top of page

Privacy Policy

We take your privacy seriously. Please read this Privacy Policy to learn how we treat your personal data.   

Effective: February 25, 2025  

Remember that your use of Intus Bio’s Service is at all times subject to our Terms of Service, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Service.  

 

 Table of Contents  

What this Privacy Policy covers  

What Personal Data we collect  

How we share your Personal Data  

Tracking tools, advertising and your rights to opt-out  

Data security and retention  

Intus Bio Notice of Privacy Practices  

Changes to this Privacy Policy  

How to contact us  

  

1. What this Privacy Policy covers  

This Privacy Policy covers how we treat Personal Data that we gather and subsequently process when you access or use our Service. “Personal Data” means any information about you where the fact that it is about you could be discovered. It includes information referred to as “personally identifiable information” or “personal information” which are terms used by other privacy or data protection laws. This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage.  

 

 2. What personal data we collect  

2.1 Categories of Personal Data we collect  

This section is about the categories of Personal Data that we collect and have collected over the past 12 months as well as data we subsequently process. We use your data for different purposes, and we have split this section up so it is clear what our reason for collecting each category of data is.  

2.1.1 Customer Information  

This is information about you that we collect in order to manage your account, for example your name, address, email address and telephone number. We use this data to:  

  • Manage your order.  

  • Decide whether national or state laws apply, for example to allow us to decide whether we need to involve a physician or other medical practitioner in collecting certain samples for testing.  

  • Enable testing (such as stool tests) where some personal information is required for our Service to be provided with the oversight of a physician or other medical practitioner.  

  • To input relevant information into our analysis, for example your geographical location.  

  • Generally operate an account for you (e.g. by referring to your name or using your email to permit you to login). 

We need this information in order to provide our Service and deliver any products you purchase to you. For reference: this means our GDPR “legal basis” is article 6(1)(b) “necessary for the performance of a contract”. But, having collected it, we also use it for other purposes that are discussed in more detail in their own section: 

  • We may use some of this information to improve our analysis of your self-reported health information, for example your geographical location. If so, we treat it in the same way as other information in the same category. 

2.1.1.1 Emails: additional uses 

If you haven’t opted out, we may also use your email address, and, if you are in the US, your phone number, to send you emails for the following purposes: 

  • Providing you with information about our products and services. 

  • Keeping in touch with you about the app and its performance as well as about new versions of the app or similar apps we may develop. 

  • Sending you updates on our latest developments and scientific discoveries. 

  • Inviting you to register for webinars we host in relation to our research. 

  • Inviting you to participate in one or more scientific research studies. See the “Scientific Research Studies” section below. 

Our legal basis for doing so is our legitimate interest in promoting our products and services. For more information, see the “User Research” and “Communicating with you” sections below. 

2.1.1.2 How long do we keep customer information for?  

See the “Data retention” policy below. 
  
The laboratories who conduct testing (such as stool tests) may hold information for longer depending on locally applicable law. See under the heading “samples” below.  

2.1.2 Self-reported Health Information  

This is information such as height, weight, age, what you eat, and pre-existing health conditions as collected within the health questionnaire. We use this data to:  

  • Determine your eligibility for our services or scientific research studies.   

  • Facilitate testing of Samples (see below) by third party laboratories we partner with.  

  • Input relevant information into our analysis, for example what you eat.  

  • In the case of age, to ensure that an individual is within the age range appropriate for the report. 

  • Investigate any complaints or incidents with our Service or products.  

  • Allow us to carry out general scientific research.  

  • Allow us to research and develop new diagnostic assays related to a particular disease indication.  

2.1.3 Samples  

These are biological samples, such as stool samples, that you have sent to third party labs for testing.  The laboratories are under contract to us and are required by those contracts not to share information about you with any third party except subcontractors who are essential to the carrying out of their work and who are also bound to confidentiality in the same way.  

The laboratories will keep samples for different lengths of time depending on the requirements of the locally applicable law (for example, of your country or state). How long a sample is kept may depend on factors such as whether a test is successful or not. Intus Bio may also archive samples after processing for future resequencing for a variety of scientific purposes, including reproducibility studies, archive and stability studies, and health related research related to the microbiome and overall health.  If you want further information about this, please contact the individual laboratories.  

Our stool tests are carried out by Avero Diagnostics, who will need to know (and in some cases retain) your name, date of birth and gender (which can affect the meaning of the results) in accordance with the laws and regulations that affect us or them.  

2.1.4 Test Results  

These are the results we receive back from the laboratories that have analyzed your Samples.  

Analysis of Samples includes the extraction and sequencing of bacterial DNA found in the Samples. The Test Results will be the sequenced bacterial DNA from your Sample.  This will be DNA relating to your microbiome - for example enabling us to identify populations of bacteria in your gut. 

We may use the Test Results to: 

  • allow us to carry out general scientific research.  

  • Allow us to research and develop new diagnostic assays for a particular disease indication.  

We maintain all test result data on our secure servers because it is important for future scientific research. The laboratories will keep Test Results for different lengths of time depending on locally applicable law and could be kept on file for as long as we have a business, legal, or regulatory need. Some laboratories only receive anonymized/de-identified samples, others require some personal details to conduct the tests.  

2.1.5 Device & Browser Data  

If you visit our website, then we will also collect information about you. Some of this information is direct: such as your IP address, the type of browser you are using, the make of your mobile phone and the contents of cookies we set (see our Cookie Policy). We also use third party analytics providers such as Google Analytics, who collect similar information and then supply us with further analysis derived from it.  

We process this data to:  

  • Locate errors in our systems or problems our systems may be facing with other systems (such as compatibility with a web browser)  

  • Improve the functioning of our Service  

  • Prevent fraud or other criminal activity  

This information is automatically sent to us – although there are technical ways you can prevent us from receiving this information (for example by changing the information your browser supplies to us) – the way in which browser and web software works means it is inevitable that we process it. 

Cookies: Our use of cookies is a little more complicated, so we have written a detailed Cookie Policy, explaining what cookies are; our additional reasons for processing them and explaining in detail how we process different kinds of cookies. 

URLs we share: We may also include information linked to you in any URL (web link) that we share with you. We use this to enable us to present personalized information to you when you visit our website.  

Social Media Partners: We make use of various Social Media Partner tools that will result in the collection and processing of information, including your browser and device data. Some of this may be sent by our systems to our Social Media Partners; in other cases, your browser may automatically make a web connection to the Social Media Partner which will include information sent automatically by your browser. 

2.1.6 Payment Information  

This is information that is necessary in order for payments to be processed by our third-party payment processor. For example, the amount of the payment, payment card type, payment card number, and your billing address.   

For your security our payment processor only shares the last 4 digits of your payment card number with us.  

We retain this data as required to comply with our legal obligations under tax and corporate law.  

2.1.7 Correspondence  

When you directly correspond with us (such as sending us an email) we will process information about you concerned with that correspondence, including your email and our responses. We keep that information for as long as necessary to deal with the correspondence – for example if you have made a complaint, as long as needed to deal with the complaint – and then for a further 6 years, in case we need it to defend or establish a legal claim.  

2.1.8 Scientific Research Studies  

You may, from time to time, be invited to participate in one or more scientific research studies. Participation is entirely voluntary and subject to an additional sign-up process, which is managed by an ethics review board. This privacy policy may not accurately describe the data processing carried out during such a research study but if that is the case, the information you receive before participating in the study will explain any differences.  

  

2.2 Our purposes for using Personal Data  

We have explained specific reasons for processing categories of personal data above. Our core purpose is research into the microbiome, diet and the link between them which we use to develop and improve our Service and to be able to personalize it to you as well as for general scientific research as well as research and development purposes, including but not limited to diagnostic assays for specific diseases. For those purposes we process your self-reported health information, samples (processed on our behalf by third parties), Test Results and some customer information.  

We may process any of the information you provide us with for the purpose of providing support and assistance in using the Service.  

We may also process your personal information if we are legally required to do so in circumstances where this cannot be reasonably resisted.  

We will not collect additional categories of Personal Data or use the Personal Data we collected for different purposes without providing you notice.  

  

3. How we share your Personal Data  

We do not share Personal Data with anyone else, other than with:  

  • Our group (Intus Biosciences, LLC, based in the US)  

  • Others carry out research into diet and/or health including academic research organizations (such as universities) and pharmaceutical companies, for example to assist in the development of new medications or diagnostic assays for particular diseases. When we do this your data will be anonymized.  In some cases, anonymized data may be uploaded to public databases as part of the peer-review process. For example, if a scientific advancement using the data is considered by scientific journal reviewers and editors and deemed suitable for publication, standard practice requires that the data behind the study be posted to support the results of the publication. All data posted to public databases will be anonymized.  

  • Laboratories engaged by Intus Bio to carry out tests. These laboratories may use physicians to sign off on authorization on behalf of customers to conduct tests in certain jurisdictions that restrict the sale of direct-to-consumer lab tests without physician authorization. Intus Bio will share any information that is necessary to obtain an authorization (including self-reported health information and other Test Results) with these laboratories and their physicians.  

  • Contractors providing us services we use for processing Personal Data, which include:  

  • Hosting, technology and communication providers.  

  • Security and fraud prevention consultants.  

  • Analytics providers.   

  • Support and customer service vendors.  

  • Payment processors  

  • Our professional advisors, such as if we need to consult an attorney for legal advice. In all cases these will be advisors under a professional duty of confidence.  

Business Transfers  

All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.  

Data that is not Personal Data  

We may convert Personal Data into anonymous data, that is data which can no longer be linked with identifiable individuals, for example by aggregation of data about multiple individuals. We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user.   

For example, we use your self-reported health information, Test Results and some of your customer information to improve our models of the interaction of diet and health or for the development of diagnostic assays for particular diseases. The models we create have no individual information about you, being the aggregation of data from many individuals.   

We may use such anonymous data and share it with third parties for our lawful business purposes, including to analyze, build and improve the Service and other future products and services and promote our business, provided that the data remains anonymous. We do not delete anonymous data on any particular timetable. You may assume that we could keep it indefinitely.  

  

4. Tracking tools, advertising and your rights to opt-out  

4.1 General tracking  

The Service uses cookies and similar technologies such as pixel tags, web beacons, clear GIFs and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser, tell us how and when you visit and use our Service, analyze trends, learn about our user base and operate and improve our Service. Cookies are small pieces of data – usually text files – placed on your computer, tablet, phone or similar device when you use that device to access our Service. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). Please note that because of our use of Cookies, the Service does not support “Do Not Track” requests sent from a browser at this time.  

4.2 Mailing Lists  

You can subscribe to our mailing lists to get the latest updates on our scientific discoveries or information about our products without creating an Intus Bio account and we will use the data you provide us with for these purposes.   

Our legal basis for doing so is, depending on the context, our legitimate interest in promoting our services, or your consent. 

Opt-out options: You can always opt out of receiving emails by unsubscribing via the “unsubscribe” link contained in the email. Opting out of these emails or notifications will not end the transmission of service-related emails that are necessary to your use of our service. You can opt out of receiving marketing SMS by replying "STOP" to any SMS notification you receive from GUTID.  This will stop ALL SMS notifications (including service-related notifications). 

If you unsubscribe, we will need to keep just enough information on file to make sure we respect your preferences in the future.   

4.3 User Research  

If you are an Intus Bio customer, we may email you to invite you to answer some questions regarding our products or services or share feedback with you from customer surveys, interviews or focus groups.  

  

5. Data security  

We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.  

The periods for which we retain individual categories of Personal Data are explained under the heading “Categories of Personal Data we collect”, but in some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation.   

 

 6. Data retention 

We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. 

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. 

For example, we keep information we use to provide you with our Service (including Customer Information, Test Results, and self-reported health information) for as long as you have a subscription or account with us and for a period of 6 years after you end your subscription or close your account (as applicable). This is necessary for us to be able to resolve any legal disputes that may arise. Where you have opted to participate in Research, we may retain your data for the duration of the Research. We routinely delete our web server logs after 90 days, unless we are aware of any serious problem that requires investigation (for example fraud or a hostile attack to our systems), in which case we may preserve any information necessary for that investigation for as long as it is needed. Once the investigation is concluded, we will delete the data. 

The laboratories that receive your Samples and provide us with Test Results will keep samples for different lengths of time depending on the requirements of the locally applicable law (for example, of your country or state). How long a sample is kept may depend on factors such as whether a test is successful or not. 

 

7. Personal data of children 

As noted in our Terms of Service, we do not knowingly solicit Personal Data from children under 18 years of age (or under). If you are a child under the age of 18, please do not attempt to register for or otherwise use the Service or send us any Personal Data.  

If we learn that a child under 18 years of age has provided us with Personal Data, we will delete that information as quickly as possible. If you believe that a child under 18 years of age may have provided Personal Data to us, please contact us ask@gutid.com.

 

8. Your rights as a European Union Data Subject  

8.1 Introduction 

Our headquarters are in the United States. European Union citizens may be protected under the EU’s General Data Protection Regulation ("GDPR"). You may have additional rights under the GDPR with respect to your Personal Data, as outlined below. 

For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information about a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage, amendment, deletion and disclosure. We will be the controller of your Personal Data processed in connection with the Service. 

If there are any conflicts between this section and any other provision of this Privacy Policy, the policy or portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at email: ask@gutid.com

8.2 Personal Data We Collect 

The “Categories of Personal Data We Collect” section above details the Personal Data that we collect from you. 

8.3 Personal Data Use and Processing Grounds 

The “Our Purposes for Using Personal Data” section above explains the purposes for which we process your Personal Data. 

We will only process your Personal Data if we have a lawful basis under the GDPR for doing so. Lawful bases for processing include: 

  • Consent: Except for the specific situations explained below, we process your customer information, self-reported health information; samples and Test Results by consent. You may withdraw your consent at any time and we will stop processing your Personal Data in this way. 

  • Contractual Necessity: In order to be able to fulfill our contract, we need to collect customer information we have marked as required and all payment information.  

  • Compliance with a legal obligation: As explained above, we will sometimes have to process personal data in order to comply with a legal obligation imposed on us. Where those obligations are imposed by EU law, that law will provide us with lawful grounds for processing.  

  • Legitimate Interest: We process the following categories of Personal Data when we believe it is in our legitimate interest to do so and we do not believe that your rights of freedoms will be unduly interfered with by our processing: 

  • Device data is justified by our legitimate interest in maintaining a reliable and secure system, free from errors and external security threats. 

  • Where we are required to process personal data due to a legal obligation in the United States of America, we believe that justifies our processing your data.  

  • Cookies, for the reasons set out in our Cookie Policy.

All information about your health, which we would normally be forbidden from processing by the GDPR, is processed by us because you have consented to us doing so. 

8.4 Sharing Personal Data 

The “How We Share Your Personal Data” section above details how we share your Personal Data with third parties.  

8.5 Data Subject Rights 

You have certain rights with respect to your Personal Data, including those set forth below. To submit a request to exercise any of these rights, or to ask for more information, please email us at email: ask@gutid.com.

Some of the rights below apply only in specific circumstances. In other situations, we may not be able to fully comply with your request, for example if it would be impossible or would involve a disproportionate effort; or if it jeopardizes the rights of others; but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request. 

  • Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. 

  • Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.  

  • Erasure: In some situations, you may have a right to request that we erase some or all of your Personal Data from our systems. 

  • Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Service.  

  • Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.  

  • Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes. 

  • Restriction of Processing: You can ask us to restrict further processing of your Personal Data. 

  • Right to File Complaint: You have the right to lodge a complaint about our practices with the EU’s Information Commissioner

Our Data Protection Officer is contactable at email: ask@gutid.com.

8.6 International Transfers of Personal Data 

We are based in the United States, but also have operations in the United Kingdom. In providing the Service, we will transfer Personal Data between the UK, European Union and the USA and possibly other countries. Personal Data in the USA will be governed by US law and in other countries by the law of those countries. Because the protection of Personal Data is very different in the USA (and other countries) from the UK and the European Union, the GDPR requires us to put in place safeguards which will ensure that your GDPR rights continue to be respected in the USA and those other countries. 

When transferring Personal Data outside the UK and the EU, we typically implement standard contractual clauses (requiring the recipient to comply with high standards of data protection and giving data subjects rights to sue the recipient for failure to do so). Where required, we also conduct risk assessments on the transfers and the protections available in the destination countries. Alternatively, we may or rely on current adequacy regulations made by the Information Commissioner’s Office, for example those that hold that the protection of personal data in the European Union is “adequate” (or in other words it is up to the standards of the GDPR so that no additional safeguard is needed). 

If you wish to see a copy of the standard contractual clauses we use, please contact us at the contact information given at the end of this privacy policy. 

If, in the future, there are alternative means of giving you equivalent protection to the GDPR when we transfer data outside the US, for example of statutory codes of practice are approved for our use, then we may use those methods instead of any described above, but in all cases we will satisfy ourselves that your Personal Data will be protected. 

 

9. California resident rights 

If you are a California resident, you have the rights set forth in this section. Please see the “Exercising your rights” section below for instructions regarding how to exercise these rights. Please note that we may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Data as a service provider, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data. 

If there are any conflicts between this section and any other provision of this Privacy Policy and you are a California resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at email: ask@gutid.com.

9.1 Access 

You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. In response, we will provide you with the following information: 

  • The categories of Personal Data that we have collected about you. 

  • The sources from which that Personal Data was collected. 

  • The business or commercial purpose for collecting or selling your Personal Data. 

  • The categories of third parties with whom we have shared your Personal Data. 

  • The specific pieces of Personal Data that we have collected about you. 

If we have disclosed your Personal Data to any third parties for business purposes over the past 12 months, we will identify the categories of Personal Data shared with each category of third-party recipient. If we have sold your Personal Data over the past 12 months, we will identify the categories of Personal Data sold to each category of third-party recipients.

9.2 Deletion 

You have the right to request that we delete the Personal Data that we have collected about you. Under the California Consumer Privacy Act (CCPA), this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Service or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.  

9.3 Exercising your rights 

To exercise the rights described above, you or your Authorized Agent (defined below) must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data (we will use our existing authentication practices (your username and password) as the mechanism for verifying your identity, or if such information is unavailable then we will use alternative validation data to verify your identity to a reasonable degree of certainty), and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request. 

We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request. 

You may submit a Valid Request by emailing us at: ask@gutid.com.

You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf. 

9.4 Personal Data sales opt-out and opt-In 

We will not sell your Personal Data, and have not done so over the last 12 months. 

We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA 

We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may offer different tiers of our Service as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.  

 

10. Other privacy rights 

California resident rights 

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at email: ask@gutid.com

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services that you do not wish such operators to track certain of your online activities over time and across different websites. Our Service does not support Do Not Track requests at this time. To find out more about “Do Not Track,” you can visit www.allaboutdnt.com.  

Nevada resident rights 

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell that Personal Data. You can exercise this right by contacting us at email: ask@gutid.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A.  

 

11. Intus Bio Notice of Privacy Practices  

Our headquarters, at Intus Biosciences, LLC, are in the United States.   

Intus Bio, Intus Bio’s Affiliates, and Intus Bio’s licensors are legally required to safeguard your protected health information (PHI). PHI includes information that can be used to identify you that Intus Bio, its affiliates and licensors have created or received about your past, present, or future health or condition, the provision of the microbiome report to you, or the payment of this report. We recognize the importance of PHI and take all steps appropriate and necessary to maintain the privacy of your PHI.  

Intus Bio, its affiliates and licensors are required by law to maintain the privacy of PHI and provide you with notice of our legal duties and privacy practices with respect to PHI. This document describes how Intus Bio uses and discloses your PHI.  

Intus Bio reserves the right to change the terms of this notice and our privacy policies at any time, which will apply to the PHI we already have. Before any changes are made to our policies, we will promptly change this notice.  

How we may use and disclose your PHI.  
It is our policy to use or disclose PHI only as permitted by law as follows:  

  • To carry out test. (Example: test samples made available to the Intus Bio lab partners)  

  • To obtain payment for treatment. (Example: Filing insurance, billing for services)  

Use or Disclosure In Accordance With an Authorization  
Intus Bio, its affiliates or licensors may use and disclose your PHI for purposes other than test kit order placement, payment, or test operations only with your written authorization which you may revoke at any time. The following section details specific uses and disclosures where consent or authorization is unnecessary:  

Use or Disclosure Where Consent or Authorization is Unnecessary  
Intus Bio may use or disclose your health information; to the extent you have been notified in advance and had the opportunity to object in whole or in part, under the following circumstances:  

  • To notify family, friends, or other individuals involved with your care or in the payment for your health care.  

  • In an emergency where the opportunity to object is not practical due to emergency circumstances or your incapacity; consent may be obtained retroactively.  

  • To an entity authorized to assist in disaster relief efforts.  

  • As required by federal, state, or local law.  

  • To a public health authority to carry out public health activities.  

  • To a government authority, under certain circumstances, in the event we reasonably believe you are a victim of abuse, neglect, or domestic violence.  

  • To a health oversight agency to conduct health oversight activities such as audits, civil, administrative or criminal investigations, inspections, licensure or disciplinary actions.  

  • To carry out judicial or administrative proceedings.  

  • To a medical examiner to identify a decedent or determine cause of death.  

  • For the purpose of conducting medical research.  

What Rights You Have Regarding Your PHI  
Intus Bio is committed to protecting your individual rights as they relate to your PHI.  

  • You have the right to authorize uses and disclosures of your PHI and can request restrictions on future uses and disclosures of your PHI. We reserve the right to refuse to grant specific restrictions but, if we agree, will be bound by such restrictions. You may not limit the uses and disclosures that we are legally required or allowed to make.  

  • You have the right to receive communications in an alternative manner or at an alternative location – i.e. an alternative address or communications sent electronically.  

  • You have the right to access, inspect, and obtain copies of your own PHI unless otherwise prohibited by law.  

  • You have the right to request access to your laboratory results. You may do this by contacting Intus Bio.  

  • You have the right to request that your PHI be amended.  

  • You have the right to receive an accounting of all disclosures made in accordance with an authorization.  

  • You have the right to request or print a copy of this Notice of Privacy Practices.  

How To Complain About Our Privacy Practices  
If you believe we may have violated your privacy rights, you may file a complaint with Intus Bio via email at info@intusbio.com.  

11.2 Personal Data We Collect  

The “Categories of Personal Data We Collect” section above details the Personal Data that we collect from you.  

11.3 Personal Data Use and Processing Grounds  

The “Our Purposes for Using Personal Data” section above explains the purposes for which we process your Personal Data.  

We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include:  

  • Consent: Except for the specific situations explained below, we process your customer information, self-reported health information; samples and Test Results by consent. You may withdraw your consent at any time and we will stop processing your Personal Data in this way.  

  • Contractual Necessity: In order to be able to perform our contract, we need to collect customer information we have marked as required and all payment information.  

  • Compliance with a legal obligation: As explained above, we will process personal data in order to comply with a legal obligation imposed on us. Where those obligations are imposed by the law, that law will provide us with lawful grounds for processing.  

  • Legitimate Interest:  We process the following categories of Personal Data when we believe it is in our legitimate interest to do so and we do not believe that your rights of freedoms will be unduly interfered with by our processing:  

  • Device data is justified by our legitimate interest in maintaining a reliable and secure system, free from errors and external security threats.  

  • Cookies  

11.4 Sharing Personal Data  

The “How We Share Your Personal Data” section above details how we share your Personal Data with third parties.   

11.5 International Transfers of Personal Data  

In providing the Service, we will transfer Personal Data between the USA and the UK and vice versa. Because the protection of Personal Data is very different in the USA from the UK, the GDPR requires us to put in place safeguards which will ensure that your GDPR rights continue to be respected in the USA.  

If, in the future, there are alternative means of giving you equivalent protection to the GDPR when we transfer data outside the UK, for example of statutory codes of practice are approved for our use, then we may use those methods instead of any described above, but in all cases we will satisfy ourselves that your Personal Data will be protected.  

12. Changes to this Privacy Policy  

We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time, but we will alert you to any such changes by placing a notice on the Intus Bio Website, or by sending you an email, and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Service, and you are still responsible for reading and understanding them. If you use the Service after any changes to the Privacy Policy have been posted, that means you agree to all of the changes. Use of information we collect is subject to the Privacy Policy in effect at the time such information is collected.  

 

13. How to Contact Us 

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us at: ask@gutid.com.

bottom of page