Privacy policy.

Last updated 03.03.23

2San Global Limited and each of our global subsidiaries ("we", "us" and, "our") are committed to protecting the privacy of your personal information. This Privacy Policy explains how we collect, store, use and disclose personal information about our customers, and people who apply for employment with us, and how we comply with our obligations under applicable privacy laws, including those last listed in Section 6 below (the "Privacy Laws"). It also explains how to contact us if you have any questions about the management of your personal information or would like to access the personal information we hold about you.

This Privacy Policy applies to the personal information we collect, hold and use about you when we carry out our business activities, such as when you use the 2san Scan&Protect App for your COVID-19 home test, visit our website, or other digital platforms, or communicate or interact with us.

In this Policy "personal information" has the same meaning as defined in applicable Privacy Laws (and includes and "sensitive personal information").

We may amend this Policy at any time by posting the updated version on our website or app. If we make changes we will publish an updated statement on our website. You can acquire a copy of our privacy policy at any time by using the contact details below.

We are not responsible for the privacy practices of sites that are linked to this website via hyperlinks or otherwise.

 

1. What Information Do We Collect?

The information we collect and hold about customers can include:

  • name

  • age

  • birthdate

  • payment information (credit or debit card details and online payment system details)

  • usage information (device data and cookies)

  • profile data (employee number, passwords/fingerprints/facial recognition, purchases or orders, preferences, feedback, interests, favourites)

  • any other information you may provide to us during our interactions

  • Test results

Individuals who contact us or use our services/acquire our goods have the option of requesting anonymity or using a pseudonym.

However, it may not be reasonably practicable for us to deal with individuals anonymously or with a pseudonym if those individuals wish to undertake a COVID-19 home test with the 2san Scan&Protect app; wish to obtain information in relation to our products; and make enquiries or complaints about our products.

A request for anonymity or the use of a pseudonym may also be rejected if we are required under applicable Privacy Laws to deal with individuals who have identified themselves only.

 

QR Codes

Some of our products need access to your mobile device's camera to scan QR codes used for COVID-19 tests. This information is not passed on to any third party and is solely collected and used in accordance with the relevant requirements concerning COVID-19 tests.

The first QR-code is an invite code that you will obtain from your manager/HR department. That code is only used once for registering that your application belongs to a certain company.

The second QR code is used to connect the person tested and the test kit. This process registers that the user uses a valid 2San test kit. When a valid test kit has been used, the user will receive the test result inside the application to show when prompted.

 

Data analytics and cookies

When you visit our websites, we may also collect information about your computer, including your IP address, date/time of your visits, duration of your visits, type of device, operating system, configuration and version of the 2san Scan&Protect App, the pages and documents accessed, the previous site accessed (i.e. the referring URL) and the type of browser being used.

We also collect information about your use of our website using cookies. You can choose to decline cookies, but if you do so, you may not be able to fully experience our online interactive features and the 2san Scan&Protect App may not work properly. The 2san Scan&Protect App uses session cookies. These cookies are temporary and close once your session ends). Furthermore, the App uses third party code and libraries, which may use cookies to collect data and based on that improve the system.

 

2. How We Collect and Hold Information

We will acquire and use your personal information only as needed for our business purposes and through fair and lawful means. Whenever reasonably possible, we will collect personal information directly.

Where it is reasonable and practicable to do so, we collect your personal information via our customer service personnel, by phone, email, mail, website, when you complete any survey/application forms, or when you interact with us on social media (such as Facebook or Instagram).

Personal information collected via the 2san Scan&Protect App will only be stored in the application on the mobile device and will be sent encrypted once a test has been performed. Personal data will not be stored on servers.

We take all reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, unauthorised modification or unauthorised disclosure. We will keep your personal information secure and it will be held by us in our customer database in accordance with applicable Privacy Laws. We will only release your personal information if you authorise us to do this or if we are legally required to do so.

Personal information which is no longer necessary for business purposes will be disposed of promptly in an appropriate way.

 

3. Why We Collect and How We Use Information

We collect and use your personal information to:

  • communicate your test results.

  • communicate with you and answer any questions or provide information or advice.

  • improve and personalise your experience with us, online and offline.

  • better understand our customers' requirements and preferences, conduct product and market research, personalise and improve our service and provide offers that are of greater interest or benefit to you.

  • undertake and administer promotions, competitions, marketing activities, direct marketing, database compilation, analysis of trends and demographics and other marketing or promotional activities.

  • communicate warranty and product recall purposes.

  • undertake our administrative and operational functions.

  • investigate a breach of any of our terms and conditions or any suspected unlawful activity.

  • collect permanently and irreversibly anonymised statistical data.

We do not use your personal information for direct marketing purposes.

There is no registration of your personal data outside the application.

 

4. How We Disclose Your Information

We may disclose your personal information to undertake any of the purposes set out above, or where permitted or required by law or as otherwise detailed in this Privacy Policy. Recipients of your personal information may include:

  • our employees, contractors or service providers, to the extent reasonably necessary for them to carry out their duties/obligations. This may include research agencies, website development agencies, IT systems administrators, couriers, lawyers and business advisors;

  • suppliers of products and services for delivery, product warranty and recall purposes; and,

  • any person to whom we are required or permitted by law to disclose personal information.

We may occasionally transfer your personal information to organisations located overseas, for example, where:

  • we use service providers based overseas;

  • you have requested a product or service that involves an international element; or,

  • we need to comply with foreign legal or regulatory requirements.

We disclose information to our parent company in Denmark.

The 2san Scan&Protect App uses Amazon Web Services for the following:

  • Processing test result

  • Gathering anonymised statistics

  • Preparing the test result QR code

We take reasonable steps to require overseas recipients to use personal information only for the purpose for which we provide the information to ensure that our privacy obligations in respect of your personal information are not breached, and to implement strict confidentiality and data protection arrangements. We require any third party to whom we disclose personal information to protect that information against any unauthorised use, access or disclosure in accordance with applicable Privacy Laws.

By using the 2san Scan&Protect App log data and information are gathered by third parties from your mobile device.

No communication via the internet or web or mobile device is 100% secure.

We cannot and do not take any responsibility for maintaining the security of your personal information on any other Website or app linked with our Website or app. If you have any query or inquiry regarding the handling of personal information, make direct access to each relevant Website.

 

5. Accessing and Correcting Your Personal Information

Individuals have the right to request access to and correct personal information we hold about them, subject to exceptions listed in applicable Privacy Laws. Upon request, and within the parameters of applicable Privacy Laws, we will provide individuals with access to this information.

To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity. In certain cases, we may charge you an administration fee for providing you with access to the information you have asked for, but we will inform you of this before proceeding.

There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases, we will let you know why we cannot comply with your request.

We will take reasonable steps to update the personal information we hold if the information is not accurate, up-to-date and complete. However, this may not be practicable where we encrypt your personal information through our2san Scan&Protect App or where your personal information is permanently and irreversibly anonymised.

You may contact us to update or correct your personal information (see contact details below). Please include your name, address and/or email address when you contact us. You will not be charged for a correction request.

 

6. Privacy Laws

Privacy Laws include:

6.4. In Australia, Privacy Laws 1988(Cth);

6.2. In the United Kingdom, UKGDPR and Data Protection Act 2018;

6.3. In the United States, the Health Insurance Portability and Accounting Act (HIPAA) and the Children's Online Privacy Protection Act (COPPA); and,

6.4. in particular states in the United States, local applicable laws, such as the California Consumer Privacy Act, California Privacy Rights Act, Colorado Privacy Act, Connecticut Act Concerning Personal Data Privacy and Online Monitoring, New York SHIELD Act, Utah Consumer Privacy Act and Virginia Consumer Data Protection Act.

 

Privacy Regulators

We comply with Privacy Laws that apply in the jurisdictions in which we maintain offices or collect information that is subject to those laws.

Contact details for privacy regulators by country are as follows:

AU

Office of the Australian Information Commissioner (OAIC). You can obtain further general information about your privacy rights and privacy law by:

  • calling their Privacy Hotline on 1300 363 992

  • visiting their website at www.oaic.gov.au

  • writing to: The Australian Information Commissioner, GPO Box 5218, Sydney NSW 1042

UK

Information Commissioner Office (ICO) and you can obtain further general information about your privacy rights and privacy law by:

  • calling their Privacy Hotline 0303 123 1113 or contact them via live chat.

  • visiting their website at www.ico.org.uk

  • writing to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Denmark

The Danish Data Protection Agency and you can obtain further general information about your privacy rights and privacy law by:

Canada

The Office of the Privacy Commissioner (OPC) and you can obtain further general information about your privacy rights and privacy law by:

 

7. Enquiries, Complaints and Contact Details

We are committed to working with individuals to obtain a fair resolution of any privacy concerns. If you have a question about this Policy or wish to make a complaint about the way we have collected, used, held or disclosed your personal information, please contact us at the address below. We may need to contact you for further details.

Our Data Privacy Officer will deal with the matter within a reasonable time and will keep you informed of the progress of our investigation. If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved satisfactorily, you can contact us to discuss your concerns.

Our contact details:

For any enquiries about our handling of personal information, please contact our data privacy officer:

UK
6-8 Greencoat Place,
London
SW1P 1PL,
United Kingdom
dataprotection@2san.com

Denmark
Strandvejen 125,
900 Hellerup,
Denmark
dataprotection@2san.com

Australia
Level 35 Tower One,
100 Barangaroo Avenue,
Sydney NSW 2000,
Australia
dataprotection@2san.com

United States
1330 Avenue of the Americas,
New York NY 10019,
United States
dataprotection@2san.com

Canada
Exchange Tower,
130 King Street West,
Toronto M5X 1E3,
Canada
dataprotection@2san.com

California

Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information that we share with our affiliates or other third parties for marketing purposes, as well as the names and addresses of such affiliates or other third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the contact information indicated above.

8. Effective Date and Updates

This Privacy Policy is effective as of September 7, 2022.

We reserve the right to amend this Privacy Policy at any time. If we change our privacy practices, a new Privacy Policy will reflect those changes and the effective date of the revised Privacy Policy will be set forth in the paragraph above.