We promise to:
a. keep your personal information safe and private;
b. not sell your personal information; and
c. give you ways to manage and review your preferences at any time.
This Policy describes why we collect and how we process your Personal Information. It also tells you how you can contact us if you have questions about your Personal Information.
FitnessGenes is a genetic analysis company specialising in the study and application of how people respond to exercise, nutrition, and/or certain ingredients found in sports supplements.
Using the combination of our customer's DNA and lifestyle data such as age, weight and activity levels, we provide our customers with proactive lifestyle recommendations to help them achieve their fitness goals. We offer fitness and nutrition products and/or services through our own websites and through other online platforms, including our partners' websites.
Our ultimate goal is to encourage research-led, practical and achievable lifestyle change to drive movement towards a healthier society.
In accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and as outlined in our Terms and Conditions, "Personal Information" is any information provided by you, the customer, that is specific and can be used to identify you, either alone or in combination with other information.
We process the following types of Personal Information:
1. Transactional Data
When you purchase our products or services, we collect personal data required to deliver your product/ service to you and take payment for the purchase, which will include name, email address, postal address and payment information/ bank details. These details are processed by a payment service provider on our behalf (see below).
2. Registration Data
When you create an online account with us, we create a personal member’s account for you so that you can access your results and also access/update your Personal Information. Information provided by you when registering for an account will include your name, email, address, phone number, user ID and password. Registration Data shall not be passed to third parties without your consent.
3. Genetic Data
In order for us to provide you with appropriate and tailored products and/or or services, we may ask you to provide a DNA sample so that we may obtain information regarding your genotype (e.g. the presence of As, Ts, Cs, and Gs at particular locations in your genome). This DNA sample is typically provided by you via a sample of your saliva. Alternatively, if you have previously used another DNA testing provider, you may provide this data to us directly by using our facilitated upload process, on which we will perform our genetic analysis. Genetic Data constitutes special category data under the GDPR and as such we will always ask you for your express consent before we process your Genetic Data in accordance with this Policy.
4. Health Data
In order for us to provide you with health screening services we may ask you to provide a saliva sample so that we may analyse it for the presence of particular pathogens as outlined in our services. Health Data constitutes special category data under the GDPR and as such we will always ask you for your express consent before we process your Genetic Data in accordance with this Policy.
5. Self-Reported Data
When you use our services you will be asked to provide certain information that are relevant to the production and analysis of your results. This information is used by FitnessGenes to prepare the best possible advice for you with regards to training and nutrition. This data may include details about your gender, family, lifestyle and social circumstances and consequently, may include special category data. We will always ask you for your express consent before we process your Self-Reported Data in accordance with this Policy.
6. Partnership Enquiry Data
If you are interested in our partnership program, you can sign up to receive further information on this via our website. Information we request from you when making an enquiry will include your name, email, company, phone number and address. We will use these details to contact you with further details on our partnership program. These contact details shall not be passed to third parties without your consent.
7. User Content
When you visit our website, even if you do not order any product, we may collect certain information, such as your IP address, which browser you are using and information about your PC’s operating system, application (“app”) version, language settings and pages that have been shown to you. If you are using a mobile device, we might also collect data that identifies your mobile device, device-specific settings and characteristics. We might also calculate and process data related to the type of apps installed on a mobile device, such as the name of the app, an app description and the category it belongs to. Please refer to our Cookies Policy for further information in relation to User Content. User Content also includes any other information, which may be generated through your use of our products/services, including the information which we provide to you in relation to your results, your insights and recommendations and anything which you choose to share online.
FitnessGenes collects and processes your Personal Information in order to:
To protect minors from genetic screening and athletic selection, we employ a strict 16+ ruling for genetic testing and request that children under the age of 16 years old do not undertake a DNA test. If a full DNA-account user is found to be under 16 years of age, we will close the associated member account with immediate effect and securely destroy all Personal Information associated with the account.
Children under the age of 16 may sign up for a free lifestyle account.
Part of our aim at FitnessGenes is to contribute to the continual development and refinement of genetic research into health and fitness-based traits. As part of this commitment we may use your Personal Information to expand and improve our current knowledge of this field and further improve our products and services.
Your personalised information may be used in such research and development activities which may include, but are not limited to:
a. performing quality controls;
b. trialling new protocols, techniques or equipment;
c. sharing information with academic groups and other relevant third parties to advance their studies;
d. performing data analysis.
Some of these activities may result in commercialisation with a third party. Please note that no compensation will be paid to study participants even if the results of a particular study lead to commercial benefits. If we share data with third parties, it will be anonymised. This means we will remove Registration Data from Genetic Data and Self-Reported Data, data from multiple individuals will be combined and the anonymised results pooled to draw relevant conclusions. Where this level of anonymisation is not possible, we will seek your further consent before sharing it.
We will never sell your information to third parties.
You may request that your Personal Information, including any samples, be excluded from any further studies and/or disposed of at any time by contacting us at: firstname.lastname@example.org.
If you do decide to withdraw your consent to participate in research and development studies, we will ensure your Personal Information is excluded from any future studies. Data that has been entered into a study that is already underway cannot unfortunately be withdrawn due to difficulties in extracting anonymised data points.
Upon account registration we provide you with options to opt-out to marketing emails. Our lawful basis for this data processing is based on legitimate interest for marketing purposes, to communicate products, features and offers that we think may be of interest to you as a subscriber to our services, both paid and freemium. If you would prefer not to be kept up-to-date with our special offers, you can opt-out or unsubscribe from marketing communications at any time using the ‘Unsubscribe’ link in each newsletter, or by emailing us at email@example.com and requesting to be unsubscribed.
FitnessGenes does not sell your information to third parties, and we do not share your information with third parties for marketing purposes.
We may share your personal data with third parties in the following circumstances.
In order to process and deliver your orders, we need to transfer relevant delivery details to service providers. This may include information such as your name, contact details (e.g. email and telephone number) and address details you specified when placing an order. Examples include our distribution partners who ship our sample collection kits, and postage services. Other service providers include those who provide customer support and obtain your feedback for independent consumer reviews. Additionally, we may need to share your information with professional advisors, such as Customs Officials in order to provide you with our products and services. In any such circumstances, the third party will be bound to apply the same protections and safeguards to your Personal Information as we do.
Under the lawful basis of legitimate interest, with particular regard to the impact on public health, where your test was purchased on your behalf by a third party such as an employer for the specific purpose of health screening, we will share a summary of your result with them. This is to enable them to take appropriate action to safeguard employees, families and other affected individuals in the event a public health concern is identified.
We may share your Personal Information with governmental or investigative authorities if we are required by law (or any regulation having the force of law) to do so. Such requirements include court orders, subpoenas and orders arising from legal processes and criminal investigations. We may also disclose your Personal Information if it is strictly necessary for the prevention, detection or prosecution of criminal acts.
Research and development
As noted above, we may need to share your Personal Information for such purposes, however, we will always obtain your consent before doing so.
FitnessGenes takes the security and confidentiality of your Personal Information extremely seriously and maintains a high level of protection to ensure that there is no loss of or unauthorised access to it.
In accordance with the GDPR, we have appropriate technical and organisational measures in place to safeguard your Personal Information. These include technical and physical restrictions on our servers, which are password protected and only accessible to authorised personnel of FitnessGenes.
Our databases are all encrypted at rest (AES-256) with strict white list access only. Users’ personal details are password protected and stored on secure servers.
Test result data is stored in an encrypted format and saliva samples are anonymised using unique barcodes printed on the collection tubes, which do not contain any Personal Information.
Saliva samples are held in a secure facility protected by 24-hour surveillance and restricted access to authorised personnel of FitnessGenes.
Cookies are small computer files that get sent down to your PC, tablet or mobile phone by websites when you visit them. They stay on your device and get sent back to the website they came from, when you go there again. Cookies store information about your visits to that website, such as your choices and other details. Some of this data does not contain personal details about you or your business, but it is still protected by this Policy.
You have various rights as an individual which you can exercise in relation to the Personal Information we hold about you, including rights of access, correction, erasure, restriction of processing, data portability and objection. You can read more about these rights here.
FitnessGenes tries to be as open as it can be in terms of giving people access to their Personal Information. You can access and amend much of the information we hold on you via your secure online Members area by logging into your profile via our website. Here, you will have the option to update, download, or delete, your personal information.
Individuals can request a copy of their information by contacting us in writing at the address below or at the following email: firstname.lastname@example.org stating 'Subject Access Request' in the subject. We may ask for further information to validate the identity of the requester to ensure the security of the data we hold. FitnessGenes has one month to reply to any request from the date of receiving all the information necessary to process the request.
If you decide to delete all your Personal Information from our systems, we will permanently and irretrievably delete all your Personal Information (except that required by law) from all our systems, including our back up systems, without undue delay. Following this, if you wish to use FitnessGenes Services again in the future, you will have to set up a new account and make a new purchase.
If we hold any Personal Information that you have discovered to be incorrect and are unable to correct it yourself through your secure online Members area, you can ask us to correct it by contacting us at email@example.com or at the address below.
FitnessGenes has a designated Data Protection Officer who can be contacted at firstname.lastname@example.org, should you have any questions, concerns or comments about our practices or this Policy. Alternatively you can write to us at:
Bicester Innovation Centre,
Commerce House, Telford Road,
You also have the right to complain to the regulator, and to lodge an appeal if you are not happy with the outcome of a complaint. In the UK this is the Information Commissioner’s Office. Find out on their website how to report a concern.