Privacy Policy
Last updated: Effective date May 01, 2020.
Introduction
UpFront Diagnostics Limited (“UpFront Diagnostics”) is committed to ensuring the privacy of clients, patients, suppliers, employees, and other stakeholders. Please read this Privacy Policy carefully together with any other information provided to you to understand our policies and practices regarding your Personal Data (as defined below) and how we will treat it.
UpFront Diagnostics is developing a novel biomarker panel and the specific algorithms to be used for stroke subtype differentiation. The primary purpose of UpFront Diagnostics’s biomarker panel is to identify patients whom may be at risk of suffering a stroke in order that timely and effective treatments can be provided. UpFront Diagnostics’s biomarkers consist of a panel of molecules that are measured in each patient’s blood and, together with clinical symptoms, can identify if you are at risk of having had a stroke. The data deriving from these measurements is combined into a statistical model that produces a “risk score”, a numerical scale that is ultimately used to determine your risk of stroke.
UpFront Diagnostics’s biomarker panel is designed to operate on an anonymised basis, meaning that it is not designed to store or process your Personal Data (as defined below) in a form that identifies you. UpFront Diagnostics seeks to operate on the basis that it does not process your Personal Data.
If you are participating in one of our clinical trials your blood samples will be sent to us by the participating hospital with which we have a collaboration agreement. We do not analyse your DNA. The blood samples we receive are given a unique identifier by the hospital. We are not provided with your name or any other information that would enable us to identify you. We are provided with anonymised data, which includes your age, gender and race. All Personal Data, including your name, is retained at the hospital site where you have consented to participate in our study.
However, although UpFront Diagnostics does not intend to collect or process Personal Data, it is always sensible to explain how we would process Personal Data. Therefore, in circumstances where certain Personal Data may be processed this policy will apply.
This Privacy Policy applies to the website https://www.upfrontdiagnostics.com (“Website”), UpFront Diagnostics’s biomarker panel (“Biomarker Panel”) and the associated Biomarker Panel analytics (“Analytics”), (together, the “Services”) which are operated by UpFront Diagnostics Ltd. (collectively, “UpFront Diagnostics”, “we”, “our” or “us”). The Biomarker Panel is analysed by us or one of our partners by means of immunoassay methods.
This Privacy Policy also applies to UpFront Diagnostics’s employees.
Important information and who we are
The data controller is POCKIT DIAGNOSTICS LTD. a company registered in England and Wales under number 11051645 with its registered office at UpFront Diagnostics, University of Cambridge, Li Ka Shing Centre, Robinson Way, Cambridge CB2 0RE, United Kingdom
By using our Website or Services, you consent to the data practices described in this Privacy Policy. If you do not agree with any part of this Privacy Policy, then you should stop accessing our Website and stop using our Services.
This Privacy Policy explains how we collect and use your Personal Data and is provided in accordance with our obligations under applicable privacy and data protection law in the UK found in the Data Protection Act 2018, including Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018 (“Applicable Data Protection Law”).
Information we collect and how
For the purposes of this Privacy Policy, the term “Personal Data” means any information which identifies you or which allows you to be identified when combined with other information.
“Special Category Data” means any data that needs more protection because it is sensitive. This may include health-related information and medical data.
Personal Data and Special Category Data does not include data where your identity has been removed (“Anonymised Data”).
Operation of Biomarker Panel and Services
When you visit our Website, you may be asked to provide certain information, including your name and contact details. You should only do so if comfortable with this policy.
When you use our Biomarker Panel and Services, we may collect certain Personal Data, or personal information that can be used to identify you.
We may also receive Personal Data and Special Category Personal Data from client and sponsors’ patients enrolled in clinical trials, or by healthcare providers and healthcare professionals using our Biomarker Panel and Services. This data may include (but is not limited to) patient initials, date of birth, sex, race and ethnicity. It may also include genetic and health information.
We may also collect Personal Data automatically, or from third-party partners or services.
Basic Identifiers and Contact Information
We collect some information from you when you provide it to us directly, such as via an email or an online form. This information may include your name, email, and phone number as well as other information. Please note that we do not link and store your name or email address with any of your Personal Data. Your name and email address are stored separately.
Information we obtain from third parties
We may receive information about you from our third party service providers who collect this information through our Services in accordance with their own privacy policies.
Aggregated Anonymised Data
The anonymised information we collect from you may be combined with the information provided by other anonymous patients to produce aggregated anonymised data sets for research purposes. We refer to this combined data as “Aggregated Data.” Aggregated Data is not considered to be Personal Data as it does not reveal your identity. Aggregated Data may be used to provide general statistics regarding use of the Biomarker Panel and Services. We may also use such anonymised Aggregated Data and provide it to third parties for medical research purposes.
However, if you or we combine or connect Aggregated Data with any of your Personal Data that enables you to be directly or indirectly identified, we will treat such data as Personal Data to be used in accordance with this Privacy Policy.
Use of cookies and Google Analytics
In general, mere use of our Website is possible without having to provide Personal Data. Our Website may use “cookies” and similar technologies. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Website may become inaccessible or not function properly.
Purposes for which we will use your personal data
We may collect and use your personal information and Personal Data to operate our Website and to provide the Analytics and Services you have requested. This may include for the purposes of validating and carrying out Biomarker Panel Analysis and in providing our Services. All processing of Personal Data and Special Category Personal Data will at all times be in accordance with the client/sponsor’s instructions.
The legal bases we rely upon to use your Personal Data include the contract we have with you, or when you have given your consent, or where we need to comply with a legal or regulatory obligation. Please contact us if you require further details concerning the specific legal ground(s) we are relying on to process your Personal Data.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We offer here non-exhaustive examples of the ways in which we use your Personal Data:
- To provide and maintain our Services, including the provision of diagnostic Services to biopharmaceutical companies and healthcare providers and hospitals.
- We may use your Personal Data in connection with pharmacovigilance and regulatory activities that we are required to perform as a legal obligation (for example, reporting complaints and adverse events to relevant regulatory bodies)
- To administer and protect our Services and Analytics (including troubleshooting, data analysis, testing, support, fraud, reporting and hosting of data), our legal basis for processing is legitimate interests for running our business, provision of administration and services.
- We may use your Personal Data if you apply for employment with us, processed under consent and then contract if you become employed by us. UpFront Diagnostics collects and processes all employee information for human resource purposes, including payroll, tax, and performance reviews and assessments. External advisors and consultants’ information will be collected and processed in the same manner and in accordance with this Privacy Policy.
- We may also use your Personal Data to inform you of other products or services that we and/or our business partners provide. We may also contact you via surveys to conduct research about your opinion of our Biomarker Panel and Services.
Purposes for which we will share your personal data
You should be aware that when using our Biomarker Panel, Analysis, and Services, you may be providing your Personal Data to our business parties, affiliates, potential investors, scientific collaborators or other third parties in accordance with Applicable Data Protection Law, as set out below.
Sharing with our service providers and partners
We may share your Personal Data with our third party business service providers who perform functions on our behalf. These may include:
- IT service providers and system administrators;
- Data hosts and providers of programming or technical support;
- Professional advisers including lawyers, bankers, auditors, regultaors; and
- Healthcare providers or scientific and medical researchers (generally they would be receiving anonymised Aggregated Data for medical research purposes which is not Personal Data, but if it is pseudo-anonymised it can return to being Personal Data).
Advertising
We may share or otherwise “sell” information with advertising partners who distribute advertising in our Services and Biomarker Panel.
For corporate transactions
We may transfer your Personal Data if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganisation, dissolution, bankruptcy or other change of ownership or control.
When required by law
We may also share Personal Data if we are also under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to protect the rights, property, or safety of our business, our customers or others.
To enforce legal rights
We may also share Personal Data: (i) If disclosure is required in legal proceedings; (ii) as necessary to protect legal rights; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
Cross-border data transfers
Sharing of Personal Data sometimes involves cross-border data transfers, including transfers outside of the EEA in accordance with the law. We only transfer Personal Data to entities in third countries that have provided appropriate safeguards to ensure that their level of data protection is in agreement with this privacy policy and applicable law, for example in accordance with the rules and procedures known as the EU-US Privacy Shield, or under contractual provisions which have been deemed by the European Commission to provide sufficient safeguards for Personal Data. We will ask for your consent before transferring your Personal Data outside of the EEA.
Data security
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to your Personal Data to those employees, agents, contractors, healthcare providers and other third parties who have a business need to know. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data retention
We will retain your Personal Data for seven years for the purposes of this privacy policy or as long as necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
We will keep your Personal Data for at least seven years from the date of the last interaction for insurance and liability purposes. Should you opt out of using our Services you will be able to re-join and access your Personal Data within seven years.
The retention of your Personal Data will be reviewed regularly and at least every seven years for relevance. Any Personal Data deemed no-longer relevant is deleted.
Where we have taken steps to anonymise your personal data (so that it can no longer be associated with you) we may use this indefinitely for analytical, research and statistical purposes and to help us to improve our products and Services.
Your rights
Your right to withdraw consent at any time
Whenever we rely on your consent to process your Personal Data, you have the right to withdraw your consent at any time. If you wish to withdraw your consent, please contact UpFront Diagnostics using the contact details provided at the end of this privacy policy. This will not affect the lawfulness of any processing carried out before you withdraw, nor ongoing contractual or other obligations requiring us to process data for example due to a court ordered law enforcement request.
Your right to access the Personal Data we hold about you
You have the right to make a Data Subject Access Request (“SAR”) to access any Personal Data that we have collected. We aim to respond electronically to all SARs within one month. In circumstances where it may take us longer than one month to respond (for example if your request is particularly complex or if you have made a series of requests), we will notify you. We do not charge a fee for responding to a SAR. However, we may charge a reasonable fee if your SAR is manifestly unfounded or excessive.
Other rights
In addition to the rights set out above, you also have the following rights:
- Right to be informed – you have the right to be informed about the collection and use of your Personal Data;
- Right of rectification – you have the right to correct any Personal Data we hold that is inaccurate or incomplete;
- Right to erasure – in certain circumstances you can ask for the Personal Data we hold about you to be erased from our records;
- Right to object – you have the right to object to certain types of processing of your Personal Data, such as for direct marketing;
- The right not to be subject to a decision based solely on automated processing, including profiling, in certain circumstances;
- Right to restrict processing – you have the right to restrict processing of your Personal Data in certain circumstances; and
- Right to data portability – you have the right to request that we transfer the Personal Data we have collected to another organsiation, or directly to you, under certain circumstances;
If we refuse your request to exercise your rights we will provide you with a reason why. You have the right to complain to the UK Information Commissioner’s Office
(ICO).
In circumstances where your request relates to Personal Data processed by UpFront Diagnostics acting only as a Data Processor, it may be necessary to refer you to the relevant Data Controller.
Opt-out & unsubscribe
We respect your privacy and we will give you an opportunity to opt-out of receiving any or all communications from us that you may have subscribed to receive.
Changes to this privacy policy
This Privacy Policy may be updated to reflect feedback from clients, collaborators and other stakeholders and any changes in data protection regulations. Any changes will be posted on our Website. We recommend that you periodically review this Privacy Policy to be informed of how we are protecting your information.
Contact information
UpFront Diagnostics welcomes any questions or comments you have regarding this Privacy Policy. If you believe that we have not adhered to this Privacy Policy, please contact us at info@upfrontdiagnostics.com
UpFront Diagnostics Ltd.
Li Ka Shing Centre
Robinson Way
Cambridge CB2 0RE
United Kingdom
We ask that you try to resolve any issues with us first, although you have a right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time about our processing of your personal information.
The ICO is the UK regulator for data protection and upholds information rights.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Fax: 01625 524510