Privacy Policy

Privacy Policy

Your trust is important to us.

This policy demonstrates our commitment to protecting the privacy and security of your personal information. This privacy policy describes how OD collects, processes and retains your personal information. We’ve updated our privacy policy and we’ll update it again from time to time, so we encourage you to review this Privacy Policy periodically.

What this Privacy Policy explains

  • The information we collect 
  • How we will use it
  • Where we collect it from
  • How long we store it
  • Our legal basis for processing your personal data
  • Digital services
  • Your rights and how you can see, update or delete your personal data
  • Disclosures of your Personal Data
  • Securing your data
  • Our recruitment processes

Who we are?

With our global headquarters based in Scotland, we have subsidiaries in Littleport (UK), Devon (UK) and Mumbai (India), with each site possessing ISO 13485 and ISO 9001, and compliant with directive 98/79/EC, on In Vitro Diagnostic (IVD) Medical Devices.

Our diagnostic kits and systems are found in hospitals, blood banks, clinics and laboratories around the world and produce information used by physicians and practitioners to diagnose disease, make treatment decisions and monitor patients.

Our product range was extended following the acquisition of Genesis Diagnostics and Cambridge Nutritional Sciences, giving our customers access to tests for the fast-growing area of food intolerance testing.

Omega Diagnostics Ltd is registered in Scotland with company number SC107178

Our Mission is to improve human health and well-being through innovative diagnostic tests and global partnerships.

Controller

Omega Diagnostics Ltd is the controller and responsible for your personal data.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Email address: gdpr@omegadiagnostics.co.uk

The company has three offices in Scotland (HQ), England and India:

Omega Diagnostics Ltd (HQ)
Omega House,
Hillfoots Business Village,
Alva FK12 5DQ
Scotland
T: 01259 763030

Omega Diagnostics Ltd (CNS & Genesis Diagnostics)
Eden Research Park,
Henry Crabb Road,
Littleport CB6 1SE
England
T: 01353 862220

Omega Dx (Asia) Pvt Ltd
508, 5th floor,
Western Edge I,
Kanakia Spaces,
Western Express Highway,
Borivali (East),
Mumbai 400 066,
India
T: +91 (22) 28702251

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

What information do we collect and what do we use it for?

Personal data or information means any information that can be used to identify you. For example, it can include information such as your name, date of birth, email address, postal address, telephone number, payment details as well as information relating to your general health.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, title, date of birth and gender
  • Contact Data includes address, email address and telephone numbers
  • Financial Data includes bank account and payment card details
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website
  • Enquiry Data includes data you provided us with when you contact us for customer service assistance (by any means of communication including written communications, via our website, telephone, email, or our social media channels) or when you visit us at a public event, such as a trade show or exhibition or participate in one of our surveys, we may record all customer service communications and keep information about the particular communication, including your name, the product(s) you bought, the reason why you contacted us, and the advice we gave you so we can track the resolution of any customer service issues and for customer service training purposes.
  • Test Data includes results regarding the test(s) you purchased as well as contact details for identification to return the results to you.
  • Usage Data includes information about how you use our website, products and services, as well as the frequency and pattern of your service use
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.

We will use your data to: 

  • Provide you with the services, products or information you asked for – for example process your samples within our lab services
  • To register you as a professional practitioner so we are able to offer our lab services 
  • Process payments for our products and services
  • Where we need to perform the contract, we are about to enter into or have entered into with you
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
  • Where we need to comply with a legal or regulatory obligation
  • Keep a record of your relationship with us
  • Ensure we know how you prefer to be contacted
  • Understand how we can improve our services or information
  • To keep you updated on our products and services

Where do we collect your information from?

We collect your personal information through a number of different sources:

  • Via our website
  • On our Laboratory Information Management System (LIMS)
  • Via request forms included in sample collection packs with each test using the service laboratory
  • Through transactions made by phone or via our website
  • Via laboratory samples

Lab Services

Sample Retention

Serum and Plasma samples are stored frozen and retained for a period of 1 month in our laboratory in Littleport, in accordance with the Royal College of Pathologists Guidelines. Additional testing or retests will only be performed upon specific request by the client. Samples will be disposed of after this period by incineration.

Payments

Payment card details received over the phone, by post or at seminars and exhibitions are either processed at point of receipt or at our Littleport office. All payment card details are securely destroyed after payment has been made.
We also adhere to the Payment Card Industry Data Security Standards (PCI-DSS), see Digital Services.

Digital Services

Website

Omega Diagnostics Ltd
www.omegadiagnostics.com uses the DNN Content Management System (CMS) which is an open, extensible, secure, and scalable CMS powering over 800,000 websites worldwide. DNN is one of the most well-known and popular open source CMS based on Microsoft .NET.

Cambridge Nutritional Sciences
www.camnutri.com is hosted on Shopify Inc. who are head quartered in Canada.  They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application.  For further information, please view Shopify’s Privacy Policy.

Payments

Your credit card data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

Cookies

We log visitors' domain and IP address automatically; this information does not identify you as an individual, but only the computer that is being used to view the site.

This data is used to see where the site is being used in the world to ensure coverage, and for click stream analysis to help better understand site usage, so that we can improve our service to you. We do not link information automatically logged by such means with personal data about specific individuals.

Please see our Cookie page for further information.

Social Media

When you use a social media platform and interact with ODG, you do so by consenting to the terms & conditions of such platforms.  This can include Facebook, Twitter, Instagram, LinkedIn, Pinterest, YouTube and Google+.  For more information, please see their individual Terms & Conditions and privacy policies.

eNewsletters | Marketing

We will send you marketing emails and newsletters to keep you updated on our products and services.  You can at any time opt out of receiving these emails. 

A.    For business customers, our lawful basis is legitimate interest as it’s necessary to inform business customers and stakeholders about our products/services to grow their business offering and ours.  Your information will be securely destroyed 6 years after your last interaction with OD
B.    For consumers, our lawful basis is consent and will be securely destroyed 2 months after consent is withdrawn.

Disclosures of your Personal Data

We may share your personal data with 3rd parties for the purpose of providing our services and products.  For example, some of our tests are processed by third party companies with whom we will share your personal data. Our authorised data processors are subject to comprehensive due diligence in-line with current data protection legislation.

When acting as our authorised data processors, our service providers are required to only process data in accordance with our instructions, in line with this Policy, and are subject to appropriate confidentiality and security obligations.

Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Some of the steps we use to protect your information from unauthorised access, use or alteration and unlawful destruction, include where appropriate:

  • Using Secure Sockets Layer (SSL) encryption when collecting or transferring sensitive information, such as credit card details (SSL encryption is designed to make the data unreadable by anyone but us).
  • Limiting access to the information we collect about you (for instance, only those of our personnel who need your information to carry out our business activities are allowed access).
  • Putting in place physical, electronic, and procedural safeguards in line with industry standards.

Your Rights

Under the General Data Protection Regulations, you have rights as an individual which you can exercise in relation to the information, we hold about you.

We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information. 

In some situations, you may have the; 

  • Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice. 
  • Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request. 
  • Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it. 
  • Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it. 
  • Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data where we are using it. 
  • Right to request the restriction of processing. You have the right to ask us to stop the processing of data of your personal information. We will stop processing the data (whilst still holding it) until we have ensured that the data is correct. 
  • Right to portability. You may transfer the data that we hold on you for your own purposes. 
  • Right to request the transfer. You have the right to request the transfer of your personal information to another party. 

Individuals can find out if we hold any personal information by making a 'right of access' request.  More information can be found at https://ico.org.uk. 

If we do hold information about you, we will:

  • Give you a description of it;
  • Tell you why we are holding it;
  • Tell how long we keep in for and the lawful basis for doing so;
  • Tell you who it could be disclosed to; and
  • Let you have a copy of the information in an a commonly used electronic format, unless the individual requests otherwise.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.  

We may retain your personal data for a longer period where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person, or in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Our Recruitment Process

Omega Diagnostics Ltd is the data controller for the information you provide during the recruitment process unless otherwise stated. If you have any queries about the process or how we handle your information, please contact us at the above address or by email: gdpr@omegadiagnostics.co.uk

What will we do with the information you provide to us?

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process. The information you provide will be held securely by us whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. Our legal basis for processing this information is legitimate interest.

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than 3 months following the conclusion of the recruitment process. We will then destroy this data confidentially for any unsuccessful candidates. 

The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for, but it might affect the progression of your application to the next stage if you don’t. 

Shortlisting

Our hiring managers shortlist applications for interview. If you are shortlisted for interview you will be required to bring photographic identification usually a passport to confirm your rights to work in the United Kingdom. The information will be retained on file for 6 months following the conclusion of the recruitment process. We will then destroy this data confidentially for any unsuccessful candidates. 

Conditional offer

If we make a conditional offer of employment, we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability. 

You will therefore be required to provide: 

  • Proof of your identity – you will be asked to attend our office with original documents, we will take copies
  • We will contact your referees, using the details you provide in your application, directly to obtain references

If we make a final offer, we will also ask you for the following: 

  • Bank details – to process salary payments
  • Emergency contact details – so we know who to contact in case you have an emergency at work

Changes to our privacy policy

We keep our privacy policy under regular review, and we will place any updates on this web page.  This privacy policy was updated in April 2019.