HiCircle Privacy Policy

Key Terms
We, us, our
Prenetics Limited 701-706, K11 Atelier, 728 King’s Road, Quarry Bay Hong Kong
Our data protection officer
privacy@prenetics.com
Personal data
This means any data: relating directly or indirectly to a living individual; from which it is practicable for the identity of the individual to be directly or indirectly ascertained; and in a form in which access to or processing of the data is practicable.
Personal Health Information
Health records are sensitive personal data. We take extra care to protect health records and to explain how we handle them.

Statement of Policy

We treat your information with the importance it deserves. We are committed to protecting your information, handling it responsibly and securing it with administrative, technical, and physical measures and safeguards. All test results and any Personal Information are maintained under a strict policy of confidentiality.

Our Privacy Policy Statement and Personal Information Collection Statement is designed to help you better understand how we collect, use, store, process, and transfer your information when using our Services. It is applicable to all new and existing users of our services.

Statement of Practices

HiCircle is a range of services offered by Prenetics Limited, a Digital Preventative Health Technology Company, combining lab diagnostics and digital technology platforms to make cutting edge scientific information available.

Personal data we collect 

It is voluntary for you to provide any information we request, however in the event that you do not provide such personal data, we may not be able to provide you with our products or services.

  1. Registration Information – when your account is set up, you will be asked to provide your name, contact details and date of birth.
  2. Payment Information – payment card details will be taken at point of sale to facilitate purchases. Card details are not stored by Prenetics and are managed by our third-party card processing provider. 
  3. Genetic or Biomarker Information– Personal data generated through the analysis of your saliva, stool or blood test. 
  4. Self-Reported Information – Personal Information, including medical conditions, sports-related information, ethnicity or family history that you voluntarily share in surveys, forms or features while entering our website may be collected by us. 
  5. Web behaviour Information – we may collect Information on how users make use of Our Site, Prenetics backend portals or Prenetics software solutions. This Information is collected through log files, cookies, and web beacon-, analytical- and advertising technologies. You can find more information at https://www.hicircle.com/legals/cookies.asp  
  6. Gifts - If you provide us with Personal data about others, or if others give us your information, for the purpose of ordering the Service as a gift, we will only use that information for the specific reason for which it was provided to us.
  7. Children's privacy - We do not collect personal data from minors without prior consent from a person with parental responsibility for the individual.

Statement of Purpose

Prenetics is a genetics and diagnostic health testing company, with a mission to decentralize health care by focussing on comprehensive testing capabilities covering prevention, diagnostics, and personalized care.

We process both Personal Data and Personal Health Information for the following purposes:

To provide our Service to you: We process Personal data in order to provide our Service, which includes customer support, processing payments, shipping kits to customers, creating customer accounts and authenticating logins, analysing DNA samples and DNA, to provide you with our reports, dependent on the Service purchased and powering tools that benefit our customers such as allowing you to share your Personal data with others.

To Improve Our Products and Service: We collect Information when you send, receive, or engage in messaging with Prenetics. We do this to delegate your inquiries to the correct department.  We may use your Personal data to investigate, respond to and resolve complaints and Service issues.

If you interact with Prenetics via telephone, your call may be recorded for training and monitoring purposes.

We also use analytics to determine ongoing service and resource needs and perform quality control checks to maintain best standards of practice. We conduct customer surveys and constantly work to improve and provide new reports, tools, and Services. We may also need to fix bugs or issues, analyse use of our website to improve the customer experience or assess our marketing campaigns.

Marketing and Advertising: With your consent we may send you direct marketing communications. We may also direct advertising to you via third party sites including social media. We will only send marketing material to you where you have opted in to such communications or as determined by your web browser/cookie settings. You can unsubscribe from receiving these marketing communications at any time via your account settings.

Who we share your personal data with

Except as stated below, we will only share your Information with a third party when we are required by law or in good faith believe that such disclosure is necessary in such cases. Such disclosure includes but is not limited to:

  1. Investigation, prevention, or action regarding suspected or actual illegal activities or to assist government enforcement agencies.
  2. Enforce the Prenetics Terms of Service.
  3. Respond to claims or allegations made by third parties against Prenetics; or
  4. Protect the rights, property or Prenetics’ safety and the public.

We will only share your Personal Information with those categories of third parties listed below and under these circumstances - 

  1. Current or future Prenetics global entities. As Prenetics grows, restructuring may take place and it may be appropriate for more than one entity to control and process Information. This Privacy notice will apply to all Prenetics entities unless otherwise stated.
  2. With our service providers as necessary for them to provide their services to us which include payment, order fulfilment and shipping, customer support, Cloud storage, IT and security, marketing.
  3. Companies that provide services to get your purchases to you, such as payment service providers, warehouses, order packers and delivery companies.
  4. Contracted consultants, suppliers and partners used to undertake fundamental activities to enable us to provide our services, enhance the User experience; and to effectively operate and manage our organisation.
  5. With anyone else as provided for in terms of your explicit prior consent to do so.

Any Processors or other third-party service providers will be required to contractually comply with the principles and objectives of any Prenetics policies, including this Privacy Notice, and other Applicable Law and will be required to sign a data processing agreement to confirm that Information will not be collected, used, shared, stored or otherwise for any Purpose other than those instructed by Prenetics.

We may be unable to provide our products or services to you should you wish such data sharing to not take place.

How long your personal data will be kept

Our data retention policy is to take all practicable steps to ensure that the personal data collected is kept no longer than necessary to fulfil the purpose for which it is used or fulfil our contractual and legal obligations.

Security Measures

Prenetics implements measures and systems to ensure confidentiality, integrity, and availability of Circle data.

Anonymisation, encryption, and data segmentation. Registration Information is stripped from Sensitive Information, including genetic and phenotypic data. This data is then assigned a random ID so the person who provided the data cannot reasonably be identified. Circle uses industry standard security measures to encrypt sensitive personal data both when it is stored (data-at-rest) and when it is being transmitted (data-in-flight). Additionally, data is segmented across logical database systems to further prevent re-identifiability.

Limiting access to essential personnel. We limit access of information to authorized personnel, based on job function and role. Circle access controls include a strict least-privileged authorization policy.

Detecting threats and managing vulnerabilities. Prenetics uses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our build pipeline and regularly engage third party security experts to conduct penetration tests.

Your rights

You have the following rights:

Access
The right to be provided with a copy of your personal data. We may charge a reasonable fee for responding to some requests.
Rectification
The right to require us to correct any mistakes in your personal data
The right to withdraw consent
The right to require us to correct any mistakes in your personal data