Privacy Policy
Privacy Policy
Genfosis Company Limited
Genfosis Company Limited (the "Company") commits that all the Personal Identifiable Information (the "PII") that you have provided is very important to us and the Company assures to protect their security and shall only process the PII by adopting the most appropriate information security standard, in particular, all of the information gathered shall be kept in strict confidence pursuant to the defined legal framework.
This Privacy Notice has been prepared with the intention to inform you as the user ("User") of how the Company collects, uses, stores, processes, and transfers or discloses your PII during the use of the Company's services. All the services provided by the Company to the User are to be the health and lifestyle advisor to the User through the health test and analytic process (the "Services").
Please thoroughly study the Privacy Notice, together with the Terms of Services announced by the Company. By using the Services, the Company shall deem that the User acknowledges and understands the Company's process of the User's PII as defined under this Privacy Notice. If the User disagrees or does not accept the PII process undertaken by the Company pursuant to the Privacy Notice, it shall be deemed that the relevant User exercises the right not to use the Services since the process of the User's PII defined hereunder is critical to the provision of the relevant Services by the Company.
This Privacy Notice is only applicable to the performance of the Services and shall not apply to the PII process undertaken by other applications or websites developed and operated by any other third party that the Company does not have any control over (the "Third Party") that being displayed or connected to the Services, including without limitation the process of the PII by the relevant hospital or wellness center. The User understands and agrees that the User shall study and agree to the Privacy Notice announced by those Third Party that are separated from this Privacy Notice.
If the User does not accept this Privacy Notice and any amendment thereof, the Company reserves the right to refrain from providing any Services to those Users since the processing of the PII defined hereunder is critical for the provisions of the Services by the Company to the User. By continuing to use the Services, the relevant User shall be deemed to always accept and agree to the Privacy Notice.
The Company may amend or revise this Privacy Notice at any time to assure compliance with the relevant laws and regulations and to assure the updates in the Services at any time; provided that the Company will communicate the amendments or revisions made and the amendment or revisions shall become effective once communicated and announced.
PII being Processed by the Company for the performance of the Services
Sources of PII. In order to perform the required Services, the Company may collect, receive, compile, restore, and process the User’s PII in 3 main manners:
- General information about the relevant User received from a third party, including without limitation the information shared by clinic or hospital that the relevant User may have registered will be shared upon the prior consent given by the User to the relevant clinic or hospital to disclose that information to the Company;
- Information gathered from the behavior, lifestyle, and health questionnaire developed by the Company filled together with the delivery of the sample kits; and
- Saliva or other genetic sample kits that the Company shall use to analyze through the laboratory process whose test result shall be used in the assessment and analysis of the health and lifestyle risk and the recommendation on the health and lifestyle improvement of the User.
PII to be processed. Through the channel and manner defined above, the Company may collect, receive, store, and process the following PII of the User:
- General information about the relevant User, including without limitation name, age, nationality, and date of birth;
- Contact information, including without limitation, address, phone number, and e-mail address;
- Health treatment information that the User will directly submit and manifest to the Company in the questionnaire;
- Information relating to your normal lifestyle and behavior, including without limitation the behavior, habit, preference, dietary information, exercise, and other interests;
- Biometric and genetic information as well as other health risk information obtained from the genome analysis of the sample collection kits purchased by the User and delivered to the Company for testing
- Other sensitive PII that may have an effect on the analysis and interpretation of the health risk, including without limitation race and sexual behavior;
- Other after-sale or support information, including without limitation the PII that the User may submit to the Company’s customer support.
In the case of the PII from the minor, the Company would like to clarify that the Company does not have the intention to provide Services to such a group of Users if the relevant guardian grants no approval or ratification. Therefore, in case the guardian gives the consent and ratification for the process of their relevant minor’s PII, the Company shall deem that the relevant guardian has the direct obligation to assure the rights and entitlements of the minor to enter into and accept the Services from the Company, in particular this Privacy Notice.
Objectives for PII Process
The Company represents that the Company shall only collect, store, and use the User’s PII solely for the purposes and manner as defined under this Privacy Notice. The objectives of the PII process hereunder include:
- The Company would need to collect, store, and use the PII of the User in order to perform any Services as defined under the Terms of Services. It is understood by the User that without these PII, the Company shall not be able to perform the agreed Services. The PII shall be processed in the following manners:
- The user’s general information and normal lifestyle as well as behavior shall be used as the key component in the assessment and analysis of the health risk of the relevant User. In order to get a comprehensive and throughout analysis of the User and recommendation that would be most appropriate to each specific User, all of this information shall be used together with the genetic test result since the result may differ based on these variations;
- User’s contact information shall be used to contact the relevant User during the Services provision; and
- Sensitive PII, in particular health information, biometric and genetic information, race, and sexual behavior shall be used in the risk assessment and recommendation that are the critical Services of the Company.
- The biometric and genetic information of the User as collected and stored in the DNA sample toolkits shall be analyzed; provided that
- Such sample shall be collected for the purpose of quality and accuracy assurance for another 3 months after the completion of the analysis where the sample will be immediately destroyed; while
- The result from the test that would include the Sensitive PII, in particular the health information and raw genetic information, shall be stored for regular assessment again in order to seek the most appropriate recommendation to the relevant User; provided that the PII that the Company shall store for this purpose may include the raw genetic information and genome information or the analyzed information from the test and the Company would need to store throughout the Services period.
For this particular type of PII, the Company acknowledges that they are categorized as the Sensitive PII under the applicable law and in order for the Company to process them, explicit consent shall be given by the relevant User and it is the entitlement of the User as the data subject to determinate whether or not to give such consent. However, the Company would like to inform the User that these PII are the necessary and critical pieces of information for the provision of the Services to the relevant User. Therefore, in case the User does not give consent to the Company in these PII processes, the Company shall not be able to provide the Services to the User.
- The Company would need to collect and analyze the User’s behavior and lifestyle information and Services transactional data in order to assess the User’s interest with an aim to provide customized and personalized privileges or services that would meet your interest and preference and to improve our customer’s experience with each relevant User;
- The Company would need to collect and restore the User’s PII in order to assure the appropriate after-sale service provided by the Company in various forms, including the satisfaction survey or the support and complaint redress function;
- The User’s PII may be anonymized before being used in further analysis and research purposes that would be beneficial for the general public or for the commercial benefit of the Company; provided that in this circumstance, the Company shall assure that information security of such information and the Company shall use the best effort in assuring that the information disclosed under this circumstance shall not be entitled to reprocessed to identify each specific User.
Retention Period. Except for the DNA sample collected that shall be destroyed within the defined timeline, the Company would need to collect and store the PII of each relevant User for the defined purposes until the User terminates the use of the Services in writing.
Disclosure of the PII
Generally, your PII will be stored in strict confidence and shall not be disclosed to any third party except in case of strictly necessary in order to assure the performance of the Services as committed, the Company may need to disclose the User’s PII in the following circumstances:
- Disclosure to the outsourced service providers engaged in performing any support to the provision of the Services, including without limitation the advisors, outsourced service provider, and logistic contractors; provided that the Company shall only disclose the User’s PII to the relevant recipient strictly on the need to know basis in strict compliance with the defined objectives for PII process defined;
In case of the disclosure and transfer of any Sensitive PII, in particular the DNA sample, the Company shall use the best standard in order to assure that the recipient of such information shall not be able to identify specifically the relevant Users so the information shall be shared on the anonymous basis.
- The health risk assessment or the test result of the relevant User shall be shared and disclosed to the clinic or hospital that sells the sample collection kits to the relevant User so that those clinic or hospital to reach and interpret the test result to the User.
For this particular disclosure and transfer, the User shall be entitled to give specific instructions on which clinic or hospital the User would like the Company to disclose that information to. After the disclosure or transfer made by the Company, in case the clinic or hospital will collect and use the disclosed PII for the performance of other services of the User, the User acknowledges and understands that the User shall study and accept the Privacy Notice announced by that clinic or hospital that is separate from this Privacy Notice and the Company shall not be liable for the process of the PII by the clinic or hospital;
- Disclosure to any third party in the legal proceedings to protect the Company’s legitimate rights or to detect and prevent any fraud on the Services; provided that such disclosure shall be done on the limited and specific purposes as defined;
- Disclosure in case the Company is obliged under the applicable laws, court judgment, or administrative order to disclose any PII of any particular users, the Company would need to do so only on the necessary basis; and
- Statistic information that has been processed on an anonymous basis may be disclosed to the public or to the research institute for the general public interest, medical preventive and diagnosis purposes, health and society services, or health management.
Representation of the Privacy Security
The Company represents and guarantees that the Company shall use the most appropriate security measures to prevent the unauthorized access, amendment, or disclosure of the PII in any form or in any circumstance by either internal or external persons and the Company commits to review those measures on the regular basis with the strong commitment to use the best industrial practice and to be in strict compliance with the applicable laws.
Data Subject Rights
The Company acknowledges and accepts the User’s rights as the data subject over their PII as defined under the applicable laws that include the following rights: (a) Right to access; to request for the copy of all the PII; and to rectify or update their own PII; (b) Right to request for the PII that the Company has processed in the readable forms by the tools or automatic mechanics and to request for the data portability to other data controller; (c) Right to object to the PII process being undertaken; (d) Right to request for the erasure or de-identification of any PII that does not have any necessary basis to process, i.e. after the consent withdrawal; (e) Right to request for the PII process suspension in case that request for erasure is being exercised or when such PII is not necessary; and (f) Right to withdraw consent that has been given for the PII process for a specific purpose.
The User can contact the Company in order to make the request to exercise any defined rights through the defined channel without any charge and the Company will consider and notify the User of the Company’s determination within a reasonable period of time defined under the applicable laws.
Contact Us
Data Controller
Name: Genfosis Company Limited
Address: 101 Soi Rama IX 60 (Soi 7 Seree 7), Phatthanakan, Suan Luang, Bangkok 10250 Thailand
Data Protection Officer
email: [email protected]