Findmypast is a company registered in England and Wales no. 04369607, it owns and operates the website www.findmypast.co.uk. Its registered offices are located at The Glebe, 6 Chapel Place, Rivington Street, London, EC2A 3DQ.
Findmypast and Living DNA have come together to introduce FindmypastDNA, which includes the Living DNA family ancestry test with a detailed ethnicity breakdown (including, if you choose, Family Networks matching) as well as a subscription to Findmypast and the ability to build a free family tree. This combined experience means your DNA analysis results will allow Findmypast to search and find records based on your regional ancestry breakdown.
Under FindmypastDNA, Findmypast receives and uses your information as follows:
What personal information does Findmypast receive and use if you choose FindmypastDNA?
|When collected||Type of information||Purpose||Legal basis|
|When activating your DNA kit||Your name, email address, kit number, order identification||? To deal with your requests and queries ? For subscription administration purposes ? To provide personalised communications||We process this information in our legitimate interest in order to administer the Findmypast subscription set-up processes, to communicate how to activate the Findmypast subscription and to help with subscription and account registration questions|
|When activating your DNA kit||Name and email address||To send Findmypast marketing communications about Findmypast products, services and offers or surveys (if you choose to receive these)||Where you give us your consent to receiving FindmyPast marketing communications.|
|When you receive your DNA results||Genetic data and ethnicity breakdown||Findmypast will use this data to suggest historical records related to your ethnicity breakdown, to enhance your Findmypast search results, and provide other customised content features such as personalised communications or dashboards.||Where you give us your specific consent to this use.|
|Family Networks matching (if you choose to participate in Family Networks, and depending on choices you make in respect of that service)||Name, date of birth and sex, ethnicity breakdown, genetic data Family Networks matches||To provide you with information related to your genetic DNA matches through the Family Networks service.||Where you give us your specific consent to this use.|
Please note: we understand that you control the use of your DNA and your genetic data. If new products are developed, Findmypast will only ever use your genetic data for any new products with your explicit consent.
What information is not shared with Findmypast?
Findmypast will not have access to your payment details in relation to the purchase of FindmypastDNA.
Findmypast will not have access to your biological sample, which is sent to and tested in the secure laboratory.
Living DNA use fully accredited professional laboratories to receive your mouth swab sample, to extract your DNA from the sample and to convert this into your DNA genetic data file. It is your genetic data which Findmypast may then receive where you consent to our use of your genetic data as described above, to provide enhanced ancestry insights and search results. Living DNA also receive your gender alongside the genetic data and will securely store your genetic data for us. Further information is available within Living DNA’s privacy statement.
What if I do not provide some or all of the information requested?
If you do not want to share your personal information and genetic data with Findmypast, it will not be possible to activate your Living DNA test and to participate in FindmypastDNA.
What personal information will Findmypast collect for the Findmypast subscription?
How do we protect your information?
Findmypast follows strict security procedures in the storage and disclosure of personal and genetic data which we receive and that you have given us, to prevent unauthorised access to, and loss, misuse or alteration of your personal data in accordance with UK data protection legislation. We are committed to international security standards and Findmypast are ISO 27001 certified for our information security controls.
You are responsible for keeping secret any confidential passwords or other login or access details that you select or which we allocate to you. While we take steps to ensure the security of your information, there is a risk that any information transmitted over the Internet and stored on a computer may be intercepted or accessed by an unauthorised party. If you think that someone has accessed your information held by us without your permission or gained unauthorised access to your login details, you must notify us at email@example.com.
We also recommend that if you use a shared computer or a computer in a public place such as a library that you close your browser when you have finished your session.
We may from time to time, provide your personal data to third parties in particular:
- * Service providers - who process personal data on our behalf and under our instructions for the purposes of supporting us in providing you with our services. This may include service providers who assist us with hosting our services, providing IT support services from time to time or in hosting or delivering our marketing or surveys (but only in cases where you have first consented to receive such marketing). We only use service providers that provide adequate protection for your information at all times and who are subject to appropriate contractual safeguards.
- * We will disclose your personal information in order to comply with any legal obligation or order of a court or regulator to which we are subject or to enforce or apply our terms of supply and other agreements with you or to protect the rights, property or safety of our customers or others. This may include exchanging information with other companies or organisations for the purposes of fraud protection, credit risk reduction, and to prevent cybercrime.
These third parties may be located outside the European Economic Area. When transferring and storing any personal information outside the EEA we only do so under one of the legally recognised transfer mechanisms for ensuring the data is safeguarded. These are:
- * The country in question has been deemed safe for data transfer by the European Commission (also known as an adequacy finding).
- * The contract for data processing contains the standard contractual clauses laid down by the European Commission to safeguard the transfer of personal data.
- * Binding corporate rules – this is where a large company’s own internal processes for international data transfer have been assessed and validated by a relevant competent supervisory authority
- * If the data is going to the USA it is transferred to a company that is certified under the EU-US Privacy Shield.
- * Where otherwise subject to any legally recognised and appropriate certification schemes.
In relation to data associated with your Findmypast subscription
Some of the information you provide to us will be necessary to carry out repeated tasks, such as verifying your identity or payment details when signing in to use an account, providing our services to you or when you are using an online checkout. We will keep this information for as long as you remain a registered user of any of our sites and for so long as reasonably necessary.
After this time, we may need to hold your personal information in order to meet our financial obligations or identify or resolve issues or causes of action. If your account is inactive for more than five years and you are no longer paying for a service, we reserve the right to delete any information you have provided to us, including all information in your family tree. We will send an email to the address attached to your account before deleting the information in your family tree.
Findmypast will retain your genetic data as needed to continue to provide you with the features associated with your purchase, to continuously update your Family Networks, and improve Living DNA ethnicity estimates unless you ask us to delete it sooner. Findmypast will review the need to retain your genetic data every ten years. You have the right to request the deletion of your personal data or genetic data at any time.
Under data protection law, you have a number of rights with respect to your personal information, which are:
- Correcting your information You are entitled to have your personal information updated to ensure it is up to date and accurate.
- Withdrawing consent You have the right to withdraw your consent to any processing that is being done [only] with your consent, such as marketing.
- Obtaining a copy of your Information You have the right to receive a copy of the personal information we hold about you.
- Deleting your information You can request that we delete personal information in certain circumstances.
- Data portability You have the right to ask us to transfer the personal information that you have given us to another controller.
- Restricting processing You can request a restriction on the processing of your information in some limited circumstances. Examples are concerns over information accuracy or we no longer need to hold your information but you have requested its retention by us to aid you in a legal matter.
- Right to object to processing You have the right to request that we stop processing your information for marketing purposes and in certain other circumstances such as asking us not to process your information by wholly automated means or not to analyse your information for targeted content where applicable, (also known as profiling).
You can request to action any of your rights by contacting us below.
Right of complaint to the Regulator for Data Protection
The data protection laws in the UK are regulated and enforced by the Information Commissioner’s Office (ICO). Each individual has the right to raise a concern/complaint to the ICO if they have any concerns about how their personal information and/or privacy is treated.
You can do this via the ICO’s website; by calling the ICO helpline on 0303 123 1113; or by writing to:
Information Commissioner's Office
You may also contact us with further questions or comments.
Email: firstname.lastname@example.org Phone: +44 (0)20 3326 6300 [UK, IE, AU] / +1 (855) 246-8234 [US] Post:
6 Chapel Place
London EC2A 3DQ
Or contact the Findmypast Data Protection Officer at email@example.com