1. OUR PRIVACY STATEMENT
1.4 This Program is intended for individuals 16 years of age and older. If you are under the age of 16, you must not use the Program or submit Personal Information unless you have the consent of and are supervised by a parent or guardian.The DNA Company does not knowingly collect information from people under the age of 16 without such consent.
1. 2. THE PERSONAL INFORMATION THAT WE COLLECT FROM YOU
2.1 When you use and subscribe to the Program, we collect the following Personal Information about you: (a) Information you give us: You may give us information about you by subscribing to the Program, such information may include, but is not limited to:
(i) your name, title, gender and/or date of birth;
(ii) your contact information including phone/mobile number and email address;
(iii) billing and shipping address;
(iv) payment information (e.g. credit card); and
(v) your age, height, weight, waist measurement and health history.
(b) Information The DNA Company collects about you: In order to provide you with our Program, we collect the following information for you:
(i) genetic and biological health information, including information regarding your genetic profile generated through processing and analysis of your saliva by The DNA Company or by its contractors, successors, and assignees; or otherwise processed by and/or contributed to The DNA Company (“Genetic Information”);
(iii) other personal health information, such as any disease conditions or other health related information as provided by you to us through the screener form on our website.
(c) Cookies and tracking
(ii) In addition to the above, when interacting with our website, we gather certain information automatically about the website’s users and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information we collect about you, such as your user profile ID or order number. We do this to improve services we offer you, and to improve marketing analytics, and site functionality.
(iii) When you access our website by or through a mobile device, we may receive or collect and store a unique identification numbers associated with your device or our mobile application (including, for example, a UDID, UniqueID for Advertisers (“IDFA”), Google Ad ID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number, and, depending on your mobile device settings, your geographical location data, including GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device
3. WHAT WE DO WITH YOUR INFORMATION
3.1 The DNA Company may collect, store and process your Personal and Genetic Information described above for the following purposes:
(a) to administer and operate the Program, and the services provided in connection with the Program, including processing and analyzing your genetic testing results and Genetic Information, and providing nutritional supplements related to such results and Genetic Information;
(b) to perform research and development activities, which may include, for example, conducting data analysis and research in order to develop new or improve existing products and services, and performing quality control activities.The DNA Company may use Genetic Information for the purposes of conducting scientific research,
(c) conduct analytics to improve and enhance our Program;
(d) offer new products, programs or services to you, including through emails, promotions or contests;
(e) implement online marketing campaigns and targeted advertising, including by utilizing third-party ads (subject to your cookie settings and preferences), and to measure the effectiveness of our marketing and targeted advertising;
(f) for our internal record keeping requirements including collection of anonymized details about use of the Program to compile aggregate statistics or produce internal reports;
(h) to provide you, or permit selected third parties acting on The DNA Company’ behalf to provide you with information by SMS, e-mail or other electronic messaging service about goods or services we feel may interest you including, without limitation brochures, details of promotions, events, new products and services;
(i) to the extent we have a legal obligation, right or duty under the Applicable Law to use or disclose your information (including for crime and fraud prevention and related purposes); and
(j) to anonymize and aggregate the Personal Information (including Genetic Information) for any other purposes, provided that no identifiable personal information can be readily identified.
3.2 The DNA Company will only retain your Personal Information for as long as reasonably necessary having regard to the purposes for which your Personal Information was collected and will delete such Personal Information after the expiry of such period unless otherwise required under the Applicable Law and any anonymized and aggregated information will be retained be The DNA Company. The DNA Company will retain your Personal Information for an indefinite period of time for the purposes and uses indicated in this policy. If you would like to opt-out of the storage of your personal and genetic information after you have received information and/or services related to the Program, please send a written intention via email to firstname.lastname@example.org and specify which information you wish to have removed or used for purposes beyond the administration of the Program.
4. DISCLOSURE OF YOUR PERSONAL INFORMATION
4.1 The DNA Company may share your Personal Information that it collects from you or that you provide to The DNA Company with selected third parties in order to operate the Program and provide the services in connection with the Program or for the following purposes:
(a) to operate the Program and provide the services in connection with the Application or any other purposes as set out in paragraph 3.1 above;
(b) to enforce or apply the Program’s Subscription Agreement and/or other agreements or to investigate potential breaches of such agreements;
(c) For greater certainty, your Genetic Information will not be disclosed by The DNA Company except to provide you with the Program unless we have obtained your express consent to do so.
4.2 The DNA Company may share your anonymized and aggregated Personal Information with limitations to:
(a) business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
(b) companies that provide statistical analysis services; and
(c) analytics and search engine providers, such as Google Inc, that assist us in the improvement and optimization of our website.
4.3 The DNA Company may disclose Personal Information:
(i) to comply with any applicable laws, regulations, governmental and quasi-governmental requests, court orders or subpoenas;
(ii) to enforce the Program’s Subscription Agreement or other agreements; or
(iii) to protect The DNA Company’ rights, property or safety or the rights, property or safety of other users of the Program or others (e.g., for fraud protection etc.).
5.1 The DNA Company has in place security measures to store all Personal Information collected and received securely. We use appropriate technical, organizational, administrative and physical measures to protect your Personal Information contained in our system against accidental damage, deletion, misuse, loss and unauthorized access or alteration. Although we will do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted by a Re-Seller to us. Once The DNA Company has received your Personal Information, we will use strict procedures and security features (including by encrypting the Personal Information) to try to prevent unauthorized access.
5.2 Independent security certification and audit. Our processing systems, which protects The DNA Company information assets supporting our Services, has been certified under the internationally recognized ISO/IEC 27001:2013 standard. Some of those controls are described below.
5.3 Encryption. The DNA company uses industry standard security measures to encrypt Sensitive Information both when it is stored and when it is being transmitted.
5.4 Limited access to essential personnel. We limit access of information to authorized personnel, based on job function and role. The DNA Company access controls include multi-factor authentication, single sign-on, and a strict least-privileged authorization policy.
6. YOUR RIGHTS
6.1 You have the right to, at any time, ask us not to process or share your Personal Information for marketing purposes (even where you have previously given consent). The DNA Company will inform you (before collecting your Personal Information) if it intends to use your Personal Information for such purposes or if The DNA Company intends to disclose your Personal Information to any third party for such purposes (subject to obtaining your prior consent).
6.2 You have the right to access details of your Personal Information that we hold about you by written request and to request rectification or erasure of such Personal Information, if the Applicable Laws allows you to do so.
6.3 You may choose to no longer receive communications from us by replying STOP to communications (if any) you receive from The DNA Company. You may unsubscribe to any email from us using the instructions in the email you receive; this will not stop us from sending emails about your account or transactions with us or other information required for your use or subscription to the Program.
6.5 You have the right to make a complaint about a possible breach of the Applicable Laws to us. We will consider any complaints we receive and respond to your complaint within a reasonable period of time. You also may lodge a complaint about the treatment of your Personal Information with the supervisory authority located in your jurisdiction, if the Applicable Laws allows you to do so.
6.6 You can exercise your rights above by contacting us at the address listed below.