Our Privacy Policy

Full Privacy Policy


This Privacy Policy applies to the DnaNudge service (the “Service”). This document outlines the type of personal data we collect from users of the Service (“Users” or “you”) in connection with the Service and how this data is protected, used and maintained.

The Service is operated by DnaNudge Limited, a company registered in England and Wales, with company number 09705888 whose registered address is at Level 11, The Translation And Innovation Hub, Imperial College White City Campus, London, England, W12 0BZ  (collectively referred to as “DnaNudge”, “we”, “us” or “our” in this Privacy Policy).

Commitment to the protection and security of personal information, including genetic information is of paramount importance to us.


The purpose of this Policy is to inform you about our privacy practices and to ensure that you understand the purposes for which we collect and process your personal data. The following is a brief summary of our privacy practices.

This Policy does not apply to any data insofar as it is held, processed, disclosed or published in a form which cannot be linked to a living individual (such as anonymised data, aggregated data, or coded data which, in a given form, cannot effectively be used to extract your personal data) ("Anonymised and Aggregated Data"). We reserve the right to generate Anonymised and Aggregated Data extracted out of any databases containing your personal data and to make such use as we see fit of any such Anonymised and Aggregated Data.

Who is responsible for processing your personal data?

DnaNudge is responsible for the processing of your personal data insofar as we collect it as part of the Service including personal data we obtain through registration forms or other communications with you, the genetic data we receive from Users for analysis and the genetic reports and product recommendations that we generate through the Service and send to our Users and data we collect by tracking Users’ use of the Service.

Questions and complaints

If you have any questions or if you wish to make a complaint or have other queries relating to the Service, please write to us to the following address: DnaNudge Limited, Level 11, The Translation And Innovation Hub, Imperial College White City Campus, London, England, W12 0BZ, or by email to: customerservices@dnanudge.com.

Enquiries relating to our use of your personal data should be made for the attention of our data protection officer.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

The type of information we collect and how we collect data

Account information: Information about your account can be found in our subscription terms and conditions. To use our Service, you must create an account. To create an account, you are asked to submit details such as name, email address and telephone number, age, and a password you create.

Genetic Information: As outlined in our subscription terms and conditions, to enable us to generate your DnaNudge test results, Users submit a DNA sample using a swab which is inserted into and analysed by the testing unit we supply. The genetic test results are transferred electronically to our servers (operated through third party cloud services) where the data is further analysed and matched to our database of food and drink products. DnaNudge test results are sent to you through your Mobile App and/or Capsule and product recommendations are generated in response to the scanning of food and drink product barcodes by Users.

To protect your genetic information, Users cannot use the sharing functionality in the Mobile App, such as NudgeShare, to share their genetic information with other Users. Only information such as product-recommendations can be shared between Users.

Information given by Users: this includes information that we may ask Users to provide from time to time for research processes, quality control and to improve the Service. For example, we may collect such information through direct correspondence, surveys, other activities through the Mobile App, Capsule or the website etc.

Device and Browsing Information: From time to time, we may use automatic data collection technologies to collect data for research, development and statistical purposes.  This data includes but is not limited to data regarding the products that were recommended to you, products that you chose to purchase, other aspects of your use of the Mobile App or Capsule or other aspects of the Service. We may monitor usage patterns by Users. 

How we use your data

We collect and process Users’ personal data for the following purposes:

The lawful basis for processing users’ personal data

The processing of your personal data is lawful on the basis of the following:

When do we disclose your personal data to third parties?

We share your personal data with our subsidiaries, parent companies and other affiliates, our subcontractors, service providers, representatives and agents that provide services to us or act for or on our behalf (“Related Parties”). Personal data is shared with Related Parties only for the purpose of delivering the Service to Users, maintaining and improving the Service and related purposes. 

We ensure that such Related Parties do not use your personal data for any other purposes, that they do not disclose it to any other third parties and that they do not retain copies of your personal data except as necessary to provide services to us or to our Users or as may be required by law. We require Related Parties to protect personal data of our Users that is received from us from unauthorised access, corruption or loss.

Examples of cases where personal data may be shared with Related Parties are set out below:

We also reserve the right to disclose and transfer your personal data to other entities in connection with the sale or transfer of our business or those business activities relating to the Service.  We will ensure that such acquirer will continue to process the personal data in accordance with this Policy (as it may be updated from time to time).

Other circumstances in which your personal data may be used or disclosed include the following:

We will fully co-operate with regulators, law enforcement agencies and other authorities to identify anyone who uses our products, service or software for illegal activities. We reserve the right to report to regulators and law enforcement agencies any activities that are believed to be unlawful.

Transfer of personal data across borders

We operate the Service from the United Kingdom. We may use servers and cloud services to store an process data in other countries and may transfer the data to other countries for the purpose of storage and data management. Our Related Parties may have access to your personal data in different countries including, without limitation, the UK, the EU and the USA. We ensure that when personal data is transferred across borders, we do so in compliance with the law including (in the case of data exported from the EU) by putting in place, as between us and the party receiving the data, contractual terms for the protection of the interests of data subjects in the form approved by the European Commission. 

How do we protect your personal data?

We use a range of technical and organisational measures to protect your personal data including the following:

We cannot guarantee that these protections will always successfully prevent unauthorised access to, corruption or loss of personal data. Please bear in mind that transmissions over the Internet are not completely secure, and information you send to or from this Service may be accessible by others. More specifically, electronic communications sent to or from the Service may not be secure.  

We ask that you do not share your account password or log-in credentials with anyone. Please contact DnaNudge immediately if you suspect unauthorised use of your account.

How to access, edit or delete your information

You can contact our customer care team to request access to, edit or delete any personal information you have provided to us. We cannot guarantee we will be able to grant a request to change information, for example, if we believe granting such a request would violate the law or cause the information to be incorrect. It may not be possible to retrieve, remove or correct data from any database where the data had been de-identified and/or aggregated.

Account closure

You can close Your Account through your account settings on the Mobile App. If you choose to close Your Account, we will remove your registration information and user profile from the site.

Children’s data

Children under the age of 18 require the consent of their parent or legal guardian to carry out the genetic test. The information in this Privacy Policy applies to children as well as adults.

Your legal rights

Users have the following legal rights in respect of their personal data:

  1. The right to require us to advise you of the categories of your personal data that we process, the purpose of any such processing, the identity of third parties who receive your data from us, the period for which your personal data is stored and whether any automated decision-making processes are being used in relation to your personal data. You also have the right to ask for a copy of your personal data records;
  2. The right to require us to rectify inaccurate personal data records;
  3. The right to request the erasure of your personal data records. You have the right to require us to erase your personal data records where:
  1. the data is no longer necessary in relation to the purpose for which it was collected, such as where you choose to close your account (in which case, it is our policy to delete your data even without your request);
  2. where the processing of the data is based on your consent and such consent is withdrawn (provided that the other circumstances described in the sections ‘When do we disclose your personal data to third parties?’ and ‘Lawful basis for processing users’ personal data’ above no longer apply); or
  3. you object to the processing of your data and there are no overriding legitimate grounds for justifying the data processing;
  1. The right to restrict the processing of your personal data in certain circumstances (for example, where an objection has been raised and is being investigated); and
  2. The right to object to the processing of your data in certain circumstances.

Links to third party sites and social media services

This policy applies only to the processing of personal data by us in connection with the Service. It does not apply to any processing activities carried out by operators of website, social media services such as Twitter or Facebook or other third parties whose sites or services may be accessible via our Service.  When you follow a link from the Service to any third party site or service you are being transferred to a website or online service operated by someone other than us. The operator of that website or service will have a different privacy policy. We do not share your personal data with these third party websites or services and we are not responsible for their individual privacy practices. We encourage you to investigate the privacy policies of any such third party sites or services.

Privacy Policy changes

This Policy was last changed on 1 January 2019. If we make changes to the Policy, the new version will be posted on the Service. We may change, modify, add or remove portions of this Policy at any time, and any changes will become effective immediately upon being posted unless stated otherwise.