Skip to content

Privacy Policy

Version 2.0

Effective Date: 7 October 2025

View terms & conditions

PrecisionLife Ltd (PrecisionLife) respects your privacy and is committed to protecting your personal data, which we refer to as Personally Identifiable Information (PII).

This Privacy Policy explains how we collect and use your personal information and outlines your privacy rights.

1. Scope and Legal Compliance

PrecisionLife operates in several jurisdictions, including the UK, the EU, and the US. This policy is designed to meet the requirements of all applicable privacy legislation, including the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (UK DPA 2018), as well as US state and federal laws (e.g. HIPAA) where relevant.

This commitment is reinforced by our adherence to international standards. PrecisionLife is certified to ISO 27001:2022 (Information Security Management) and ISO 27701:2019 (Privacy Information Management), and this policy aligns with the requirements of both standards. 

Our Role:

PrecisionLife is primarily a Data Controller, meaning we determine the purposes and means of processing your personal data. In our contractual relationships with customers, we may also act as a Data Processor, processing PII on behalf of the Data Controller (our customer). The roles may not be the same across all contracts.

2. Information We Collect and Classify

 We may require you to provide certain personal information for specific purposes. We apply strict classification schemes to all PII to ensure appropriate controls are in place.

A. Categories of PII

We may collect and use the following information about you:

  • Non-Sensitive Identification Information: Full name, date of birth, gender.
  • Contact Information: Postal address, email address, and telephone number.
  • Employment Information: Job title, and the organization for which you work.
  • Records of Interaction: Telephone conversations, emails, correspondence, instructions, and website usage data (pages viewed, IP address, hardware details).
  • Job Application Information: CV, education, employment history, and publicly shared information.

B. Special Categories of PII

We explicitly consider Special Categories of PII (or sensitive personal data) within our classification system. These categories, such as health data, biometric data, or data revealing racial or ethnic origin (in the UK DPA 2018 jurisdiction), are subject to more stringent controls. We only process these categories where a legal basis exists, such as explicit consent or where necessary for legal obligations. 

3. Lawful Basis and How We Use Your PII

We must have a lawful basis to process your personal data. Generally, our processing is based on:

  • Contractual necessity (to perform a contract with you),
  • Legal obligation (to comply with law), or our
  • Legitimate interests (provided your rights do not override them).

We use your personal information to:

  • Supply Services: To enter into and perform any contracts with you, verify your identity, and carry out our obligations.
  • Marketing: To tell you about services, activities, or events where you have consented to receive marketing communications. You can object to direct marketing at any time.
  • Improvement: To review and improve our services, systems, and website performance.
  • Compliance and Safety: To meet our legal obligations and to detect and prevent fraud, money-laundering, and other crimes.

4. Sharing Your PII and International Transfers

We may share your PII within the PrecisionLife group and with selected third-party service providers (e.g. internet hosting providers). We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

We never sell your Personally Identifiable Information to third parties.

International Transfers

Your PII may be transferred outside the European Economic Area (EEA), for example, to our customer relationship management system (HubSpot) in the USA. When making such transfers, we ensure appropriate safeguards are in place, such as the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs), to ensure your PII receives an adequate level of protection.

5. Security and Data Protection Measures

We take all steps reasonably necessary to ensure your data is treated securely.

  • Secure Storage: All PII is stored securely on our secure servers and/or on third-party secure servers.
  • Encryption: PII transmitted over untrusted data transmission networks (like the public internet) is encrypted for transmission.
  • Data Backups: Particular care is taken when backing up PII, ensuring that such backups are maintained in an encrypted environment.
  • Restricted Access: Access to PII is strictly controlled, and de-activated or expired user IDs are never reissued.
  • Testing: PII is not used for testing purposes.

Confidentiality: Individuals operating under our control with access to PII are subject to a confidentiality obligation. 

6. Data Breach Notification

As part of our information security incident management process, we have established responsibilities and procedures for PII breaches. If a breach involving PII occurs that could result in a risk to your rights and freedoms, we will notify the correct local regulatory body (e.g. the ICO) without undue delay and within 72 hours. Where the risk is high, we will also notify you, the PII principal. We maintain a record of all PII restoration efforts and all incidents for regulatory and/or forensic purposes.

7. Your PII Principal Rights 

As a PII Principal, you have the following rights:

  • Right to be Informed: To receive concise, transparent information about how we use your PII.
  • Right of Access: To obtain confirmation as to whether or not we hold your PII and to receive a copy of that PII.
  • Right to Rectification: To have any inaccurate or incomplete PII corrected.
  • Right to Erasure (Right to be Forgotten): To request the deletion of your PII where it is no longer necessary for the original purpose and/or legal compliance requirements, or you withdraw consent.
  • Right to Restriction of Processing: To ask us to stop using your PII in any way other than simply keeping a copy.
  • Right to Data Portability: To have a copy of your data transferred to you or a third party in a structured, commonly used, and machine-readable format.
  • Right to Object: To object to us using your PII for direct marketing and in certain circumstances where we rely on legitimate interests.
  • Rights related to Automated Decision-Making: The right not to be subject to a decision based solely on automated processing which significantly affects you.

8. Data Retention and Policy Updates

8.1 Data Retention Principle

We retain your PII only for as long as is strictly necessary for the purposes for which it was collected, to satisfy any legal obligations (such as tax or accounting requirements), or as required to fulfil the terms of any contract we have with you. Once the retention period expires, your PII will be securely deleted or anonymised.

8.2 Policy Review and Updates

This Privacy Policy is reviewed and, if necessary, updated at least annually or whenever there are significant changes to applicable laws, our processing activities, or our organizational structure.

We will communicate material updates to you by posting the revised policy on our company website and, where appropriate, through direct email notification. The Effective Date at the beginning of this document will always reflect the date of the latest version.

9. Contact and Complaints

If you have any questions or wish to exercise any of your rights, please contact our Data Protection Officer/Coordinator:

Email: GDPR@PrecisionLife.com

Address: PrecisionLife, Unit 8B Bankside, Hanborough Business Park, Long Hanborough, Witney, OX29 8LJ

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the statutory body which oversees data protection law in the UK.