Privacy Policy
DN46 Labs Ltd (trading as Genetase) · Last updated: June 2026 · Version: PP-2026-06
This Privacy Policy explains how DN46 Labs Ltd (trading as Genetase) (“we”, “us”, “our”) collects, uses, stores, shares, and protects personal data when you use our services, including genomic analysis, consulting services, software platforms, APIs, demos, and data intake systems.
Important: We process genetic data, health information, and related personal information that may constitute “special category data” under Article 9 of the UK General Data Protection Regulation (“UK GDPR”). We apply enhanced safeguards and process such data only where a lawful basis and an applicable Article 9 condition exists.
Controller Information
DN46 Labs Ltd (trading as Genetase)
Registered in England and Wales
Registered address: 82A James Carter Road, Mildenhall, IP28 7DE, United Kingdom
Company number: 17273426
Email: Reveal email
We generally act as the data controller for personal data processed through our services. In some circumstances, where we process personal data solely on behalf of enterprise customers, research partners, or other organisations, we may act as a data processor under separate contractual arrangements.
Data We Collect
Genetic and Biological Data
- Uploaded genomic files (e.g. VCF files, raw DNA data, or similar genomic datasets)
- Variant data and derived analytical outputs generated during processing
- Research datasets, annotations, and analysis results associated with submitted genomic information
Contact Information
- Name and email address
- Organisation, company, institution, or affiliation details (where provided)
- Information submitted through intake forms, registration forms, demo requests, or contact forms
Optional Self-Reported Information
- Optional trait descriptions, phenotype-related observations, or lifestyle information
- Contextual details voluntarily provided to support analysis or research participation
- Research interests, participation preferences, or areas of scientific interest voluntarily submitted through forms or questionnaires
Certain self-reported information is voluntary and is not required to use core services unless specifically indicated.
Usage and Technical Data
- IP address and network-related information
- Approximate location information where available
- Device type, browser type, and operating system
- Pages, features, and service interactions
- System logs, error logs, analytics, and performance data
Consultation and Communication Data
- Messages submitted via intake forms, contact forms, support channels, or feedback forms
- Information provided during report discussions or research-related communications (e.g. Microsoft Teams or equivalent platforms)
- Project-related communications for enterprise clients or research partners
Newsletter and Marketing Information
- Email addresses and preferences submitted for newsletters, updates, event notifications, or marketing communications
Payment and Transaction Data
- Payment and billing information processed securely by third-party payment providers
- Transaction information such as payment status, amount, and timestamps
We do not store complete payment card information on our systems.
Legal Bases for Processing
- Contract: to provide requested services, including genomic analysis, reporting, consulting services, and platform functionality
- Explicit consent: for processing genetic data and other special category information that may be voluntarily provided where required under Article 9 UK GDPR
- Legitimate interests: for maintaining platform security, preventing fraud, improving services, troubleshooting, and operating our business where those interests are not overridden by your rights
- Legal obligation: to comply with applicable legal, accounting, tax, and regulatory requirements
- Consent: for optional activities such as research participation, newsletter subscriptions, analytics, cookies, marketing communications, and other voluntary features where consent is required
Special Category Data
We process special category data, including genetic data and other sensitive information, where this is necessary to provide our services, including analysis, report generation, research activities (where applicable), and related support or communication, and where appropriate legal conditions under UK GDPR are met.
Special category data is processed only where one or more of the following conditions apply:
- You have provided explicit consent in accordance with Article 9 UK GDPR
- Processing is necessary for scientific or research purposes, subject to appropriate safeguards
- It is separately consented for participation in research studies or projects
We apply enhanced safeguards including encryption, access controls, pseudonymisation, and strict retention limits.
Purpose of Processing
- Provide genomic analysis and interpretation services
- Generate research and analytical reports based on submitted data
- Deliver consulting and enterprise bioinformatics services
- Maintain platform security, integrity, and reliability
- Improve models, pipelines, and service performance using aggregated or de-identified data where appropriate
- Conduct optional scientific research where you have provided consent
- Provide customer support and respond to enquiries and communications
Enterprise and B2B Processing
For enterprise clients, we may process the following types of data:
- Organisational contact and account information
- Research datasets and data files provided by clients
- Pipeline configurations, analysis parameters, and technical requirements
In these contexts, we may act in one of the following capacities:
- Data Controller for our own business operations, account management, billing, and enquiries
- Data Processor when processing data strictly on behalf of and under the instructions of a client
Where we act as a Data Processor, our processing is governed by a Data Processing Agreement (DPA) with the relevant client.
Data Sharing
We do not sell personal data.
We may share personal data with trusted third parties where necessary to operate our services, including:
- Cloud infrastructure and hosting providers (including secure file storage providers)
- Bioinformatics and computational service providers
- Analytics and monitoring service providers
- Payment processing providers
- Enterprise subcontractors acting under contract
- Communication and collaboration providers (e.g. Microsoft Teams or equivalent platforms) used for report discussions and B2B communications
- Research partners, only where you have provided consent
- Form and survey providers used for intake forms, contact forms, and data collection
All third parties act as data processors or service providers under appropriate contractual obligations, including data protection and confidentiality requirements.
International Transfers
Where personal data is transferred outside the UK or European Economic Area (EEA), including where this occurs through our service providers (such as hosting, form, or analytics providers), we rely on appropriate safeguards provided by those providers or implemented through contractual arrangements, which may include:
- Standard Contractual Clauses (SCCs) approved by the UK or EU Commission
- Transfers to countries covered by an adequacy decision
- Additional technical and organisational measures, such as encryption and access controls
Data Retention
- Genetic data: retained for up to 30 days after initial analysis and delivery of results. Where follow-up discussions, report clarifications, or ongoing service interactions are part of the service, data may be retained for the duration of those interactions
- Report discussion data: retained for as long as necessary to provide ongoing support, clarify results, or maintain service continuity
- Contact and communication data: retained for as long as necessary to respond to enquiries, provide services, and maintain ongoing communications, and as required for legal obligations
- Technical logs: retained for 12–24 months for security, debugging, and system integrity
- Consulting and enterprise data: retained for the duration of the engagement and up to 6 years where required for legal, accounting, or contractual compliance
- Research data: retained for the duration of the relevant research activity or project, or until it is irreversibly anonymised. Where data has been irreversibly anonymised so that individuals are no longer identifiable, it may be retained for research and statistical purposes for an unlimited period.
Data is deleted or irreversibly anonymised when it is no longer required for the purposes for which it was collected, unless a longer retention period is required by law or necessary to provide the services you have requested.
Data Security
We implement appropriate technical and organisational measures to protect personal data, including:
- Encryption of data in transit and at rest
- Strict access controls and authentication mechanisms
- Audit logging and security monitoring
- Data minimisation and pseudonymisation where appropriate
While we take reasonable steps to protect your information, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Cookies and Tracking
- Strictly necessary cookies: required for the operation and security of the platform
- Analytics and performance cookies: used to understand usage, improve services, and maintain system performance (only used where consent is provided where required)
You can manage your cookie preferences at any time through our cookie consent banner or your browser settings.
Your Rights Under UK GDPR
- Right of access
- Right to rectification
- Right to erasure (right to delete your data)
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent at any time (where processing is based on consent)
You can exercise your rights by contacting us at the details provided in this Privacy Policy. We may need to verify your identity before processing your request.
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).
Automated Decision-Making
We may use automated systems to assist with triage and prioritisation of intake requests, to help manage service demand. These systems do not make final decisions without human review and oversight.
Children
Our services are intended for individuals aged 18 and over. We do not knowingly collect personal data from individuals under 18.
Data Breach Notification
Where required by law, we will notify affected users and relevant supervisory authorities of personal data breaches without undue delay and in accordance with applicable legal requirements.
Changes to This Policy
We may update this Privacy Policy from time to time. It is your responsibility to review these Terms periodically. The most current version will always be available on our website.
The updated version will always be made available on this page with an updated “last revised” date. Your continued use of our services after any changes take effect constitutes acceptance of the revised policy.
Contact
DN46 Labs Ltd (trading as Genetase)
Registered in England and Wales
Registered address: 82A James Carter Road, Mildenhall, IP28 7DE, United Kingdom
Company number: 17273426
Email: Reveal email