable this information to be provided in the form of your results on our computer systems. Where you have opened an account with us, we will make your results available to you online, and a subset in a printed book, if you choose this option. You will be able to share your results with other people selected by you using a link that we provide on your account. You are solely responsible for any decision to share your information.
Who we share your information with
We send your DNA sample to a laboratory based in Europe for testing. The laboratory has been carefully chosen by us.
We also use agents to assist us to perform our services, and may disclose your personal information to them. Examples of this include that we use an IT consultancy service, and from time to time we also use the services of companies to assist us to provide your test results to you. We also use the services of a payment processing company to facilitate on line payments. When you make payment on line, your banking details are provided to that payment processing company, and not to us.
We work in collaboration with experts in the field of genetics. They help us improve our systems, refine the ancestry estimation tools and keep our product market leading.
We only disclose your information to these third parties where we have appropriate agreements in place that require the third party to protect your privacy, and where we are satisfied generally with the controls that are in place.
Third parties are only permitted to use your information for the purpose of providing their service to us. If we were to sell our business, your information could be transferred to the purchaser as part of that sale.
You may also share your data using the link that we provide on your account.
How we protect your personal information
At the heart of how we protect your information is our commitment to International Standards set by ISO. We are certified to ISO:9001 for quality controls and ISO:27001 for information security. As part of our ISO accreditation, audits and reviews are conducted of all relevant third party service providers to check that they meet our strict requirements. We use a combination of technical, physical and organisational measures to protect the security of your information.
We have an Information Security and Compliance Management team who are responsible for the overall security of the company, with a designated head who reports directly to the Managing Director.
1. All staff receive ongoing Information Security Training
2. All staff are vetted and security cleared
3. We have a Feedback Reporting system to underpin our commitment to continual review and improvement is subject to regular management review
4. Our processes are audited by external consultants multiple times per year
We maintain strict access digital entry access controls to our premises, and ensure that the laboratory that we use does the same. All visitors are required to sign information security agreements, and must be escorted by a member of staff.
Our building is monitored with intrusion detection and the windows are covered in one way film stopping the viewing of inside the building from outside.
Living DNA work closely with their ISO:27001 secure hosting partners to keep all systems as secure as possible. There are multiple levels of intrusion detection, firewalls and server access is restricted on an essential access only basis.
Deletion or Destruction of Your Genetic Information
We retain your account information for audit and record keeping purposes in line with our internal record keeping policies.
We will retain your DNA sample for 10 years unless agreed otherwise
If you close your account with us and request us to destroy the results of your DNA test we will:
- Destroy the records which enable you to be identified from your barcode
- Destroy any test results held on our system, but not necessarily those held by our laboratory.
- Destroy your DNA sample
We will also destroy genetic information and test results for samples taken from a child. We will do this within 12 months of the person from whom the sample was taken turning 18, (using the information available from our records), unless that person, having turned 18 years of age, proves their identity to us, and enters into whatever formal arrangements we may have in place to access their genetic information. Our aim will always be to provide someone with control over their genetic information wherever reasonable possible.
Changes to this Statement
We may change this statement from time to time. We will publish the updated Statement on our website. If the change is significant we will endeavour to notify you of it in advance if you maintain an account.