When you use our Predictix system or services we may collect personal data about you. We have written this Policy to tell you:
what personal data we collect about you
how we collect that personal data
our legal basis for processing data about you
what we use your personal data for
what choices you have about what we can do with your personal data
how to access and update your personal data
We are Taliaz Ltd. and our registered office is at 2 Prof. Yehezkel Kaufmann Street, Tel-Aviv, Textile Center, 15th Floor, 6801294, Israel. We are the data joint-controller, together with your Healthcare Provider, and responsible for your personal data when using our services.
As non-European Data Controller, we have appointed a Data Protection Representative in Europe: MyData-TRUST S.A., Boulevard Initialis 7/3, 7000 Mons, Belgium (email@example.com).
If you would like to contact us you will find contact data in the section “How to contact us” below.
Information we collect about you
How we collect personal data
We collect personal data from you and from your Healthcare Provider.
We collect personal data from you through the Predictix system online forms that you complete, through the questionnaire and/or application forms that you may fill in with your Healthcare Provider and from the DNA sample you agree to share with us. We also may collect data by email and through our App.
For all the Predictix service users, we may collect data from:
Doctors, healthcare providers and other clinicians authorized by you;
Any third party service providers who work with us in relation to the provision of the Predictix service, if we don’t provide it to you directly, such as providing you with the analysis of and report on your DNA sample, Apps or medical treatment.
Categories of personal data
We process two categories of personal data about you:
Regular personal data (for example, information we use to contact you or identify you); and
Special categories of personal data called “sensitive data” (for example, health data, behavioral data and genetic data).
For more information about these categories of personal data, see below.
Regular personal data includes:
contact data, such as your name, username, address, email address and phone numbers;
the country you live in, your date of birth and national identifiers (such as your National Insurance, Social id number or passport number);
data about your employment;
data about your demographic status;
details of any contact we have had with you, such as any complaints or incidents;
data about how you use our website, App or other technology, including IP addresses or other device data (please see our Cookies Statement for more details: https://www.taliazhealth.com/predictix-cookie-policy).
Special category of personal data (‘Sensitive Data’) includes:
data about your health and mental health, including genetic data.
Legal Basis for Processing
The European General Data Protection Regulation (“GDPR”) requires that we must have a lawful reason for processing your personal data.
We can lawfully process personal data about you because:
we have a contract with you to perform the provision of the Predictix Service. Your personal data is required to enable us to meet our obligations under the contract;
you have given us your permission to do so (consent);
we have to comply with legal obligation;
we have a legitimate interest to do so.
As is best practice, we will only ask you for permission to process your personal data if there is no other legal reason to process it. If we need to ask for your permission, we will make it clear that this is what we are asking for and ask you to confirm your choice to give us that permission. If we cannot provide a service without your permission to process your personal data (for example, we cannot manage and run our Predictix service without health data), we will make this clear when we ask for your permission. If you later withdraw your permission, we will no longer be able to provide you with a service that relies on having your permission.
What we use your personal data for
We process your personal data for the purposes of providing you with the Services and enabling the use of Predictix system. Please see the table below for more information about the reasons why we may need to process your personal data including special category of personal data.
Sharing your personal data
We may share your personal data with the recipients set out below only for the purposes set out above:
the third-party service provider which we have arranged to collect and analyze your DNA sample and to provide a report;
the Healthcare Provider that you have consulted, which serves as a joint-controller of your data, and through whom the use of the Predictix system has been arranged. We will provide the clinician with the report created by the Predictix system, which will contain results based on your personal data;
any regulator or other law enforcement body where we have a legal obligation to do so.
We may contact you by email, post, or phone with data about products, services, offers, and other news where we feel these may interest you.
We will only do this where you have consented to receive such information from us.
Third Party Websites
Where we store your personal data and how we keep it secure
The personal data that we collect from you will only be transferred to, processed and stored in Israel, which is outside the European Union. The European Commission has recognized Israel as providing adequate protection to the personal data.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We are committed to ensuring that our suppliers also have appropriate technical, organizational and physical procedures in place to ensure that your personal data is protected against loss or misuse.
All personal data you provide to us is stored on our secure servers or on secure servers operated by a third party.
Generally, we will retain your personal data for 7 years from our last contact with you. If you participate in a clinical trial using the Predictix System, we will retain your personal data for 15 years from the end of the study, as required by law.
In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this data indefinitely without further notice to you.
If you choose to send us information via email, we cannot guarantee the security of this information until it is delivered to us.
You have the right to access your personal data, to ask us to correct any mistakes and delete and restrict the use of your personal data. You also have the right to object to us using your personal data, to ask us to transmit the data you have provided (“Right to Data Portability”), to withdraw permission you have given us to use your personal data and to ask us not to use automated decision-making which will affect you. For more information, see below.
You have the following rights (certain exceptions apply):
Right of access: the right to make a written request for details of your personal data and a copy of that personal data.
Right to rectification: the right to have inaccurate data about you corrected or completed.
Right to erasure (‘right to be forgotten’): the right to have certain personal data about you erased.
Right to restriction of processing: the right to request that your personal data is only used for restricted purposes.
Right to object: the right to object to processing of your personal data in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interests. You can object to our use of your personal data for profiling purposes where it is in relation to direct marketing.
Right to data portability: the right to ask for the personal data you have made available to us to be transmitted to you or a third party in machine-readable formats.
Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal data. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data prior to the withdrawal of your consent and we will let you know if we will no longer be able to provide you your chosen product or service.
Right in relation to automated decisions: you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into a contract with you, it is authorised by law or you have given your explicit consent. We will let you know when such decisions are made, the lawful grounds we rely on and the rights you have.
Please note: Other than your right to object to the use of your data for direct marketing (and profiling to the extent used for the purposes of direct marketing), your rights are not absolute: they do not always apply in all cases and we will let you know in our correspondence with you how we will be able to comply with your request.
If you would like to make a request to exercise your rights, please contact Taliaz’s Data Protection Officer at firstname.lastname@example.org, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. If we do not meet your request, we will explain why.
How to Contact us
If you have any questions regarding this policy or if you would like to speak to us about the manner in which we process your personal data, please email our Information and Data Security officer, at email@example.com. If you are located in Europe, please email our Data Protection Officer at firstname.lastname@example.org.
You also have the right to make a complaint to the Data Protection Authority of your country, at any time. You can find the contact details of the relevant Member States Data Protection Authorities, please refer to the following website: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm