top of page

Privacy Policy

Privacy Policy

1. Who We Are

EmetDNA is a trading name of Emet Genetics Limited, a company incorporated and registered in England and Wales (the “Company”, “we”, “us”, “our”).

For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, we are the data controller in respect of your personal data.

Contact details:

2. Scope of This Policy

This Privacy Policy explains how we collect, use, store, process, and protect:

  • Personal data

  • Special category data, including genetic data

  • Technical and usage data

By using our services, you acknowledge this Policy.

3. Categories of Data We Collect

3.1 Personal Data

We may collect:

  • Name

  • Email address

  • Payment details

  • Billing address

  • Account credentials

  • IP address

  • Device and browser information

3.2 Special Category Data

We process genetic data that you upload in raw file format. Under Article 9 UK GDPR, genetic data constitutes special category personal data.

We do not collect biological samples. We process only digital genomic data files provided by you.

4. Lawful Basis for Processing

4.1 Personal Data (Article 6 UK GDPR)

We rely on one or more of the following lawful bases:

  • Article 6(1)(b) – Processing necessary for performance of a contract

  • Article 6(1)(f) – Legitimate interests (platform security, fraud prevention, service improvement)

  • Article 6(1)(c) – Compliance with legal obligations

4.2 Special Category Data (Article 9 UK GDPR)

We process genetic data on the basis of:

  • Article 9(2)(a) – Explicit consent

By uploading your genomic data and affirmatively accepting our Terms and Privacy Policy, you provide explicit consent to the processing of your genetic data for the purposes described herein.

You may withdraw consent at any time. Withdrawal does not affect processing already carried out.

5. How We Use Your Data

We use personal and genetic data to:

  • Provide genomic interpretation reports

  • Deliver personalised lifestyle insights

  • Operate and secure our platform

  • Process payments

  • Communicate with you

  • Comply with legal obligations

  • Prevent fraud or misuse

We do not use genetic data for automated decision-making that produces legal or similarly significant effects.

6. Data Sharing

We may share data with:

  • Cloud hosting providers

  • Secure analytics and interpretation software providers

  • Payment processors

  • Professional advisers

  • Regulators where legally required

All processors are bound by written data processing agreements compliant with Article 28 UK GDPR.

We do not sell genetic data.

We do not share genetic data for advertising purposes.

7. International Transfers

Where personal data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, such as:

  • UK International Data Transfer Agreements (IDTA)

  • UK Addendum to EU Standard Contractual Clauses

  • Adequacy regulations where applicable

8. Data Retention

We retain data only for as long as necessary for:

  • Delivery of services

  • Legal compliance

  • Defence of legal claims

Unless otherwise requested, genomic files are retained for 30 days after report delivery and then securely deleted.

You may request earlier deletion.

9. Security Measures

We implement appropriate technical and organisational measures including:

  • Encryption in transit

  • Secure cloud infrastructure

  • Access controls

  • Role-based data access

  • Audit logging

  • Processor due diligence

While we take reasonable steps, no system can be guaranteed completely secure.

10. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Erase your data

  • Restrict processing

  • Object to processing based on legitimate interests

  • Data portability

  • Withdraw consent

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

ICO contact details:

Information Commissioner’s Office
www.ico.org.uk

We will respond to rights requests within one month unless legally extended.

11. Withdrawal of Consent

Because genetic data is processed on the basis of explicit consent, you may withdraw consent at any time by contacting us.

Upon withdrawal:

  • We will cease processing

  • We will delete stored genomic data unless retention is legally required

Withdrawal may prevent continued access to services.

12. Children

Our services are not intended for individuals under 18. We do not knowingly process children’s genetic data.

13. Automated Processing

Our reports may be (partially) generated using algorithmic analysis of uploaded genomic data. However:

  • No solely automated decisions with legal or similarly significant effects are made

  • No profiling for advertising occurs

14. Data Breach Notification

In the event of a personal data breach, we will:

  • Assess risk promptly

  • Notify the ICO within 72 hours where required

  • Inform affected individuals without undue delay where there is high risk

15. Changes to This Policy

We may update this Policy from time to time. Updated versions will be published on our website with a revised effective date.

16. Contact

For all privacy enquiries and rights requests:

Email: privacy@emetdna.com

bottom of page