Website Privacy Notice
Effective Date: July 22, 2021
Verici Dx, Inc. (“Verici”, “we”, “us”, “our”) takes the protection of your personal information (“Personal Data”) very seriously. Personal Data is any information about you that can be used to identify you as a person. This Privacy Notice (this “Notice”) describes how we use your Personal Data when you visit our websites, invest in our company, or contact us directly outside of any participation in one of our clinical trials.
In the context of this Notice, Verici is the “data controller” for your Personal Data. This Notice is meant to help you understand what information we collect when you visit our website or contact us, why we collect it, and your rights. We are required to give you this information in order to comply with the privacy law, including Regulation (EU) 2016/679 (General Data Protection Regulation or GDPR) and the GDPR in such form as incorporated into the law of England and Wales, Scotland and Northern Ireland by virtue of the European Union (Withdrawal) Act 2018 and any regulations thereunder, and the UK Data Protection Act 2018 (the “UK GDPR”).
This Notice does not apply to Personal Data we collect by other means, like Personal Data that we collect from participants in our studies (see: https://vericidx.com/clinical-trials-privacy-notice). This Notice also does not apply to Personal Data collected from any of the personnel, including Principal Investigators, who work on our clinical trials (which is governed by the privacy notice provided directly to those site personnel).
YOUR PRIVACY RIGHTS
Under certain circumstances, by applicable law, you may have the right to request:
To make these requests, please contact firstname.lastname@example.org or our Data Protection Officer (VeraSafe) at email@example.com. Additional contact details are available in the Section titled “Questions”, below.
PERSONAL DATA WE HOLD ABOUT YOU
We collect, use, store, and transfer different categories of Personal Data about you which we have grouped together as follows:
We may also collect, use, and share Aggregated Data, such as statistical data, for any purpose. Aggregated Data may be derived from your Personal Data, but is not considered Personal Data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data with other website visitors to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Notice.
WHERE WE GET YOUR PERSONAL DATA:
In the context of this Notice, we collect your Personal Data from the following sources:
Direct interactions: You may give us your Identity, Contact, or Transaction Data by filling in forms or by corresponding with us by post, phone, and e-mail or otherwise when you visit our website, provide feedback, or buy our shares.
Indirect interactions: If you are a former or current shareholder, we may collect your Personal Data indirectly through your agent, such as your stockbroker or share plan administrator.
Automated interactions: As you interact with our website or intranet, we may automatically collect Technical Data or Usage data about your equipment, browsing actions, and patterns. We collect this Personal Data by using cookies and other similar technologies. You can manage the collection of this information here https://vericidx.com/cookie-policy-eu.
HOW WE USE PERSONAL DATA
We use your Personal Data to:
Use and processing of your Personal Data is necessary (A) for our legitimate interests in facilitating the operation of our business and our website; (B) for the performance of the contract between us and you, should you invest in our company; and (C) to comply with laws and regulations, including securities regulations requiring us to collect and maintain records about investments in our company.
Within the company:
Your Personal Data may be disclosed within the company for administrative, technical, and management purposes as described in this Privacy Notice.
We may share your Personal Data with our service providers (who provide hosting, cloud data storage, data analytics, email and word processing or cloud-based computing software, and share registry service providers). We require that these service providers protect your Personal Data and use the data solely to provide the services to us.
Regulatory or governmental agencies:
We may share your Personal Data with certain regulators or other authorities who require reporting of certain processing activities in certain circumstances (for example, HM Revenue and Customs).
Other third parties
We may share your Personal Data with other third parties, for example in the context of the possible sale or restructuring of the business, or to relevant third parties such as auditors, lawyers or professional advisors, or our insurers.
We may also disclose your Personal Data to comply with a subpoena, bankruptcy proceedings, or similar legal process, or in response to lawful requests by public authorities, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of you or third parties, or the public at large.
We require all third parties to respect the security of your Personal Data and treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
Personal Data collected and processed under the terms of this Notice may be collected or transferred to Verici Dx in the United States. The United States may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. We will only transfer your Personal Data where there are appropriate safeguards in place. Where required, these safeguards may include the use of the European Commission-approved Standard Contractual Clauses. We will also take steps to ensure that your Personal Data receives an adequate level of security protection wherever it is processed.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know are subject to confidentiality obligations.
We will only retain your Personal Data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
If you have any questions about this Notice or our processing of your Personal Data, please contact firstname.lastname@example.org or our Data Protection Officer (DPO) at the contact information provided below. Our DPO will respond to you as soon as possible but no later than 4 weeks after you contact us.
Data Protection Officer:
100 M Street S.E.
Washington, D.C. 20003
Plaza de la Solidaridad 12, planta 5
+420 228 881 031
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL,
+44 (20) 4532 2003
European Union Representative:
We have appointed GCP-Services as our Representative in the European Union for data protection matters. While you may also contact us, please contact VeraSafe (above) or GCP-Services on matters relating to the processing of your Personal Data.
GCP-Service International Ltd. & Co. KG
28359, Bremen, Germany
If you would like to seek an independent recourse mechanism, you may contact your local Data Protection Authority (DPA). You can find a list of each European Union country’s DPA here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. If you are based in the UK, your local DPA will by the UK Information Commissioner’s Office, which can be found here: https://ico.org.uk/.