At MY BODY DNA your privacy is a top priority. MY BODY DNA is committed to being a good steward of your Personal Information, handling it in a responsible manner, and securing it with administrative, technical, and physical safeguards.
We also believe in being honest, direct and transparent when it comes to your data. MY BODY DNA follows three guiding principles when it comes to your privacy:
- Transparency. We work hard to be transparent about what Personal Information we collect and process.
- Simplicity. We try to use easy-to-understand language to describe our privacy practices to help you make informed choices.
- Control. We give you control over the Personal Information you provide to us - how it is used and retained.
Other Important Things for You to Understand When You Use Our Services
You may discover unexpected facts about yourself or your family when using our services. Once discoveries are made, we can’t undo them.
We will not use your sensitive information without your consent unless: (i) the information has been anonymized or aggregated so that you cannot reasonably be identified as an individual; or (ii) a legal obligation requires us to use it in some way e.g. a court order requires us to disclose the information.
- We will not sell, lease, or rent your individual-level information (i.e., information about a single individual's genotypes, diseases or other traits/characteristics) to any third-party or to a third-party for research purposes without your explicit consent.
- We may share anonymized and aggregate information with third-parties; anonymized and aggregate information is any information that has been stripped of your name and contact information and aggregated with information of others or anonymized so that you cannot reasonably be identified as an individual.
- We will use your genetic information and/or self-reported information and share it with third-parties for scientific research purposes only if you sign the appropriate Consent Document. Note that we will disclose your individual-level information only if we obtain additional explicit consent from you.
Effective Date: May 23, 2018
1. Key Definitions
Aggregate Information: information that has been combined with that of other users and analyzed or evaluated as a whole, such that no specific individual may be reasonably identified.
Anonymized Information: information that has been stripped of your Registration Information (e.g., your name and contact information) and other identifying data such that you cannot reasonably be identified as an individual.
Individual-level Information: information about a single individual's genotypes, diseases or other traits/characteristics, but which is not necessarily tied to Registration Information.
Personal Information: information that can be used to identify you, either alone or in combination with other information. MY BODY DNA collects and stores the following types of Personal Information:
- Registration Information: information you provide about yourself when registering for and/or purchasing our Services (e.g. name, email, address, user ID and password, and payment information).
- Genetic Information: information regarding your genotype (e.g. the As, Ts, Cs, and Gs at particular locations in your genome), generated through processing of your saliva by MY BODY DNA or by its contractors, successors, or assignees; or otherwise processed by and/or contributed to MY BODY DNA.
- Sensitive Information: information about your health, Genetic Information, and certain Self-Reported Information such as racial and ethnic origin.
Service or Services: GenePlanet’s products, software, services, and website (including but not limited to text, graphics, images, and other material and information) as accessed from time to time by the user, regardless if the use is in connection with an account or not.
3. Account Creation and Your Engagement with MY BODY DNA Services
The Personal Information required to create a basic GenePlanet account is only your email address and a password. Access to Genetic Information to help you understand yourself better requires additional personal information and, for the DNA test, the test code (when you activate your DNA test kit) and a saliva sample from which we can extract Genetic Information.
At any time, you can request MY BODY DNA to delete information you have provided or your Genetic Information. Please see below sections for specific details about deleting your data.
If you no longer wish to have MY BODY DNA account, please contact us and we will help you close your account.
4. What Information Does MY BODY DNA Collect From You?
|Information category||Use Description|
- Your name
- Email address
- A password that you provide us when you create a GenePlanet account
|Credit Card/Payment Information|
- Payment information, such as your credit card number, and your billing and shipping address(es), when you purchase something from GenePlanet
|DNA Kit Activation Information|
When you activate a DNA test kit, we collect:
- DNA test kit code
- Name, Surname
- Phone number
- Year of birth
- We extract DNA from your saliva when you send it back to us in the tube provided with your DNA test kit.
- We convert your DNA into machine-readable code (“DNA Data”), which is used to provide your Genetic Information.
- A note about your DNA and Saliva: Once our laboratory partner has produced your DNA Data, the DNA and saliva (also referred to as “biological samples”), stored in their facilities are destroyed after 90 days.
|Additional User Information||Information that you provide to us when you answer email surveys or online questionnaires offered through the Services.|
|Your Communications||Information you provide in communications with GenePlanet Services.|
|Contests and Promotions||Personal Information when you voluntarily participate in contests and special promotions we run through our Services.|
5. What Information Does MY BODY DNA Collect Through Your Use of the Services?
|Information category||Use Description|
|Information shared through social media features|
If you interact with social media through the Services, for example “Like,” “Tweet,” “Pin,” or “Follow Us” links to sites such as Facebook, Twitter, Pinterest, Instagram, and YouTube, MY BODY DNA will collect these interactions and whatever account information these services make available to us.
|Information from your use of the Services||Information about your use of the Services, such as when you access your profile and related activities. |
6. How does MY BODY DNA use your Personal Information?
|Information category||Use Description|
|Personal Information (generally)|
We use your Personal Information to provide, personalize, improve, update and expand our Services. This includes:
- Authenticating your access to the Services and improving GenePlanet information security;
- Processing your payments for GenePlanet services and test kits, and other products and features;
- Building new and improving existing products and Services;
- Issuing surveys and questionnaires to collect Additional User Information for use in the Services, as well as facilitating product development and research initiatives;
- Conducting statistical research;
- Detecting and protecting against error, fraud, or other criminal or malicious activity and enforcing our General Terms & Conditions.
We use your Personal Information to communicate with you about the Services, such as when we:
- Respond to your inquiries to Services;
- Inform you about activities related to your Genetic analysis process;
- Inform you of product changes or new products and services;
- Ask you to participate in GenePlanet media productions or testimonials;
- Provide you with information or request action in response to technical, security, and other operational issues.
|Market new products and offers from us or our business partners.|
We use your Personal Information to market new products and offers from us or our business partners.
Note: You can control how we market to you by using the unsubscribe link in any email you receive, by changing your account preferences, or by following the instructions in any other marketing communications you receive.
MY BODY DNA uses your Genetic Information for the following primary purposes:
- Delivering Genetic analysis results;
- We may also invite you to participate in surveys and questionnaires (entirely optional) based on your DNA data.
- Studying aggregated Genetic Information to better understand population and ethnicity-related health, wellness, aging, or physical conditions;
- Conducting scientific, statistical, and historical research; and,
- Improving features and functionality in our existing DNA-related products, enhancing the customer experience across MY BODY DNA products, improving the quality of our laboratory processes and technology, and building new products and services, including services related to personal health and wellness.
We will seek additional consent from you before we collect and process additional sensitive Personal Information (for example, health history) as part of your interaction with the Services.
7. When Do We Share Your Information and Who are the Recipients?
|People with whom your Information may be shared / Circumstances in which sharing might occur||Description|
|Other you may choose to share with||If you share details of your Genetic Information outside the Services, you do so at your own risk.|
These processing partners include our:
- Laboratory partners;
- Shipping providers;
- Payment processors;
- Cloud services infrastructure providers;
- Biological sample storage facilities;
- Vendors that assist us in marketing; analytics, and fraud prevention; and,
- Services functions / functionality providers.
|Legal or Regulatory Process|
We may share your Personal Information if we believe it is reasonably necessary to:
- Comply with valid legal process (e.g., subpoenas, warrants);
- Enforce or apply the GenePlanet General Terms & Conditions;
- Protect the security or integrity of the Services; or
- Protect the rights, property, or safety, of GenePlanet, our employees or users.
If we are compelled to disclose your Personal Information to law enforcement, we will do our best to provide you with advance notice, unless we are prohibited under the law from doing so.
|If GenePlanet is Acquired|
8. Your Choices and Access to Your Personal Information
Subject to certain exceptions, you have a right to request access to your Personal Information and to be provided with a copy of certain information you provided in a portable form, as well as to seek to update, delete or correct this information by using the tools described below or by contacting GenePlanet. Details and options for accessing this information are listed below.
You can access and update your account email and password information at any time in the My account settings.
You can request GenePlanet to provide you with Personal Information collected and processed with regards to you.
Your Genetic Information belongs to you and you can access it through your online profile in case your results were in electronic format.
If your results were in printed format and we have already delivered them to you, it is possible to request another copy. Additional fee may be applied in this case.
Genetic Information raw data are considered GenePlanet’s Intelectual property and cannot be shared with you.
9. What are GenePlanet retention practices?
GenePlanet services are fundamentally premised on the notion that the personal voyage of self-discovery is not a one-time event and continues over lengthy periods of time—possibly lifetimes. Additionally, the ongoing enhancement of GenePlanet features provide benefits and insights to our users over time. As a result, GenePlanet’s retention practices reflect this ongoing value by retaining user accounts and Personal Information on our system until our users inform us of their desire to delete their data or close their accounts.
|Category of Information||Retention Period|
|Account||GenePlanet will retain the Personal Information you provide while creating your account until such time as you ask us to close it.|
GenePlanet retains your DNA data as needed to provide you with the features and functionality you purchased (or were gifted), including update / upgrade features. Saved / stored by GenePlanet are:
- Saliva sample
- DNA sample
- Genetic Information
|Usage Information||In some cases we choose to retain usage information (e.g., visits to sites) in a depersonalized or aggregated form. Once aggregated, this information ceases to be personal and will not be subject to GenePlanet user deletion requests.|
10. How can I delete my Personal Information?
You can delete your Personal Information from GenePlanet in following ways.
|Information Category||How to delete|
You can delete your Personal Information from GenePlanet by contacting us.
GenePlanet may hold records containing your Personal Information that we are obligated to maintain as archives and to meet legal or regulatory obligations.
We keep Registration Information as it is related to your order history for accounting purposes.
If you request that GenePlanet delete your DNA data, we will delete all Genetic Information from our systems within 60 days.
To request the destruction of your biological samples, you must send request by email or post. When sending email, you must request confirmation of delivery to be sure email was not lost or delivered to spam.
|General||Please note that there may be some latency in deleting your Personal Information from our backup systems after it has been deleted from our systems. Also, our partners may retain certain information they receive from us in order to comply with laws or regulations that may require them to do so. GenePlanet may also retain certain information as reasonably necessary to comply with our legal obligations (including law enforcement requests), resolve disputes, maintain security, prevent fraud and abuse, as well as to comply with tax, payment industry, securities, and clinical regulatory compliance requirements.|
GenePlanet maintains a comprehensive information security program designed to protect our customers’ Personal Information using administrative, physical, and technical safeguards.
The specific security measures used are based on the sensitivity of the Personal Information collected. We have measures in place to protect against inappropriate access, loss, misuse, or alteration of Personal Information (including Genetic Information) under our control.
GenePlanet Security Team regularly reviews our security and privacy practices and enhances them as necessary to help ensure the integrity of our systems and your Personal Information.
We use latest standard security mechanisms while processing and storing Personal Information (including Genetic Information), and we only partner with security companies that meet and commit to our security standards. While we cannot guarantee that loss, misuse or alteration of data will not occur, we use reasonable efforts to prevent this.
It is also important for you to guard against unauthorized access to your Personal Information by maintaining strong passwords and protecting against the unauthorized use of your own computer or device.
Your password for your account will be used only for online login. We will not ask for your password under any other circumstances. Inform GenePlanet immediately of any unauthorized use of your account. Should you wish to reset or change your password, you can do so by clicking on the relevant links on GenePlanet web page.
Sharing self-reported information through surveys, or other website features, is voluntary and your liability. GenePlanet cannot take responsibility for information that you release or that you request us to release publicly.
12. Data transfer
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside EU and choose to provide information to us, please note that we process the data, including Personal Information, in the EU.
If you object to any changes, you may delete your account by contacting us.
14. Information about children
GenePlanet is committed to protecting the privacy of children as well as adults. Neither GenePlanet nor any of its Services are designed for, intended to attract, or directed toward children under the age of 18. A parent or guardian, however, may collect a saliva sample from, create an account for, and provide information related to, his or her child. The parent or guardian assumes full responsibility for ensuring that the information that he/she provides to GenePlanet about his or her child is kept secure and that the information submitted is accurate. If you are under 18, we ask that you do not use our Service or give us your personal information without your parent or guardian consent.
15. Legal basis under EU General Data Protection Regulation for processing personal information of EU residents.
Where you have consented to data processing, your consent provides the legal basis to process your Personal Information. We rely on your explicit consent to process your Genetic Information. You have the right to withdraw consent at any time. Please note that your withdrawal of consent to collect and process your Personal Information will not affect the lawfulness of processing your Personal Information based on your consent before you withdrew your consent.
We may also process your Personal Information on the basis of contractual necessity to perform a contract we have with you. For example, we process your credit card details when you provide them in order to use our Services or purchase update / upgrade features such as our DNA testing services.
We may also process your Personal Information on the basis of our legitimate interests, including in providing and improving the Services. For example, GenePlanet has a legitimate interest in understanding your login history so we can assess your interaction with our Services. We also have a legitimate interest in providing and developing interesting features to provide to our users. We use your Personal Information to keep our Services safe and secure and we do so as it necessary to pursue your and our legitimate interests in ensuring that our Services are secure, and to protect against fraud, spam and abuse.
Where we rely on legitimate interests to process your Personal Information, you have the right to object to such processing (meaning that you can ask us to stop). You can use your Privacy Settings to control certain ways in which we process your data. You can also contact us, using the details below, to object to other forms of processing.
16. Identity and Contact Details of the Data Controller
Contact Details of the Data Protection Officer
MY BODY DNA customers can reach us using phone number, or you may submit questions using email. Contact details can be found by using “help” / “?” button which can be found in bottom right corner on web page https://my.geneplanet.com.