Online privacy and cookie policy

At ODL, we take our responsibilities regarding the protection of customer information very seriously and are committed to protecting your privacy, keeping your data safe and not doing anything with it that you wouldn’t reasonably expect.

This policy explains what personal data we collect about you, how and why we use it, who we disclose it to, and how we protect your privacy. For more details, including information on cookies, please read the relevant sections below.

This policy demonstrates our commitment to protecting the privacy and security of your personal information and describes how ODL collects, processes, and retains your personal information.

Our Privacy and Cookie Policy will be updated from time to time, so please check back regularly. It will be updated from time to time, so please check back regularly.

If you have any questions or comments regarding this policy, please email dp*@*****dx.com.

If you are concerned that we have not complied with your legal rights or applicable privacy laws, you may contact the Information Commissioner’s Office (www.ico.gov.uk) which is the regulator responsible for data protection in the United Kingdom, where ODL is located. Alternatively, if you are located outside of the United Kingdom, you may contact your local data protection authority.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at dp*@*****dx.com.

We explain below who we may share your personal data with. To offer you our products, apps and services, we may need to transfer your personal data to other countries. When we do so, if the recipient of your personal data is located outside a jurisdiction deemed adequate under applicable data protection law, we ensure that we use a lawfully approved mechanism for that transfer.

Who we are

Omega Diagnostics Ltd (registered in Scotland with company number SC107178) is part of Cambridge Nutritional Sciences PLC (registered in England and Wales with company number 5017761).

ODL is focused on selling a wide range of specialist products, primarily in the immunoassay, in-vitro diagnostics (IVD) market.

Our purpose is to improve human health and well-being through innovative diagnostic tests and global partnerships.

Omega Diagnostics Ltd is responsible for the personal data that we collect and hold about you.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Email address | dp*@*****dx.com

The company has two offices; one in England (HQ) and India:

Omega Diagnostics Ltd (HQ)

Eden Research Park
Henry Crabb Road
Littleport, Ely
Cambridgeshire
CB6 1SE
England

+44 (1353) 862220 | od*@*****dx.com | omegadx.com

Omega Dx (Asia) Pvt Ltd
508, 5th Floor
Western Edge-I
Kanakia Spaces
Western Express Highway
Borivali (East)
Mumbai 400066
India
+91 (22) 46041747 | in**@*****************co.in | india.omegadx.com

Personal data or information means any information that can be used to identify you. For example, it can include information such as your name, date of birth, email address, postal address, telephone number, payment details as well as information relating to your general health.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

> Identity Data includes first name, maiden name, last name, username or similar identifier, title, date of birth and gender

> Contact Data includes address, email address and telephone numbers

> Financial Data includes bank account and payment card details

> Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us

> Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website or any of our services or apps.

> Enquiry Data includes data you provided us with when you contact us for customer service assistance (by any means of communication including written communications, via our website, telephone, email, or our social media channels) or when you visit us at a public event, such as a trade show or exhibition or participate in one of our surveys, we may record all customer service communications and keep information about the particular communication, including your name, the product(s) you bought, the reason why you contacted us, and the advice we gave you so we track the resolution of any customer service issues and for customer service training purposes.

> Usage Data includes information about how you use our website, products and, as well as the frequency and pattern of your service use

> Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.

> Wellness Data which includes data you provide related to your diet, lifestyle habits, and general wellness. We collect this data in order to provide relevant services and tailored features, which are specific to you. For example meal plans, reporting and analytics, and product recommendations.

> Health Data which includes the results of any tests that you purchased and sent to us to process.

> Aggregated Data such as statistical or demographic data. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.

We do not knowingly collect personal data online from individuals under 18. If you become aware that a child has provided us with personal data without parental consent, please contact us through our support team. If we become aware that an individual under 18 has provided us with personal data without parental consent, we will take steps to remove the data and cancel that individual’s account.

We use your personal data:

> To provide you with the services, products or information you asked for – for example, process your samples within our lab services

> To register you as a professional practitioner so we are able to offer our lab services

> To process payments for our products and services

> Where we need to perform the contract, we are about to enter into or have entered into with you

> Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests

> Where we need to comply with a legal or regulatory obligation

> To keep a record of your relationship with us

> To ensure we know how you prefer to be contacted

> To understand how we can improve our services or information

> To keep you updated on our products and services

We collect your personal information through a number of different sources:

> Via our website

> On our Laboratory Information Management System (LIMS)

> Via sample information forms when you return your sample to the service laboratory to be tested

> Via laboratory samples

> Through transactions made by phone or via our website

1 For business customers, our lawful basis is legitimate interest as it’s necessary to inform business customers and stakeholders about our products/services to grow their business offering and ours.

2 For consumers our lawful basis for processing data will be where you have given explicit consent

3 We process the following special category of personal data – health data, if you have given your explicit consent

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. 

We may retain your personal data for a longer period where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person, or in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

Once your account is dormant we will retain your data as follows:

> Health data – 8 years
> Training data – 1 year

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes. As you cannot be identified this data is not subject to GDPR in which case we may use this information indefinitely.

Serum and plasma samples are stored frozen and retained for no longer than a period of 1 month in our laboratory, in accordance with the Royal College of Pathologists Guidelines. Additional testing or retests will only be performed upon specific request by the client. Samples will be disposed of after this period by incineration.

Payment card details received over the phone, at seminars and exhibitions are either processed at point of receipt or at our head office. Our payment gateway may hold your payment card details securely for future payments.

We also adhere to the Payment Card Industry Data Security Standards (PCI-DSS), see Digital Services.

Website

www.omegadx.com is hosted in the UK on an Azure platform using the DNN CMS. For further information, please view DNN’s Privacy Policy.

www.cnslab.co.uk is hosted on WordPress who are headquartered in San Francisco, California. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through WordPress’s data storage, databases and the general WordPress application. For further information, please view WordPress’s Privacy Policy.

When you use a social media platform and interact with and its products, you do so by consenting to the terms and conditions of such platforms.  This can include Facebook, X, Instagram, LinkedIn, TikTok and YouTube. For more information, please see their individual terms and conditions and privacy policies.

We will send you marketing emails and newsletters to keep you updated on our products and services. You can at any time opt out of receiving these emails by emailing us or clicking on the unsubscribe link at the bottom of each email that you receive.

Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements when you leave our website, we encourage you to read the privacy notice of every website you visit.

Google LLC
Used for website analytics. Privacy policy, EU-U.S Privacy Shield certification

Fellowship Productions Ltd.
The UK-based design and digital marketing agency responsible for building and maintaining the CNSLab website. Fellowship website

From time to time, Omega Diagnostics Ltd will carry out surveys to collect information from suppliers, practitioners and consumers to establish areas for improvement and quality monitoring. In most cases SurveyMonkey will be deployed for such activities.

SurveyMonkey Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield. SurveyMonkey is committed to subjecting all personal information and data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List or view SurveyMonkey’s Privacy Policy.

We store personal data on our CRM system which is hosted in Ireland.

Your credit card data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted unless you opt-in to storing your details via our payment gateway. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

We may share your personal data with third parties for the purpose of providing our services and products or if we are required to by a regulatory requirement. Our authorised data processors are subject to comprehensive due diligence in-line with current data protection legislation in the UK.

When acting as our authorised data processors, our service providers are required to only process data in accordance with our instructions and are subject to appropriate confidentiality and security obligations.

We routinely share personal data with:

> Companies within our group.

> Third parties we use to help deliver our products or services to you, e.g. payment service providers, warehouses, and delivery companies.

> Third parties who process your tests.

> Your healthcare professionals.

> Other third parties we use to help us run our business, e.g. marketing agencies, CRM providers or website hosts.

> Third parties approved by you, e.g. social media sites you choose to link your account to or third-party payment providers.

> Our insurers and brokers.

We or the third parties mentioned above occasionally also share personal data with:

> Our external auditors, e.g. in relation to the audit of our accounts, in which case the recipient of the information will be bound by confidentiality obligations.

> Our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations.

> Law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations.

> Other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency – usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Some of the steps we use to protect your information from unauthorised access, use or alteration and unlawful destruction, include where appropriate:

> Using Secure Sockets Layer (SSL) encryption when collecting or transferring sensitive information, such as credit card details (SSL encryption is designed to make the data unreadable by anyone but us).

> Limiting access to the information we collect about you (for instance, only those of our personnel who need your information to carry out our business activities are allowed access).

> Putting in place physical, electronic, and procedural safeguards in line with industry standards.

The Personal Data ODL processes, and all associated services and systems, including registration, is housed on servers in the United Kingdom. If you are located outside of the United Kingdom, please be aware that personal data we collect will be processed and stored in the United Kingdom under UK GDPR and it may therefore offer a lower level of protection than in your country/region.

By using our services and submitting your personal data, you agree to the transfer, storage, and/or processing of your personal data in the United Kingdom.

Under the General Data Protection Regulations, you have rights as an individual which you can exercise in relation to the information, we hold about you.

We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.

In some situations, you may have the:

> Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.

> Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request.

> Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.

> Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.

> Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data where we are using it.

> Right to request the restriction of processing. You have the right to ask us to stop the processing of data of your personal information. We will stop processing the data (whilst still holding it) until we have ensured that the data is correct.

> Right to portability. You may transfer the data that we hold on you for your own purposes.

> Right to request the transfer. You have the right to request the transfer of your personal information to another party.

Individuals can find out if we hold any personal information by making a ‘right of access’ request.  More information can be found at https://ico.org.uk.

If we do hold information about you, we will:

> Give you a description of it.

> Tell you why we are holding it.

> Tell how long we keep in for and the lawful basis for doing so.

> Tell you who it could be disclosed to; and

> Let you have a copy of the information in an a commonly used electronic format unless the individual requests otherwise.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

To read our full Data Protection Compliance Statement in relation to job applicants, please click here.

A Cookie is a small text file which are stored on a user’s computer. They are designed to hold a modest amount of data specific to a particular user and website. 

Cookies are a convenient way to carry information from one session on a website to another, or between sessions on related websites. This makes your visit to our site smoother. It also remembers your preferences and allows us to customise your experience.

Cookies also allow us to monitor and measure how visitors engage with our website. We can discover what areas of the site are popular, how often visitors return, have they accessed the website from a desktop computer or a mobile device and so on. By understanding this information, we can improve and enhance the customer journey in the future.

If you choose to opt out of accepting our Cookies, some functions may appear broken because of the way our site operates.  Please understand that your experience may not be as smooth or as enjoyable as we aim to deliver to all of our visitors though the overarching site will continue to work.

If you still decide to opt out, you have two options:

1. You can adjust the settings on your internet browser to prevent cookies being downloaded. How this is done varies according to which browser you are using, and we recommend you refer to the appropriate online help guides.

2. You can opt out of receiving specifically those cookies we use to track how people are using our site. Details of how to disable the Google Analytics cookies can be found below.

There are two types of Cookies:

Session Cookie

Session Cookies are temporary. They allow ODL to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Once you close the browser, all session cookies are deleted.

Persistent Cookie

These cookies are set on your first visit to the ODL website. They last longer than the duration of your stay and are used to help us understand which parts of our sites are regularly visited and how we can improve the service we deliver.

Cookies also have, broadly speaking, four different functions and can be categorised as follow: ‘strictly necessary’ cookies, ‘performance’ cookies, ‘functionality’ cookies and ‘targeting’ or ‘advertising’ cookies. ODL will use the term ‘Targeting’ when describing this function.

Strictly Necessary cookies are essential to navigate around the ODL websites and use its features. Without them, you wouldn’t be able to use basic services like registration or the shopping basket. These cookies do not gather information about you that could be used for marketing or remembering where you’ve been on the internet.

Performance cookies collect data for statistical purposes on how visitors navigate the ODL websites; they don’t contain personal information such as names and email addresses and are used to improve your user experience of our website.

Functional cookies allow our visitors to customise how our website looks for them: they can remember usernames, language preferences and regions.  On other websites they can be used to provide more personal services like local weather reports and traffic news.

Targeting cookies are used to deliver advertisements more relevant to you but can also limit the number of times you see an advertisement and be used to chart the effectiveness of an ad campaign by tracking users’ clicks. They can also provide security in transactions.

We use cookies on our websites.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

To opt out of being tracked by Google Analytics across all websites, click here.

To find information relating to other browsers, visit the browser developer’s website.

We keep our privacy policy under regular review, and we will place any updates on this web page. This privacy policy was updated in March 2026.