OMEGA DIAGNOSTICS ltd
Privacy and Cookie
Policy
Digital Platform
Privacy and Cookie Policies
Our Privacy and Cookie Policies are
here for you to learn more about how Omega Diagnostics Ltd (ODL) protect the
personal information you share with us and what cookies we use to ensure that
you have a great experience when using our digital services.
Our Privacy Commitment to you
At ODL, we take our responsibilities
regarding the protection of customer information very seriously and are
committed to protecting your privacy, keeping your data safe and not doing
anything with it that you wouldn’t reasonably expect.
Our Privacy Policy explains what
personal data we collect about you, how and why we use it, who we disclose it
to, and how we protect your privacy. For more details, please read our full Privacy
Policy and Cookie Policy or click on the sections below that you want to find more information
about.
This policy
demonstrates our commitment to protecting the privacy and security of your
personal information. This Privacy Policy describes how ODL collects, processes and retains your personal information. Our Privacy
Policy will be updated from time to time, so please check back regularly.
You have the right to make a complaint
at any time in the UK/EU this would be to the Information Commissioner's Office
(ICO), the UK supervisory authority for data protection issues
(www.ico.org.uk).
We would, however, appreciate the
chance to deal with your concerns before you approach the ICO so please contact
us in the first instance.
If you have any questions or comments regarding this policy, please email gdpr@omegadx.com.
What this Privacy and Cookie Policy will tell you:
Omega Diagnostics Ltd (registered in
Scotland with company number SC107178) which is part of the Omega Diagnostics
Group PLC registered in England and Wales with company number 5017761.
Omega Diagnostics Ltd (ODL) is focused
on selling a wide range of specialist products, primarily in the immunoassay,
in-vitro diagnostics (IVD) market.
Our Mission, is to improve human health and well-being through
innovative diagnostic tests and global partnerships.
Omega Diagnostics Ltd is responsible
for your personal data.
We have appointed a data protection
officer (DPO) who is responsible for overseeing questions in relation to this
Policy. If you have any questions about this Policy, including any requests to
exercise your legal rights, please contact the DPO using the details set out
below.
Email address: gdpr@omegadx.com
The company has two offices one in
England (HQ) and India:
Omega Diagnostics Ltd. (HQ)
Eden Research
Park,
Henry Crabb
Road,
Littleport
CB6 1SE
England
T: +44 (1353)
862220
Omega Dx (Asia)
Pvt Ltd.
508, 5th floor,
Western Edge I,
Kanakia Spaces,
Western Express Highway,
Borivali (East),
Mumbai 400 066,
India
What information we
collect and what do we use it for?
Personal data or information means any
information that can be used to identify you. For example, it can include
information such as your name, date of birth, email address, postal address,
telephone number, payment details as well as information relating to your
general health.
We may collect, use, store and transfer
different kinds of personal data about you which we have grouped together as
follows:
·
Identity Data includes first name, maiden name, last
name, username or similar identifier, title, date of birth and gender
·
Contact Data includes address, email address and
telephone numbers
·
Financial Data includes bank account and payment card
details
·
Transaction Data includes details about payments to and
from you and other details of products and services you have purchased from us
·
Technical Data includes internet protocol (IP)
address, your login data, browser type and version, time zone setting and
location, browser plug-in types and versions, operating system and platform and
other technology on the devices you use to access this website
·
Enquiry Data includes data you provided us with
when you contact us for customer service assistance (by any means of
communication including written communications, via our website, telephone,
email, or our social media channels) or when you visit us at a public event,
such as a trade show or exhibition or participate in one of our surveys, we may
record all customer service communications and keep information about the
particular communication, including your name, the product(s) you bought, the
reason why you contacted us, and the advice we gave you so we can track the
resolution of any customer service issues and for customer service training
purposes.
·
Usage Data includes information about how you use
our website, products and services, as well as the
frequency and pattern of your service use
·
Marketing and Communications Data includes your preferences in receiving
marketing from us and your communication preferences.
·
Wellness Data which includes data you provide related to your diet, lifestyle habits,
and general wellness. We collect this data in order to
provide relevant services and tailored features, which are specific to
you. For example
meal plans, reporting and analytics, and product recommendations.
·
Health Data which includes the results of any tests that you purchased and sent to us
to process.
·
Aggregated Data such as statistical or demographic data. Aggregated data may be derived
from your personal data but is not considered personal data in law as this data
does not directly or indirectly reveal your identity. For example, we may
aggregate your Usage Data to calculate the percentage of users accessing a
specific website feature.
We do not knowingly
collect Personal Data online from individuals under 18. If you become aware
that a child has provided us with Personal Data without parental consent,
please contact us through our support team. If we become aware that an
individual under 18 has provided us with Personal Data without parental
consent, we will take steps to remove the data and cancel that individual’s
account.
·
To provide you with the services, products or information you asked for – for example process
your samples within our lab services
·
To register you as a professional
practitioner so we are able to offer our lab services
·
Process payments for our products and
services
·
Where we need to perform the contract,
we are about to enter into or have entered into with
you
·
Where it is necessary for our
legitimate interests (or those of a third party) and your interests and
fundamental rights do not override those interests
·
Where we need to comply with a legal or
regulatory obligation
·
Keep a record of your relationship with
us
·
Ensure we know how you prefer to be contacted
·
Understand how we can improve our
services or information
·
To keep you updated on our products and
services
We collect your personal information
through a number of different sources:
·
Via our website/digital platform
·
On our Laboratory Information
Management System (LIMS)
·
Via sample information forms when you
return your sample to the service laboratory to be tested
·
Via laboratory samples
Lawful Basis
A)
For business customers, our lawful
basis is legitimate interest as it’s necessary to inform business customers and
stakeholders about our products/services to grow their business offering and
ours.
B)
For consumers our lawful basis for
processing data is explicit consent.
We will only retain your personal data
for as long as reasonably necessary to fulfil the purposes we collected it for,
including for the purposes of satisfying any legal, regulatory, tax, accounting
or reporting requirements.
We may retain your personal data for a
longer period where such retention is necessary for compliance with a legal
obligation to which we are subject, or in order to
protect your vital interests or the vital interests of another natural person,
or in the event of a complaint, or if we reasonably believe there is a prospect
of litigation in respect to our relationship with you.
Once your account is dormant
we will retain your data as follows:
·
Health data - 8 years
·
Training data - 1 year
In some circumstances we will anonymise
your personal data (so that it can no longer be associated with you) for
research or statistical purposes. As you
cannot be identified this data is not subject to GDPR in which case we may use
this information indefinitely and will not need to inform you.
Lab Services
In our UK laboratory
serum and plasma samples are stored frozen and retained for no longer than a
period of 1 month in our laboratory, in accordance with the Royal College of
Pathologists Guidelines. Additional testing or retests will only be performed
upon specific request by the client. Samples will be disposed of after this
period by incineration. If your samples are being processed in a different country please check with the laboratory on their retention
schedule.
Digital Platform/App
The Omega Digital
Platform is provided by Cirdan, who delivers Omega with a web
platform, iOS and Android app that provides test results directly to
you. Your data is stored through Cirdan on Microsoft Azure servers
in the United Kingdom but controlled by Omega. For more information, please
view Cirdan’s Privacy Policy. (https://www.cirdan.com/cirdan-privacy-policy-2/)
Website
www.myhealthtracker.co.uk is hosted in the UK on an Azure platform. For
further information, please view Azure Privacy Policy.
www.cnslab.co.uk is
hosted on Shopify Inc. who are head quartered in Canada. They provide us with the online e-commerce
platform that allows us to sell our products and services to you. Your data is
stored through Shopify’s data storage, databases and
the general Shopify application. For
further information, please view Shopify’s Privacy Policy.
Social Media
When you use a social
media platform and interact with and its products, you do so by consenting to
the terms & conditions of such platforms.
This can include Facebook, Twitter, Instagram, LinkedIn, Pinterest,
YouTube, and Google+. For more
information, please see their individual Terms & Conditions and privacy
policies.
eNewsletters | Marketing
We will send you marketing emails and
newsletters to keep you updated on our products and services. You can at any time opt out of receiving
these emails.
Third-party links
Our applications, platforms and website
may include links to third-party websites, plug-ins
and applications. Clicking on those links or enabling those connections may
allow third parties to collect or share data about you. We do not control these
third-party websites and are not responsible for their privacy statements when
you leave our website, we encourage you to read the privacy notice of every
website you visit.
Surveys
From time to time, ODL will carry out
surveys to collect information from suppliers, practitioners
and consumers to establish areas for improvement and quality monitoring.
In most cases Survey Monkey will be
deployed for such activities.
SurveyMonkey Inc. participates in and
has certified its compliance with the EU-U.S. Privacy Shield Framework and
Swiss-U.S. Privacy Shield. SurveyMonkey is committed to subjecting all personal
information and data received from European Union (EU) member countries and
Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s
applicable Principles. To learn more about the Privacy Shield Framework, visit
the U.S. Department of Commerce’s Privacy Shield List.
https://www.privacyshield.gov/ or visit (https://www.surveymonkey.co.uk/mp/legal/privacy-policy).
We log visitors' domain and IP address
automatically; this information does not identify you as an individual, but
only the computer that is being used to view the site.
This data is used to see where the site
is being used in the world to ensure coverage, and for click stream analysis to
help better understand site usage, so that we can improve our service to you.
We do not link information automatically logged by such means with personal
data about specific individuals.
What is a Cookie?
A Cookie is a small text file which are stored on a
user's computer. They are designed to
hold a modest amount of data specific to a particular user and website.
Why do we use Cookies?
Cookies are a convenient way to carry information from
one session on a website to another, or between sessions on related websites.
This makes your visit to our site smoother. It also remembers your preferences
and allows us to customise your experience.
Cookies also allow us to monitor and measure how visitors
engage with our website. We can discover
what areas of the site are popular, how often visitors return, have they
accessed the website from a desktop computer or a mobile device and so on. By
understanding this information, we can improve and enhance the customer journey
in the future.
If you choose to opt out of accepting our Cookies, some functions may
appear broken because of the way our site operates. Please understand that your experience may
not be as smooth or as enjoyable as we aim to deliver to all
of our visitors though the overarching site will continue to work.
If you still decide to opt out, you have two options:
You can adjust the settings on your internet browser to prevent cookies
being downloaded. How this is done varies according to which browser you are
using, and we recommend you refer to the appropriate online help guides.
You can opt out of receiving specifically those cookies we use to track
how people are using our site. Details of how to disable the Google Analytics
cookies can be found on our Cookie
Page
There are two types of Cookie:
Session Cookie
Session Cookies are temporary. They allow ODL to link the actions of a
user during a browser session. A browser session starts when a user opens the
browser window and finishes when they close the browser window. Once you close
the browser, all session cookies are deleted.
Persistent Cookie
These cookies are set on your first visit to the ODL website. They last
longer than the duration of your stay and are used to help us understand which
parts of our sites are regularly visited and how we can improve the service we
deliver.
Functions
Cookies also have, broadly speaking, four different functions and can be
categorised as follow: ‘strictly necessary’ cookies, ‘performance’ cookies,
‘functionality’ cookies and ‘targeting’ or ‘advertising’ cookies. ODL will use the term ‘Targeting’ when
describing this function.
Strictly Necessary
Strictly Necessary cookies are essential to
navigate around the ODL websites and use its features. Without them, you
wouldn’t be able to use basic services like registration or the shopping
basket. These cookies do not gather information about you that could be used
for marketing or remembering where you’ve been on the internet.
Performance
Performance cookies collect data for
statistical purposes on how visitors navigate the ODL websites; they don’t
contain personal information such as names and email addresses and are used to
improve your user experience of our website.
Functionality
Functional cookies allow our visitors to
customise how our website looks for them: they can remember usernames, language
preferences and regions. On other
websites they can be used to provide more personal services like local weather
reports and traffic news.
Targeting
Targeting cookies are used to deliver
advertisements more relevant to you but can also limit the number of times you
see an advertisement and be used to chart the effectiveness of an ad campaign
by tracking users’ clicks. They can also provide security in transactions.
We use cookies on our
websites and app.
To find out more
about cookies, including how to see what cookies have been set and how to
manage and delete them, visit www.allaboutcookies.org.
To opt out of being tracked by Google Analytics
across all websites, visit http://tools.google.com/dlpage/gaoptout.
To find information relating to other browsers, visit
the browser developer’s website.
We also log visitors’ domain and IP address automatically; this
information does not identify you as an individual, but only the computer that
is being used to view the site. This data is used to see where the site is
being used in the world to ensure coverage, and for click stream analysis to
help better understand site usage, so that we can improve our service to you.
We do not link information automatically logged by such means with personal
data about specific individuals.
We may share your
personal data with 3rd parties for the purpose of providing our
services and products or if we are required to by a regulatory
requirement. Our authorised data
processors are subject to comprehensive due diligence in-line with current data
protection legislation
When acting as our authorised data
processors, our service providers are required to only process data in
accordance with our instructions, in line with this Policy, and are subject to
appropriate confidentiality and security obligations.
We have put in place appropriate
security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or
disclosed. In addition, we limit access to your personal data to those
employees, agents, contractors and other third parties who have a business need
to know. They will only process your personal data on our instructions, and
they are subject to a duty of confidentiality.
We have put in place procedures to deal with
any suspected personal data breach and will notify you and any applicable
regulator of a breach where we are legally required to do so.
Some of the steps we use to protect
your information from unauthorised access, use or alteration and unlawful
destruction, include where appropriate:
·
Limiting access to the information we
collect about you (for instance, only those of our personnel who need your
information to carry out our business activities are allowed access).
·
Putting in place physical, electronic,
and procedural safeguards in line with industry standards.
Transferring your data
·
The Personal Data ODL processes, and
all associated Services and systems, including registration, is housed on
servers in the United Kingdom. If you are located outside of the United
Kingdom, please be aware that Personal Data we collect will be processed and
stored in the United Kingdom under the UK GDPR and it may therefore offer a
lower level of protection than in your country/region.
·
By using our Services and submitting
your Personal Data, you agree to the transfer, storage, and/or processing of
your Personal Data in the United Kingdom.
Under the General Data Protection
Regulations, you have rights as an individual which you can exercise in
relation to the information, we hold about you.
We commit to ensure that any data we
process is correct and up to date. It is your obligation to make us aware of
any changes to your personal information.
In some situations, you may have the;
·
Right to be informed. This means that we must tell you how we use your data, and
this is the purpose of this privacy notice.
·
Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request.
·
Right to request correction. If any data that we hold about you is incomplete or
inaccurate, you are able to require us to correct it.
·
Right to request erasure. If you would like us to stop processing your data, you have
the right to ask us to delete it from our systems where you believe there is no
reason for us to continue processing it.
·
Right to object to the inclusion of any
information. In situations where we are relying on a
legitimate interest (or those of a third party) you have the right to object to
the way we use your data where we are using it.
·
Right to request the restriction of
processing. You have the right to ask us to stop
the processing of data of your personal information. We will stop processing
the data (whilst still holding it) until we have ensured that the data is
correct.
·
Right to portability. You may transfer the data that we hold on
you for your own purposes.
·
Right to request the transfer. You have the right to request the transfer of your personal
information to another party.
Individuals can find out if we hold any
personal information by making a 'right of access' request. More information can be found at https://ico.org.uk.
If we do hold information about you, we
will:
·
Give you a description of it;
·
Tell you why we are holding it;
·
Tell how long we keep in for and the
lawful basis for doing so;
·
Tell you who it could be disclosed to;
and
·
Let you have a copy of the information
in an a commonly used electronic format, unless the
individual requests otherwise.
You will not have to pay a fee to
access your personal data (or to exercise any of the other rights). However, we
may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to
comply with your request in these circumstances.
We may need to request specific
information from you to help us confirm your identity and ensure your right to
access your personal data (or to exercise any of your other rights). This is a
security measure to ensure that personal data is not disclosed to any person
who has no right to receive it.
We keep our privacy policy under
regular review, and we will place any updates on this web page. This privacy policy was updated in September
2022.