Veritas Forensics logo featuring a large V and F with a DNA strand integrated into the V.

Privacy Policy – Veritas Forensics

Last Updated: 4.6.26

Effective Date: 4.6.26

1. Introduction

This Privacy Policy sets out how Veritas Forensics (“we”, “us”, “our”) collects, uses, stores, shares and protects personal data and sensitive information in connection with our specialised service for the collection, transportation, and delivery of DNA samples, biological specimens, and related materials.

We are committed to ensuring the security and confidentiality of all information we handle. Given the sensitive nature of genetic and health-related information, this policy has been drafted specifically to meet the requirements of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and relevant regulations governing the transport of biological materials.

This policy applies to all operations, including interactions with individuals, clients, healthcare providers, laboratories, and other organisations we work with. By using our services, you agree to the terms described in this policy.

Our contact details are:

- Company Name: VF UK Transport Ltd trading as Veritas Forensics

- Registered Address: 82a James Carter Road, Mildenhall IP28 7DE

- Email: info@veritasforensics.co.uk

- Telephone:07563 674076

- Data Protection Officer (or Responsible Person): Darren Morgan

2. Definitions

To ensure clarity, the following definitions apply throughout this document:

- Personal Data: Any information that relates to an identified or identifiable living individual.

- Special Category Personal Data: Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person’s sex life or sexual orientation. DNA samples and information linked to them fall strictly into this highest-protection category.

- Sample: Any biological material, including but not limited to DNA samples, blood, saliva, tissue, or other specimens entrusted to us for transport.

- Chain of Custody: The documented and traceable process of handling, controlling, and transferring a sample and its associated data from collection through to final delivery.

- Data Controller: The entity that determines why and how personal data is processed. Veritas Forensics acts as the Data Controller for the purposes described in this policy.

- Recipient: A person or organisation to whom data or samples are disclosed, such as authorised clinics, diagnostic laboratories, or healthcare institutions.

3. What Data We Collect and Process

We collect and process only the information necessary to provide our secure transportation service. We do not analyse, test, sequence, or examine the genetic content or biological composition of any sample entrusted to us.

A. Personal and Sensitive Data

This includes information that identifies an individual or links them to a specific sample:

- Full name, unique reference number, or patient identifier

- Contact details (address, email address, telephone number)

- Date of birth or demographic details (where provided for identification purposes)

- Health or origin information strictly limited to what is required for transport safety and regulatory compliance (e.g., sample type, handling requirements)

B. Sample-Related and Operational Data

This includes records necessary to manage the logistics, safety, and security of the transport:

- Unique sample identification codes or barcodes

- Collection and delivery addresses, dates, and times

- Chain-of-custody documentation and tracking history

- Environmental monitoring data (e.g., temperature logs) where required for sample integrity

- Packaging, handling, and transport route details

All data is collected directly from you, your authorised representative, or the healthcare/laboratory provider arranging the shipment.

4. How We Use Your Data and Samples

We process personal data and handle samples only for the specific purposes for which they were provided, and never beyond what is necessary. Our uses are limited to:

1. Service Delivery: To arrange, perform, and confirm the secure collection, transport, and delivery of samples to the intended authorised recipient.

2. Operational Safety and Compliance: To ensure compliance with legal, regulatory, and safety requirements governing the transport of biological materials, including dangerous goods regulations and health and safety laws.

3. Record Keeping: To maintain accurate chain-of-custody records, proof of delivery, and audit trails as required by law or professional standards.

4. Communication: To contact you regarding your shipment, respond to enquiries, or notify you of any issues affecting the delivery.

5. Legal Obligations: To comply with requests from regulatory bodies, courts, or other competent authorities where legally required.

We do NOT:

- Use your data or samples for marketing, advertising, research, or profiling purposes.

- Sell, rent, or trade your personal data or genetic information to any third party.

- Access, read, or analyse the genetic or health information contained within any sample.

5. Lawful Basis for Processing

Under UK GDPR, we are required to state the legal basis for processing your data. For Special Category Personal Data (including genetic and health data), we rely on one or more of the following legal grounds:

1. Explicit Consent: Where you or an authorised representative have given clear, explicit consent for the processing of your sensitive data for the purpose of transporting your sample.

2. Compliance with a Legal Obligation: Where processing is necessary for us to comply with a legal or regulatory requirement to which we are subject.

3. Substantial Public Interest: Where processing is necessary for reasons of public interest in the area of public health, such as ensuring high standards of safety and quality in the handling of biological specimens.

We only process your data in ways that are compatible with the purposes for which it was collected or authorised.

6. How We Store and Secure Data and Samples

Security is our highest priority. We implement strict technical, organisational, and physical measures to protect both your data and your samples against unauthorised access, loss, damage, or misuse.

Data Security

- Technical Measures: Data is stored on secure, encrypted servers with restricted access. We use secure transmission methods and maintain up-to-date security software and firewalls.

- Organisational Measures: Only authorised, trained personnel have access to personal data. All staff are bound by strict confidentiality agreements and receive regular training on data protection and biological safety.

- Retention Periods: We retain personal data and transport records only for as long as necessary. Typically, records are kept for [Insert Period, e.g., 12 months] following delivery, unless a longer period is required by law or regulation. After this period, data is securely erased, anonymised, or destroyed in accordance with our policies.

Sample Security

- Physical Protection: Samples are packaged, labelled, and transported in full compliance with international standards (including IATA and relevant dangerous goods regulations), using specialised, secure, and temperature-controlled packaging where required.

- Chain of Custody: Every step of the journey is tracked and documented. Handover procedures are strictly controlled and require verification at each transfer point.

- Storage: Temporary storage facilities are secure, monitored, and maintained at appropriate conditions to preserve sample integrity and prevent unauthorised access.

- Disposal: In the event that a sample cannot be delivered or is unclaimed, it will be disposed of securely and in accordance with legal and ethical guidelines, and you or the sender will be notified where possible.

7. Sharing and Disclosure of Data

We will only share your personal data and sample information in the following circumstances:

- Authorised Recipients: We share necessary details only with the intended recipient (e.g., the clinic or laboratory named in the shipment) and with our trusted transport partners who are bound by equivalent data protection and confidentiality obligations.

- Service Providers: We may use third-party service providers (e.g., IT support, tracking systems) who process data on our behalf. All such providers are selected carefully and operate under written contracts ensuring compliance with UK GDPR and strict security standards.

- Legal Requirements: We may disclose information if required to do so by law, court order, or government authority, or to protect the rights, property, or safety of our company, our customers, or others.

We do not transfer your personal data outside the United Kingdom or the European Economic Area unless adequate safeguards are in place to ensure the same level of protection as required by UK law.

8. Your Data Rights

Under UK GDPR and the Data Protection Act 2018, you have specific rights regarding your personal data. These include:

1. Right to be Informed: You have the right to clear, transparent information about how we use your data — this policy serves that purpose.

2. Right of Access: You may request a copy of all personal data we hold about you and details of how we process it.

3. Right to Rectification: If any information we hold is inaccurate or incomplete, you have the right to have it corrected.

4. Right to Erasure (‘Right to be Forgotten’): You may request the deletion of your data or records where there is no compelling reason for us to continue processing it, subject to legal retention requirements.

5. Right to Restrict Processing: You may ask us to suspend or limit the processing of your data in certain circumstances.

6. Right to Data Portability: You may request to receive your personal data in a structured, commonly used format, or to have it transferred to another organisation where technically feasible.

7. Right to Object: You may object to the processing of your data where we rely on legitimate interests or public interest as a legal basis.

To exercise any of these rights, please contact us at info@veritasforensics.co.uk. We will respond within one month. You will not be charged a fee unless requests are repetitive or excessive.

If you are not satisfied with our response or believe we are processing your data unlawfully, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/

9. Breach Notification and Management

In the unlikely event of a personal data security breach, loss, damage, or unauthorised access to your data or samples, we have established procedures to manage and respond effectively:

1. Internal Reporting: All suspected breaches are reported immediately to our designated Data Protection lead.

2. Assessment: We will investigate and assess the risk to individuals’ rights and freedoms.

3. Notification: Where a breach is likely to result in a high risk to your rights or freedoms, we will notify you without undue delay. We will also notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, as required by law.

4. Mitigation: We will take all necessary steps to contain the breach, minimise harm, and prevent recurrence.

10. Handling of Samples: Additional Rules

Because DNA and biological samples are both physical items and carriers of sensitive data, we apply additional specific rules:

- No Alteration or Analysis: We guarantee that samples will not be opened, altered, tested, or analysed by our staff or agents. The integrity and confidentiality of the sample content are fully preserved.

- Lost or Damaged Samples: In the event that a sample is lost, damaged, or compromised during transit, we will notify you immediately, investigate the cause, and follow our incident management and notification procedures.

- Return Policy: Samples will only be returned to the sender if explicitly agreed in writing in advance or if delivery is impossible and disposal is not required by regulation.

- Security of Disposal: Any disposal or destruction of samples is carried out securely, irreversibly, and in accordance with legal and ethical standards, with confirmation provided upon request.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory standards. Any updates will be posted on our website with a revised “Last Updated” date. Where changes are significant, we will notify you directly or through prominent notice on our website.

We encourage you to review this policy periodically to stay informed about how we are protecting your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data and samples, please contact us:

VF UK Transport Ltd trading as Veritas Forensics

Registered address: 82a James Carter Road,Mildenhall, IP28 7DE

Email: info@veritasforensics.co.uk

Telephone: 07563674076