2024-01-17 - DesigNA Logo (White & Gold) Blue Background
Menu

Privacy Policy

Privacy Policy

Last Updated: 30/10/2025

Introduction

This privacy policy explains how Double Strand Ltd (trading as DesigNA®) collects, uses, stores, and protects your personal information, including your genetic data.

Who we are:

Company Name: Double Strand Ltd
Trading Name: DesigNA®
Company Number: 15005294
Registered Office: The Durham Genome Centre, Park House, Station Road, Lanchester, Co. Durham, DH7 0EX
Website: www.mydesigna.co.uk
Contact Email: sales@mydesigna.co.uk

Double Strand Ltd is the data controller responsible for your personal data. We are registered under UK data protection legislation and are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. What Information We Collect

We collect and process the following types of personal data:

1.1 Personal Contact and Order Information

  • Full name
  • Postal address
  • Email address
  • Telephone number
  • Date of birth
  • Order history and product preferences

1.2 Genetic Data (Special Category Data)

This is the most sensitive data we process. When you order a personalised DesigNA® product, we collect:

  • Physical DNA samples obtained via cheek swab
  • Digital genetic profiles comprising Short Tandem Repeat (STR) analysis results
  • Genetic patterns used to create your unique jewellery design

What your jewellery contains:

Your jewellery Product contains a visual artistic representation of your unique genetic code. The jewellery does not contain physical DNA material or digital genetic data – it is an artistic interpretation created from STR analysis.

Important: Genetic data is classified as “special category data” under UK GDPR Article 9, which means it receives the highest level of protection under data protection law.

1.3 Payment Information

We do not store your full payment card details. Payment information is processed securely by our payment service providers (Stripe, Apple Pay, Google Pay) who comply with Payment Card Industry Data Security Standards (PCI-DSS). We retain limited transaction information (date, amount, last 4 digits of card) for accounting purposes only.

1.4 Technical Information

When you visit our website, we automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Referring website URLs
  • Pages viewed and time spent on pages
  • Click-stream data

1.5 Marketing Preferences

  • Your consent preferences for receiving marketing communications
  • Email engagement data (if you subscribe to our marketing)

1.6 Children’s Data

We process genetic data for customers of all ages, including children. If you are ordering on behalf of a child under 16, you must have parental responsibility for that child and provide consent on their behalf. Young people aged 16-17 can provide their own consent for DNA collection in accordance with UK medical consent laws.

2. How We Collect Your Information

We collect information:

  • Directly from you when you complete our order forms, contact us, or register for our services
  • From your DNA sample when you return your sampling kit to us
  • Automatically through cookies and similar technologies when you use our website (see our Cookie Policy)
  • From third parties such as payment processors and delivery services

3. Legal Basis for Processing Your Data

We process your personal data under the following legal bases:

3.1 For Non-Genetic Personal Data:

  • Contract performance: To fulfil your order and deliver your personalised jewellery
  • Legal obligation: To comply with accounting, tax, and legal requirements (e.g., retaining order records)
  • Legitimate interests: To improve our services, website, and customer experience
  • Consent: For marketing communications (where you have opted in)

3.2 For Genetic Data (Special Category Data):

Explicit consent: You provide explicit, informed consent for us to collect, process, and analyse your DNA sample and genetic data for the sole purpose of creating your personalised jewellery.

When you place an order, you will be asked to provide clear, affirmative consent specifically for the processing of your genetic data. You have the right to withdraw this consent at any time before your jewellery is manufactured.

4. How We Use Your Information

4.1 Genetic Data

We use your genetic data exclusively to create your unique, personalised jewellery design by:

  • Analysing STR markers from your DNA sample
  • Overlaying alleles to create a unique pattern
  • Translating this pattern into your jewellery design

We do not:

  • Use your genetic data for any health, medical, or ancestry analysis
  • Share your genetic data with anyone except our accredited laboratory partner (Complement Genomics Ltd) and our secure cloud infrastructure provider (DigitalOcean) as described in Sections 5 and 6
  • Store your genetic data after your product has been completed
  • Use your genetic data for research purposes
  • Sell or commercialise your genetic data
  • Share your genetic data with jewellery manufacturers, marketing platforms, or any other parties

4.2 Other Personal Data

We use your personal information to:

  • Process and fulfil your orders
  • Communicate with you about your order status
  • Provide customer support
  • Process payments and prevent fraud
  • Comply with legal and regulatory requirements
  • Send you marketing communications (only if you have opted in)
  • Improve our website, products, and services
  • Analyse customer trends and preferences (in aggregated, anonymised form)

5. Our Laboratory Partner – Genetic Data Processing

Your DNA sample is processed by:

Complement Genomics Ltd
The Durham Genome Centre, Park House, Station Road, Lanchester, Co. Durham, DH7 0EX

Complement Genomics Ltd is an accredited laboratory that acts as a data processor under our instruction. They:

  • Comply with UK GDPR and current data protection legislation
  • Perform STR analysis on your DNA sample
  • Maintain strict security protocols for handling genetic material
  • Destroy physical DNA samples immediately after analysis
  • Provide genetic profile data to DesigNA® via secure, encrypted USB devices

Complement Genomics Ltd processes your genetic data solely for the purpose of creating your DesigNA® jewellery and does not use it for any other purpose.

6. Data Security – How Your Genetic Data Is Protected

We take the security of your genetic data extremely seriously:

6.1 Physical Sample Security

  • Samples are transported to Complement Genomics Ltd using secure, tracked courier services
  • Laboratory processing follows strict accreditation protocols
  • Physical samples are destroyed immediately after analysis

6.2 Digital Genetic Data Security

  • Genetic profile data is transferred from the laboratory to DesigNA® using encrypted, lockable USB devices
  • Data is uploaded to our secure server hosted on DigitalOcean cloud infrastructure (UK data centres)
  • Access to the server is protected by two-factor authentication (2FA) and strong password protection
  • Data is processed on secure systems with restricted access
  • Files are permanently deleted immediately after your jewellery design is finalised
  • No backups or copies of your genetic data are retained

6.3 General Data Security

  • Secure servers with encryption
  • Access controls limiting who can view personal data
  • Regular security assessments
  • Staff training on data protection

7. How Long We Keep Your Data

7.1 Genetic Data

  • Physical DNA samples: Destroyed immediately after laboratory analysis
  • Digital genetic profiles: Permanently deleted immediately after your jewellery is completed
  • You do not need to request deletion – this happens automatically

7.2 Personal Contact and Order Data

  • Order histories and associated data: 6 years (for accounting and legal compliance)
  • Contact details for marketing: 2 years after your last interaction with us
  • Customer service correspondence: 3 years

7.3 Payment Data

We do not store your full payment card details. Limited transaction information (e.g., date, amount, last 4 digits) is retained for 6 years for accounting purposes.

8. Who We Share Your Data With

We share your personal data only with trusted third-party service providers who help us deliver our services:

8.1 Genetic Data Sharing

Your genetic data is shared only with the following parties, solely for the purpose of creating your personalised jewellery:

  • Complement Genomics Ltd (DNA laboratory) – Analyses your DNA sample and creates your genetic profile (as described in Section 5)
  • DigitalOcean (cloud infrastructure provider) – Hosts the secure server where genetic profile data is temporarily processed to create your jewellery design template. DigitalOcean operates as a data processor and does not access or use your genetic data. Robust security measures are in place including two-factor authentication and encryption.

Your genetic data is never shared with jewellery manufacturers, marketing platforms, or any other third parties.

8.2 Other Service Providers (Non-Genetic Data)

  • Payment processors: Stripe (for card payments, Apple Pay, Google Pay)
  • Delivery services: Royal Mail (to ship your sampling kit and finished jewellery)
  • Email marketing: Mailpoet (if you’ve consented to marketing emails)
  • Website hosting: DigitalOcean (for website hosting)
  • Website analytics: Google Analytics
  • Website platform: WooCommerce

All third-party processors are required to:

  • Process data only on our instructions
  • Implement appropriate security measures
  • Comply with UK GDPR

8.3 Legal Disclosures

We may disclose your information if required by law, court order, or regulatory authority.

9. International Data Transfers

Most of your data is processed within the United Kingdom. However:

  • DigitalOcean: Our website hosting and genetic data processing provider has headquarters in the USA but stores data in UK data centres. Data transfers (if any) are protected by appropriate safeguards compliant with UK GDPR.
  • Google Analytics: May involve data transfers to the USA under Google’s GDPR-compliant frameworks.
  • Mailpoet: Email marketing data is stored on our WordPress server hosted on DigitalOcean’s UK data centres. No international data transfers occur for email marketing.

Your genetic data is never transferred outside the UK. It is processed exclusively by Complement Genomics Ltd in the UK and stored/processed by DesigNA® on DigitalOcean’s UK data centres.

10. Your Rights

Under UK GDPR, you have the following rights:

10.1 Right to Access

You can request a copy of the personal data we hold about you.

10.2 Right to Rectification

You can ask us to correct inaccurate or incomplete personal data.

10.3 Right to Erasure (‘Right to be Forgotten’)

You can request deletion of your personal data in certain circumstances. Note: Your genetic data is automatically deleted after your jewellery is completed.

10.4 Right to Restrict Processing

You can ask us to limit how we use your data in certain circumstances.

10.5 Right to Data Portability

You can request your personal data in a structured, commonly used format.

10.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

10.7 Right to Withdraw Consent

For genetic data: You can withdraw consent for genetic data processing at any time before your jewellery is manufactured. Once withdrawn, we will destroy your sample and delete your genetic data. You may not receive a refund if processing has already begun (see our Terms & Conditions for full details).

For marketing: You can opt out of marketing emails at any time using the unsubscribe link in our emails or by contacting us.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: www.ico.org.uk
Telephone: 0303 123 1113

11. How to Exercise Your Rights

To exercise any of these rights, please contact us at: sales@mydesigna.co.uk

We will respond to your request within one month.

12. Marketing Communications

We would love to keep you updated about new products, special offers, and news from DesigNA®.

Consent Required:

We will only send you marketing communications if you have actively opted in to receive them. During checkout or when you create an account, you will be asked whether you would like to receive marketing emails from us. You are free to decline without affecting your order or service.

What You’ll Receive:

If you opt in, we may send you:

  • New product launches and collections
  • Special offers and promotions
  • Behind-the-scenes content and stories
  • Updates about DesigNA®

How to Opt In or Out:

  • Opt in: Tick the marketing consent box during checkout or in your account settings
  • Opt out/unsubscribe: Click the “unsubscribe” link in any marketing email, update your preferences in your account, or contact us at sales@mydesigna.co.uk

Service Emails:

Please note that opting out of marketing will not affect essential service emails related to your orders, such as order confirmations, dispatch notifications, and customer service correspondence.

13. Customer Testimonials and Marketing

With your permission, we may use:

  • Customer testimonials
  • Photos of your jewellery
  • Your feedback in our marketing materials

We will always ask for your separate, specific consent before using your testimonials or images publicly. You can withdraw this consent at any time.

14. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and understand how visitors interact with our site.

Cookies are small text files stored on your device that help us:

  • Remember your preferences and settings
  • Understand which pages and features are most popular
  • Improve our website performance and user experience
  • Deliver relevant content

For full details about:

  • What cookies we use
  • The purpose of each cookie
  • How long cookies are stored
  • How to manage or disable cookies
  • Third-party cookies (e.g., Google Analytics, Mailpoet)

Please read our separate Cookie Policy.

By continuing to use our website, you consent to our use of cookies in accordance with our Cookie Policy. You can change your cookie preferences at any time through your browser settings.

15. Children’s Privacy

We create personalised jewellery for customers of all ages, including children.

If you are ordering on behalf of a child under 16:

  • You must have parental responsibility for the child
  • You must provide consent for the processing of their personal data and genetic data
  • You are responsible for ensuring the child understands what data is being collected and how it will be used (in an age-appropriate manner)

Young people aged 16-17:

Can provide their own consent for DNA collection and analysis in accordance with UK medical consent laws. They do not require parental consent for the DNA collection itself, though may need assistance with payment methods.

Parents and guardians can exercise data rights on behalf of children under 16.

16. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify you by:

  • Posting the updated policy on our website with a new “Last Updated” date
  • Sending an email to registered customers (where appropriate)

Please review this policy periodically.

17. Data Protection Contact and Data Protection Officer

Double Strand Ltd has designated a Data Protection Officer (DPO) to oversee compliance with data protection legislation and to act as the point of contact for data protection matters.

Data Protection Officer:
Oliver Sullivan, Director
Double Strand Ltd (trading as DesigNA®)
Email: sales@mydesigna.co.uk
Address: The Durham Genome Centre, Park House, Station Road, Lanchester, Co. Durham, DH7 0EX

As Director and DPO, I am responsible for:

  • Monitoring compliance with UK GDPR and data protection laws
  • Advising on data protection impact assessments
  • Co-operating with the Information Commissioner’s Office (ICO)
  • Acting as the contact point for data subjects and supervisory authorities

Independence and Conflicts of Interest:

As a small business, our Director acts as DPO. Whilst we recognise that this creates potential conflicts between business and data protection interests, we are committed to:

  • Prioritising data protection compliance in all business decisions
  • Seeking independent, specialist legal advice on data protection matters where conflicts arise or complex issues emerge
  • Maintaining transparency with customers about our data practices
  • Regularly reviewing our policies and procedures to ensure ongoing compliance

If you have any questions, concerns, or requests regarding your personal data or this privacy policy, please contact the DPO using the details above.

18. Consent for Genetic Data Processing

By ordering a DesigNA® product and returning your DNA sample, you explicitly consent to:

  • The collection and analysis of your DNA sample by Complement Genomics Ltd
  • The creation of a genetic profile based on STR analysis
  • The use of your genetic profile exclusively to design your personalised jewellery
  • The temporary processing of your genetic profile on secure cloud infrastructure (DigitalOcean UK data centres)
  • The automatic destruction of your physical sample after analysis
  • The automatic deletion of your genetic profile after your jewellery is completed

You understand that:

  • Genetic data is highly sensitive personal information
  • Your genetic data will only be used to create your jewellery design
  • Your jewellery contains a visual representation of your genetic profile, not physical DNA material or digital genetic data
  • Your genetic data will not be used for health, medical, ancestry, or research purposes
  • You can withdraw consent before your jewellery is manufactured (see our Terms & Conditions for refund policy details)
  • Your physical sample and genetic data will be permanently destroyed/deleted after use

Effective Date: 30/10/2025
Version: 2.1

 

Scroll to Top