Privacy Statement

Last updated: 22 February 2022

1. Introduction

The Diaceutics Group respects your right to privacy and this privacy statement (this "Statement") sets out the basis on which we use, process, store and/or disclose Personal Data that we collect from you, from third parties or that you provide to us directly.

This Statement applies to a variety of situations – to enable you to find the information most relevant to you, we have provided summaries of the key information applicable to your situation in the "Audiences" section 2 below. Unless otherwise notified to you, Diaceutics PLC is the Controller of your Personal Data (with ICO registration number ZA504761).

A glossary of capitalized terms used in this Statement is set out in section ‎11. If you have any questions, comments or requests regarding the way your Personal Data is used or processed by the Diaceutics Group, please contact us at [email protected].

2. Audiences

This section sets out a summary of the key information applicable to you depending on the nature of your relationship with us, including the Personal Data we process, our reasons for doing so, the legal basis we rely on and any third parties we may share the information with.

Please note that these summaries should be read alongside the remaining sections of the Statement, as these provide additional information regarding our processing of your Personal Data and your rights as a data subject.

Visitors to our Website

Visitors to our Website

What Personal Data do we collect about you?

When you access our website (www.diaceutics.com), Personal Data will be collected from you directly and from third parties, including through the use of cookies. This includes information about (i) your device type, operating system, browser, IP address and other information derived from cookies used on the website (please see our Cookies Policy for further information); and (ii) details of your visits to the website such as traffic data, location data and other websites and resources provided by third parties that you access through our website (“Linked Websites”).
You may also provide us with information such as your name, email address and any other details you choose to submit when contacting us through the website via our online contact forms or by emailing us.

Why (and how) do we process your Personal Data?

We use your Personal Data to enable your access to the website; to monitor, test and improve the effectiveness of the website; to monitor metrics such as the total number of visitors and traffic data; and to ensure the content on the website is presented in the most effective manner for you and your device.
We will also process and respond to any enquiries or requests you submit to us through the website.
Please note that links to Linked Websites are provided for your convenience and information only. We accept no liability in connection with any Linked Website, or any contract entered into with any third party on or through a Linked Website. This Statement only relates to information collected on our website, therefore when accessing Linked Websites, you should read the privacy statement published on the relevant website. We have no control over the content of Linked Websites and accept no responsibility for them or for any loss or damage that may arise from your use of them.
Other potential reasons for processing your Personal Data are listed at section ‎3 below.

What legal basis do we rely on for this processing?

It is in our legitimate interests to provide you with access to our website and to collect and process your Personal Data for the purposes of improving and monitoring website efficiency and enhancing your use of our website.
It is also necessary for the purposes of our legitimate interests to process your Personal Data to respond to any queries or requests submitted by you to us.

Who do we share your Personal Data with?

We may share your Personal Data with advertising and analytics providers in accordance with our Cookie Policy.
We may also share your Personal Data with the third parties set out in section 4 below.

Social Media Users

Social Media Users

What Personal Data do we collect about you?

We may receive information about you from social media platforms, such as Facebook, Twitter, LinkedIn and YouTube, when you make contact with us via such platforms. This is limited to information which you decide to provide such as your name and contact details, email address or telephone number.

Why (and how) do we process your Personal Data?

We will only process your Personal Data to the extent necessary to respond to your query.
Other potential reasons for processing your Personal Data are listed at section 3 below.

What legal basis do we rely on for this processing?

It is necessary for the purposes of our legitimate interests to process your Personal Data to respond to any queries or requests submitted by you to us.

Who do we share your Personal Data with?

We may share your Personal Data with the third parties set out in section 4 below.

Clients and Suppliers (existing and prospective)

Clients and Suppliers (existing and prospective)

What Personal Data do we collect about you?

We collect and process your Personal Data:

directly from you when you interact or engage with us in the course of our business which is necessary for the performance of the relevant services; and
from publicly available sources and third-party industry recommendations.

The Personal Data we collect and process includes:

basic identifiers such as your name, the company you work for, your job title and any other contact information such as your address, phone number and email address;
financial information and relevant contacts to facilitate billing and payment;
identification and background information provided as part of our business acceptance process e.g., where you are a prospective supplier, we would undertake a vendor assessment prior to engaging you; and,
any other personal information relating to you that you provide to us in our or your capacity as a service provider or client (recipient of services).

Where you are a client, we may also collect and process the following types of Special Category Data:

dietary or other health requirements when you attend a meeting or other event.

Why (and how) do we process your Personal Data?

We collect and process your Personal Data for the purposes of:

managing our relationships and interactions with you;
facilitating the provision of services and deliverables from you, or, to you;
responding to any queries or requests, and documenting and analyzing our contact with you in order to develop or improve our relationship and your experience with us, our products and services;
undertaking market research for the purposes of B2B marketing; and,
managing our business acceptance and risk processes.

Other potential reasons for processing your Personal Data are listed at section 3 below.

What legal basis do we rely on for this processing?

Where you are a prospective client or supplier, we process your Personal Data mainly for the purpose of pursuing our legitimate interests.
Where you are an existing client or supplier and we have an existing contractual relationship with you, we will process your Personal Data where necessary for the performance of your contract with us (and to fulfill any other legal or regulatory requirements to which we may be subject as a result).
Where you are a client, we will only process your Special Category Data based on your explicit consent.

Who do we share your Personal Data with?

In addition to the third parties set out at section 4 below, we will only share your Personal Data where necessary (and agreed between us) as part of the provision (or, the receipt) of the relevant services and deliverables by us (or, by you) including the potential provision or receipt thereof e.g., as part of your prospective or existing involvement with specified projects and collaborations (including via DXRX).

DXRX Users

DXRX Users

What Personal Data do we collect about you?

What Personal Data do we collect about you?
We collect the following Personal Data about you (please refer to the DXRX Terms for definitions of capitalized terms not defined in this Statement):

Membership Data that you provide to us in connection with the creation, administration and management of your DXRX Account, such as: name; mailing address; email address; phone number; username; password; billing information (if applicable for the payment of DXRX Service fees); DXRX Account settings and preferences; and information relating to marketing such as your marketing preferences and contact details;
information communicated to us via the DXRX Network, email, over the phone, live chats, chat forums, through social media or via any other medium, including: your contact details (this may include your social media account if that is the way you communicate with us); the details of your communications with us (including via what communication channel you sent it and when we received it); and the details of our messages to you;
technical information about the way you use our DXRX Services including whether you have opened ***Electronic Mail from us (and clicked on links in them) and your DXRX Account preferences; and
any other information you provide in relation to the DXRX Services, such as when you complete your profile, post or upload to the DXRX Network, respond to a questionnaire or submit a Collaboration Opportunity (or an application for one).

Please note that the DXRX Network may contain links to other websites or applications. We are not responsible for the privacy practices or policies or for the content of such websites or applications of such third parties, so you should be careful to read and understand the relevant privacy statements before providing any Personal Data to such third parties.

Why (and how) do we process your Personal Data?

Why (and how) do we process your Personal Data?
We will use your Personal Data for the following purposes:

administration of the DXRX Network, including to: register and on-board you as a DXRX Member; provide you with access to the DXRX Services via the DXRX Network; manage and administer our DXRX Services; create, administer and manage your DXRX Account; communicate with you regarding your DXRX Account and usage including processing and responding to any enquiries or requests you submit to us; help us to ensure that our DXRX Members are genuine and to prevent fraud; receive or make payments; answer any issues or concerns you communicate to us; provide you with technical support; facilitate DXRX Services and/or Collaboration Opportunities; monitor Member Communications or other activity within the DXRX Network including the Project Zone to ensure that our AUP is complied with;
ongoing development of the DXRX Network, including to: monitor the effectiveness of the DXRX Network; help us to improve existing DXRX Services or develop new DXRX Services based on the feedback you and other DXRX Members provide; help us to perform statistical analysis and research with the purpose of allowing us to better understand the breakdown of DXRX Members and the way in which the DXRX Network is used by different user groups; personalize our DXRX Services to you, where possible;
marketing purposes, including management of marketing preferences; sending marketing communications via the DXRX Network and/or email; monitoring the effectiveness of our marketing and servicing communications;
profiling, including: the use from time to time of publicly available demographic information to determine who we target for specific events or marketing campaigns so as to avoid contacting individuals unnecessarily; undertaking profiling when you have interacted with us online via the company website and content, landing pages, DXRX Network and social media pages. Please note that where this is a result of cookie activity, you can manage this via our cookie preference tool;
sending servicing communications and notifications via in-platform notifications, telephone, email, and/or live chat such as: profile update reminders; notification prompts where you have unopened messages in your inbox; notifications of attachments being added to your DXRX Account; support prompts e.g. creating Collaboration Opportunities; messages from us in response to your queries or requests for support; system updates and downtime; and/or any other action in respect of the management and administration of the DXRX Network;
sending marketing communications via in-platform notifications, telephone and email, including: DXRX news publications; scientific publications; new DXRX Member joiner notifications; Collaboration Opportunity alerts; and,
using communications information to compile anonymized statistical reports regarding matters such as the number and type of query and how each has been resolved, or develop occasional case studies for learning and development purposes.
Please note that:
you can choose not to post or upload certain information but then you might not be able to take advantage of some of the DXRX Services, or it may limit your ability to network and collaborate with other DXRX Members effectively; and,
you can log in to your DXRX Account at any time to amend your preferences or by clicking on the ‘unsubscribe’ link at the bottom of any marketing communication. If you opt out of our marketing communications, we will retain your Personal Data on our suppression list so that we comply with your wishes not to be contacted.
Other potential reasons for processing your Personal Data are listed at section 3 below.

What legal basis do we rely on for this processing?

Where you hold an account in your own name, we will process your Personal Data where necessary for the performance of your contract with us. In other cases, we have a legitimate interest in administering, monitoring and improving the DXRX Network and communicating with users in relation to servicing and marketing.

Who do we share your Personal Data with?

In addition to the third parties set out in section 4 below, we may transfer your Personal Data to a third party where we introduce you to a complimentary service, and may also share your Personal Data with advertising and analytics providers in accordance with our Cookie Policy.

Healthcare Professionals

Healthcare Professionals

What Personal Data do we collect about you?

We collect and process your Personal Data:

when you interact or engage with us in any forum, for example, when we visit or conduct meetings with you, when you complete our forms, questionnaires, surveys or by corresponding with us by mail, phone, email or otherwise; and
from publicly available sources, such as websites and from other third parties, such as companies that specialize in the provision of healthcare professional files.

The Personal Data we collect and process includes:

identifiers such as your name, address, phone number, email address and any other contact information; and
professional and employment-related, internet or network activity, and commercial information on your business and professional interests, including your areas of expertise in the field of personalized medicine, use of diagnostic testing by you and your organization, your interests in related topics, the subjects that you have presented on and analytics such as the duration of your interaction with us and/or our customers.

Why (and how) do we process your Personal Data?

We collect and process your Personal Data for the purposes of:

managing our relationships and interactions with you;
responding to any queries or requests, and documenting and analyzing our contact with you in order to develop or improve our relationship and your experience with us, our products and services;
undertaking market research, including obtaining information about you and your organization; and,
managing and promoting your involvement on advisory boards, projects and other collaborations.

Other potential reasons for processing your Personal Data are listed at section 3 below.

What legal basis do we rely on for this processing?

We process your Personal Data mainly for the purpose of pursuing our legitimate interests. Where you have entered into a contract with us, we will process your Personal Data where necessary for the performance of your contract with us.

Who do we share your Personal Data with?

In addition to the third parties set out at section 4 below, we may disclose your Personal Data as follows: (a) if you provide Personal Data in response to surveys or as part of your involvement with specified projects and collaborations (including via DXRX), we may disclose this information to our customers (such as pharmaceutical or diagnostic companies) and laboratory partners as part of our market research and commercial initiatives; and/or (b) if you are member of our advisory panel or similar role, we will publish biographical information on our website and in other publications to promote our commercial and other activities.

Patients

Patients	What Personal Data do we collect about you? We may obtain and process data relating to US-resident patients that have been de-identified to the standards mandated by the Health Insurance Portability and Accountability Act ("De-identified Data"). Diaceutics Group cannot identify any individuals from the De-identified Data, which is obtained from commercial and public sources in the US including diagnostics laboratories and publicly available government websites, and contains data relating to the general location of patients, their age, gender, and diagnostic testing and medical claims data.
	Why (and how) do we process your Personal Data? We process De-identified Data for the purpose of conducting scientific research, including on a commercial basis and for the identification of anonymized insights and trends in the field of diagnostic medicine.
	What legal basis do we rely on for this processing? We process De-identified Data as necessary to undertake scientific research in the public interest.
	Who do we share your Personal Data with? In addition to the third parties set out at section 4 below, we may occasionally share De-identified Data with selected partners solely in the context of scientific research in the public interest.

Employment Candidates

Employment Candidates

What personal data do we collect about you?

We will collect and process Personal Data that you provide to us as part of the application and recruitment process (either directly or via other platforms such as LinkedIn) which may include the following:

the information you provide to us in your curriculum vitae and covering letter, including personal details, employment history and education;
the information you provide on our application/contact form via our website and/or any job application made via LinkedIn together with your profile, including name, title, address, telephone number, personal email address, date of birth, gender, employment history and qualifications; and,
any information you provide to us during an interview, including test or assessment results.

We may also obtain the following Personal Data about you from third-party sources:

your CV and application information as set out above where necessary to process your application in the event that your application is received via a recruitment agency;
confirmation of employment history and qualifications information from background check providers; and
information relating to confirmation of employment history and qualifications or a professional or employment reference from those referees named in your CV and/or otherwise notified to us.

We may also collect, store and use the following types of Special Category Data:

information that you provide to us regarding your health, including any medical conditions relevant to the recruitment process; and
information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.

Why (and how) do we process your Personal Data?

We will use your Personal Data only as necessary for us to conduct our recruitment processes – this may include: assessing your skills, qualifications, and suitability for the role; carrying out background and reference checks, where applicable; communicating with you about the recruitment process; keeping records related to our hiring processes; and complying with legal or regulatory requirements.
Please note that if you fail to provide Personal Data which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a reference for this role and you fail to provide us with relevant details, we will not be able to take your application further.

We will use your Special Category Data in the following ways:

We will use information about your health and disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview.
We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
We do not envisage that we will process information about criminal convictions – if this becomes necessary, we will provide specific notification on a case-by-case basis.

We will retain your Personal Data for a period of six (6) months after we have communicated to you our decision about whether to appoint you to a role. We retain your Personal Data for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your Personal Data in accordance with our data retention policy.
Other potential reasons for processing your Personal Data are listed at section 3 below.

What legal basis do we rely on for this processing?

It is in our legitimate interests to assess your suitability for a role and to decide whether or not to enter into a contract of employment with you.
We will only process Special Category Data where specifically mandated or permitted by applicable employment or other laws. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.

Who do we share your Personal Data with?

We will only share your Personal Data where necessary as part of the assessment and recruitment process, such as with former employers, referees and background check providers, or to those other third parties set out in section 4 below.

Employees

Employees

This Statement does not apply to Diaceutics Group employees - please refer to the Diaceutics Employee Privacy Statement provided during the course of your employment.

3. Additional Purposes of Processing

3.1 In addition to the purposes set out in the relevant summaries above, we may also process Personal Data where necessary for the following purposes:

to comply with legal obligations to which we are subject;
to establish, investigate, exercise or defend or settle a legal claim;
to pursue our legitimate interest or that of a third party, but only where such processing is necessary to achieve the relevant outcome and provided that it is not outweighed by a risk of harm to your interests, rights and freedoms. Examples include maintaining the security and safety of our products and services and preventing fraud and illegal activity; and/or
in limited cases, we may also rely on your consent (in which case, we will provide additional information regarding the proposed purpose of processing) or where we need to protect the vital interests for you or someone else, or where it is necessary to do so in the public interest.

3.2 The Special Category Data that may be processed by us are set out in the relevant Audience summary applicable to you as set out at section ‎2 of this Statement. Where we process Special Category Data, it will be justified by a condition set out at section ‎3.1‎ above and also by one of the following additional conditions:

in accordance with paragraph 10 of Schedule 1 of the UK’s Data Protection Act 2018 – for example where we seek to prevent or detect unlawful acts (e.g., fraud or antisocial behavior);
where necessary to undertake scientific research in the public interest in accordance with Article 9(2)(j) GDPR and paragraph 10 of Schedule 1 of the UK’s Data Protection Act 2018;
where necessary to protect the vital interests for you or someone else where you are physically or legally incapable of giving consent (for example in exceptional emergency situations, such as a medical emergency), or, where it is necessary to do in the public interest; and/or
the processing is otherwise permitted by applicable law, such as in relation to legal claims, or in limited cases, based on your explicit consent.

3.3 We will only use your Personal Data for the purpose for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Data without your knowledge, in compliance with the above rules, where this is required or permitted by law.

4. Sharing Personal Data with third parties

4.1 We will share Personal Data with the third parties as set out in the relevant Audience summary applicable to you as set out in section ‎2 above. We may also share your Personal Data with the following third parties:

service providers that we appoint to act as Processors on our behalf - these may include providers of: IT services and infrastructure; data hosting; logistics; information security; marketing services and other services necessary for our business operations;
professional advisors, such as law firms, accountants, auditors and consultants;
public authorities, regulatory authorities and law enforcement agencies, and other third parties where necessary to comply with any applicable legal obligation, taxation requirement, court order, summons, search warrants or any other legal or regulatory obligation or request to which we are or may become subject;
a potential or confirmed investor, purchaser, liquidator or administrator of a member of the Diaceutics Group;
other members of the Diaceutics Group, to enable or support us in providing our services;
legal authorities or enforcement bodies where disclosure is necessary to exercise, establish or defend the legal rights of Diaceutics Group; and/or,
other companies and organizations to protect the rights, property or safety of the Diaceutics Group, our customers, or others, such as for the purposes of security, fraud protection and credit risk reduction.

5. Security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed without authorization, or otherwise altered or disclosed. We limit access to your Personal Data to those employees, agents, and contractors who have a business need to know.

All our third-party service providers and members of the Diaceutics Group are required to take appropriate security measures to protect your Personal Data in line with our information security policies, and we only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

Although we take reasonable steps to protect the Personal Data you provide to us, the transmission of information via the internet is not completely secure, and we cannot guarantee the security of any information you transmit to us. Any such transmission is at your own risk. Once we have received your information, we use physical, electronic and procedural safeguards designed to prevent unauthorized access.

6. Data Export

Some of the entities with whom we may share your Personal Data (including members of the Diaceutic Group) are based outside the UK and/or the European Economic Area (“EEA”).

In accordance with the GDPR, whenever we transfer your personal data out of the UK and/or EEA, we ensure an equivalent degree of protection is afforded to it by ensuring appropriate safeguards have been implemented. If you would like further information on the specific safeguards used by us when transferring your Personal Data out of the UK and/or EEA, please contact [email protected]

7. Retention

We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements including applicable statutory limitation periods.

At the end of the applicable retention period, we will securely destroy your Personal Data. In some circumstances, we may anonymize your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

8. Profiling and automated decision making

We undertake some limited profiling where set out in the relevant summaries in section ‎2 above.

However, you will not be subject to decisions that have a significant impact on you based solely on automated decision-making.

9. Specific information and rights relevant to specific audiences

9.1 GDPR

The table below sets out the additional rights applicable to you where the GDPR applies to our processing of your Personal Data.

Right	Further Information
Right to be Informed	You have the right to know whether your Personal Data is being processed by us, how we use your Personal Data and your rights in relation to your Personal Data.
Right of Access (“Data Subject Access Request”)	You have the right to request a copy of the Personal Data held by us about you and other information relating to the processing of your Personal Data. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in these circumstances.
Right to Rectification	You have the right to request that we correct any incomplete or inaccurate information we hold about you, though we may need to verify the accuracy of the new data you provide to us.
Right to Erasure	You have the right to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing or withdraw consent (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Right to Restriction of Processing	You have the right to ask us to restrict processing your Personal Data in the following situations: where you contest the accuracy of your Personal Data; where the processing is unlawful, and you do not want us to delete your Personal Data; where we no longer need your Personal Data for the purposes of processing, but you require the data in relation to a legal claim; or, where you have objected to us processing your Personal Data pending verification as to whether or not our legitimate interests override your interests, or, in connection with legal proceedings. When you exercise this right, we may only store your Personal Data but will not further process it unless you consent, or the processing is necessary in relation to a legal claim or to protect the rights of another person or legal person or for reasons of important public interest. We will inform you before the processing restriction is lifted. Please note that this may potentially result in reduced services or availability, for example, in certain instances where you ask us not to process your Personal Data, you may not be able to use our website or DXRX services.
Right to Data Portability	You may request us to provide you with your Personal Data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your Personal Data directly to another Controller where this is technically feasible. This right only arises where we process your Personal Data on the legal bases of your consent or where it is necessary to perform our contract with you.
Right to Object	You have a right to object at any time to the processing of your Personal Data where we process your Personal Data on the legal basis of pursuing our legitimate interests, or those of a third party. However, we may be able to demonstrate that we have compelling legitimate grounds to continue to process your information which override your objection. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
Right to Withdraw Consent	You can withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

You can exercise any of these rights, or request any additional information by submitting a request to [email protected] or by mail marked for the attention of Global Compliance Officer at: Diaceutics PLC, First Floor, Building Two, Dataworks at Kings Hall Health and Wellbeing Park, Belfast, Co Antrim, BT9 6GW.
We will provide you with information on any action taken upon your request in relation to any of these rights without undue delay and at the latest within one month of receiving your request. We may extend this by up to two months if necessary, however we will inform you if this arises.

Please note that we may ask you to verify your identity when you seek to exercise any of your data protection rights. We may also contact you to ask you for further information in relation to your request to speed up our response.

While we hope to be able to resolve any concerns you have about the way that we are processing your Personal Data, you have the right to lodge a complaint with a supervisory authority if you believe that your Personal Data has been processed in a way that does not comply with the Data Protection Legislation or have any wider concerns about our compliance. For the UK, you can lodge such a complaint with the Information Commissioner's Office (ICO) by calling the ICO helpline on 0303 123 1113 or via their website here.

9.2. CCPA

The California Consumer Privacy Act (CCPA) requires that we provide California residents with certain specific information about how we handle their Personal Information, whether collected online or offline. The table below sets out generally the categories of Personal Information about California residents that we collect, disclose and sell to others for a business purpose. We collect these categories of Personal Information from the sources and for the purposes explained in this Statement. Our collection, disclosure and use of Personal Information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident.

Categories of Personal Information	Do we collect?	Do we disclose for a business purpose(s)?	Do we sell?
Name, Contact Info and other Identifiers: identifiers such as a real name, alias, address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.	Yes	Yes	No
Customer Records: paper and electronic customer records containing Personal Information, such as name, signature, address, telephone number, education, current employment, employment history, bank account number, credit card number, debit card number, or any other financial or payment information.	Yes	Yes	No
Protected Classifications: characteristics of protected classifications under California or federal law such as race, color, sex, age, religion, national origin, disability, citizenship status, and genetic information.	No	No	No
Purchase History and Tendencies: commercial information including records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.	No	No	No
Biometric Information: physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including DNA, imagery of the iris, retina, fingerprint, faceprint, hand, palm, vein patterns, and voice recordings, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.	No	No	No
Usage Data: internet or other electronic network activity information, including, but not limited to, browsing history, clickstream data, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement, as well access logs and other activity information related to your use of any company websites, applications or other online services.	No	No	No
Geolocation Data: precise geographic location information about a particular individual or device.	No	No	No
Audio, Video and other Electronic Data: audio, electronic, visual, thermal, olfactory, or similar information such as, CCTV footage, photographs, and call recordings and other audio recording (e.g., recorded meetings and webinars).	Yes	Yes	No
Employment History: professional or employment-related information.	Yes	Yes	No
Education Information: information about education history or background that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).	No	No	No
Profiles and Inferences: inferences drawn from any of the information identified above to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	No	No	No

Residents of California also have the following rights:

Do-Not-Sell. California residents have the right to opt-out of the sale of their Personal Information. We will only share your Personal Information with advertising and analytics providers where you have consented to this in accordance with our Cookie Policy – you can opt out again at any time via our cookie preference tool.
Notice at Collection. At or before the point of collection, notice must be provided to California residents of the categories of Personal Information collected and the purposes for which such information is used.
Verifiable Requests to Delete & Requests to Know. Subject to certain exceptions, California residents have the right to make the following requests, at no charge:

Request to Delete: California residents have the right to request deletion of their Personal Information that we have collected about them and to have such Personal Information deleted, except where an exemption applies.

Request to Know: California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of Personal Information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable (and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance).

California residents also have the right to request that we provide them with certain information about how we have handled their Personal Information in the prior 12 months, including the:
- categories of Personal Information collected;
- categories of sources of Personal Information;
- business and/or commercial purposes for collecting and selling their Personal Information;
- categories of third parties with whom we have disclosed or shared their Personal Information;
- categories of Personal Information that we have disclosed or shared with a third party for a business purpose; and
- categories of third parties to whom the residents’ Personal Information has been sold and the specific categories of Personal Information sold to each category of third party.
California residents may make Requests to Know up to twice every 12 months.
1. Submitting Requests. Requests to Know, and Requests to Delete may be submitted by emailing us at [email protected] or by mail marked for the attention of Global Compliance Officer at: Diaceutics PLC, First Floor, Building Two, Dataworks at Kings Hall Life Sciences Park, Belfast, Co Antrim, BT9 6GW. We will respond to verifiable requests received from California residents as required by law.
2. Right to Non-Discrimination. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA.

10. Changes

If we amend this Statement, in whole or part, any changes will be posted on our website, and we will take reasonable steps to bring this to your attention where appropriate.

11. Definitions and Interpretations

CCPA: means the California Consumer Privacy Act of 2018 (CCPA);

Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data (Article 4(7) GDPR);

Data Protection Legislation: means, as applicable, any law, rule, regulation, decree, statute, or other enactment, order, mandate or resolution, to the extent applicable to either Party relating to data security, data protection and/or privacy, including (amongst others) the General Data Protection Regulation and the Data Protection Act 2018;

Diaceutics Group: means Diaceutics Plc and all of its subsidiaries from time to time, including:

Diaceutics Inc.

Diaceutics Ireland Ltd.

Diaceutics Pte. Ltd.

Diaceutics Pte. Ltd. - Japan branch

Diaceutics Pte. Ltd. - South Korea branch

Diaceutics Precision Medicine Technology (Guangzhou) Ltd.

EEA: refers to the European Economic Area which consists of all EU member states, plus Norway, Iceland, Liechtenstein;

Electronic Mail: includes but is not limited to email, text, video, voicemail, picture and answerphone messages (including push notifications and in-platform notifications);

General Data Protection Regulation or GDPR: includes the General Data Protection Regulation (EU) 2016/679) implemented in the EU (EU GDPR) and also includes (where appropriate) reference to the version of the GDPR implemented in the United Kingdom (UK GDPR);

Personal Data: under the GDPR, this refers to any information relating to an identified or identifiable natural person ("data subject");

Personal Information: defined by the CCPA to refer to any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. It does not include publicly available data as defined by the CCPA.

Processor: means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller (Article 4(8) GDPR); and

Special Category Data: means Personal Data revealing the following: political opinions; religious or philosophical beliefs; trade union membership; genetic data; biometric data (where used for identification purposes); data concerning health; data concerning a person’s sex life; and data concerning a person’s sexual orientation.

Privacy Statement

1. Introduction

2. Audiences

Visitors to our Website

Social Media Users

Clients and Suppliers (existing and prospective)

DXRX Users

Healthcare Professionals

Patients

Employment Candidates

Employees

3. Additional Purposes of Processing

4. Sharing Personal Data with third parties

5. Security

6. Data Export

7. Retention

8. Profiling and automated decision making

9. Specific information and rights relevant to specific audiences

10. Changes

11. Definitions and Interpretations

Download Privacy Notice