Policy Privacy

Overview

Veritas Intercontinental (“Veritas”, “we“, “us“, “our“) is committed to protecting and respecting your privacy as the service provider and the controller of your information. Veritas Intercontinental SL has its address registered at Madrid, Calle Orense 58, 2ºC-D, 28020 and VAT number B-88132907, with telephone number +34 915 623 675. For Brazilian residents, Veritas Brasil Analises Laboratoriais EIRELI has its address registered at Alameda dos Nhambiquaras, 1770, ANDAR 5 SALA 508, São Paulo, Brasil CEP 04090-004, with CNPJ number 32.948.264/0001-68 and telephone number +55 11 96352 4450. For Colombian residents, Veritas Genetics Colombia SA has its address registered at Carrera 16 # 82-95 Unidad Medica el Country, Of. 901, Bogotá, Colombia with NIT number 9012454114 and telephone number +57 1 2220786. This privacy statement (“Privacy Statement“), together with our Cookies Policy, describes the types of personal information collected and created in connection with your use of our Products and Services, how and why we use such information, who we share it with, and your legal rights. Please read the following carefully to ascertain how we process your personal information (or “information“). We may, from time to time, provide links on www.veritasint.com (the “Site“) to the websites of our partner networks, advertisers and/or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy statements and that we do not accept any responsibility or liability for their privacy or security practices. Please check these privacy statements before you submit any personal information to these websites.

What information we collect

When you access the Site or use our Products and Services we collect, receive or otherwise process information in several different ways. In many cases, you choose what information to provide. Some information is required in order for us to provide our Products and Services. We use your information for the purposes described further below. We may collect and process the following types of information about you:

1. Purchase and assistance information. We collect information when you purchase or use our Products and Services, including when you phone or otherwise interact with our Support Team. This information may include name, gender, contact information, billing address, delivery address and any further information you provide.
2. Health-related data. When you purchase or use our Products and Services, we will collect and process data concerning health, including Samples, Test Information or any further information we might receive. When you activate or use a Service or Product, we will collect and process information relating to your personal health record which may include through the use of questionnaires (which may be used, for example, to confirm that the Service or Product is appropriate to your needs).
3. Genetic and Genetic-Related Data.  This is data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question (“Genetic Data”). Our collection of Genetic Data may include physical samples provided in connection with your use of our Products and Services (such as a blood sample, saliva sample, or nasal swab). We may also request or generate Genetic Data, medical history, family history, known familial genetic conditions or mutations where necessary to provide our Products and Services;
4. Correspondence. We will collect and maintain your contact details when you communicate with us, sign up for promotional material, participate in special promotions, or connect with us through social media. If you contact us by email, we may keep a record of that correspondence. If you make a request with regard to the handling of your personal information, we may retain information regarding the request and any actions we take or correspondence we provide in response to such request.
5. Website and device information. We collect information about your browser or device, including, where available, your IP address, operating system and browser type, for system administration. We also collect details of your visits to our Site including, but not limited to, traffic data, location data, the resources that you access, web logs and other communication data. Our Site also uses cookies. For detailed information on the cookies we use and the purposes for which we use them, see our Cookies Policy. We may also ask you for information when you report a problem with our Site.
6. Survey information. If you respond to any surveys that we might request, which are completely voluntary, we will process your responses.
7. Video Surveillance/CCTV. Veritas Intercontinental uses video surveillance/CCTV at our offices to ensure the security of our facilities, our assets and individuals who visit our offices.

How we use your information

We use the information we have to help us provide, operate, improve, understand, customize, support, and market our Products and Services, and for purposes described in this Privacy Statement. The broad uses of your information are described below. As required under EU law, we have also specified the legal bases which we rely on to process your information. Where legally required, we rely on your explicit consent to process your information as follows:

• To collect, store, and process relevant health-related data and Genetic Data, such as identifiable information related to your past, present, and future health and healthcare, for the purposes of performing health diagnostic testing, genetic sequencing, and providing our health testing and genetic testing Products and Services.
• To receive, store and analyse your Samples at Accredited Laboratories.
• To receive, review, store and communicate your Test Information to you and your physician, including by presenting your Test Information and other reported history.
• In some cases, to verify your identity.
• To provide you with your results and, in some instances, relevant treatment options or sharing your information where we have legal basis to do so.
• To de-personalise your information for service improvement, product quality improvement and/or research, as relevant.
• We may use your personal information for research purposes where we have a legal basis to do so, such as your consent, and may contact you about research opportunities, clinical trials, or clinical treatments for you when appropriate. The legal basis for this activity is generally express prior consent (e.g. to participate in a research study).

You can withdraw your consent to this processing at any time. Withdrawing your consent stops future processing and does not affect any processing we have already undertaken. Without your consent, however, we shall be unable to provide most of our Products and Services to you. To fulfil our contract(s) with you, we process your information – including data concerning your health and medical history – as follows:

• To fill and support your purchases of our Products and Services, including to process payments and to provide customer assistance.

It is in our legitimate interests to process your information as follows:

• To ensure that content from our Site is presented in the most effective manner for you and your device.
• To analyse information provided by you and others to help us administer, support and improve our business.
• To detect, investigate and prevent activities that may violate our policies or agreements or be illegal, including by sharing information with law enforcement.
• To de-personalise your information for service improvement and product quality improvement.
• To ensure the security of our facilities, our assets and the people who visit our offices. This may be through the use of video surveillance/CCTV.

We are legally obligated to process your information as follows:

• To retain certain records about the handling of any Samples you send us for regulatory purposes.
• To fulfil any applicable legal and regulatory requirements, for example retention requirements of our labs, or retaining certain tax and accounting records for financial reporting. We may use your information to provide you or any authorized parties with testing services. If we use your Personal Information or Test Information for anything beyond this, we will ask for your explicit consent or else explain the legal basis for any further use of your data, if such use does not rely on your consent.
• To ensure appropriate security measures are in place to protect our assets which include the personal data of individuals who use our services.  This may include the use of video surveillance/CCTV.

Please be assured that we do not engage in sale of Personal Information, and only share information where required to support in the delivery of our Products and Services.

Children’s privacy

We may collect and process Personal Information from minors under 18 years of age where required to deliver our Products and Services. This relies on consent (typically obtained from a parent or legal guardian) or another legal basis. We will not knowingly collect personal information from Site users that are under 18 years of age. We are relying on your undertaking that you are over 18 years of age when using our Site. You should not use the Site or its Services, including to purchase Products, if you are not 18 years of age or older. If you believe we might have information from or about an individual Site user who is under 18 years of age, please contact us at dpo@veritasint.com.

Where we store your information

The information that we collect from you may be transferred to and stored with an Accredited Laboratory or any supplier of data processing and data hosting services to us at a destination within the EEA. It may also be processed by staff operating inside the EEA who work for any of them. Such staff maybe engaged in, among other things, the fulfilment of your order, or the provision of data processing and data hosting services to us. In certain cases, we transfer and store certain information outside the EEA, such as to the United States. In such cases, we primarily use a legal mechanism known as “standard contractual clauses” to protect information transferred outside the EEA. Standard contractual clauses refer to contracts between companies transferring personal information that contain standard commitments, approved by the European Commission, protecting the privacy and security of the information transferred. To request a copy of the clauses, please email us at dpo@veritasint.com.

How we secure your information

All information you provide to us in purchasing or availing of our Products or Services are stored on our secure servers or else on secure servers used by our service providers. Any payment transactions effected by us will be encrypted using TLS. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site you are responsible for keeping this password confidential. You must not share a password with anyone. We impose obligations of confidentiality and security on any of our service providers who process your personal information on our behalf. We maintain appropriate technical and organizational security practices, including encryption, pseudonymization and anonymization, passwords, access control, and physical security measures, as well as managerial procedures to protect the security and confidentiality of your personal information. Only authorized individuals are allowed to access, delete or modify your data.

Disclosure of your information

We share information with service providers, affiliates, partners, and other third parties where it is strictly necessary to provide the Products and Services, or for any other legitimate purposes described in this Privacy Statement. In particular, we may share your information with certain third party suppliers and service providers to help us operate, provide, improve, understand, customize, support, and market our Products and Services. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Statement by imposing obligations of security and confidentiality on such service providers. Your information may be provided as necessary to the following categories of recipients: Accredited Laboratories, healthcare professionals, couriers, communications and marketing service providers, IT systems and IT service providers (such as those who host our data and information systems), analytics providers, legal or financial advisors, or government/regulatory/law enforcement agencies pursuant to legally binding order or where legally required. If a third party (such as your healthcare provider or your employer’s occupational health risk prevention service) is involved in or has provided, subsidized or paid for the Products and Services you are using, your personal information may also be shared with them as required by the contract between us and that third party. We may disclose and transfer your information to our Accredited Laboratories for the purpose of (i) accepting and processing an accepted order by us, (ii) in order to procure the Product is delivered to you by it, and (iii) to test any Sample provided and make your Test Information available to you and/or your physician on our secure platform. To process a request for a Product and for our Accredited Laboratories to test the Sample and send you and/or your physician the Test Information, we may need to disclose information within and external to our company including to healthcare professionals, to our Accredited Laboratories and our IT services providers. Your request for a Product will result in your order details being accessed by and processed by our Accredited Laboratories and our IT service providers. The Accredited Laboratories may have access to your personal information such as your date of birth, your sample, information relevant to your test (such as gender or health information), and the test results created therein. For research, development, publications, and analytics purposes, we may also share personal information where we have your consent or some other legal basis to do so. We may engage in collaborative research with third parties (for example, health, educational, or government institutions, or private companies) related to the development of new tests, validation of existing testing processes or technologies, or to improve existing products and services. We may also disclose de-identified Genetic Data to public databases for the advancement of medical research; this enables improved understanding of how genetics may impact the risk of certain diseases or health conditions. We may include de-identified Genetic Data in our research databases, which may be accessible, searchable, and downloadable by third parties (including researchers and the public). More information about this will be available on any consent forms provided to you if you are using Products and Services that involve genetic testing, genetic sequencing, or processing of your Genetic Data. We and/or our workforce members may be involved in the creation of publications, and this may include collaborating with third parties. Where this is done, it will involve only de-identified personal information. If a third party (such as your healthcare provider or your employer’s occupational health risk prevention service) is involved in or has provided, subsidized or paid for the Products and Services you are using, your personal information may be shared with them as required by the contract between us and that third party, in compliance with applicable laws (such as employment and labor laws), and with your consent where required. This may include sharing identifiable test results or other personal information with such third parties. If you are a test participant related to such a program or agreement with a third party, you may be provided with a program specific privacy notice and/or consent form as required. In instances where our business is subject to a re-organization, such as a merger or acquisition of some or all of its assets, we may, in accordance with our legitimate interests, need to share information in the course of the transaction. In such circumstances, your information may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status of Veritas. If you send offensive or objectionable content or otherwise engage in any disruptive behaviour on the Site, we can use your information to stop such behaviour and pursue our legitimate interest to prevent such behaviour on our Site. This may involve informing relevant third parties, such as law enforcement agencies about the content and your behaviour. Equally, we may retain, preserve, or disclose your information if we have a good-faith belief that it is reasonably necessary to (i) respond, based on applicable law, to a legal request (such as a subpoena, a search warrant, court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce the agreements we have with you; (e) prevent physical injury or other harm to any person or entity, including yourself and members of the general public. For example, your IP address may be supplied to regulatory authorities in connection with fraud or other formal investigations. We may pass aggregate information on the usage of our Site to third parties. Unless required to do so by law, we will not otherwise share sell or distribute any of the information you provide to us without your consent or other legal basis.

How long do we keep your information?

We retain your information in our server logs, our databases, and our records for as long as necessary to provide the Products and Services. In some cases we may retain some of your information for a longer period, such as in order to comply with our legal or regulatory obligations, to resolve disputes or defend against legal claims, or to enforce our policies or terms of use of our Products and Services. Any Data recorded on video surveillance/CCTV systems shall be kept for no longer than is considered necessary. Normally data recorded on video surveillance/CCTV systems will not be retained beyond a maximum of 30 days. Data recorded on video surveillance/CCTV systems may however be retained beyond a maximum of 30 days in circumstances where the data is required for evidential purposes and/or legal proceedings.

Your rights

You may have certain privacy rights in relation to your information that we process. While some of these rights apply generally, others apply only in certain circumstances or may depend on your residency. To exercise your rights or to submit a question, you can email us at dpo@veritasint.com and may mention any of the rights below in addition to any comments or questions you have. Please note we may need to verify your identity before we respond to your request.

• Access. You have the right to request a copy of your information that we process as well as further information including (i) the purposes of processing, (ii) categories of information we process, (iii) recipients or categories of recipient to whom the personal information have been or will be disclosed, (iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, (v) where the personal information is not collected from you as the data subject, any available information as to the source of the information, and (vi) existence of automated decision-making, including profiling. This right also applies to personal data captured by video surveillance/CCTV recordings.
• Correction. If you discover that we hold inaccurate information about you, you have a right to ask us to correct that information.
• Erasure. You have the right to request that we delete your information. We may refuse this request if (a) the information is still necessary for the purposes that we collected or processed it and (b) we still have a legal basis to process it, even after you’ve withdrawn consent.
• Restriction. You have the right, in some cases, to restrict the processing of your information, such as where you have exercised your right to object and we are reviewing your objection.
• Objection. You have the right to object to us using your information based on our legitimate interests described above. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing, you can always object by using the unsubscribe link in such communications, changing your account settings or, if you do not have an account, you can email us at dpo@veritasint.com.
• Portability. You have the right in some cases to port your information from us to a new data controller by obtaining a copy of your data from us in a common machine readable format.
• Withdraw consent. You can withdraw your consent to processing at any time by e-mailing dpo@veritasint.com. Withdrawing your consent does not affect processing that has already occurred. Where you withdraw your consent, we will no longer process your information based on your consent. We may process your information if another legal basis applies, for example, if we are legally obligated to store certain records or if your withdrawal of consent was limited to certain processing activities.
• Complain. You have the right to lodge a complaint with the data protection supervisory authority for your jurisdiction. If you are considering lodging a complaint, we would appreciate the opportunity to try and resolve your issue before you submit your complaint. To learn more about how to make a complaint or to obtain information about the relevant supervisory authority for your jurisdiction, email us at dpo@veritasint.com.

Changes to our Privacy Statement

From time to time, we will make changes to this Privacy Statement. Any changes we may make in future will be posted on this page. If we materially change our Privacy Statement, we will take steps to notify you, for example by emailing you or by posting a notice on the Site.

Contact us

Questions, comments and requests regarding this Privacy Statement are welcomed and should be addressed to our Data Protection Officer (DPO) at dpo@veritasint.com. Additionally, if you are a resident of the UK and want to raise a question to Veritas or exercise your rights under UK GDPR, you may prefer to contact our appointed UK representative rather than directly contacting our Data Protection Officer. You may do so by:

• Sending an email to DataRep UK mentioning “Veritas Intercontinental (a LetsGetChecked company)” at: LetsGetChecked@datarep.uk
• Mailing your inquiry to: DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom. Please ensure your request is addressed to DataRep, not Veritas, though do mention “Veritas Intercontinental (a LetsGetChecked company)” in the request or question itself.

Definitions

“Accredited Laboratory” means the laboratory(ies) that we may select as our testing services provider at any time; which laboratory will be CPA (clinical pathology accreditation), INAB, CLIA approved or CAP accredited. In some cases, we may use a laboratory with additional certification or accreditation as required by applicable law or regulation or at our sole discretion; “Product” means a kit which enables you to take and store a sample of saliva, blood, urine, or stool, as appropriate for the type of kit purchased; “Sample” means a sample of saliva, blood, urine or stool, provided in accordance with the Product instructions; “Services” means testing the sample that you send to the Accredited Laboratory, and providing you with the Test Information; “Test Information” means the results from the Accredited Laboratory for the processed Sample, communicated to you by us via the Site and our staff, as applicable; “You” or “your” means the user of the Site. This Privacy Statement was last updated on 21/07/2023.