Definition of Personal Information
Personal Information is information that can identify you or be reasonably linked to you either alone or in combination with other information. This definition incorporates where applicable, the definition contained in the EU General Data Protection Regulations 2018. We collect and store the following types of Personal Information:
Registration Information:information you provide about yourself when registering for and/or purchasing our Services. This includesyour name, date of birth, sex, a password, billing and shipping address, payment information (e.g., credit card) and contact information (e.g. email and phone number) and other information provided to us in the course of opening a 54gene Account.;
Genetic Information: means data that results from the analysis or processing of the DNA code of your genes generated through processing of your saliva by 54gene or by its contractors, successors, and assignees; or otherwise processed by and/or contributed by you to 54gene as well as any interpretation of that data;
Self-Reported Information:information other than Registration and Genetic Information that you provide directly to us through forms, surveys and other features on our Services including any disease conditions, other health-related information, personal traits, ethnicity, family history.;
Sensitive Information: information about your health, Genetic Information, and certain Self-Reported Information such as racial and ethnic origin, sexual orientation, and political affiliation;
Web-Behaviour Information: information on how you use our Services collected through log files, cookies, web beacons, and similar technologies,
What information do we collect?
We collect information in the following ways:
Information given to us directly
In the course of providing our Services, we collect Registration and Self-Reported Information provided by you, posts or uploaded content such as text, software, music, audio, photographs, graphics, video, messages, or other user generated content that you provide through the use of our blogs, forums or community posts. We also collect information from your one-on-one conversations with other 54gene Users, or communication with us about the Services such as when you contact Customer Care.
Genetic Information.We collect Genetic Information extracted from your Saliva Sample such as your genotype, your connection to genetic relatives in our database and any genetic markers associated with physical traits, such as hair colour or traits associated with your health and wellness. Once the information is extracted, the DNA and saliva (also referred to as “biological samples”) are stored so that they can be available for future testing with your consent.
Information collected through your use of the Services
Google Analytics. 54gene uses the AdWords and Remarketing List features of Google Analytics We use first and third party cookies to inform, optimize and serve adverts based on your past visits to our Website. You may opt out of Google Analytics Advertising Features by using the Google Ad Settings.
Information from Third Parties
Social media and other third party services. If you log into 54gene with facebook or use our social media features, such as the Facebook "Like" or "Share" button and widgets, these features may collect information about you such as your IP address, which page you are visiting on our site. They may also allow third-party social media services to provide us information about you, including your name, email address, and other contact information. If you use a third party site, such as Facebook or Twitter, in connection with our Services to communicate with another person (e.g., to make or post referrals or to request that we communicate with another person), then in addition to that person's name and contact information, we may also collect other information (e.g., your profile picture, network, gender, username, user ID, age range, language, country, friends lists or followers)
Referral information and sharing.When you refer a person to us or choose to share your results with another person, we will collect that person's email address for the sole purpose of making the referral or communicating your result. By participating in a referral program or by choosing to share information with another person, you confirm that the person has given you consent for us to communicate (e.g., via email) with him or her. The person you referred may request that we remove this information from our database.
Gifts. Personal Information about others or from others about you provided to us for the purpose of ordering the Service as a gift. This information will only be used for the specific purpose for which it was provided to us. Once a gift recipient registers for his or her Services and agrees to our Privacy Statement, our Terms of Service, and if applicable, certain Consent Documents, his or her Personal Information will be used in manners consistent with this Privacy Statement, and will not be shared with the purchaser, unless they independently choose to share their own Personal Information through the Services with the purchaser.
Other types of information
We may develop new products, applications and features that may result in the collection of new and different types of information. We will update our Privacy Statement and/or obtain your prior consent to new processing, as needed.
Our use of information
Personal Information (generally)
For the purpose of the GDPR, 54gene acts as “data controller”. We use your Personal Information to provide our Services to you in accordance with our Terms of Service. This includes:
Operation of your account and provision of products and services
We use your Personal Information for activities relating to your use of our Website and Services including:
opening your account, enabling purchases and processing payments and implementing your requests;
providing personalized content and information, and tracking your usage of our Services;
Detecting and protecting against error, fraud, or other criminal or malicious activity
enforcing our Terms of Service;
conducting data analysis and research in order to build new and improve existing products and Services; and
issuing surveys and questionnaires to collect Additional User Information for use in the Services, as well as facilitating product development and research initiatives.
Provision of information We use your Personal Information when we provide you with any relevant information about your account or our Services (e.g. policy changes, security updates or issues,) respond to technical, security, and other operational issues raised by you and respond to your inquiries.
To provide customer support.We may use or request Personal Information, in order to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints. In some instances such as where a customer reports behaviour that violates our Terms of Service, we may be required to process one customer’s Personal Information to resolve another customer’s dispute or request. We will not share your Personal Information with another customer without your consent.
We use your Genetic Information for the following primary purposes:
Providing you insights into what your DNA reveals about trait, personal health and wellness as requested by you upon purchase of the Service. We may also invite you to participate in surveys and questionnaires (entirely optional) based on your DNA data.
Studying aggregated Genetic Information to better understand population and ethnicity-related health, wellness, aging, or physical conditions;
Conducting scientific, statistical, and historical research. We will only use your Genetic Information for research if you authorize us to do so by agreeing to the Research Consent; and,
Improving features and functionality in our existing DNA-related products, enhancing the customer experience across our products, improving the quality of our laboratory processes and technology, and building new products and services, including services related to personal health and wellness.
We will only share your individual Personal Information (including your Genetic Information) with third-parties if you give us additional consent other than as described in this Privacy Statement. In particular, we will not share your Genetic Information with insurance companies, employers, or third-party marketers without your express consent. We may share your Personal Information in the following circumstances:
Service providers are third parties (other companies or individuals) that help us to provide, analyse and improve our Services. We share the information with our third-party service providers to enable them provide their services to us and help us perform our contract with you. Our service providers are subject to contractual obligations governing data security and confidentiality consistent with this Privacy Statement and applicable laws.
These processing partners include our:
DNA test shipping providers;
Customer care support;
Cloud services infrastructure providers;
Biological sample storage facilities; and
Vendors that assist us in marketing; analytics, and fraud prevention.
If you consent to the use of your Personal Information for research purposes by agreeing to our Research Consent, we will share your Genetic Information with our research partners Research partners may include commercial or non-profit organizations that conduct or support scientific research, the development of therapeutics, medical devices or related material to treat, diagnose or predict health conditions. In some circumstances, a research partner or 54gene may have a financial interest in the research arrangement.
As part of the findings of our research, we may share with third parties information about you that has been stripped of your name and contact information and combined with information of others so that you cannot reasonably be identified as an individual (“Aggregate Information”),. This Information is not Personal Information because it does not identify any particular individual or disclose any particular individual’s data. We will ask for your consent to share individual Genetic Information or Self-Reported Information with any third party, other than our service providers as necessary for us to provide the Services to you.
Legal or regulatory process
We may share your Personal Information if we believe it is reasonably necessary to comply with valid legal process (e.g., subpoenas, warrants); enforce or apply the 54gene Terms of Service; protect the security or integrity of the Services; or protect the rights, property, or safety, of 54gene, our employees or users. If we are compelled to disclose your Personal Information to law enforcement, we will do our best to provide you with advance notice, unless we are prohibited under the law from doing so.
In the event that 54gene or its businesses are acquired or transferred (including in connection with bankruptcy or similar proceedings), your Personal Information shall be transferred to the acquiring or receiving entity. The promises in this Privacy Statement will continue to apply between you and the new entity with respect to your Personal Information.
Your choices on how we use and share your information
You may set your browser to refuse some or all browser cookies or to alert you when cookies are being sent. You may also set your browser to “Do Not Track”. However, we currently do not “listen” to Do Not Track signals from your browser. If you do not want us to use data about your interests or behaviours to serve you targeted ads, you may opt out through your Account Settings. However, this would not prevent you from getting generic ads that are not targeted towards you.
How do you access, correct or remove your Personal Information
You may request access to, correct or remove personal that you have provided to us by contacting us or by using the tools described below. We may refuse a request to change information if we believe the change would violate any law or cause the information to be incorrect. Details and options for accessing this information are listed below.
You can access and update your Registration Information, review, update or withdraw your consent to 54gene Research and update or delete Self-Reported Information that you provide to us at any time on your own within your Account Settings. You may not be able to delete User Content or information that has been shared with third parties.
Genetic Information download
You may download a file with your DNA Data through your Account at any time.
Sharing outside of the 54gene Services
This Privacy Statement only covers the use and sharing of your Personal Information by 54gene. You may decide to share your Personal Information with third parties outside of our Services., These third parties may use your Personal Information differently than we do under this Privacy Statement. Please make such choices carefully and review the privacy statements of all other third parties involved in the transaction. We will have no responsibility or liability for any consequences that may result because you have released or shared Personal Information with others.
What are 54gene retention practices?
We retain user accounts on our system until our users request that we delete their data or close their accounts. Any Personal Information you provide to us while creating your account will be retained until such time as you ask us to close it.
We retain your Genetic Information as needed to provide you with the features and functionality you purchased (or were gifted). We also retain your Genetic Information for use in our research with your consent and to avail you of updated and new features on our Services.
In some cases we choose to retain usage information (e.g., visits to sites) in a depersonalized or aggregated form. Once aggregated, this information ceases to be personal and will not be subject to 54gene user deletion requests.
How can I delete my Personal Information?
You can delete your Personal Information from 54gene by logging into your Account Settings. To the extent you have shared information through the Services we will not be able to remove any copies of information that other members may have retained. Information in linked archival records can only be removed by the responsible archival entity. We will consider requests for removal of Personal Information from the searchable indexes of the records we hold on a case-by-case basis in accordance with law.
You may request that we delete your Genetic Information, including any derivative Genetic Information from our production, development, analytics, and research systems within 30 days. To request the destruction of your biological samples, you must contact email@example.com]. If you have agreed to our Research Consent, we will not use your Genetic Information for any new research starting within 30 days of your request to delete. However, we will not be able to remove your Genetic Information from active or completed research projects.
You may delete your 54gene account and Personal Information within your Account Settings. Once you submit your request, we will send an email to the email address linked to your 54gene account detailing our account deletion policy and requesting that you to confirm your deletion request. Once you confirm your request, this process cannot be cancelled, undone, withdrawn, or reversed. When your account is deleted, all associated Personal Information is deleted and any stored samples are discarded with the exception of Personal Information included in ongoing or completed research and information we and our partners are legally allowed to retain in order
to comply with our legal obligations (including law enforcement requests), resolve disputes, maintain security, prevent fraud and abuse, as well as to comply with tax, payment industry, securities, and clinical regulatory compliance requirements.
Please note that there may be some latency in deleting your Personal Information from our backup systems after it has been deleted from our production, development, analytics, and research systems.
To ensure the security of your Personal Information, we have in place industry standard administrative, physical, and technical safeguards. We limit access to your Personal Information to our employees and contractors who we believe need access to it in order to provide the services.
Our Security Team regularly reviews our security and privacy practices and enhances them as necessary to help ensure the integrity of our systems and your Personal Information. We use secure server software to encrypt Personal Information (including Genetic Information), and we only partner with security companies that meet and commit to our security standards. We also strip your Registration Information from Sensitive Information, including Genetic and Self-Reported Information before sharing it with third parties unless you have consented to the disclosure of identifying Personal Information.
We cannot guarantee that your Personal Information will not be accessed, altered or lost through a breach of our safeguards. We however use reasonable efforts to prevent this.
It is also important for you to guard against unauthorized access to your Personal Information by maintaining strong passwords and protecting against the unauthorized use of your own computer or device.
Our Services are intended for the use of adults over 18. However, a parent or guardian may use our Services and provide information on his or her child who is under the age of 18. The parent or guardian assumes full responsibility for ensuring that the information that he/she provides about his or her child is kept secure and that the information submitted is accurate.
Changes to this Statement
We shall notify you of any changes to this Privacy Statement at any time by posting a notice through the Services, on our websites, or sending you an email. Where the changes are material, we will provide prominent advance notice to give you the opportunity to review the changes and choose whether to continue using the Services.
We will also notify you of non-material changes to this Statement as of their effective date Your continued use of our Services after notice of non-material changes means that you consent to the updated Privacy Statement.
If you object to any changes, you may delete your account through your Account Settings.
We may with your consent send you marketing communications using electronic means. You may withdraw your consent at any time within your Account Settings or by emailing [firstname.lastname@example.org]. We will only contact you by electronic means (email, push notification, SMS, etc.) with information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you.
We will only share your Personal Information with third parties for marketing purposes with your explicit consent. If you do not want us to use your Personal Information in this way, please review and update your Account Settings as necessary or contact us at [email@example.com]. You may raise such objection with regard to initial or further processing for purposes of direct marketing at any time and free of charge. The withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
Compliance with the European Union’s General Data Protection Regulation (GDPR)
As required under the GDPR, your consent provides us with the legal basis for processing your Personal Information. We rely on your explicit consent to process your Genetic Information. You may withdraw your consent at any time. However, the withdrawal of consent would not affect the legality of processing done before the consent was withdrawn. We may also process your Personal Information on the basis of contractual necessity in order to perform our contract with you and on the basis of legitimate interest. You may object to the processing of your Personal Information when we rely on legitimate interest as the basis for processing.
You are entitled to certain rights under the GDPR. You may exercise those rights by contacting us at [firstname.lastname@example.org] We will handle your request under applicable law. When you make a request, we may verify your identity to protect your privacy and security. Some of your rights include:
The right to be informed.You may request information on how your Personal Information is used and disclosed at any time. You may contact our Customer Care and will provide you with information in a concise manner.
Right of access to and rectification of your Personal Information. If you have created a 54gene account, You may access, review, update and rectify certain Registration Information and Self-Reported Information within your Account Settings, and the surveys page. If you would like to access or rectify any other information, contact Customer Care and we will do our best to assist you without undue delay. We may reject part or all of your request if responding to your request could adversely affect the rights and freedoms of others.
“Right to be Forgotten”. You may request erasure of Personal Information where processing of the information is no longer necessary, you have withdrawn consent in relation to the purpose of the processing or you had earlier objected to the processing of your Personal Information. Upon receipt of a request for erasure, we shall take all reasonable steps to delete your Personal Information. If we have made your Personal Information public and we are required to erase such Personal Information, we will take reasonable steps, including technical measures, to inform controllers that are processing any links to or copies or replications of your Personal Information of your erasure request. Our assistance with your request for erasure is subject to limitations by relevant data protection laws, available technology and the cost of implementation.
Right to restriction of our processing. You can restrict our processing of your Personal Information where one of the following applies: (a) you dispute the accuracy of Personal Information being processed by us (for a period enabling us to verify its accuracy); (b) the processing is unlawful and you oppose the erasure of the Personal Information and request the restriction of its use instead; (c) 54gene no longer needs the Personal Information for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; and (d) you have objected to certain processing relying on legitimate interest, pending the verification whether 54gene legitimate grounds override your rights. Restricted Personal Information shall only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will notify you if the restriction is lifted.
Right to data portability. If we process your Personal Information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your Personal Information in a structured, commonly used and machine-readable format for transfer to another data controller, or to have us transfer your Personal Information directly to another controller, where technically feasible. However, we may refuse your request if the exercise of this right adversely affects the rights and freedoms of others.
Notification of erasure, rectification and restriction. We will provide notice to each recipient that we disclosed your Personal Information to regarding any rectification or erasure of Personal Information or restriction of processing, unless you initiated the disclosure or providing notice proves impossible or involves disproportionate effort. Upon your request, we will share the list of recipients with you.
Right to object to processing.Where the processing of your Personal Information is based on legitimate interests, or processing is done for the purpose of direct marketing, you may restrict or object, at any time, to the processing of your Personal Information. We may continue to process your Personal Information if it is necessary for the defence of legal claims, or for any other exceptions permitted by applicable law. However, if you object to processing for direct marketing, your Personal Information shall no longer be processed for that purpose.
Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you, except where you have consented to such processing or such processing is necessary for performance of the contract between you and 54gene.
The rights described above may be limited by local laws. Further, your right of access and deletion is not absolute and may not be available if fulfilment of such right would, among other things:
cause interference with execution and enforcement of the law and legal private rights (such as in the case of the investigation or detection of legal claims or the right to a fair trial);
breach or prejudice the rights of confidentiality and security of others;
prejudice security or grievance investigations, corporate re-organizations, future and ongoing negotiations with third parties, the compliance with regulatory requirements relating to economic and financial management; or
otherwise violate the interests of others or where the burden or cost of providing access would be disproportionate.
Identity and contact details of the 54gene
54gene is your data controller for the purpose of the Services and is responsible for the use of your data and for responding to any requests related to your Personal Information. Our contact information is listed at the bottom of this Statement.
Contact Details of the Data Controller