PGx TestingExpand ServicesExpand AboutExpand ResourcesExpand

01603 327 053

Pharmacogenomics Services

Pharmacogenomics Services

Practitioners

Patients

Get a Quote
Tell us about your testing requirements

Get a Quote
Tell us about your testing requirements

Get a Quote
Tell us about your testing requirements

AttoDiagnostics Ltd. Privacy Policy

At AttoDiagnostics Ltd., we take your privacy seriously. We only collect the Personal Data we need, and we do our best to keep it safe. This policy explains how we use your information, why we need it, and how we protect it.

Your Rights: You have the right to know what information we hold about you and to ask us to correct, delete, or stop using it if something doesn’t look right.

How We Use Your Information: We use your Data to provide services, improve our business, and make sure we meet all legal requirements. If we need to use any sensitive information (like health details), we’ll always ask for your clear consent first.

How We Keep Your Data Safe: We have strict rules and security measures to protect your Data from being lost or accessed by anyone who shouldn’t see it. If something goes wrong, we’ll let you know and inform the Information Commissioner’s Office (ICO).

Who We Share Your Data With: Sometimes, we may need to share your Data with other companies or organisations (like your medical practitioner) if it helps us provide our service to you. We only share what is necessary and make sure your information is kept safe.

International Transfers: If we need to send your Data outside of the UK, we make sure it’s protected with the same level of security as required by UK law.

If you have any questions or want more details, you can always reach out to our Data Protection Officer (DPO), who is here to help.

We collect, use and are responsible for certain Personal Data about you. When we do so, we are subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) concerning services we offer to individuals in the European Economic Area (EEA).

The Director has approved this policy of AttoDiagnostics Ltd. It sets out rules for Data Protection and the legal conditions that must be satisfied when we obtain, handle, process, transfer, and store Personal Data.

This policy does not form part of any employment contract and may be amended at any time.

The Data Protection Officer (DPO) ensures compliance with the legislation and Directive and this policy. Hebborn Consultancy Ltd holds the responsibility of DPO. Any questions concerning the compliance of this policy or the procedure that has not been followed should be referred in the first instance to the Data Protection Officer.

Who We Are

  • AttoDiagnostics Ltd. 33 Scottow Enterprise Park Lamas Road, Badersfield, Norwich, England, NR10 5FB
  • Our Data Controller is: AttoDiagnostics Ltd.
  • Our Data Protection Officer is: Hebborn Consultancy Ltd. Tedder House, Tedder Close Watton Norfolk IP25 6HU. 0333 772 1510
  • ICO Registration: ZB500303 as AttoDiagnostics Ltd. (Formerly Nkaarco Diagnostics Ltd.)

It would be helpful to start by explaining some key terms used in this policy:

We, us, our AttoDiagnostics Ltd.
Data Protection Officer The DPO ensures compliance with Data Protection laws, safeguarding personal Data and managing related risks.
Data Subject The natural living person to whom the Personal Data concerns
Processing Means any operation or actions performed on Personal Data, for example, collection, recording, organisation, structuring, storing, altering, deleting, or otherwise using Personal Data.
Personal Data Any information relating to an identified or identifiable individual
Special Category Personal Data Personal Data revealing racial or ethnic origin, biometric Data, political opinions, religious beliefs, philosophical beliefs or trade union membership, Data concerning health, sex life or sexual orientation.
You and your Refers to the person who is accessing our website and whose Data is processed

Data Protection Principles

We comply with the following Data Protection principles when processing personal information:

  1. Lawfulness Fairness and Transparency: All Personal Data will be processed lawfully, fairly and in a transparent manner.
  2. Purpose Limitation: We will only collect personal information for specified, explicit and legitimate purposes and will not process it in a way that is incompatible with those legitimate purposes.
  3. Data Minimisation: We will only process the personal information that is adequate, relevant, and necessary for the relevant purposes.
  4. Accuracy: We will keep accurate and up-to-date personal information and take reasonable steps to ensure that inaccurate personal information is deleted or corrected without delay.
  5. Storage Limitation: We will keep personal information in a form which permits the identification of Data subjects for no longer than is necessary for the purposes for which the information is processed.
  6. Integrity and Confidentiality: We will take appropriate technical and organisational measures to ensure that personal information is kept secure and protected against unauthorised or unlawful processing and accidental loss, destruction, or damage.
  7. Accountability: We are committed to processing your Personal Data in compliance with data protection laws.

How Your Personal Data is Collected

We collect most of this Personal Data directly from you in person, by telephone, text, email, or via our website and online systems, when you register with us, contact us (including via email), send us feedback, purchase products or services via our or our affiliate websites, complete customer surveys or participate in competitions via our website.

We may also collect your information indirectly from publicly accessible sources, e.g., Companies House, directly from a third party (e.g., your Medical Practitioners, sanctions screening providers, credit reference agencies, customer due diligence providers, e.g., your bank or building society).

We may also collect your information indirectly

From publicly accessible sources, e.g., Companies House, directly from a third party (e.g., your Medical Practitioners, sanctions screening providers, credit reference agencies, customer due diligence providers, e.g., your bank or building society).

How and why we use your Personal Data

Under Data Protection law, we can only use your Personal Data if we have a proper reason, e.g.: where you have given consent, or explicit consent where Special Category Data is being processed.

To comply with our legal and regulatory obligations for the performance of a contract with you or to take steps at your request before entering into a contract, for our legitimate interests.

Special Category Data: We may obtain Special Category Data, such as health information or other sensitive Data, when necessary and only in compliance with Data Protection law. This could occur with your explicit consent, or when it is essential to fulfil legal obligations, such as complying with regulatory requirements.

We may also collect Special Category Data from third parties, such as your medical practitioners or customer due diligence providers, for purposes such as assessing risks, ensuring legal compliance, or performing contractual obligations. Our goal is to manage your Data with care and transparency, respecting your privacy while fulfilling legitimate business needs.

A legitimate interest is when we have a business or commercial reason to use your Personal Data, so long as your own rights and interests do not override this. When relying on legitimate interests, we will conduct an assessment to balance our interests against yours. You can obtain details of this assessment by contacting us using the details below.

Why Do We Use Your Personal Data

To create and manage your account with us For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price
or
To perform our contract with you or to take steps at your request before entering into a contract
Providing services to you,
Entering into a contract with you,		 To perform our contract with you, to perform our contract with your Medical Practitioner, or to take steps at your request before entering into a contract
or
To comply with our legal and regulatory obligations.
Preventing and detecting fraud against you or us.
Conducting checks to identify and verify your identity or to help prevent and detect fraud against you or us.		 To comply with our legal and regulatory obligations.
or
For our legitimate interests, i.e., to minimise fraud that could damage you and us.
To enforce legal rights or defend or undertake legal proceedings. Depending on the circumstances:
to comply with our legal and regulatory obligations
in other cases, for our legitimate interests, i.e., to protect our business, interests, and rights
Communications with you not related to marketing, including about changes to our terms or policies or changes to the services or other important notices
Marketing our services to: existing and former customers, third parties who have previously expressed an interest in our services, third parties with whom we have had no previous dealings.		 Depending on the circumstances: To comply with our legal and regulatory obligations or, in other cases, for our legitimate interests, i.e., to be as efficient as possible so we can deliver the best service to you at the best prices
External audits and quality checks, e.g., for ISO or Investors in People accreditation and the audit of our accounts Depending on the circumstances:
For our legitimate interests, i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards or
To comply with our legal and regulatory obligations
To share your Personal Data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency in such cases the information will be anonymised where possible and only shared where necessary Depending on the circumstances:
— to comply with our legal and regulatory obligations or
— in other cases, for our legitimate interests, i.e., to protect, realise or grow the value of our business and assets
Ensuring business policies are adhered to, e.g., policies covering security and internet use.
Operational reasons, such as improving efficiency, training, and quality control.
Statistical analysis to help us manage our business.		 For our legitimate interests, i.e., to make sure we are following our internal procedures so we can deliver the best service to you
Protecting the security of systems and Data used to provide the services To comply with our legal and regulatory obligations
We may also use your Personal Data to ensure the security of systems and Data to a standard that goes beyond our legal obligations, and in those cases, our reasons are for our legitimate interests, i.e., to protect systems and Data and to prevent and detect criminal activity that could be damaging for you and us
Updating and enhancing customer records, Depending on the circumstances:
— to perform our contract with you or to take steps at your request before entering into a contract or
— to comply with our legal and regulatory obligations or
— for our legitimate interests, e.g., making sure that we can stay connected with our customers about existing orders and new products

Who we share your Personal Data with

We may disclose your Personal Data if we need to do so to comply with any legal or regulatory obligation or request or where we have a legitimate interest in doing so, such as to enforce or apply our contract, to investigate potential breaches, or to protect the rights, property, or safety of AttoDiagnostics Ltd. This may include exchanging information for fraud protection and credit risk reduction with other companies and organisations.

We will only share your personal information with Your authorised representatives and other third parties with whom we deal, who support the provision of our services and that have a legitimate interest in collecting your personal information for management, planning, and organisation of work. In addition, we will share personal information with law enforcement or other authorities if applicable law requires.

Cross Border Transfers of Data

We may transfer or allow access to your Personal Data outside of the UK when necessary to provide our services or comply with our legal obligations. Where such transfers occur, we ensure that appropriate safeguards are in place to protect your Data. We take all necessary measures to ensure your Personal Data is handled safely and securely, even when processed outside the UK, in line with applicable laws.

For transfers outside of the UK, we use the International Data Transfer Agreement (IDTA), or other approved mechanisms, to ensure that your Data is afforded an equivalent level of protection as required under UK Data Protection laws.

We acknowledge that some of our sub-processors are located in countries that are not recognised as providing an adequate level of data protection under UK GDPR or EU GDPR. In such cases, we ensure that adequate safeguards are in place, including but not limited to Standard Contractual Clauses (SCCs), the International Data Transfer Agreement (IDTA), or other approved mechanisms.

These measures aim to ensure the security of your data and compliance with applicable data protection laws. A full list of sub-processors, including those in inadequate countries, is available upon request.

This means that your Personal Data will be managed securely and in accordance with the UK GDPR, and that your rights will remain fully protected regardless of where your Data is processed.

How we keep your information safe

The security of your personal information is particularly important to us. We protect all Personal Data we hold and ensure we have appropriate organisational and technical measures in place to prevent unauthorised access or unlawful processing of Personal Data and to prevent Data from being lost, destroyed, or damaged.

We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures to deal with suspected Data security breaches. For example, we will notify you and the Information Commissioners' Office of a suspected Data security breach where we are legally required to do so.

Please contact us if you have any queries or concerns about our use of your Personal Data. We hope we will be able to resolve any issues you may have.

How long do we keep your personal information

We retain your Personal Data for as long as reasonably necessary to fulfil the purposes outlined in this policy, as per our Data Retention and Disposal Policy.

In some circumstances, we may retain your Personal Data for longer than is needed for those purposes described in this Notice. For instance: where we are required to do so under legal, regulatory, tax or accounting requirements to ensure that we have an accurate record of your dealings with us in the event of any complaints or challenges or if we reasonably believe there is a prospect of litigation relating to your relationship with us.

We maintain policies governing the creation, retention, and disposal of records in our care. These policies set out our requirements for the management of records, including guidance on keeping Personal Data as current as possible, securely deleting records and irrelevant or excessive Data, and storing information anonymously or in a manner which no longer identifies you.

Your Rights

  1. The right to access the Personal Data held about you (Subject Access Request)
  2. The right to ask us not to process your Personal Data for marketing purposes
  3. The right to withdraw at any time any consent you have given to receive marketing material from us
  4. The right to ask us to rectify inaccurate Personal Data about you
  5. The right to ask for the restriction of Personal Data concerning yourself that is inaccurate, unlawfully processed, or no longer required
  6. The right to ask for the erasure of Personal Data concerning yourself where processing is no longer necessary or the legitimate interests, we have in processing your Personal Data are overridden by your interests, rights, and freedoms as the Data subject
  7. The right to complain to the supervisory authority (the Information Commissioner's Office).

How to exercise your rights concerning a Subject Access Request

You can contact us concerning any of your rights. To protect your privacy, we may ask you to prove your identity before we formally respond to any request. There is no charge for a request, and we will respond to your request within one month.

Contact: data@theattogroup.com

How to complain

If you are dissatisfied with how we handle your data or wish to raise a concern, we encourage you to first contact our DPO, Hebborn Consultancy Ltd, who will work with you to resolve the issue.

Contact: Hebborn Consultancy Ltd. on keith@hebborn.co.uk

If you are still dissatisfied

If you are still dissatisfied with how we deal with your concern, you can contact the:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline: 0303 123 1113 (local rate)
Email: icocasework@ico.org.uk
Website: https://ico.org.uk

Cookies

Our website uses cookies to distinguish you from other users. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer.

We use the following types of cookies:

  • Strictly necessary cookies are required for the operation of our website.
  • Performance cookies allow us to count visitors and see how users move around our website.
  • Functional cookies enable us to provide enhanced functionality and personalisation of our website.
  • Targeting cookies are set by some of our partner websites and allow you to receive targeted advertising.

Using cookies helps us provide a pleasant experience when you browse our website (for example, to remember your chosen territory). Cookies also allow us to collect Data about your devices and how you use our website. In addition, we use Data analytics to maintain and improve our website.

Strictly necessary cookies are required to access our website and cannot be switched off. You can choose whether or not to allow the other types of cookies listed above, but some of our services may not function properly if you do not allow functional cookies. Therefore, we recommend you accept all cookies for the best browsing experience.

For the full details, please read our Cookie Policy.

Changes to policy

The Company may change or update this Privacy Notice at any time. Should we change our approach to Data Protection, you will be informed of these changes or made aware that we have updated the Privacy Notice so that you know which information we process and how we use this information. Where required under applicable laws, we will obtain your consent to these changes.

Version 2, updated on 05/11/2024.