LIMITED: Get Up to 25% OFF Premium Tests

Privacy Policy Statement and Personal Information Collection Statement – CirclePaw

This Privacy Notice is made in English and may be translated into other languages. In the case of any discrepancies, the English version shall prevail.


“Prenetics”, “we”, “us”, “our”: Prenetics Limited 701-706, K11 Atelier, 728 King’s Road, Quarry Bay Hong Kong

“Our data protection officer”: 

“Personal Data”: any data that: (i) relates directly or indirectly to a living individual; (ii) from which it is practicable for the identity of the individual to be directly or indirectly ascertained; and (iii) is in a form in which access to or processing of the data is practicable. 

Statement of Policy

We treat your Personal Data with the importance it deserves. We are committed to protecting your Personal Data, handling it responsibly and securing it with administrative, technical, and physical measures and safeguards. Personal Data is also maintained under a strict policy of confidentiality.

This Privacy Policy is designed to help you better understand how we collect, use, store, process, and transfer your information when using our services. It is applicable to all new and existing users of our services.

Statement of Practices

CirclePaw is a product and service offered by Prenetics Limited, a leading diagnostics and genetic testing company in Hong Kong and the UK. 

Personal data we collect 

It is voluntary for you to provide any information we request, however in the event that you do not provide such information, we may not be able to provide you with our products or services.

  • Registration Information – when your account is set up, you will be asked to provide your name, contact details and date of birth.
  • Payment Information – payment card details will be taken at point of sale to facilitate purchases. Card details are not stored by Prenetics and are managed by our third-party card processing provider. 
  • Web behaviour Information – we may collect information on how users make use of our site, Prenetics backend portals or Prenetics software solutions. This information is collected through log files, cookies, and web beacon-, analytical- and advertising technologies. You can find more information at Cookie Policy.
  • Gifts - If you provide us with Personal Data about others, or if others give us your information, for the purpose of ordering our service as a gift, we will only use that information for the specific reason for which it was provided to us.
  • Children's privacy - We do not collect Personal Data from minors without prior consent from a person with parental responsibility for the individual.

Statement of Purpose

Prenetics is a genetics and diagnostic health testing company, with a mission to decentralize health care by focussing on comprehensive testing capabilities covering prevention, diagnostics, and personalized care.

We process Personal Data for the following purposes:

To provide our service to you: We process Personal Data in order to provide our service, which includes customer support, processing payments, shipping kits to customers, creating customer accounts and authenticating logins, analysing DNA samples and DNA, providing you with test reports.


To Improve Our Products and Service: We collect information when you send, receive, or engage in messaging with Prenetics. We do this to delegate your inquiries to the correct department.  We may use your Personal Data to investigate, respond to and resolve complaints and service issues.

If you interact with Prenetics via telephone, your call may be recorded for training and monitoring purposes.

We also use analytics to determine ongoing service and resource needs and perform quality control checks to maintain best standards of practice. We conduct customer surveys and constantly work to improve and provide new reports, tools, and services. We may also need to fix bugs or issues, analyse use of our website to improve the customer experience or assess our marketing campaigns.

Marketing and Advertising: With your consent we may send you direct marketing communications. We may also direct advertising to you via third party sites including social media. We will only send marketing material to you where you have opted in to such communications or as determined by your web browser/cookie settings. You can unsubscribe from receiving these marketing communications at any time via your account settings.

Who we share your personal data with

Except as stated below, we will only share your Personal Data with a third party when we are required by law or in good faith believe that such disclosure is necessary in such cases. Such disclosure includes but is not limited to:

  • Investigation, prevention, or action regarding suspected or actual illegal activities or to assist government enforcement agencies.
  • Enforce our Terms of Service.
  • Respond to claims or allegations made by third parties against Prenetics; or
  • Protect the rights, property or Prenetics’ safety and the public.

We will only share your Personal Data with those categories of third parties listed below and under these circumstances - 

  • Current or future Prenetics global entities. As Prenetics grows, restructuring may take place and it may be appropriate for more than one entity to control and process Information. This Privacy notice will apply to all Prenetics entities unless otherwise stated.
  • With our service providers as necessary for them to provide their services to us which include payment, order fulfilment and shipping, customer support, Cloud storage, IT and security, marketing.
  • Companies that provide services to get your purchases to you, such as payment service providers, warehouses, order packers and delivery companies.
  • Contracted consultants, suppliers and partners used to undertake fundamental activities to enable us to provide our services, enhance the User experience; and to effectively operate and manage our organisation.
  • With anyone else as provided for in terms of your explicit prior consent to do so.

Any Processors or other third-party service providers will be required to contractually comply with the principles and objectives of any Prenetics policies, including this Privacy Notice, and other Applicable Law and will be required to sign a data processing agreement to confirm that Information will not be collected, used, shared, stored or otherwise for any Purpose other than those instructed by Prenetics.

We may be unable to provide our products or services to you should you wish such data sharing to not take place.

How long your Personal Data will be kept

Our data retention policy is to take all practicable steps to ensure that the personal data collected is kept no longer than necessary to fulfil the purpose for which it is used or fulfil our contractual and legal obligations.

Security Measures

Prenetics implements measures and systems to ensure confidentiality, integrity, and availability of data.

Anonymisation, encryption, and data segmentation. Registration Information is stripped from Sensitive Information, including genetic and phenotypic data. This data is then assigned a random ID so the person who provided the data cannot reasonably be identified. Circle uses industry standard security measures to encrypt sensitive personal data both when it is stored (data-at-rest) and when it is being transmitted (data-in-flight). Additionally, data is segmented across logical database systems to further prevent re-identifiability.

Limiting access to essential personnel. We limit access of information to authorized personnel, based on job function and role. Our access controls include a strict least-privileged authorization policy.

Detecting threats and managing vulnerabilities. We use state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our build pipeline and regularly engage third party security experts to conduct penetration tests.

Your rights

You have the following rights:

Access The right to be provided with a copy of your Personal Data. We may charge a reasonable fee for responding to some requests.
Rectification The right to require us to correct any mistakes in your Personal Data
The right to withdraw consent Where consent is the lawful basis for us providing direct marketing services you may withdraw that consent at any time by contacting us at or clicking relevant links provided in our communication