Privacy Policy
The Metabolic Terrain Omics (“Company,” “MTOmics,” “we,” or “us”) respects your privacy and is committed to protecting it through this Privacy Policy.
This Privacy Policy governs your access to and use the MTOmics software application, Practitioner Portal, Patient Portal if any, and https://www.mtomics.com, including any content or functionality offered by MTOmics (collectively or individually when referred to as “Services”), whether as a guest or a registered user.
When accessing the Services, the Company will learn certain information about you, both automatically and through voluntary actions you, or anyone accessing the Services on your behalf, may take, during your visit. This policy applies to information we collect on the Services and in email, text, or other electronic messages between you and the Services.
Please read the Privacy Policy carefully before you start to use the Services. By using the Services or by clicking to accept or agree to the Terms of Use when this option is made available to you, you accept and agree to be bound and abide by the Privacy Policy, including the potential disclosure of certain of your data to further the benefits of the Service and your personal metabolic health. If you do not want to agree to the Privacy Policy, you must not access or use the Services.
CHILDREN UNDER THE AGE OF 18
Our Services are not intended for anyone under 18 years of age. No one under age 18 may provide any information to or on the Services. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on this Services or on or through any of its features/register on the Services, make any purchases through the Services, use any of the interactive or public comment features of this Services or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use.
If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at info@MTOmics.com
INFORMATION WE COLLECT ABOUT YOU
When you access the Services, the Company will learn certain information about you during your visit.
Information You Provide To Us. The Services provide various places for users to provide information. We collect information that users provide by filling out forms on the Services, communicating with us via contact forms, responding to surveys, search queries on our search feature, providing comments or other feedback, and providing information when ordering a product or service via the Services.
We use information you provide to us to deliver requested products and/or service, to improve our overall performance, and to provide you with offers, promotions, and information.
Information We Collect Through Automatic Data Collection Technology. As you navigate through our Services, we may use automatic data collection technologies including Google Analytics to collect certain information about your equipment, browsing actions, and patterns. This will generally include information about your location, your traffic pattern through our Services, and any communications between your computer and our Services. Among other things, we will collect data about the type of computer you use, your Internet connection, your IP address, your operating system, and your browser type.
The information we collect automatically is used for statistical data and will not include personal information. We use this data to improve our Services and our service offerings. To the extent that you voluntarily provide personal information to us, our systems will associate the automatically collected information with your personal information.
USE OF COOKIES AND PIXELS
Similar to other commercial Services, our Services utilizes a standard technology called “cookies” and server logs to collect information about how our site is used. Information gathered through cookies and server logs may include the date and time of visits, the pages viewed, time spent at our site, and the Services visited just before and just after our own, as well as your IP address.
A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a Service, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Each Service can send its own cookie to your browser if your browser’s preferences allow it, but (to protect your privacy) your browser only permits a Service to access the cookies it has already sent to you, not the cookies sent to you by other sites.
The Company reserves the right to use technological equivalents of cookies, including social media pixels. These pixels allow social media sites to track visitors to outside Services so as to tailor advertising messages users see while visiting that social media Services. The Company reserves the right to use these pixels in compliance with the policies of the various social media sites.
THIRD PARTY USE OF COOKIES
Some content or applications, including advertisements, on the Services are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Services. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different Services and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
EMAIL POLICIES
We are committed to keeping your email address confidential. We do not sell, rent, or lease our subscription lists to third parties, and will not disclose your email address to any third parties except as allowed in the section titled Disclosure of Your Information.
We will maintain the information you send via email in accordance with applicable federal law.
In compliance with the CAN-SPAM Act, all emails sent from our organization will clearly state who the email is from and provide clear information on how to contact the sender. In addition, all email messages will also contain concise information on how to remove yourself from our mailing list so that you receive no further email communication from us.
Our emails provide users the opportunity to opt-out of receiving communications from us and our partners by reading the unsubscribe instructions located at the bottom of any email they receive from us at any time.
Users who no longer wish to receive our newsletter or promotional materials may opt-out of receiving these communications by clicking on the unsubscribe link in the email.
INFORMATION WE RECEIVE FROM USE OF OUR SERVICES PURCHASES
When you utilize this Service or make purchases on or through this Service, you may be asked to provide information that may personally identify you and/or allow us to contact you, such as your name and email address, user name, and password, billing address, credit card number, date of purchase, and information about your computer and software. This information will be protected from disclosure and will not be published or shared.
USAGE AND DEVICE INFORMATION
When you use our Services, we receive certain usage data (“Usage and Device Information”). This includes information about your interaction with the Services, for example, when you view or search content, install or open applications or software, create or log into your account, import data into your account, or integrate a third-party service to your account.
We may also collect data about the devices and computers you use to access our Services, including IP addresses, browser type, language, operating system, or mobile device information (including device and application identifiers), the referring web page, pages visited, location (depending on the permissions you have granted us), and cookie information.
HEALTH AND OTHER SPECIAL CATEGORIES OF PERSONAL DATA
To the extent that information we collect directly from you is health data or another special category of sensitive personal data subject to specific regulations or laws, including the European Union’s General Data Protection Regulation (“GDPR”), and the UK General Data Protection Regulation (“UK GDPR”) we ask for your explicit consent to process such sensitive personal data. We obtain this consent separately when you take actions leading to our obtaining the data. You can use your account settings or contact us to withdraw your consent at any time, including by stopping use of a feature, removing our access to a third-party service, requesting deletion your data or closing your account.
However, if we are acting as a service provider (a “Data Processor”) processing your personal information on behalf of a third party that has collected such data from you, and such third party is the party that has the right to determine the purposes for which it will process your personal information and the means it will use to process your personal information (the “Data Controller”), then such Data Controller has the legal obligation to ask for your explicit consent to process your sensitive personal data (including health data), and we are not responsible for obtaining such consent from you. In such a scenario, the Data Controller may have their own, separate policies regarding the use and disclosure of your personal information, including any sensitive personal data you provide to such Data Controller. In such a scenario, this Privacy Policy does not apply to, we cannot control the activities of, and we are not responsible for the activities of the applicable Data Controller generally; this Privacy Policy only applies to our processing of your personal information that we, as a Data Processor, have been asked to process on behalf of the Data applicable Data Controller. We encourage you to review such Data Controller’s privacy policy and/or contact the applicable Data Controller for more information about the policies that apply to their use and disclosure of your personal information, including any sensitive personal data.
HIPAA PRIVACY RULE
The US Department of Health and Human Services provides: “The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patient’s rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.”
You acknowledge that our operation of the Site does not constitute the practice of medicine, and specifically does not create a doctor-patient relationship between you and any healthcare provider (a “Provider”). The information provided on the Site is for educational purposes only.
Notwithstanding the fact that the Site does not create a doctor-patient relationship between you and a Provider, our preservation of your personal health information shall be HIPAA compliant.
For purposes of this Privacy Policy, “patients” are those individuals who have secured the in-person services of a Provider. If you are a patient of a Provider, you will be provided with a copy of the Provider’s HIPAA Privacy Statement by the Provider, which governs the information collection practices of patients’ personal information by Provider.
USE AND DISCLOSURE OF DE-IDENTIFIED INFORMATION
“De-identified” means that we have removed, or rendered unreadable through complex computational algorithms, your personally identifiable information, such as your name, address, or birthdate. We may use de-identified information that we have obtained from our Services for various purposes, including for example:
In accordance with regulatory requirements, we may de-identify, store, and use your information for internal quality control, validation and research and development. This is important for MTOmics to maintain high quality Services. We may use de-identified information as permitted by law.
We may contribute de-identified genetic variants that we have observed in the course of providing our Services to publicly available databases. We do this to increase understanding and raise awareness of the significance of metabolic approaches to diseases.
We may use or disclose de-identified information for general research and communications purposes. This may include analysis of this information to communicate observations and learnings, for example in the case of aggregated data. This may also include research collaborations with third parties, such as universities, hospitals, or other laboratories, in which we utilize de-identified clinical cases, at the individual level or in the aggregate, in accordance with our study protocols, and we may present or publish such information. This may also include commercial collaborations with private companies for purposes such as to determine the prevalence of particular disorders or variants among the patients we have tested, or to determine whether any of the patients we have tested might be suitable for potential recruitment for research, clinical trials, or clinical care; however, we will not directly contact these patients about these opportunities without their prior written consent.
We use cookies and similar technologies for the purposes described above.
For personal data, including any that may be subject to the GDPR, or UK GDPR, we rely on several legal bases to process the data. These include when you have given your consent, which you may withdraw at any time using your account settings and/or other tools; when the processing is necessary to perform a contract with you, like the Terms of Service; and our legitimate business interests, such as in improving, personalizing, and developing the Services, marketing new features or products that may be of interest, and promoting safety and security as described above.
HOW AND WHY WE COLLECT INFORMATION
The Company collects your information in order to record and support your participation in the activities you select. If you register to download a book or resources, sign up for our newsletter, and/or purchase a product from us, we collect your information. We use this information to track your preferences and to keep you informed about the products and services you have selected to receive and any related products and/or services. As a visitor to this Service, you can engage in most activities without providing any personal information. It is only when you seek to download resources and/or register for services that you are required to provide information.
If you are outside the European Union and opt to receive any free resources, participate in any free training programs, register for a webinar, register for a live event, register for a seminar, or purchase any products sold by the Company on this Services, we may automatically enroll you to receive our free email newsletter. If you do not wish to receive this newsletter, you can unsubscribe anytime. We include an “unsubscribe” link at the bottom of every email we send. If you ever have trouble unsubscribing, you can send an email to info@MTOmics.com requesting to unsubscribe from future emails.
If you are in the European Union and opt to receive any free resources, participate in any free training programs, register for a webinar, register for a live event, register for a seminar, or purchase any products sold by the Company on this Services, we will only enroll you to receive our free email newsletter if you affirmatively consent to it. If you do not wish to receive this newsletter, you can unsubscribe anytime. We include an “unsubscribe” link at the bottom of every email we send. If you ever have trouble unsubscribing, you can send an email to info@MTOmics.com, requesting to unsubscribe from future emails.
HOW DO WE USE THE INFORMATION THAT YOU PROVIDE TO US?
We use personal information for purposes of presenting our Services and its contents to you, providing you with information, providing you with offers for products and services, providing you with information about your subscriptions and products, carrying out any contract between you and the Company, administering our business activities, providing customer service, and making available other items and services to our customers and prospective customers.
DISCLOSURE OF YOUR INFORMATION
As a general rule, we do not sell, rent, lease or otherwise transfer any information collected either automatically or through your voluntary action.
We may disclose your personal information to our subsidiaries, affiliates, and service providers for the purpose of providing our services to you.
In addition, by clicking to accept or agree to the Terms of Use, and by using the Services, you are providing consent to the disclosure of your data to a metabolic health care provider or advocate to further support your metabolic health. If at any time you wish to withdraw such consent, you may do in accordance with the terms of this Privacy Policy and the Terms of Use.
We may disclose your personal information to a third party, including a lawyer or collection agency, when necessary to enforce our terms of service or any other agreement between you and the Company.
We may provide your information to any successor in interest in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets and/or business.
We may disclose information when legally compelled to do so, in other words, when we, in good faith, believe that the law requires it or for the protection of our legal rights or when compelled by a court or other governmental entity to do so.
HOW DO WE PROTECT YOUR INFORMATION AND SECURE INFORMATION TRANSMISSIONS?
We employ commercially reasonable methods to ensure the security of the information you provide to us and the information we collect automatically. This includes using standard security protocols and working only with reputable third-party vendors. While no Services can guarantee with 100% certainty that your personal information will remain secure, we seek to maintain every possible effort to protect your personal information while constantly assessing the procedures and security measures that we utilize.
Email is not recognized as a secure medium of communication. For this reason, we request that you do not send private information to us by email. However, doing so is allowed, but at your own risk. Some of the information you may enter on our Services may be transmitted securely via a secure medium known as Secure Sockets Layer, or SSL. Credit Card information and other sensitive information is never transmitted via email.
The Company may use software programs to create summary statistics, which are used for such purposes as assessing the number of visitors to the different sections of our site, what information is of most and least interest, determining technical design specifications, and identifying system performance or problem areas.
For site security purposes and to ensure that this service remains available to all users, the Company uses software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.
RIGHTS TO ACCESS AND CONTROL YOUR PERSONAL INFORMATION
Any personal data that we collect is based upon your consent as obtained by using this Service. You have the following choices regarding the collection, use, and sharing of your data:
Deletion: You may request that your personal data is deleted. Note that should you request to delete your personal data any associated user account may also be deleted.
Change or Correct Data: You can also ask us to change, update, or fix your data in certain cases, particularly if it’s inaccurate. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Object to, or Limit or Restrict Use of Data: You may request that we do not use your personal data, but keep in mind that this will terminate our ability to provide any Service(s) to you.
Right to Access and/or Take Your Data: You can ask us for a copy of your personal data.
You may send us an email info@mtomics.com to request access to, obtain copies of, correct, or delete any personal information that you have provided to us.
Your email message must include (i) your identifying information (including your IP address, if applicable), (ii) your contact information, and (iii) information about the specific changes, deletions, or other action(s) you are requesting. We require this information so we can determine which information in our control is your Personal Information and complete the actions you requested. We may not accommodate a request to delete or change information if we believe the deletion would violate any law or legal requirement.
POLICY CHANGES
It is our policy to post any changes we make to our privacy policy, or any other digital or Services use policy, on this page. If we make material changes to how we treat our users’ personal information, we will notify you by email to the email address specified in your account and/or through a notice on the Services home page. The date the privacy policy was last revised is identified at the bottom of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Services and this privacy policy to check for any changes.
INTERNATIONAL USERS
Notice to Residents of Countries outside the United States of America
General Use and Storage of Personal Information
MTOmics is headquartered in the United States of America. Personal Information may be accessed by us or transferred to us in the United States or to our affiliates, business partners, or service providers elsewhere in the world, which may be outside the country in which you live. By providing us with Personal Information, you consent to this transfer. We will protect the privacy and security of Personal Information according to this Privacy Statement, regardless of where it is processed or stored.
MTOmics collects, uses, and transfers information from and about you to provide you with the best experiences with our products and services; to improve and secure our products and services; to respond to your inquiries and contact you regarding our products and services; to manage your relationship with us; to best serve your interests by customizing your experience and interactions with MTOmics; and for the other purposes described in this Privacy Statement.
We will not disclose your Personal Information to third parties except to:
Service providers who are bound by law or contract to protect the Personal Information and are only allowed to use the Personal Information in accordance with the terms of our service agreements with them.
Effect a merger, acquisition, or otherwise; to support the sale or transfer of business assets; to enforce our rights or protect our property; to protect the rights, property, or safety of others; investigate fraud; respond to a government request; or as needed to support auditing, compliance, and corporate governance functions. We may also disclose Personal Information to defend ourselves in litigation or a regulatory action. We may also disclose Personal Information when required or advised to do so by law, such as in response to a subpoena, or similar legal process, including to law enforcement agencies, regulators, and courts in the United States and other countries where we operate.
We encourage business partners to adopt and post privacy policies. However, the use of your Personal Information by such parties is governed by the privacy policies of such parties and is not subject to our control.
We may also disclose information that is anonymized and not personally identifiable. For example, we may provide our business partners, or other third parties with reports that contain aggregated and statistical data about our users.
Rights to Access and Control Your Personal Information for residents of the European Economic Area
MTOmics stores the information that we collect from and about you in the United States, which is stored and housed through use of Amazon Web Servers (“AWS”), regardless of where you reside or where the information originates. This information is accessed by MTOmics affiliates, employees, contractors, and service providers located throughout the world, only as necessary for the purposes described in this Privacy Statement and is further subject to all privacy policies and mechanisms provided by AWS. If you are in the European Union, Switzerland, or another region with laws governing data collection, transfer, and use, your data will be protected by European Commission-approved contract clauses to ensure personal data leaving the EU/EEA is processed in line with obligations under EU law.
The GDPR took effect on May 25, 2018, and is intended to protect the data of European Union (EU) citizens.
As a company that markets its Site, content, products and/or services online we do not specifically target our marketing to the EU or conduct business in or to the EU in any meaningful way. If the data that you provide to us in the course of your use of our Site, content, products and/or services is governed by GDPR, we will abide by the relevant portions of the Regulation.
If you are a resident of the European Economic Area (EEA), or are accessing this site from within the EEA, you may have the following rights:
Any personal data that we collect is based upon your consent as detailed in this Privacy Statement. You have many choices concerning the collection, use, and sharing of your data, including the ability to:
Delete Data: You may request that we delete your Personal Information. Please note that in some cases we cannot delete your Personal Information except by also deleting your user account.
Change, Confirm, or Correct Data: You can also ask us to change, update, verify, or fix your data in certain cases, particularly if it’s inaccurate.
Object to, or Limit or Restrict, Use of Data: You may request that we do not use your Personal Information, but keep in mind that this may terminate our ability to provide any Service(s) to you.
Withdraw Consent: You may withdraw your consent provided to us to provide you with marketing or promotional materials, to collect your data, use your data, or share your data.
Right to Access and/or Take Your Data: You can ask us for a copy of your Personal Information.
Launch a Complaint: If you would like to submit a grievance regarding your data’s collection and residency, please contact our GDPR contact at info@MTOmics.com.
To make any of these requests, please contact our GDPR contact at info@MTOmics.com. Your email message must include (i) your identifying information (including your IP address, if applicable), (ii) your contact information, and (iii) information about the specific changes, deletions, or other action(s) you are requesting. We require this information so we can determine which information in our control is your Personal Information and complete the actions you requested. We may not accommodate a request to delete or change information if we believe the deletion would violate any law or legal requirement.
If we make subsequent material changes to how we treat our users’ information, we will notify you by email to the email address specified in your account and/or through a notice on our home page. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you. Your continued use of our services is considered your acceptance of these privacy terms. Please contact us at info@MTOmics.com, should you have any questions regarding your privacy rights, or should you wish to revoke your previously provided consent.
UK GDPR Privacy and Cookie Policy
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on how and why we collect, store, use and share any information relating to you (your personal data) in connection with your use of the Services. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.
For individuals from the UK who use our Services, we collect, use, and are responsible for certain personal data that you provide by using our Services. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to our Services that are offered to individuals in the European Economic Area (EEA).
Our Services are not intended for anyone under 18 years of age. No one under age 18 may provide any information to or on the Services. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on this Services or on or through any of its features/register on the Services, make any purchases through the Services, use any of the interactive or public comment features of this Services or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use.
If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at info@MTOmics.com
Introduction
Metabolic Terrain Omics (hereinafter “MTOmics”) needs to gather and use certain information about individuals that access and utilize our Services. This can include contact information, personal information, health data, laboratory values, and other people the organization has a relationship with or may need to contact.
This policy describes how this personal data must be collected, handled, and stored to meet the organization’s data protection standards and to comply with the UK General Data Protection Regulation (hereinafter “UK GDPR”) law. The UK GDPR applies to MTOmics in instances where individuals who live in the UK access and use our Services.
This data management and privacy policy ensures MTOmics:
complies with data protection law and follows good practices; and
protects the rights of clients, staff, and partners; and
is transparent about how it stores and processes individual’s data; and
to the best extent possible, protects itself from the risks of a data breach.
Data Protection Regulation
The UK GDPR applies in the UK, and to those processing and controlling data from the UK. It outlines that personal data must be:
Processed lawfully, fairly and in a transparent manner in relation to individuals.
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research or statistical purposes shall not be considered to be incompatible with the initial purposes.
Adequate, relevant, and limited to what’s necessary in relation to the purposes for which they’re processed.
Accurate and, where necessary, kept up to date.
Protected – every reasonable step must be taken to ensure that personal data that’s inaccurate, having regard to the purposes for which they’re processed, is erased, or rectified without delay.
Kept in a form that permits identification of data subjects for no longer than is necessary, and for the purposes for which the personal data is processed (personal).
Stored for longer periods. For example, the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. This will also be subject to implementation of the appropriate technical and organizational measures required by UK GDPR in order to safeguard the rights and freedoms of individuals.
Processed in a manner that ensures appropriate security of personal data. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
Managed by a controller responsible for, and be able to demonstrate, compliance with the principles.
People and Responsibilities
Personnel at MTOmics take the protection of your data and compliance with UK GDPR seriously. Key decision-makers must understand the requirements and accountability of the organization to prioritise and support the implementation of compliance.
These responsibilities include (but are not necessarily limited to):
Keeping senior management and the board updated about data protection issues, risks, and responsibilities.
Documenting, maintaining, and developing the organization’s data protection policy and related procedures, in line with agreed schedule.
Embedding ongoing privacy measures into policies and day-to-day activities, throughout the organization. The policies themselves will stand as proof of compliance.
Sharing the policy across the organization and arranging training and advice for staff.
Dealing with subject access requests, deletion requests and queries from clients, stakeholders, and data subjects about data protection related matters.
Checking and approving contracts or agreements with third parties that may handle the organization’s sensitive data.
Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
Performing regular checks and scans to ensure security hardware and software are functioning properly.
Evaluating any third-party services, the company is considering using to store or process data, to ensure their compliance with obligations under the regulations.
Developing privacy notices to reflect a lawful basis for fair processing, ensuring that intended uses are clearly articulated. This will also ensure that data subjects understand how they can give or withdraw consent or exercise their rights in relation to the company’s use of their data.
Ensuring that audience development, marketing, fundraising and all other initiatives involving processing personal information and/or contacting individuals abide by the UK GDPR principles.
Data Protection Officer (DPO), the person responsible for fulfilling the tasks of the DPO in respect of MTOmics is privacy@mtomics.com.
Under UK GDPR it is not always a requirement to appoint a DPO, and some organizations do so voluntarily in order to further safeguard your data. MTOmics has taken steps to appoint a DPO to further ensure data protection.
The minimum tasks of the DPO include but are not limited to:
inform and advise the organization and its employees about their obligations to comply with UK GDPR and other data protection laws; and
monitor compliance with UK GDPR and other data protection laws – including managing internal data protection activities, advising on data protection impact assessments, training staff and conducting internal audits; and
be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, clients).
Scope of Personal Information to be Processed
The scope of the data that MTOmics processes includes:
names of individuals
postal addresses of individuals
email addresses
telephone numbers
personal health information
Laboratory values
online identifiers
any other information relating to the user that may be provided
Furthermore:
Data is collected from users who agree to utilize the Services and voluntarily provide information. Data is stored by and through secure measures, including secure servers.
MTOmics relies upon the accuracy of the data and information that you provide as a user of the Services. We only collect the information and data from you that is necessary for the purposes for which the Services are offered.
MTOmics utilizes best industry practices to ensure that your information is protected and that your rights and freedoms for provision of the data and information required to use the Service are respected.
MTOmics only retains data for as long as is reasonably necessary for the provision of our Services, including but not limited to creating better patient outcomes.
Uses and Conditions for Processing
We use personal information for purposes of presenting our Services and its contents to you, providing you with information, providing you with offers for products and services, providing you with information about your subscriptions and products, carrying out any contract between you and the Company, administering our business activities, providing customer service, and making available other items and services to our customers and prospective customers.
“De-identified” means that we have removed, or rendered unreadable through complex computational algorithms, your personally identifiable information, such as your name, address, or birthdate, and any other information that you provide in relation to use of the Services. We may use de-identified information that we have obtained from our Services for various purposes, including for example:
In accordance with regulatory requirements, we may de-identify, store, and use your information for internal quality control, validation and research and development. This is important for MTOmics to maintain high quality Services. We may use de-identified information as permitted by law.
We may contribute de-identified genetic variants that we have observed in the course of providing our Services to publicly available databases. We do this to increase understanding and raise awareness of the significance of metabolic approaches to diseases.
We may use or disclose de-identified information for general research and communications purposes. This may include analysis of this information to communicate observations and learnings, for example in the case of aggregated data. This may also include research collaborations with third parties, such as universities, hospitals, or other laboratories, in which we utilize de-identified clinical cases, at the individual level or in the aggregate, in accordance with any study protocols, and we may present or publish such information. This may also include commercial collaborations with private companies for purposes such as to determine the prevalence of particular disorders or variants among individual users of our Services, or individuals, who have been tested at various laboratories, or to determine whether any of the users that have provided information and data, or who have been tested and who provide such results, might be suitable for potential recruitment for research, clinical trials, or clinical care; however, we will not directly contact these patients about these opportunities without their prior written consent.
We use cookies and similar technologies for the purposes described above.
Legal Basis for Obtaining and Processing Your Data
For personal data, including any that may be subject to the UK GDPR, we rely on several legal bases to process the data. These include when you have given your consent, which you may withdraw at any time using your account settings and/or other tools, when the processing is necessary to perform a contract with you, like the Terms of Service; and our legitimate business interests, such as in improving, personalizing, and developing the Services, marketing new features or products that may be of interest, and promoting safety and security as described above.
Privacy Impact Assessments
Privacy Impact Assessments (PIAs) or also known as Data Protection Impact Assessments (DPIAs) form an integral part of taking a privacy by design and best practice approach.
Nature of the Processing: MTOmics will gather data through our consumers’ use of MTOmics Services. MTOmics will store your data with commercially reasonable methods to ensure its security. Should MTOmics seek to transfer or share your data, MTOmics will provide you with notice.
Scope of the Processing: MTOmics collects data based on the information you voluntarily provide to us, and through automatic data collection technologies, such as Sentry. We will collect data about the type of computer you use, your Internet connection, your IP address, your operating system, and your browser type. The information we collect automatically is used for statistical data and will not include personal information. We use this data to improve our Services and our service offerings.
Context of the Processing: We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on this Service or through any of its features/register on the Services, make any purchases through the Services, use any of the interactive or public comment features of this Services, if any, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. To the extent that information we collect directly from you is health data or another special category of sensitive personal data subject to specific regulations or laws, we ask for your explicit consent to process such sensitive personal data. We obtain this consent separately when you take actions leading to our obtaining the data. You can use your account settings or contact us to withdraw your consent at any time, including by stopping the use of a feature, removing our access to a third-party service, requesting the deletion of your data, or closing your account.
Purpose of the Processing: MTOmics collects your information in order to record and support your use of the Services. If you register to use our Services, we collect your information. We use this information to support the purposes of our Services and to keep you informed about the products and services you have selected to receive and any related products and/or services. MTOmics collects your information in order to record and support your participation in the Services you select. MTOmics will work with their Data Protection Officer (DPO) to consistently assess the risks involved with automated data processing.
Data Sharing & Other Security Measures
We employ commercially reasonable methods to ensure the security of the information you provide to us and the information we collect automatically. This includes using standard security protocols and working only with reputable third-party vendors. While no Services can guarantee with 100% certainty that your personal information will remain secure, we seek to maintain every possible effort to protect your personal information while constantly assessing the procedures and security measures that we utilize.
Email is not recognized as a secure medium of communication. For this reason, we request that you do not send private information to us by email. However, doing so is allowed, but at your own risk. Some of the information you may enter on our Services may be transmitted securely via a secure medium known as Secure Sockets Layer, or SSL. Credit Card information and other sensitive information is never transmitted via email.
The Company may use software programs to create summary statistics, which are used for such purposes as assessing the number of visitors to the different sections of our site, what information is of most and least interest, determining technical design specifications, and identifying system performance or problem areas.
For site security purposes and to ensure that this Service remains available to all users, MTOmics uses software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.
As a general rule, we do not sell, rent, lease or otherwise transfer any information collected either automatically or through your voluntary action.
We may disclose your personal information to our subsidiaries, affiliates, and service providers for the purpose of providing our Services to you.
In addition, by clicking to accept or agree to the Terms of Use, and by using the Services, you are providing consent to the disclosure of your data to a metabolic health care provider or advocate to further support your metabolic health. If at any time you wish to withdraw such consent, you may do in accordance with the terms of this Privacy Policy and the Terms of Use.
We may disclose your personal information to a third party when necessary to enforce our terms of service or any other agreement between you and MTOmics.
We may provide your information to any successor in interest in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of MTOmics’ assets and/or business assets or commercially viable assets.
We may disclose information when legally compelled to do so, in other words, when we, in good faith, believe that the law requires it or for the protection of our legal rights or when compelled by a court or other governmental entity to do so.
By utilizing the Services, you consent to the sharing of your data to achieve any of the stated purposes for which MTOmics exists.
Automated Processing
We have a lawful basis to carry out profiling and/or automated decision-making and document this in our data protection policy. MTOmics will send individuals a link to our privacy statement when we have obtained their personal data indirectly. You can access your personal data by contacting info@MTOmics.com to access the personal data input into the profiles to review and edit for any accuracy issues, or to request a copy. MTOmics also has additional checks in place for our profiling/automated decision-making systems to protect any vulnerable groups (including children). We only collect the minimum amount of data needed and have a clear retention policy for the profiles we create. Should there be a significant legal or other effect to your data, MTOmics will contact you via your provided contact information. Before any changes are made to MTOmics automated processing systems, MTOmics will consider and address any risks to your data before carrying out the change. Please note that MTOmics also anonymizes most of your data in our profiling activities.
Subject Access Requests
As a user of our Services, you are entitled to:
ask what information the company holds and why; and
ask how to gain access to such information; and
be informed how to keep it up to date; and
be informed how the company is meeting its data protection obligations
Should you wish to request access to your data that is stored by MTOmics or acquire any other information related to how MTOmics stores your data, please contact info@MTOmics.com and detail your request. Should there be any material changes to the storing of your data, MTOmics will provide you notice via your voluntarily provided contact information.
Your email message must include (i) your identifying information (including your IP address, if applicable), (ii) your contact information, and (iii) information about the specific changes, deletions, or other action(s) you are requesting. We require this information so we can determine which information in our control is your Personal Information and complete the actions you requested. We may not accommodate a request to delete or change information if we believe the deletion would violate any law or legal requirement.
The Right to be Forgotten
In certain circumstances, as a user of our Services, you have the right to be deleted from MTOmics’ database. Should you wish to have the personal data you provide to MTOmics deleted, please contact info@MTOmics.com and request that any data that you have provided that is of a personally identifiable nature be deleted from our system.
Your email message must include (i) your identifying information (including your IP address, if applicable), (ii) your contact information, and (iii) information about the specific actions you are requesting. We require this information so we can determine which information in our control is your Personal Information and complete the actions you requested. We may not accommodate a request to delete or change information if we believe the deletion would violate any law or legal requirement.
Note that for research purposes, any data that you have provided will exist in a de-identified format without any connection to personally identifiable information. Data is used for research purposes for further study.
Privacy Notices
MTOmics aims to ensure that individuals are aware that their data is being processed, and that they understand. You have a right to know:
who is processing their data; and
what data is involved; and
the purpose for processing that data; and
the outcomes of data processing; and
how to exercise their rights
When you use our Services, we receive and collect data from you. This data is used to contact you and to improve our Service offerings. The MTOmics privacy policy can be located on our website or at https://mtomics.com/privacy/.
The US Department of Health and Human Services provides: “The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patient’s rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.”
You acknowledge that our operation of the Services does not constitute the practice of medicine, and specifically does not create a doctor-patient relationship between you and any healthcare provider (a “Provider”). The information provided on the Service is for educational purposes only.
Notwithstanding the fact that the voluntary provision of data as a user of the Service does not create a doctor-patient relationship between you and a Provider, our preservation of your personal health information shall be HIPAA compliant.
For purposes of this Privacy Policy, “patients” are those individuals who have secured the in-person services of a Provider. If you are a patient of a Provider, you will be provided with a copy of the Provider’s HIPAA Privacy Statement by the Provider, which governs the information collection practices of patients’ personal information by the Provider.
Ongoing Documentation of Measures to Ensure Compliance
Meeting the obligations of the UK GDPR to ensure compliance will be an ongoing process. MTOmics maintains the evidence of the steps we take to comply with the UK GPDR. MTOmics implements the appropriate technical and organizational measures to comply with the UK GPDR, such as adopting and implementing data protection policies, putting appropriate data protection measures in place throughout the entire lifecycle of our processing operations, putting written contracts in place with organizations that process personal data on our behalf, maintaining documentation of our processing activities, implementing appropriate security measures, recording and, where necessary, reporting personal data breaches, carrying out data protection impact assessments for uses of personal data that are likely to result in a high risk to individuals’ interests, appointing a data protection officer, and adhering to relevant codes of conduct and signing up to certification schemes.
CONTACT US
The Company welcomes your questions or comments regarding the Privacy Policy, you can contact us at:
Metabolic Terrain Omics Inc.
717 North Union Street
Wilmington, DE 19805
Email Address:info@MTOmics.com