This policy is for anyone who uses our Website mapsciences.com as a customer or for any other reason (User). In order to use our Website, you have to confirm that you have read, understood and agreed to this policy. If you do not agree, then you should not use our Website. This policy relates to any personal data or personal information we hold about Users.
This policy covers all data that is shared by a User whether directly from you, from the samples you provide to us, or by email.
This policy may be updated so we suggest you review it regularly or click the link which will always take you to the most recent version.
This policy provides an explanation as to what happens to any personal data that you share with us, or that we collect from you in any way.
Types of Information We Collect
Personal Information – Personal data, or personal information, means any information about an individual from which that person can be identified. We collect personal information from Users in a variety of ways, including when Users only visit our Website as well as those Users who fill in any online forms or questionnaires to place an order. If you do order a test from our Website then we collect name, email address, postal address, phone number, gender, ethnicity, date of birth, and in some cases information about your pregnancy if you are pregnant or other information relating to your health. We collect this information as part of our service to provide Results to you after we run your test. For many of these services, it is impossible for us to provide you with a quality service without this information. Therefore, it is essential that you read, understand and agree to this policy. It is possible for Users visit our Website anonymously but, in these circumstances, we still collect information in accordance with our Cookies Policy (below). We collect personal information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personal information, except that it may prevent them from engaging in further services provided by our Website.
Non-Personal Information – We may also collect non-personal information about Users which may not identify the individual but may indirectly link to other information about them whenever they interact with our site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our site, such as the operating system and the Internet service providers utilised and other similar information.
Third party websites – You might find links to other websites on our Website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
What we do with your Information and Why
MAP Sciences may collect, store and use personal information from our Website Users. We only ever use your information in line with data protection laws – in particular, the EU General Data Protection Regulation, otherwise known as GDPR. This means that we only use User information where we have a legal basis to do so. MAP Sciences adheres to the following general rules for using personal information.
- Consent – you have given clear consent to us to process your personal information for a specific purpose.
- Our contract – processing your personal information is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
- Legitimate interests – processing your personal information is necessary for our legitimate interests or those of a third party, provided those interests are not outweighed by your rights and interests.
MAP Sciences will only use and process your personal information:
- to allow you to access and use our Website and to register for an account;
- to provide you with the information, products and services that you request from us;
- to do things necessary for our business, such as pursuing debts or ensuring the security of our services and Website;
- to carry out statistical analysis and market research;
- for marketing, advertising and promotional purposes;
- for improving and maintaining our Website, preparing reports or compiling statistics in order to improve our services;
- to notify you about changes to our services and to keep you informed about our fees and charges;
- to contact you (including by email or post) with your consent, with information about our products and services which you either request, or which we feel will be of interest to you.
Sharing your personal information – We do not sell, trade, or rent the personal information of our Users to anyone else. We may share generic (anonymised) aggregated information or data not linked to any personal information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.
We use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys. All of our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes.
When you buy products or services from us, your personal information will be shared with applicable third parties to ensure the running of the service we provide. These include:
- Your email address and order reference number will be shared with a third-party payment gateway; Stripe (https://stripe.com/) who will securely administer the payment of our service on our behalf. When making a payment, you’re entering your information such as card number, CSV number and postcode directly into Stripe and is not stored by MAP Sciences.
- Your name and address will be shared with a third-party postal company who will deliver your kit on our behalf.
Disclosing your information – Where applicable, we may disclose your personal information to any member of our group. This includes, where applicable, our subsidiaries, our holding company and its other subsidiaries as detailed in our Terms and Conditions.
We may also disclose your personal information to third parties:
- Where we sell any or all of our business and/or our assets to a third party.
- Where we are legally required to disclose your information.
- To assist fraud protection and minimise credit risk.
Storing your personal data – We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Data that is provided to us is stored on our secure servers inside the EEA. Details relating to any transactions entered into via our Website will be encrypted to ensure its safety against unauthorized access, alteration, disclosure or destruction of your personal information.
The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and the transmission of such data is entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access certain areas of our Site, you are responsible for keeping this password confidential.
We store personal information for as long as you use the services we provide and then as required to comply with applicable laws. In particular, we are required by law to hold medical records for 10 years.
The children’s online privacy protection act – Protecting the privacy of the very young is especially important. For that reason, we never collect information on our Website from those we believe to be under 18 unless with the express permission of a parent or guardian and no part of our Website is structured to attract anyone under 18.
Specific Data Security When Order Test Kits through our Website
When placing your order with us we collect limited personal data for us to be able to process your sample and obtain your unique Results. In addition, data will be generated from your sample when it is processed by the MAP Sciences laboratory. We do not send your sample or data to any other laboratory and analyse your sample entirely “in-house”. We will not disclose this personal data to any third party.
In the MAP Sciences Laboratory your sample is anonymised using a barcode system and registered only as a tracking number, in order to best protect your data and privacy. However, your Results are also securely stored should you require access in future years, and in order for us to be legally compliant to store medical records for 10 years.
The laboratory database containing your sample ID and analysis data is anonymised so as not to link your personal identifier information (PII) such as name, address or IP address to any laboratory results. Laboratory personnel and data process developers have access to your Results but are not able to identify individuals or to whom the Results belong. In other words, there is no link between your sample number and your name and address as the laboratory testing system and the ordering system are two separate and distinct operations. Anonymised spectral data of samples are continually reviewed to improve and develop new diagnostics algorithms and continually improve our service.
If the User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. We use the third-party service MailChimp (http://www.mailchimp.com/) to help to administer activities on our behalf, such as sending out newsletters or surveys. Your information such as name and email address is shared with the third-party but you will not be contacted unless opted-in to receive such communications.
If a User purchases a Test, they will receive emails with regards to their order such as a receipt, dispatch notification and notification when Results are ready. This is actioned automatically by MAP Sciences. However, you may also be communicated directly by a member of our customer support team who may send and receive emails, we use the third-party service Google Mail (mail.google.com) to help to administer these activities. Depending on the purpose of the communication, your information such as name, email address and details of your order may be transmitted through this third party.
Options you have and your Rights to Choose them
At any time:
- You can choose not to provide us with personal data.
- If you choose to do this, you can continue to visit our Website and browse its content, but we won’t be able to provide you with services, even if you have already paid for them.
- You can turn off cookies in your browser settings.
- If you turn off cookies, you can continue to visit our Website and browse its content, but our online services might be less effective.
- You can choose for us not to use your personal information for marketing.
- We will request your consent to do this, but you can choose to refuse your consent. If you have given your consent and want to retract it later, then you can either unsubscribe to the communications or opt out by contacting us firstname.lastname@example.org.
You can contact us by email at email@example.com at any time, to request that we:
- update any personal information which is out of date or incorrect;
- delete any personal information which we are holding about you;
- restrict the way that we process your personal information;
- provide your personal information to a third-party provider of services; or
- provide you with a copy of any personal information which we hold about you on request (a fee for this may be levied on unreasonable requests).
- You have the right to withdraw your consent in relation to us processing your medical data at any time.
- If you withdraw your consent to us processing your medical data, this will mean that we are unable to provide our services to you.
Please remember that we are required by law to retain medical records for 10 years, as such any requests for us to contravene this law will have to be refused.
If you have any questions, or require clarification, about this policy or any other policy on this Website please contact our customer support at: Customersupport@mapsciences.com.
If you are not satisfied with our responses to your questions or if you have any concerns or complaints about the way we have handled your personal information then you can lodge any such grievance with the appropriate authority at the European Commission or the DPA.