Privacy Policy

1. Who we are

Omvia is a precision health platform operated by Omvia Ltd, a company registered in England and Wales. Our registered office is in the United Kingdom.

For all data protection matters, you can contact us at: hello@omvia.co.uk

2. What data we collect

Information you provide to us

• Your name and email address when you join our early access list
• Your interest type — whether you are a prospective customer or a clinic/partner
• Your clinic or organisation name if you register as a clinic or partner
• Any information you provide when contacting us directly by email

Information collected automatically

• Basic website usage data including pages visited and time spent on site
• Your IP address and browser type for security and analytics purposes
• Cookie data as described in our cookie section below

Health data (when you become a customer)

When you use our testing service, we will collect health-related data including biomarker results from your blood sample. This is special category data under UK GDPR and is handled with additional protections. We will ask for your explicit consent before processing any health data.

3. How we use your data

We use your personal data only for the purposes for which it was collected:

• Early access list: To send you updates about our launch, founding member offers, and early access to book your test
• Clinic and partner enquiries: To contact you about partnership opportunities
• Service delivery: To process your bookings, deliver test results, and provide customer support
• Legal compliance: To comply with our legal and regulatory obligations
• Service improvement: To understand how our service is used and improve it

We will never use your data for automated decision-making that significantly affects you, nor will we use it for purposes incompatible with why it was originally collected.

4. Our legal basis for processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

• Consent: For sending you marketing and launch updates. You can withdraw consent at any time.
• Contract: To fulfil our obligations when you book and use our testing service.
• Legitimate interests: For basic website analytics and security, where this does not override your rights.
• Legal obligation: Where we are required to process data to comply with the law.
• Explicit consent: For processing your health data as special category data.

5. Who we share your data with

We do not sell your personal data to third parties. We may share your data with:

• Email marketing providers: We use Mailchimp to manage our early access list. Mailchimp processes data on our behalf under a data processing agreement.
• Laboratory partners: When you book a test, your sample and necessary personal data are shared with our accredited laboratory partners to process your results.
• Molecular You Corporation: Our technology partner who provides the biomarker analysis and interpretation platform. Data is shared under a formal data processing agreement.
• Regulatory authorities: Where we are legally required to do so.

All third parties who process data on our behalf are required to handle it in accordance with UK GDPR and are bound by appropriate contractual data protection obligations.

6. How long we keep your data

• Early access list: Until you unsubscribe or withdraw consent, or until we have been inactive for 24 months
• Customer account data: For the duration of your relationship with us, plus 7 years for legal and financial record-keeping purposes
• Health and test results data: For 8 years from the date of your test, in line with NHS records retention guidelines
• Contact enquiries: 2 years from the date of last contact

7. Your rights

Under UK GDPR you have the following rights regarding your personal data:

• Right to access: Request a copy of the personal data we hold about you
• Right to rectification: Ask us to correct inaccurate or incomplete data
• Right to erasure: Ask us to delete your data in certain circumstances
• Right to restrict processing: Ask us to limit how we use your data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Withdraw consent at any time where we rely on consent as our legal basis

To exercise any of these rights, contact us at hello@omvia.co.uk. We will respond within 30 days. There is no charge for making a request.

8. Cookies

Our holding page currently uses no tracking cookies. When our full platform launches, we will use essential cookies to maintain your session and optional analytics cookies to understand how our service is used. You will be asked to consent to non-essential cookies at that time.

9. Data security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These include:

• Encrypted data transmission using HTTPS
• Access controls limiting who can view personal data
• Regular security reviews of our systems and processes
• Data processing agreements with all third-party processors

In the event of a data breach that is likely to affect your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it.

10. International transfers

Some of our service providers, including Mailchimp and Molecular You Corporation, may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place in accordance with UK GDPR, including standard contractual clauses or adequacy decisions.

11. How to complain

If you are unhappy with how we have handled your personal data, please contact us first at hello@omvia.co.uk and we will do our best to resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator:

• Website: ico.org.uk
• Helpline: 0303 123 1113

12. Changes to this policy

We may update this privacy policy from time to time. When we make significant changes, we will notify you by email if you are on our early access list, and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.