Circle Privacy Policy

This Privacy Notice is made in English and translated into other languages. In the case of discrepancy, the English version shall prevail.

We treat your information with the importance it deserves.We are committed to protecting your information, handling it responsibly and securing it with administrative, technical, and physical measures and safeguards. All test results and any Personal Information are maintained under a strict policy of confidentiality.

This Privacy Policy is designed to help you better understand how we collect, use, store, process, and transfer your information when using our services. It is applicable to all new and existing users of our services.

CircleDNA is a range of services offered by Prenetics Limited, a Digital Preventative Health Technology Company, combining lab diagnostics and digital technology platforms to make cutting edge scientific information available.

It is voluntary for you to provide any information we request, however in the event that you do not provide such information, we may not be able to provide you with our products or services.

Registration Information – when your account is set up, you will be asked to provide your name, contact details and date of birth.

Payment Information – payment card details will be taken at point of sale to facilitate purchases. Card details are not stored by Prenetics and are managed by our third-party card processing provider.

Genetic or Biomarker Information– Personal Data generated through the analysis of your saliva, stool or blood test.

Self-Reported Information – Personal Data, including medical conditions, sports-related information, ethnicity or family history that you voluntarily share in surveys, forms or features while entering our website may be collected by us.

Web behaviour Information – we may collect information on how users make use of our site, Prenetics backend portals or Prenetics software solutions. This information is collected through log files, cookies, and web beacon-, analytical- and advertising technologies.You can find more information at Circle Cookie Policy.

Gifts - If you provide us with Personal Data about others, or if others give us your information, for the purpose of ordering our service as a gift, we will only use that information for the specific reason for which it was provided to us.

Children's privacy - We do not collect Personal Data from minors without prior consent from a person with parental responsibility for the individual.

Prenetics is a genetics and diagnostic health testing company, with a mission to decentralize health care by focussing on comprehensive testing capabilities covering prevention, diagnostics, and personalized care.

We process both Personal Data and Personal HealthInformation for the following purposes:

To provide our service to you: We process Personal Data in order to provide our service, which includes customer support,processing payments, shipping kits to customers, creating customer accounts and authenticating logins, analysing DNA samples and DNA, to provide you with our reports, dependent on the service purchased and powering tools that benefit our customers such as allowing you to share your Personal Data with others.

To Improve Our Products and Service: We collect information when you send, receive, or engage in messaging with Prenetics. We do this to delegate your inquiries to the correct department.  We may use your Personal Data to investigate, respond to and resolve complaints and service issues.

If you interact with Prenetics via telephone, your call maybe recorded for training and monitoring purposes.

We also use analytics to determine ongoing service and resource needs and perform quality control checks to maintain best standards of practice. We conduct customer surveys and constantly work to improve and provide new reports, tools, and services. We may also need to fix bugs or issues, analyse use of our website to improve the customer experience or assess our marketing campaigns.

Except as stated below, we will only share your PersonalData with a third party when we are required by law or in good faith believe that such disclosure is necessary in such cases. Such disclosure includes but is not limited to:

Investigation, prevention, or action regarding suspected or actual illegal activities or to assist government enforcement agencies.

Enforce the Prenetics Terms of Service.

Respond to claims or allegations made by third parties against Prenetics; or

Protect the rights, property or Prenetics’ safety and the public.

We will only share your Personal Data with those categories of third parties listed below and under these circumstances -

Current or future Prenetics global entities. As Prenetics grows, restructuring may take place and it may be appropriate for more than one entity to control and process Information. This Privacy notice will apply to all Prenetics entities unless otherwise stated.

With our service providers as necessary for them to provide their services to us which include payment, order fulfilment and shipping, customer support, Cloud storage, IT and security, marketing.

Companies that provide services to get your purchases to you, such as payment service providers, warehouses, order packers and delivery companies.

Contracted consultants, suppliers and partners used to undertake fundamental activities to enable us to provide our services,enhance the User experience; and to effectively operate and manage our organisation.

With anyone else as provided for in terms of your explicit prior consent to do so.

Any Processors or other third-party service providers will be required to contractually comply with the principles and objectives of any Prenetics policies, including this Privacy Notice, and other Applicable Law and will be required to sign a data processing agreement to confirm thatInformation will not be collected, used, shared, stored or otherwise for anyPurpose other than those instructed by Prenetics.

We may be unable to provide our products or services to you should you wish such data sharing to not take place.

Our data retention policy is to take all practicable steps to ensure that the personal data collected is kept no longer than necessary to fulfil the purpose for which it is used or fulfil our contractual and legal obligations.

Prenetics implements measures and systems to ensure confidentiality, integrity, and availability of Circle data.

Anonymisation, encryption, and data segmentation. Registration Information is stripped from Sensitive Information, including genetic and phenotypic data. This data is then assigned a random ID so the person who provided the data cannot reasonably be identified. Circle uses industry standard security measures to encrypt sensitive personal data both when it is stored (data-at-rest) and when it is being transmitted(data-in-flight). Additionally, data is segmented across logical database systems to further prevent re-identifiability.

Limiting access to essential personnel. We limit access of information to authorized personnel, based on job function and role. Circle access controls include a strict least-privileged authorization policy.

Detecting threats and managing vulnerabilities. Prenetics uses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our build pipeline and regularly engage third party security experts to conduct penetration tests.

You have the following rights: