Contact Us

Privacy Policy

We take your privacy seriously. Please read this Privacy Policy to learn how we treat your personal data.

Effective: 6th November 2023

1. Introduction

This Privacy Policy covers how we treat Personal Data that we gather and subsequently process when you access or use our Service. “Personal Data” means any information that identifies or relates to you and also includes information referred to as “personally identifiable information” or “personal information” under applicable privacy or data protection laws. Read our Privacy Policy below to understand what we use your data for.

2. What personal data we collect

2.1 If you are one of our customers or taking part in Mitra Bio’s own clinical trials

If you are a direct customer or taking part in one of our clinical trials, you will provide certain personal data to us voluntarily so that we may provide Services for you.  Depending on the type of Services you seek or are prescribed, such information may include:

  • First and last name
  • Contact information (email address, postal address, telephone number)
  • Log on credentials when you create an account with us (e.g., user ID, password)
  • Sex assigned at birth
  • Date of birth and age in years
  • Your physical location in terms of city and state or province and country
  • Skin health questionnaire
  • Skin health information that may be required as related to the test  (such as recent symptoms)
  • The date and time of your consent related to the Services and/or medical treatment
  • Photos of skin lesion and facial skin images
  • Skin health metrics
  • Any of your communications transmitted through our Sites
  • Where applicable, your preferences in receiving marketing from us and our third-party providers.
  • Any other information you choose to provide to us
  • Details of co-morbidities as provided in the questionnaire

2.2 If you are recruited in clinical trials with one of our partners

All your samples are anonymized and given a unique code. Mitra Bio will only have access to that code.

  • Age in years, sex
  • Your physical location in terms of city and state or province and country
  • Skin health questionnaire
  • Skin health information that may be required as related to the test  (such as recent symptoms)
  • The date and time of your consent related to the Services and/or medical treatment
  • Skin health metrics as measured by the third-party
  • Photos of the skin lesions (anonymised)

2.3 If you are a partner

  • First and last name
  • Professional designation
  • Specialty
  • Clinical affiliation
  • Contact information (email address, postal address, telephone number)
  • NPI number and/or licensing identification number
  • Any of your communications transmitted through our Sites
  • Date and time of interaction with our Services and/or the customer/patient
  • Any other information you choose to provide to us.

2.4 If you are visiting our website

If you visit our website, then we will also collect information about you. Some of this information is direct: such as your IP address, the type of browser you are using, the make of your mobile phone and the contents of cookies we set. We also use third party analytics providers such as Google Analytics, who collect similar information and then supply us with further analysis derived from it.

We process this data in order to:

  • Locate errors in our systems or problems our systems may be facing with other systems (such as compatibility with a web browser)
  • Improve the functioning of our Service
  • Prevent fraud or other criminal activity

This information is automatically sent to us – although there are technical ways you can prevent us from receiving this information (for example by changing the information your browser supplies to us) – the way in which browser and app software works means it is inevitable that we process it.
We routinely delete our web server logs after 90 days, unless we are aware of any serious problem that requires investigation (for example fraud or a hostile attack to our systems), in which case we may preserve any information necessary for that investigation for as long as it is needed. Once the investigation is concluded, we will delete the data.

Our use of cookies is a little more complicated, so we have written a detailed Cookie Policy. explaining what cookies are; our additional reasons for processing them and explaining in detail how we process different kinds of cookies.

3. How we share your Personal Data

We do not share Personal Data with anyone else, other than with:

  • Our Company (Mitra Bio Ltd, based in the UK)
  • Hosting, technology and communication providers.
  • Security and fraud prevention consultants
  • Analytics providers

4. What biological samples we collect

We collect skin samples. Mitra Bio receives the samples at our laboratory in Translation and Innovation Hubs, White City Campus, London, W12 0BZ. We process the biological samples and extract the DNA. Each sample is given a unique code and will be anonymised. We will then prepare the samples for sequencing and send the processed DNA for sequencing at third party laboratories. The laboratories are under contract to us and are required by those contracts not to share information about the data with any third party except subcontractors who are essential to the carrying out of their work and who are also bound to confidentiality in the same way.

The laboratories will keep the processed DNA for different lengths of time depending on the requirements of the locally applicable law (for example, of your country or state). How long a sample is kept may depend on factors such as whether a test is successful or not.

4.1 Data that is not Personal Data

We may convert Personal Data into anonymous data, that is data which can no longer be linked with identifiable individuals, for example by aggregation of data about multiple individuals. We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user.

For example, we use your self-reported health information, Test Results and some of your Customer information to improve our models of the interaction of skin health and environment. The models we create have no individual information about you, being the aggregation of data from many individuals.

4.2 International Transfers of Personal Data

Some of our partners are based outside the UK and EEA so your biological samples are shipped to the UK for processing. This also involve a transfer of data from outside the UK and EEA to UK. Whenever we transfer your personal data to and out of the UK and EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • the country to which personal data is being transferred has been deemed to provide an adequate level of protection for personal data by the European Commission; or
  • we use specific contracts approved by the European Commission which give personal data the same protection it has in the UK and Europe.

5 Mailing Lists

You can subscribe to our mailing lists to get the latest updates on our scientific discoveries or information about our products without creating a Mitra Bio account and we will use the data you provide us with for these purposes.

We process this data because you have consented to us doing so.

If you do not wish to receive emails from us regarding this information, then you can opt out by clicking “unsubscribe from this list” at the bottom of our email.
If you unsubscribe from our mailing lists, we will need to keep just enough information on file to make sure we respect your preferences in the future.

6 Your Legal Rights

You have the right to:

6.1 Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

6.2 Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

6.3 Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

6.4 Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

6.5 Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
Where our use of the data is unlawful, but you do not want us to erase it.
Where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims.
You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

6.6 Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

6.7 Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

6.8 Make a complaint you have the right to make a complaint at any time to the relevant regulator
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information concerning your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

If you want to make a request click the button below, go to the link provided or get in touch with us at [email protected]

7. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Where you have chosen a password that enables you to access certain parts of our applications, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.

7a. Personal data of children

As noted in our Terms of Service, we do not knowingly collect or solicit Personal Data about children under 18 years of age. If you are a child under the age of 18, please do not attempt to register for or otherwise use the Service or send us any Personal Data.

If we learn we have collected Personal Data from a child under 18 years of age, we will delete that information as quickly as possible. If you believe that a child under 18 years of age may have provided Personal Data to us, please contact us at [email protected]

Join the skin longevity revolution

Subscribe to our free monthly newsletter reviewing the latest age-reversal technologies that we love!