For healthcare professionals, clinics, researchers & B2B partners only. Not available for direct-to-consumer purchase.

Cart 0

Sorry, looks like we don't have enough of this product.

Subtotal Free
Shipping, taxes, and discount codes are calculated at checkout

Your Cart is Empty

Home
About Us
Contact Us
Wholesale Account
Test Results

Privacy policy

GDPR Privacy Agreement for Fatty Acid Labs

Privacy Policy
Last Updated: May 29, 2023

At Fatty Acid Labs, we are committed to protecting your privacy and ensuring the security of your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data privacy protection laws. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services, including our website (www.fattyacidlabs.com), laboratory testing services, and related platforms. It also outlines your rights regarding your data and how to contact us with any questions or requests.

1. Who We Are

Fatty Acid Labs operates laboratories that provide health and wellness testing services, including dried blood spot (DBS) test kits for analysing biomarkers such as Omega-3, HbA1c, Vitamin D, and other health indicators. We are the data controller responsible for the personal data we collect and process. You can reach us at:
Email: privacy@fattyacidlabs.com
Address: POSTFACH 8108, 36243 Niederaula, Allemagne Germany or PO Box 2080, Oak Park VIC 3046 Australia

2. What Personal Data We Collect

We collect and process the following types of personal data to provide our testing services:

  • Identity and Contact Information: Name, email address, postal address, date of birth, and phone number (if provided).
  • Health and Biological Data: Information derived from your DBS samples, such as biomarker results (e.g., Omega-3 levels, HbA1c, Vitamin D), and any health-related information you provide when registering your test kit.
  • Account Information: Login credentials, sample IDs, and test registration details when you create an account on our secure servers (e.g., via our Healthcare Provider Lab Portal or consumer website).
  • Payment Information: Billing details, such as credit card or payment method information, processed through secure third-party payment providers.
  • Technical Data: IP address, browser type, device information, and usage data collected when you interact with our website (e.g., through cookies, if you consent).
  • Communication Data: Information you provide when contacting us, such as inquiries, feedback, or requests sent to privacy@fattyacidlabs.com.

3. How We Collect Your Data

We collect your personal data through the following methods:

  • Directly from You: When you register a test kit, create an account, place an order, or contact us via email or our website.
  • Through Our Services: When you submit a DBS sample for analysis, we collect health data derived from the sample.
  • Automatically: We may collect technical data through cookies and similar technologies on our website, subject to your consent.
  • From Third Parties: We may receive data from healthcare providers (HCPs) if they order tests on your behalf, or from payment processors handling your transactions.

4. How We Use Your Data

We process your personal data for the following purposes, based on the legal grounds outlined under GDPR:

  • To Provide Our Services (Legal Basis: Performance of a Contract):
    • Process and analyse your DBS samples to deliver test results.
    • Manage your account and provide access to our Healthcare Provider Lab Portal or consumer portal.
    • Communicate with you about your test results, including sending email notifications when samples are registered, received, and results are ready.
  • To Fulfill Orders and Payments (Legal Basis: Performance of a Contract):
    • Process payments and ship test kits to you or your customers (if you’re an HCP).
  • To Ensure Safety and Compliance (Legal Basis: Legal Obligation):
    • Store and dispose of DBS samples in compliance with biohazard and data protection regulations.
    • Comply with GDPR and other applicable laws regarding personal data protection.
  • To Improve Our Services (Legal Basis: Legitimate Interest):
    • Analyse usage data to enhance our website and services, ensuring this does not override your rights.
  • To Respond to Inquiries (Legal Basis: Legitimate Interest or Consent):

5. Storage and Disposal of Dried Blood Spot (DBS) Samples

When you send us a DBS sample for analysis, we handle it with the utmost care:

  • Storage: After analysis, your DBS sample is stored in a secure -80°C freezer for 30 days to allow for potential retesting or quality assurance checks.
  • Disposal: After 30 days, the sample is collected by an external biohazard company and destroyed in an incinerator, ensuring safe and compliant disposal in accordance with biohazard regulations.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: Retained for as long as your account is active. You may request permanent deletion of your account at any time (see Section 9).
  • Test Results: Stored securely to allow for historical reference, unless you request deletion earlier.
  • DBS Samples: Stored for 30 days post-analysis, as described above, then destroyed.
  • Payment Information: Retained only for the duration required to process your transaction, typically handled by third-party payment processors.
  • Technical Data: Retained for up to 12 months for analytics purposes, unless you withdraw consent for cookies.

7. Data Sharing and Transfers

We may share your personal data with:

  • Service Providers: Third parties who assist in our operations, such as payment processors, shipping companies, and IT providers, all of whom are GDPR-compliant.
  • External Biohazard Company: For the disposal of DBS samples after 30 days.
  • Healthcare Providers (HCPs): If you are a patient, your results may be shared with your HCP through our Healthcare Provider Lab Portal, based on your consent or their request.
  • Legal Authorities: If required by law or to protect our legal rights.

We operate globally, and your data may be transferred outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), to protect your data in accordance with GDPR.

8. Data Security

We implement robust technical and organisational measures to protect your personal data:

  • Encryption of data in transit and at rest on our secure servers.
  • Access controls to limit data access to authorised personnel only.
  • Regular security audits and updates to safeguard against breaches.
    Despite these measures, no system is entirely risk-free. In the unlikely event of a data breach, we will notify you and relevant authorities as required by GDPR.

9. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure (Right to Be Forgotten): Request the permanent deletion of your personal data, including your account and associated test results.
  • Right to Restrict Processing: Limit how we use your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, machine-readable format to transfer to another controller.
  • Right to Object: Object to processing based on legitimate interests, including marketing (though we do not engage in direct marketing).
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent (e.g., cookies).

To exercise any of these rights, please contact us at privacy@fattyacidlabs.com. We will respond to your request within 30 days, as required by GDPR. If you are dissatisfied with our response, you have the right to lodge a complaint with your local data protection authority (e.g., the Information Commissioner’s Office in the UK).

10. Cookies and Tracking Technologies

Our website uses cookies to enhance your experience, such as improving site functionality and analysing usage. You can manage your cookie preferences through our cookie consent tool when you visit our site. 

11. Third-Party Links

Our website may contain links to third-party sites (e.g., payment processors). We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website and, where required, by email. The “Last Updated” date at the top of this policy indicates when it was last revised.

13. Contact Us

For any questions, requests, or concerns about your personal data, please contact our Data Protection Officer:
Email: privacy@fattyacidlabs.com
Address: POSTFACH 8108, 36243 Niederaula, Allemagne Germany or PO Box 2080, Oak Park VIC 3046 Australia

We are here to assist you with any privacy-related inquiries or requests, including requests to delete your personal data.