These "Privacy Highlights" provide an overview of some core components of our data handling practices. Please be sure to review the Full Privacy Statement.
Information We Collect
We generally collect the following information:
· Information we receive when you use our Services. We collect Web-Behavior Information via cookies and other similar tracking technologies when you use and access our Services (our website, mobile apps, products, software and other services).
· Information you share directly with us. We collect and process your information when you place an order, create an account, register your GenoSolutions kit, complete Clinical Questionnaire, and contact Customer Care. This information can generally be categorized as Registration Information, Self-Reported Information, and/or User Content as defined in our full Privacy Statement.
· Information from our DNA testing services. With your consent, we extract your DNA from your buccal swab and saliva sample and analyze it to produce your Genetic Information (the As, Ts, Cs, and Gs at particular locations in your genome) in order to provide you with GenoSolutions reports.
How We Use Information
We generally process Personal Information for the following reasons:
· To provide our Services. We process Personal Information in order to provide our Service, which includes processing payments, shipping kits to customers, creating customer accounts and authenticating logins, analyzing buccal swab or saliva sample and DNA, and delivering results.
· To analyze and improve our Services. We constantly work to improve and provide new reports, tools, and Services. We may also need to fix bugs or issues, analyze use of our website to improve the customer experience or assess our marketing campaigns.
Control: Your Choices
· To delete your GenoSolutions account and data, at any time.
Access To Your Information
Your Personal Information may be shared information in the following ways:
· With our service providers, including our genotyping laboratory, as necessary for them to provide their services to us.
GenoSolutions will not sell, lease, or rent your individual-level information to any third party or to a third party for research purposes without your explicit consent.
· We do not share customer data with any public databases.
· We will not provide any person’s data (genetic or non-genetic) to an insurance company or employer.
· We will not provide information to law enforcement or regulatory authorities unless required by law to comply with a valid court order, subpoena, or search warrant for genetic or Personal Information.
How We Secure Information
GenoSolutions implements measures and systems to ensure confidentiality, integrity, and availability of GenoSolutions data.
· De-identification/Pseudonymization, encryption, and data segmentation. Registration Information is stripped from Sensitive Information, including genetic and phenotypic data. This data is then assigned a random ID so the person who provided the data cannot reasonably be identified. GenoSolutions uses industry standard security measures to encrypt sensitive personal data both when it is stored (data-at-rest) and when it is being transmitted (data-in-flight). Additionally, data are segmented across logical database systems to further prevent re-identifiability.
· Limiting access to essential personnel. We limit access of information to authorized personnel, based on job function and role. GenoSolutions access controls include multi-factor authentication, single sign-on, and a strict least-privileged authorization policy.
· Detecting threats and managing vulnerabilities. GenoSolutions uses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our build pipeline and regularly engage third party security experts to conduct penetration tests.
Risks and Considerations
There may be some consequences of using GenoSolutions Services that you haven't considered.
· You may discover things about yourself and/or your family members that may be upsetting or cause anxiety and that you may not have the ability to control or change.
· In the event of a data breach it is possible that your data could be associated with your identity, which could be used against your interests.
Full Privacy Statement
This Privacy Statement applies to all websites owned and operated by GenoSolutions, Inc ("GenoSolutions"), including www.genosolutions.net, and any other websites, pages, features, or content we own or operate, and to your use of the GenoSolutions mobile app and any related Services. Our Privacy Statement is designed to help you better understand how we collect, use, store, process, and transfer your information when using our Services.
Please carefully review this Privacy Statement and our Terms of Service. By using our Services, you acknowledge all of the policies and procedures described in the foregoing documents. If you do not agree with or you are not comfortable with any aspect of this Privacy Statement or our Terms of Service you should immediately discontinue use of our Services.
1. Key Definitions
1. Aggregate Information: information that has been combined with that of other users and analyzed or evaluated as a whole, such that no specific individual may be reasonably identified.
2. De-identified Information: information that has been stripped of your Registration Information (e.g., your name and contact information) and other identifying data such that you cannot reasonably be identified as an individual, also known as pseudonymized information.
3. Individual-level Information: information about a single individual's genotypes, diseases or other traits/characteristics, but which is not necessarily tied to Registration Information.
4. Personal Information: information that can be used to identify you, either alone or in combination with other information. GenoSolutions collects and stores the following types of Personal Information:
a. Registration Information: information you provide about yourself when registering for and/or purchasing our Services (e.g. name, email, address, user ID and password, and payment information).
b. Genetic Information: information regarding your genotypes (i.e. the As, Ts, Cs, and Gs at particular locations in your genome), generated through processing of your buccal swab or saliva sample by GenoSolutions or by its contractors, successors, or assignees; or otherwise processed by and/or contributed to GenoSolutions.
c. Self-Reported Information: information you provide directly to us, including your disease conditions, other health-related information, personal traits, ethnicity, family history, and other information that you enter into surveys, forms, or features while signed in to your GenoSolutions account.
d. Sensitive Information: information about your health, Genetic Information, and certain Self-Reported Information such as racial and ethnic origin, sexual orientation, and political affiliation.
e. User Content: all information, data, text, software, music, audio, photographs, graphics, video, messages, or other materials - other than Genetic Information and Self-Reported Information-generated by users of GenoSolutions Services and transmitted, whether publicly or privately, to or through GenoSolutions.
f. Web-Behavior Information: information on how you use GenoSolutions Services collected through log files, cookies, web beacons, and similar technologies, (e.g., browser type, domains, page views).
2. Information we collect
a. Information you provide directly to us
i. Registration Information. When you purchase our Services or create a GenoSolutions account and register your kit, we collect Personal Information, such as your name, date of birth, billing and shipping address, payment information (e.g., credit card) and contact information (e.g. email, phone number and license number).
ii. Self-Reported Information. You have the option to provide us with additional information about yourself through surveys, forms, features and applications. For example, you may provide us with information about your personal traits (e.g., height, weight, smoking habit, amount of drinking, depression, stress, etc.).
iii. Third party sign in. You may create a GenoSolutions account and/or sign in to our Services using an account you created with a third party service, such as Google. If you provide authorization to GenoSolutions, we will collect and use the information you share with us via that third party service (such as your email address, name, and date of birth as specified in your third party service account) in accordance with this Privacy Statement. You are responsible for managing your credentials for your third party service account, and for maintaining the security of your third party service account. GenoSolutions does not have access to the credentials for your third party service account. If you choose to use third party sign in and you lose access to your credentials for your third party service account, you may not be able to access your GenoSolutions account. You may manage authorization for third party sign in through your GenoSolutions Account Settings or through your third party service account.
b. Information related to our genetic testing services
i. Buccal swab or saliva sample. To use our genetic testing services, you must purchase, or receive as a gift, a GenoSolutions Personal Genetic Service testing kit, create an online account and register your kit, and ship your buccal swab or saliva sample to our third party laboratory. Our laboratory will extract your DNA from your buccal swab or saliva sample for analysis. Your buccal swab sample and DNA are destroyed after the laboratory completes its work, subject to the laboratory's legal and regulatory requirements.
ii. Genetic Information. Information regarding your genotype (e.g. the As, Ts, Cs, and Gs at particular locations in your genome), your Genetic Information, is generated when we analyze and process your buccal swab or saliva sample, or when you otherwise contribute or access your Genetic Information through our Services. Genetic Information includes the GenoSolutions results reported to you as part of our Services, and may be used for other purposes, as outlined in Section 3 below.
c. Web-Behavior Information collected through tracking technology (e.g. from cookies and similar technologies)
i. help us recognize you when you use our Services;
ii. customize and improve your experience;
iii. provide security;
iv. analyze usage of our Services (such as to analyze your interactions with the results, reports, and other features of the Service);
v. gather demographic information about our user base;
vi. offer our Services to you;
vii. monitor the success of marketing programs; and
viii. serve targeted advertising on our site and on other sites around the Internet.
We may receive reports based on the use of these technologies from third party service providers as de-identified, Individual-level Information or as Aggregate Information (as described in section 4.c). We and our third party service providers do not use your Sensitive Information, such as Genetic Information and Self-Reported Information, for targeted advertising.
d. Other Types of Information
We continuously work to enhance our Services with new products, applications and features that may result in the collection of new and different types of information. We will update our Privacy Statement and/or obtain your prior consent to new processing, as needed.
3. How we use your information
GenoSolutions will use and share your Personal Information with third parties only in the ways that are described in this Privacy Statement.
a. To provide you with Services and analyze and improve our Services
We use the information described above in Section 2 to operate, provide, analyze and improve our Services. These activities may include, among other things, using your information in a manner consistent with this Privacy Statement to:
i. open your account, enable purchases and process payments, communicate with you, and implement your requests (e.g., referrals);
ii. enable and enhance your use of our website and mobile application(s), including authenticating your visits, providing personalized content and information, and tracking your usage of our Services;
iii. contact you about your account, and any relevant information about our Services (e.g. policy changes, security updates or issues, etc.);
iv. enforce our Terms of Service and other agreements;
v. monitor, detect, investigate and prevent prohibited or illegal behaviors on our Services, to combat spam and other security risks; and
vi. perform research & development activities, which may include, for example, conducting data analysis and research in order to develop new or improve existing products and services, and performing quality control activities.
b. To process, analyze and deliver your genetic testing results
As described above, to receive results through the Personal Genetic Service, you must create a GenoSolutions account, register your kit, and submit your buccal swab or saliva sample to our contracted genotyping laboratory, which processes and analyzes your sample to provide us with your raw Genetic Information. Once we receive your raw Genetic Information from the laboratory, we further analyze it to provide you with our health reports, dependent on the Service purchased. GenoSolutions continuously works to improve our Services based on our research and product development, and genetic associations identified in scientific literature. If you are eligible to receive additional reports or updates in the future, you may be notified of or may directly access these updates.
Our legal basis for processing your Sensitive Information for the purposes described above is based on your consent. You may withdraw your consent at any time by deleting your Account via your Account Settings, however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
c. To provide customer support
When you contact Customer Care, we may use or request Personal Information, including Sensitive Information, as necessary to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints. In some instances, we may be required to process one customer’s Personal Information to resolve another customer’s dispute or request. For example, if a customer reports behavior that violates our Terms of Service, we will separately process both customers’ Personal Information and respond separately to each individual as appropriate. We will not share your Personal Information with another customer without your consent.
Our legal basis for processing your Personal Information for the purpose described above depends on the nature of the customer support request. Our legal basis can be to satisfy our contractual or legal obligations and/or our legitimate interest to improve our Services.
d. To provide you with marketing communications
By creating a GenoSolutions
account, you are agreeing that we may send you product and promotional
emails or notifications about our Services, and offers on new products,
services, promotions or contests. By creating a GenoSolutions account, you are
agreeing that we may send you. You can unsubscribe from receiving these
marketing communications at any time. If you want to opt out of marketing
communications, please email GenoSolutions(firstname.lastname@example.org).
4. Information we share with third parties
a. General service providers.
We share the information described above in Section 2 with our third party service providers, as necessary for them to provide their services to us and help us perform our contract with you. Service providers are third parties (other companies or individuals) that help us to provide, analyze and improve our Services. While GenoSolutions directly conducts the majority of data processing activities required to provide our Services to you, we engage some third party service providers to assist in supporting our Services, including in the following areas:
i. Order fulfillment and shipping. Our payment processor processes certain Registration Information, such as your billing address and credit card information, as necessary to enable you to purchase a GenoSolutions kit from the GenoSolutions.com online store. Our distribution centers ship your kit(s) to you, and in some cases help return your kit safely to our third party laboratory so your sample can be processed.
ii. Customer Care support. Our Customer Care team uses a number of tools to help organize and manage the requests we receive. These tools help to ensure we provide timely, high quality support.
iii. Cloud storage, IT, and Security. Our cloud storage providers provide secure storage for information in GenoSolutions databases, ensure that our infrastructure can support continued use of our Services by GenoSolutions customers, and protect data in the event of a natural disaster or other disruption to the Service. Our IT and security providers assist with intrusion detection and prevention measures to stop any potential attacks against our networks. We have these third party experts perform regular penetration tests and periodically audit GenoSolutions’s security controls.
iv. Marketing and analytics. When you use our Services, including our website or mobile app(s), our third party service providers may collect Web-Behavior Information about your visit, such as the links you clicked on, the duration of your visit, and the URLs you visited. This information can help us improve site navigability and assess our Marketing campaigns. Per applicable data protection regulations, our International websites present visitors with a cookie opt in to allow the processing described above via Functionality and Advertising Cookies.
NOTE: Our service providers act on GenoSolutions's behalf. We implement procedures and maintain contractual terms with each service provider to protect the confidentiality and security of your information. However, we cannot guarantee the confidentiality and security of your information due to the inherent risks associated with storing and transmitting data electronically.
b. “Targeted advertising” service providers
c. Aggregate information
We may share Aggregate Information, which is information that has been stripped of your name and contact information and combined with information of others so that you cannot reasonably be identified as an individual, with third parties. This Information is different from "Individual-level" information and is not Personal Information because it does not identify any particular individual or disclose any particular individual’s data. For example, Aggregate Information may include a statement that "30% of our female users share a particular genetic trait," without providing any data or testing results specific to any individual user. In contrast, Individual-level Genetic Information or Self-Reported Information consists of data about a single individual's genotypes, diseases or other traits/characteristics information and could reveal whether a specific user has a particular genetic trait, or consist of all of the Genetic Information about that user. GenoSolutions will ask for your consent to share Individual-level Genetic Information or Self-Reported Information with any third party, other than our service providers as necessary for us to provide the Services to you.
d. Information we share with commonly owned entities
We may share some or all of your Personal Information with other companies under common ownership or control of GenoSolutions, which may include our subsidiaries, our corporate parent, or any other subsidiaries owned by our corporate parent in order to provide you better service and improve user experience. Generally, sharing such information is necessary for us to perform on our contract with you. We may provide additional notice and ask for your prior consent if we wish to share your Personal Information with our commonly owned entities in a materially different way than discussed in this Privacy Statement.
e. As required by law
Under certain circumstances your Personal Information may be subject to processing pursuant to laws, regulations, judicial or other government subpoenas, warrants, or orders. For example, we may be required to disclose Personal Information in coordination with regulatory authorities in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. GenoSolutions will preserve and disclose any and all information to law enforcement agencies or others if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (a) comply with legal or regulatory process (such as a judicial proceeding, court order, or government inquiry) or obligations that GenoSolutions may owe pursuant to ethical and other professional rules, laws, and regulations; (b) enforce the GenoSolutions Terms of Service and other policies; (c) respond to claims that any content violates the rights of third parties; or (d) protect the rights, property, or personal safety of GenoSolutions, its employees, its users, its clients, and the public. View our Transparency Report for more information.
f. Business transactions
In the event that GenoSolutions goes through a business transition such as a merger, acquisition by another company, or sale of all or a portion of its assets your Personal Information will likely be among the assets transferred. In such a case, your information would remain subject to the promises made in any pre-existing Privacy Statement.
5. Your choices
a. Access to your account
We provide access to your GenoSolutions data within your GenoSolutions account. You can access and download data processed by GenoSolutions within your Account Settings and within applicable Reports, Tools, and features. If you lose access to your GenoSolutions account or account email address, please contact Customer Care for assistance. If you lose access to your GenoSolutions account, in certain circumstances, we may require that you submit additional information sufficient to verify your identity before providing access or otherwise releasing information to you. If you choose not to submit the required documentation, or the information provided is not sufficient for the purposes sought, GenoSolutions will not be able to sufficiently verify your identity in order to complete your request.
You may access, correct or update most of your Registration Information on your own within your Account Settings.
b. Sharing outside of the GenoSolutions Services
In general, it can be difficult to contain or retrieve Personal Information once it has been shared or disclosed. GenoSolutions will have no responsibility or liability for any consequences that may result because you have released or shared Personal Information with others. Likewise, if you are reading this because you have access to the Personal Information of a GenoSolutions customer through a multi-profile account, we urge you to recognize your responsibility to protect the privacy of each person within that account. Users with multi-profile accounts (i.e., where multiple family members register their kits to one account) should use caution in setting profile-level privacy settings.
c. Account deletion
If you no longer wish to participate in our Services, or no longer wish to have your Personal Information be processed, you may delete your GenoSolutions account and Personal Information within your Account Settings. Once you confirm your request to delete your account and data, your account will no longer be accessible while we process your request. Once you confirm your request, this process cannot be cancelled, undone, withdrawn, or reversed. When your account is deleted, all associated Personal Information is deleted and any stored samples are discarded, subject to the following limitations:
i. Legal Retention Requirements. GenoSolutions and our third party genotyping laboratory will retain your Genetic Information, date of birth, and sex as required for compliance with applicable legal obligations. GenoSolutions will also retain limited information related to your account and data deletion request, including but not limited to, your email address, account deletion request identifier, and record of legal agreements for a limited period of time as required by contractual obligations, and/or as necessary for the establishment, exercise or defense of legal claims and for audit and compliance purposes.
6. Security measures
GenoSolutions takes seriously the trust you place in us. GenoSolutions implements physical, technical, and administrative measures to prevent unauthorized access to or disclosure of your information, to maintain data accuracy, to ensure the appropriate use of information, and otherwise safeguard your Personal Information.
· GenoSolutions produces secure applications by design. GenoSolutions incorporates explicit security reviews in the software development lifecycle, quality assurance testing and operational deployment.
· De-identification/Pseudonymization. Registration Information is stripped from Sensitive Information, including Genetic and Self-Reported Information. This data is then assigned a randomly generated ID so an individual cannot reasonably be identified.
· Encryption. GenoSolutions uses industry standard security measures to encrypt Sensitive Information both at rest and in transit.
· Separation of Environments. GenoSolutions ensures processing, production, and research environments are separated and access is restricted. Data, including Registration Information, Genetic Information, and Self-Reported Information are segmented across logical database systems to further prevent re-identifiability.
· Limiting access to essential personnel. We limit access to Personal Information to authorized personnel, based on job function and role. GenoSolutions access controls include multi-factor authentication, single sign-on, and strict least-privileged authorization policy.
· Detecting threats and managing vulnerabilities. GenoSolutions uses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our processes and regularly engage third party security experts to conduct penetration tests.
· Incident Management. GenoSolutions maintains a formal incident management program designed to ensure the secure, continuous delivery of its Services.
· Managing third party service providers. GenoSolutions requires service providers to implement and maintain accepted industry standard administrative, physical and technical safeguards to protect Personal Information.
Your Responsibility. Please recognize that protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party and should immediately notify GenoSolutions of any unauthorized use of your password. GenoSolutions cannot secure Personal Information that you release on your own or that you request us to release.
Your information collected through the Service may be stored and processed in the United States or any other country in which GenoSolutions or its subsidiaries, affiliates or service providers maintain facilities and, therefore, your information may be subject to the laws of those other jurisdictions which may be different from the laws of your country of residence.
7. Children's privacy
GenoSolutions is committed to protecting the privacy of children as well as adults. Neither GenoSolutions nor any of its Services are designed for, intended to attract, or directed toward children under the age of 18. A parent or guardian, however, may collect a buccal swab or saliva sample from, create an account for, and provide information related to, his or her child who is under the age of 18. The parent or guardian assumes full responsibility for ensuring that the information that he/she provides to GenoSolutions about his or her child is kept secure and that the information submitted is accurate.
8. Linked websites
GenoSolutions provides links to third party websites operated by organizations not affiliated with GenoSolutions. GenoSolutions does not disclose your information to organizations operating such linked third party websites. GenoSolutions does not review or endorse, and is not responsible for, the privacy practices of these organizations. We encourage you to read the privacy statements of each and every website that you visit. This Privacy Statement applies solely to information collected by GenoSolutions and our service providers on our behalf.
9. Changes to this Privacy Statement
Whenever this Privacy Statement is changed in a material way, a notice will be posted as part of this Privacy Statement and on our website for 30 days. After 30 days the changes will become effective. In addition, all customers will receive an email with notification of the changes prior to the change becoming effective. GenoSolutions may provide additional "just-in-time" disclosures or additional information about the data collection, use and sharing practices of specific Services. Such notices may supplement or clarify GenoSolutions’s privacy practices or may provide you with additional choices about how GenoSolutions processes your Personal Information.