Novarum DX Ltd Privacy Notice:
Rapid Assay Result Ecosystem (RARE)
Our contact details
Name: Novarum DX Ltd
Address: Haywood House, Dumfries Place, Cardiff, CF10 3GA, UK
Web: www.novarumdx.com
E-mail: enquiries@novarumdx.com
This privacy notice relates only to the Rapid Assay Result Ecosystem (“RARE”) provided by Novarum DX Ltd for the purpose of test development, imaging optimisation and field demonstration to support requirements gathering. RARE storage is intended to be used with Proof of Concept and demonstrator applications developed by Novarum DX Ltd for clients (“the Apps”).
This system is intended for R&D use and “you” refers to the operator of the Apps, who is typically affiliated to an organisation that is a Novarum DX Ltd client. If you use the system to collect data on samples which are identifiable to other individuals you should prepare your own data protection impact assessment and provide those individuals with suitable privacy information.
The type of personal information we collect
We currently collect and process the following information:
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you, or your affiliated organisation to enable us to:
Some data is automatically collected from the Apps or web services you use.
We do not use any third party services to collect information about you.
We use the information to support your affiliated organisation as well as to improve our products and services. Our business teams may use the details to contact you about problems the identify or opportunities for further development or commercialization.
We will only share this information with your affiliated organisation. We may anonymise or aggregate and anonymise data for our own purposes, provided our contact with your affiliated organisation permits us to do so.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
We have a contractual obligation (with your affiliated organisation) to collect and store this data.
We have a legitimate interest to understand, improve and develop our product/service offerings. Our business teams have a legitimate interest in helping you maximise the commercial value of your work.
How we store your personal information
Your information is securely stored.
We keep any personally identifiable information about you for the duration of any contract with your affiliated organisation, and will usually retain it for quality and regulatory purposes for the lifetime of any products which your affiliated organisation develop using that data. Where we no longer have any need for the data for our own, or your affiliated organisations purposes then we will depersonalise any information such that it can no longer be linked to you (e.g. by allocating a random identifier to replace any personal ID); we expect to do this within 3 months of identifying that the data is no longer required.
The data is stored within facilities operated on our behalf by Amazon Web Services (AWS) located in France (the European Union).
Sensitive information you input into the Apps
The Apps may contain sample identifiers or notes fields which you can use to link the results obtained by the Apps to the samples. Since we have no control over what these fields are used for, or what information is input into them we will have no ability to manage the associated data risks. We strongly encourage you to avoid using any identifier which is linked to a patient or other individual. If you do so, you should ensure you have appropriate data protection impact assessments, any necessary consents and are able to provide information to your end users about the privacy of their data. Organisations based outside the UK/EU should be particularly conscious that the definition of Personal Data used within GDPR is broader than in many other jurisdictions. Novarum DX Ltd will be unable to deal directly with privacy requests in relation to information you have provided in such fields - and considers that you are the Data Controller for any such data.
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at enquiries@novarumdx.com if you wish to make a request.
You should be aware that those rights only extend to your personal data, and would not automatically extend to data which was not identifiable as relating to you, or data which related only to your affiliated organisation.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at ceo@novarumdx.com.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
2024-04-09