Privacy
Protocol
OrthoCore Labs is committed to the responsible stewardship of personal information. This protocol outlines how we collect, process, and protect your data.
Effective: 01 January 2025
Last Revised: 22 May 2026
Data We Collect
Information You Provide
When you interact with our platforms — including contact forms, newsletter subscriptions, lab access requests, or career applications — we collect identifiers such as your name, email address, organisation affiliation, and any additional information you voluntarily submit.
Automatically Collected Data
We collect technical data automatically when you visit our digital environments, including IP address, browser type and version, device identifiers, pages visited, time spent, and referral URLs. This data is collected via cookies and similar tracking technologies.
Research & Clinical Data
Any data submitted in the context of research collaboration, clinical trials, or partner integrations is governed by specific Data Processing Agreements (DPAs) executed separately. Such data is never commingled with general website analytics.
How We Use Your Data
Core Operations
We process your data to operate our platforms, respond to enquiries, manage applications, and deliver services you have requested. This constitutes our primary lawful basis of legitimate interest and contractual necessity.
Research & Development
Aggregated, anonymised interaction data may be used to improve our research interfaces, digital tools, and user experience — never to identify individual users without explicit consent.
Communications
With your explicit opt-in, we may send you protocol updates, research publications, event invitations, and classified breakthroughs. You may withdraw consent at any time via the unsubscribe mechanism in any communication.
Data Protection
Security Architecture
We employ end-to-end encryption (TLS 1.3), AES-256 data-at-rest encryption, role-based access controls, and regular third-party penetration testing to protect your information against unauthorised access.
Retention Policy
Personal data is retained only as long as necessary for its original purpose or as required by applicable law. Contact enquiry data is purged after 24 months of inactivity. Application data is retained for 12 months post-decision unless you request earlier deletion.
Breach Protocol
In the unlikely event of a personal data breach that poses a risk to your rights, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by applicable data protection law.
Third-Party Processors
Sub-Processors
We engage vetted sub-processors — including cloud infrastructure providers, analytics platforms, and email delivery services — under strict data processing agreements that mandate equivalent levels of protection to those we apply ourselves.
No Data Sales
OrthoCore Labs does not sell, rent, or broker personal data to any third party for their independent commercial purposes. Your data is used solely to deliver and improve our services.
International Transfers
Where data is transferred outside your jurisdiction, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the relevant authority, to ensure equivalent protection.
Your Rights
Access & Portability
You have the right to request a copy of the personal data we hold about you, in a structured, commonly used, machine-readable format.
Rectification & Erasure
You may request correction of inaccurate data or deletion of your personal data where we no longer have a lawful basis to retain it. Requests are processed within 30 days.
Objection & Restriction
You have the right to object to processing based on legitimate interests, and the right to restrict processing while a complaint is under review. To exercise any right, contact us at privacy@orthocorelabs.com.
Policy Updates
Change Notifications
Material changes to this Privacy Protocol will be communicated via a prominent notice on our platforms at least 14 days before they take effect. Continued use of our services after that date constitutes acceptance of the updated policy.
Governing Law
This policy is governed by the laws of Uganda. Any disputes arising from or related to this policy shall be subject to the exclusive jurisdiction of the courts of Uganda.
Data Controller
OrthoCore Labs
For any privacy-related enquiries, data subject access requests, or complaints, contact our Data Protection Officer directly.
privacy@orthocorelabs.com© 2026 OrthoCore Labs. All rights reserved.
Terms of Engagement →