Privacy Policy

This is the Privacy Policy for the website hosted at www.gena.health (the “Gena website”) and the Gena app (the “App”), (together our “Services”). Our Services are operated by or on behalf of Gena Health Limited. We are committed to protecting and respecting your privacy.

This policy (together with the terms of service) sets out:

  • Information we collect about you
  • How we get the personal information and why we have it
  • Who we share your information with
  • Where we store your information
  • Your data protection rights
  • How to Complain
  • High-level summary of data capture throughout Gena process


Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By engaging with our Services you acknowledge you have read and understood this privacy policy.

For the purposes of applicable data protection law, the data controller of personal data covered by this privacy policy is: Gena Health Limited of 20 Wenlock Road, London, England, N1 7GU under company number 14970738.

Our Data Protection Officer can be contacted at [email protected].

The types of personal information we collect


All personal information collected by Gena Health (Gena) will be proportionate to the use case specified. 

Key information includes demographic information such as: 

  • Full Name 

  • Phone Number 

  • Geographical Information 


Financial information such as: 

  • Bank details 


Healthcare information such as: 

  • NHS Number 

  • Medical history* 

  • Medications* 

  • Existing treatment pathway(s)*


User data analytics such as: 

  • Length of time spent on app, tracking statistics such as time spend per widget, click through rates. 


*At present – this information is populated by the user and therefore the level of information provided is at the discretion of the user. Gena cannot be held accountable for any inaccuracies in healthcare data which is populated by the user. 

For a full, categorised and exhaustive list of all data sources collected by Gena health, split by which part of the process, please see Appendix 1.   



How we get the personal information and why we have it

Gena obtains personal information about its users through several sources. This is all underpinned by a consent basis model, where we aim to provide our users (and/or a delegated authority, i.e. their carer) with the necessary detail required to undertake an informed decision.   


This is outlined in further detail in Appendix 1  



Who we share your information with and why

Gena operates with a number of trusted partners to optimise our healthcare offering to our community  of users. Critically – the information shared is proportionate to and dependent on the nature of the partner. 

Please see Appendix 1 which evidences a table explaining in further detail who we share your information with and the reasoning behind this. 

The lawful basis with which we are sharing your data under UK GDPR is:

Article 6 (1) (a) Your consent. You are able to remove your consent at any time by emailing our DPO

Article 6 (1) (f) Legitimate interest


Upon consent withdrawal, the following data will be deleted:  

  1. Identifiable Healthcare information 

  2. Data Analytics 


Further explanation on our service level agreements for this deletion, plus the assurances and controls in relation to this data deletion, can be found in Appendix 2. 




How we store your information


Your information is securely stored in the United Kingdom.


We keep your data for 25 years. After that time, your data is securely deleted from all of our information systems. 



Your data protection rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at [email protected] if you wish to make a request

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected] addressing your email to the Data Protection Officer. 

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk

Appendix 1 – High-Level Summary of Data Capture throughout Gena process

Type of Information 

Dataset 

Which part of the process is this data collected? How is it obtained? 

Why do we use this data? 

Who do we share this information with and why? 

How do we store this information? 

Demographic information

Full name 

Phone Number

Geographical location

Sign up 

Full name and Unique identifier code used as hook for all data to hang off. 

Phone number allows method of contact in emergency 

Geographical location supports Gena data analytics and optimises opportunities to be presented to service user (i.e. UK only based clinical trial and Gena community). 

Any sharing of demographic information is based on consent model only interests of enhancing direct care – i.e. access to specific clinical trials. 


Gena data analytics will be conducted at a macro level and as such will be anonymous by nature.  

Securely within hosted application.

Financial Information

Bank Details 

Sign up 

Gena’s fundamental aim is to minimise the cost of the high quality service it provides. There are however some chargeable elements to the service user in the form of either a yearly license cost or chargeable modules/one off costs. The service users bank details are needed to facilitate these costings. 

Individual bank details are not shared with any other service partners. 

Securely within Hosted application. 

Healthcare Information

NHS Number 

Medical history* 

Medications* 

Existing treatment pathway(s)*

Medical Updates

Sign up 

As referenced above, medical history, medications and existing treatment pathways are populated by the service user/carer and as such  Gena cannot be held accountable for any inaccuracies in this data. Gena will put in place necessary controls i.e. reminders to the service user to review this information. 


This is used for Gena to build a greater level of understanding about our service users. 


Service users will also be able to consent for this information to be used within Gena workflows, i.e. through integration with iCal for medication schedules. 


Finally, this information will ensure that genome sequencing data, which the patient may also consent to, is contextualised within a holistic understanding of their health to determine the most appropriate next steps. 


This information will predominantly be held within the Gena App and is for the service user/their carer to populate. 


The service user may also consent for this information to be shared in a de-identifiable manner with our trusted Pharmaceutical partners upon consent to the sharing of Genome Sequencing data. The sharing of wider healthcare information in conjunction to genome sequencing information is incredibly useful to determine outcome driven insights from the data and determine trends, which in turn will further inform recommended treatment pathways.   

Securely within the Hosted application. 

Data Analytics 

Length of time spent on app, tracking statistics such as time spend per widget, click through rates. 

Throughout usage of platform 

Data analytics captured will inform the development of the product and User interface – helping the Gena team to determine which areas to prioritise. 

This information is not shared with any partners. 

Securely within the Hosted application – with extracts pulled on a regular basis and stored centrally within Gena infrastructure. 

Genome Information 

Sequenced genome of the service user (identifiable) 

Following patient consent within platform for Gena to co-ordinate sequencing of genome.  This sequencing will be undertaken by a Genome sequencing partner organisation utilising a biopsy from the service user, with the results shared securely into the Gena platform. 

The presence of sequenced genome information, with additional layers of context provided by tools such as X, is critical to the Gena mission. It provides the service users and their clinician(s) vital information to best inform/determine the most effective treatment pathways. 

Information is made available to the service user through the app. 

The service user is in control of this data and 

Securely within hosted application

Sequenced genome of the service user (non identifiable)

Following patient consent within platform for Gena to co-ordinate sequencing of genome AND that a non-identifiable version of the genome can be shared with Pharma. 

The sequencing will be undertaken by a Genome sequencing partner organisation as described above. 

The non identifiable version of the genome sequence is less relevant for the service user and their clinician – it is particularly relevant for our trusted Pharmaceutical partners. 

This information forms a wider catalogue of de- identifiable sequenced genomes for Gena’s trusted Pharmaceutical partners to interrogate. This provides a vital dataset to inform new drug discovery either through more traditional or AI delivered methodologies.

Secure portal within non service user facing part of hosted application. Principle of minimum level of access necessary is strictly implemented. Rigorous onboarding and security assessment undertaken prior to provision of access for Pharmaceutical partners.