Privacy Policy

Website Privacy Notice

Effective Date: July 22, 2021

Verici Dx, Inc. (“Verici”, “we”, “us”, “our”) takes the protection of your personal information (“Personal Data”) very seriously. Personal Data is any information about you that can be used to identify you as a person. This Privacy Notice (this “Notice”) describes how we use your Personal Data when you visit our websites, invest in our company, or contact us directly outside of any participation in one of our clinical trials.

In the context of this Notice, Verici is the “data controller” for your Personal Data. This Notice is meant to help you understand what information we collect when you visit our website or contact us, why we collect it, and your rights. We are required to give you this information in order to comply with the privacy law, including Regulation (EU) 2016/679 (General Data Protection Regulation or GDPR) and the GDPR in such form as incorporated into the law of England and Wales, Scotland and Northern Ireland by virtue of the European Union (Withdrawal) Act 2018 and any regulations thereunder, and the UK Data Protection Act 2018 (the “UK GDPR”).

This Notice does not apply to Personal Data we collect by other means, like Personal Data that we collect from participants in our studies (see: https://patientjourney.vericidx.com/clinical-trials-privacy-notice). This Notice also does not apply to Personal Data collected from any of the personnel, including Principal Investigators, who work on our clinical trials (which is governed by the privacy notice provided directly to those site personnel).

YOUR PRIVACY RIGHTS

Under certain circumstances, by applicable law, you may have the right to request:

• access to your Personal Data (commonly known as a “data subject access request”) and receive a copy of it;
• that we update or correct your Personal Data;
• erasure of your Personal Data;
• that we stop processing your Personal Data where we are processing it relying on a legitimate interest;
• that we suspend the processing of your Personal Data when you have asked us to check its accuracy and in other cases;
• that we export a copy of your Personal Data in a format that allows you to reuse your data.
• withdrawal of your consent at any time (if applicable);
• a complaint be lodged with the data protection authority. If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

To make these requests, please contact [email protected] or our Data Protection Officer (VeraSafe) at [email protected]. Additional contact details are available in the Section titled “Questions”, below.

PERSONAL DATA WE HOLD ABOUT YOU

We collect, use, store, and transfer different categories of Personal Data about you which we have grouped together as follows:

• Identity Data includes first and last name, username or similar identifier.
• Contact Data could include email address or, if you are one of our shareholders, any address you provided when you registered your shares or otherwise provided an address to us.
• Transaction Data could include details of your shareholding or option holding if you are a shareholder or option holder, including your votes and shareholder identification number.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website or intranet.
• Usage Data includes information about how you use our website, intranet, products, and services.

 

We may also collect, use, and share Aggregated Data, such as statistical data, for any purpose. Aggregated Data may be derived from your Personal Data, but is not considered Personal Data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data with other website visitors to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Notice.

WHERE WE GET YOUR PERSONAL DATA:

In the context of this Notice, we collect your Personal Data from the following sources:

Direct interactions:  You may give us your Identity, Contact, or Transaction Data by filling in forms or by corresponding with us by post, phone, and e-mail or otherwise when you visit our website, provide feedback, or buy our shares.

Indirect interactions: If you are a former or current shareholder, we may collect your Personal Data indirectly through your agent, such as your stockbroker or share plan administrator. 

Automated interactions:  As you interact with our website or intranet, we may automatically collect Technical Data or Usage data about your equipment, browsing actions, and patterns. We collect this Personal Data by using cookies and other similar technologies. You can manage the collection of this information here https://patientjourney.vericidx.com/cookie-policy-eu.

HOW WE USE PERSONAL DATA

We use your Personal Data to:

• To administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data);
• To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences;
• To grow and develop our business;
• To communicate with you in order to respond to your questions, concerns, or requests to exercise data subject rights;
• To facilitate investment in our company, including to administer our shareholder and share option scheme relationships; and
• To ensure we comply with all laws and regulations applicable to a publicly traded company.

Use and processing of your Personal Data is necessary (A) for our legitimate interests in facilitating the operation of our business and our website; (B) for the performance of the contract between us and you, should you invest in our company; and (C) to comply with laws and regulations, including securities regulations requiring us to collect and maintain records about investments in our company.

DATA SHARING

Within the company:

Your Personal Data may be disclosed within the company for administrative, technical, and management purposes as described in this Privacy Notice.

Service providers:

We may share your Personal Data with our service providers (who provide hosting, cloud data storage, data analytics, email and word processing or cloud-based computing software, and share registry service providers). We require that these service providers protect your Personal Data and use the data solely to provide the services to us.

Regulatory or governmental agencies:

We may share your Personal Data with certain regulators or other authorities who require reporting of certain processing activities in certain circumstances (for example, HM Revenue and Customs).

 Other third parties

We may share your Personal Data with other third parties, for example in the context of the possible sale or restructuring of the business, or to relevant third parties such as auditors, lawyers or professional advisors, or our insurers.

We may also disclose your Personal Data to comply with a subpoena, bankruptcy proceedings, or similar legal process, or in response to lawful requests by public authorities, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of you or third parties, or the public at large.

We require all third parties to respect the security of your Personal Data and treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

DATA TRANSFERS

Personal Data collected and processed under the terms of this Notice may be collected or transferred to Verici Dx in the United States. The United States may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. We will only transfer your Personal Data where there are appropriate safeguards in place. Where required, these safeguards may include the use of the European Commission-approved Standard Contractual Clauses. We will also take steps to ensure that your Personal Data receives an adequate level of security protection wherever it is processed.

DATA SECURITY

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know are subject to confidentiality obligations.

DATA RETENTION

We will only retain your Personal Data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances, we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

QUESTIONS

If you have any questions about this Notice or our processing of your Personal Data, please contact [email protected] or our Data Protection Officer (DPO) at the contact information provided below. Our DPO will respond to you as soon as possible but no later than 4 weeks after you contact us.

Data Protection Officer:

We have appointed VeraSafe as our DPO. You may contact VeraSafe at [email protected], or at any of the following addresses:

 

VeraSafe, LLC 100 M Street S.E. Suite 600 Washington, D.C. 20003 +1-617-398-7067 USA

VeraSafe, LLC Plaza de la Solidaridad 12, planta 5 Malaga Andalucía 29006 +420 228 881 031 Spain

VeraSafe United Kingdom Ltd. 37 Albert Embankment London SE1 7TL, +44 (20) 4532 2003 United Kingdom

 

European Union Representative:

We have appointed GCP-Services as our Representative in the European Union for data protection matters. While you may also contact us, please contact VeraSafe (above) or GCP-Services on matters relating to the processing of your Personal Data.

GCP-Service International Ltd. & Co. KG

Anne-Conway-Str. 2

28359, Bremen, Germany

[email protected]

If you would like to seek an independent recourse mechanism, you may contact your local Data Protection Authority (DPA). You can find a list of each European Union country’s DPA here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. If you are based in the UK, your local DPA will by the UK Information Commissioner’s Office, which can be found here: https://ico.org.uk/.