MeOmics Precision Medicine Ltd
Data Privacy and Fair Processing Policy
v2.0 February 2023
Our contact details:
Company Name: MeOmics Precision Medicine Ltd
Data Protection Officer: Adrian Harwood
Phone Number: 07711 850102
E-mail: info@meomics.tech
Website: www.meomics.tech
Company registration Number: 13767770
Address of company: International House, 10 Churchill Way, Cardiff, CF10 2HE
Registration Number with the ICO: ZB421823
Introduction and General Terms
We are committed to protecting your personal information and you can be assured that it will only be used in accordance with this Privacy Notice. This Privacy Notice relates to our use of your personal information when we contact you, or you make contact with us, in relation to our services/research. We may contact you in order to provide you with the full range of services, and we sometimes need to collect information about you. This Privacy Notice explains the following:
We are committed to safeguarding your personal information. We are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, these laws are referred to collectively in this Privacy Notice as "data protection laws".
Who are we?
MeOmics is a Bio tech, UK-based company, focused on providing a Precision Psychiatry Platform for improved drug discovery and prediction of optimal therapies for patients, using academic research. Funded by UKRI and private investors. When we refer to ‘’we’’ or ‘’our”, we are referring to MeOmics. Registered with the UK Information Commissioner’s Officer Registration Reference: ZB421823.
The type of personal information we collect.
In order to provide you with services and communications suited to your needs and carry out research to improve the diagnosis and treatment of mental health illnesses, we require information about you. For the purposes mentioned in our Privacy Notice, we collect the following groups of information about you:
Your basic identification and contact details.
This may include your name, age, company, address, telephone number, email address, IP Address, location, video conference meetings & chat and other information that you provide to us. i.e., Applying for a role within MeOmics, CV, photographs, job history and qualifications, reasonable adjustments you require under the Equality Act 2010, charitable involvement.
Special Category Personal Data
Anonymised Data
We use best practice to utilise anonymisation so that the information is no longer personal data. When the anonymisation has been done in an irreversible way, anonymised data is not regulated by the UK GDPR or Data Protection Act 2018.
Pseudonymised personal data
Pseudonymised personal data is also used to reduce privacy risk which is a technique that replaces or removes information in a data set that identifies an individual. Pseudonymised personal data remains in scope of the UK GDPR legislation.
How we get and use your personal information and why we have it
Most of the personal information we process is provided to us either directly by you, or via your care provider St Andrew’s Healthcare, with your explicit permission for them to share with us, for one of the following reasons:
We also receive personal information from Subcontractors that derive IPSCs from blood.
We use the information that you have given us for population level modelling and processing to stratify patient types to improve the testing of drugs for mental illnesses.
Lawful Basis for Processing
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
Under Article 6 (1) (a): You have given your consent. You can withdraw your consent up to three weeks after your blood sample and data have been collected. You can do this by contacting the St Andrew’s Healthcare Research Nurse.
Under Article 6 (1) (b): Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Under Article 6 (1) (c): Processing is necessary for compliance with a legal obligation to which the controller is subject under the NSI Act 2020
Under Article 6 (1) (e): Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, under Commission Regulation (EU) No 651/2014 and UK Research and Innovation (UKRI) who as a non-departmental public body responsible for supporting research.
Under Article 6 (1) (f): We have a legitimate interest in processing and retention of this data because it is necessary to achieve the objectives of our research.
Article 9(2)(a) permits us to process special category as the data subject has given explicit consent to the processing of their personal data for specific purpose of research into neuronal cells and who have completed an express statement of consent to participate in the research. We also receive ethical approval by the Reading Independent Ethics Committee. Further information can be found on our Participant Information Sheet
Article 9 (2) (g) and paragraph 8 of Schedule 1 of the DPA 2018 permits us to process special category data if it is necessary for reasons of substantial public interest, on the basis of law which shall be proportionate to the aim pursued, respect the essence of the right to data protection, and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
Article 9(2)(h): Processing is necessary for the purposes of preventative or occupational medicine, medical diagnosis, the provision of health or social care or the management of health or social care systems and services under the NHS Act 2006.
Article 9 (2) (i ): Processing is necessary for reasons of public interest in the area of public health, such as protecting against ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject.
Article 9(2)(j): Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes and complies with Article 89 (1) of the UK GDPR.
We also rely on the Data Protection Act 2018, Schedule 1 which describes conditions for processing in:
Part 1 which describes conditions for processing personal data for health, public health, social care, and research purposes and;
Part 2 sets out the conditions for processing personal data on the grounds of substantial public interest.
How long we keep your information for
We will hold your personal information on our systems for as long as is necessary to maintain our relationship. Unless you choose to withdraw your personal details before this time, your personal data will be held in accordance with our data retention policy, unless required to be retained longer by law.
How we store your personal information
Your information is securely stored, and we keep identifiable information for 3 weeks. We will then dispose of your blood sample and deidentify your personal data.
Who we share your data with
We will keep your information within MeOmics and will only share it where you have requested it, required by law, or given your consent. We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors, this means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
We may also share anonymised information with medical companies and scientific organisations.
Ethics
The Good Public Health Practice Framework 2016 defines public health as the science and art of promoting and protecting health and wellbeing, preventing ill-health and prolonging life. This is an ethical mandate derived from a commitment to achieve greater good. These ethical agendas are committed to look at the prevention of disease.
The UK now controls our own data protection legislation and regulations (since Brexit). We ensure our data protection regime is as good as it can be in line with the governments Ten Tech Priorities. We fully support a world-leading digital economy and society whilst underpinning the trustworthy use of data.
We may transfer personal information to countries outside of the United Kingdom ("UK"), which may not have the same data protection laws as those of the UK. Where we transfer personal information to countries outside of the UK, we will take appropriate steps to ensure the personal information is afforded the same level of protection as described in our Privacy Notice. We rely on adequacy decisions or any adequate data transfer mechanisms adopted by the European Commission or a supervisory authority for transfers outside of the EEA, in line with Section 109 of the Data Protection Act 2018.
Your data protection rights.
Under the UK General Data Protection Regulations (UK GDPR), you have the following rights:
Your right to be informed – You have the Right to request to be informed about the personal information we process.
Your right of access - You have the right to request us for copies of your personal information.
Your right to rectification - You have the right to request us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Your right to object- You have the Right to object to your personal information which we process.
You also have the Right to request that we do not solely automate our decision making, and solely automate our profiling.
You are not required to pay any charge for exercising your rights. If you make a request, the UK GDPR states that we have one month to respond to your verified request, unless our assessment of your request concludes to be complex. If that is the case, we will notify you without undue delay.
Please get in touch with us at info@meomics.tech if you wish to make a request.
When you interact with our website, we try to make that experience straightforward and meaningful. Cookies are small pieces of information that are issued to your computer or mobile device when you visit a website and that store and sometimes track information about your use of the website.
Some Cookies are strictly necessary to make our website available to you.
("Essential Cookies"). For example, to remember your consent and privacy choices. We cannot provide our Services without these Essential Cookies.
We also use Cookies for functional purposes in order to maintain and improve our services or improve your experience, and for marketing purposes (collectively "Nonessential Cookies"). Some of the Non-Essential Cookies used are set by us, to collect and process certain data on our behalf, and some are set by third parties and our Social Networking Services.
A banner is displayed giving a) clear information about the purpose, storage & access to the cookie and b) you have given consent in line with Article 4(11) of the UK GDPR, before it captures data. Further information in our cookies policy.
How to complain
If you are unhappy with the handling of your Data Subject Rights Request you can request a review within 40 working days of receiving your initial response. If you wish to do this, you must do so in writing, identifying the decision that you wish to be reviewed or the aspect of the handling of your request that you are unhappy with. Please address your request for review to: info@meomics.tech.
If you are dissatisfied with the outcome of any review carried out by us in relation to information that we hold about you, you may wish to appeal to the UK Information Commissioner (ICO) who oversees the UK General Data Protection Regulations. If you wish to do this, please write to the Information Commissioner’s Office as soon as possible after receiving the outcome of your review.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Further use
If we wish to use your personal data for a new purpose, not covered by our Privacy Notice(s), we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where necessary, we will seek your prior consent to the new processing.
This Privacy Notice may be updated from time to time so you may wish to check it each time you submit personal information to us. The date of the most recent revisions will appear on this page. If material changes are made to our Privacy Notice(s), for instance affecting how we would like to use your personal information, we will provide a more prominent notice.
If you have any questions or comments regarding the content of this Privacy Notice, please contact info@Meomics.tech.