Regulatory background: GDPR
The EU General Data Protection Regulations (which are known as GDPR) apply to us when we collect or use personal information. The regulations were introduced to protect people’s data. GDPR describes business such as ours, who determine why and how personal information is used, as ‘controllers’, and the use of personal information as ‘processing’. Processing includes collecting information, storing it, disclosing it, using it and destroying it.
The regulations say that information should only be processed in one or more specified circumstances, which are known as ‘lawful bases’. The lawful bases on which we may process your personal information include:
- Where you have given your consent. We have shortened this to ‘consent’ in the statement)
- Where necessary to carry out the terms of a contract, for example the contract for us to provide services to you. We have shortened this to ‘perform contract’.
- Where necessary to comply with a legal obligation. We have shortened this to ‘comply with law’
- Where we or someone else has a legitimate interest which is not overridden by your interests. We must always balance your interests and rights with our interests if we are to process your information on this basis. We have shortened this to ‘legitimate interest’.
In this statement we have grouped the types of personal information that we may hold into broad categories. The categories are:
- General information including contact information
- Payment and transactional information
- Information related to administering your account/providing our services including your genetic information
We also collect, use and share aggregated data such as statistical data. Aggregated Data could be derived from your personal data, including your genetic data, but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your genetic data and use that information in our laboratories for validation and verification purposes and we aggregate genetic data from a particular country of origin and use that information to help us improve the accuracy of our testing may and generally to improve our services and to develop new services. Other examples of how we use aggregated data are for business management, planning and tracking purposes.
NOTE TO READERS AND USERS:
DNA-based Wellness services and reports fall under general wellness guidelines, they are not a medical condition and they can not be used for treatment.
To make it simple, those frameworks are based on a few main principles which we also follow:
- Companies don’t take your data without your consent
- The purpose of data collection is clear
- Collected information is stored securely and it is protected per industry standards
- You have access to your information
- Information can get corrected when requested or needed
- Information is used only for the purpose that it was collected
- The information is anonymized with a unique identifier, so when it is used for research or other necessary purposes to deliver the service, it is not linked to your personally identifiable information
On top of that, we don’t collect data about the children under 18 years old.
Now that the main rules are reviewed, let’s get into more details of it. Don’t forget to review Terms of Service as well:
DNAPACK’s business includes online, mobile and web communications and applications. In the course of its business, we collect, transmit, record, store, and otherwise handle information about individuals (personally identifiable information or “PII”). We take these activities seriously and provide appropriate procedures for the handling of PII. This Statement provides information to our website visitors, customers, and individuals communicating with or through our customers (collectively “Consumers”) about how information is collected, transmitted, stored, or otherwise handled. Any information provided by Consumers or collected from individuals who use DNAPACK services/products is not sold or shared with unauthorized third parties, except in certain cases described below. Our customers may provide your PII to us for conducting their business and their use of your information is governed under their privacy policies/statements.
THE INFORMATION WE COLLECT
The way we collect PII depends on our relationship with you. DNAPACK collects information from its customers as they use DNAPACK’s products and services and from individuals communicating with or through DNAPACK’s customers (“End Users”). DNAPACK also collects information from people who visit our websites (“Visitors”).
INFORMATION COLLECTED FROM DNAPACK CUSTOMERS AND CUSTOMER END USERS
DNAPACK collects information from its customers and customers’ End Users in the ordinary course of business. DNAPACK only collects information that customers and their End Users voluntarily disclose or provide to us and may include information that is made available from their devices as they use our products or services. Some of this information may include information in emails sent between us and customers or End Users, content of unsecured messages and voice communications sent through our services, secure messages and voice communications if hosted at our data center and provided with access permissions to such information, information related to support issues, information about customer devices (such as phone numbers, carriers, or device types), financial information provided by customers, and other information sent in the course of business.
FOR USERS UTILIZING A DNAPACK STANDARD SMS SOLUTION, OR FOR ANY COMMUNICATION THAT INVOLVES A DEVICE WITHOUT A DNAPACK SECURED APP (OR NOT USING THE SECURED APP), PLEASE NOTE THAT WHEN SUCH MESSAGES ARE TRANSMITTED, THEY ARE EXPOSED TO THIRD PARTY VENDORS SUCH AS CARRIERS, WHOSE SERVICES ARE NECESSARY TO SEND THESE MESSAGES. YOU ACKNOWLEDGE THAT THESE THIRD PARTY VENDORS ARE NOT WITHIN OUR CONTROL, AND, AS SUCH, THERE MAY BE LIMITED (IF ANY) PRIVACY WITH THESE MESSAGES.
FOR CONSUMERS UTILIZING DNAPACK’S SERVICES FOR ARCHIVING, DEPENDING IN PART ON THE CONNECTION AND VENDORS UTILIZED BY THE CUSTOMER, THE TRANSMISSION OF THE INFORMATION BETWEEN DNAPACK AND THE ARCHIVING SERVICE MAY BE THROUGH STANDARD NETWORKS THAT MAY BE EXPOSED TO THIRD PARTY VENDORS WHOSE SERVICES ARE USED IN CONNECTION WITH THE TRANSMISSION. CONSUMERS ACKNOWLEDGE THAT SUCH ARCHIVING PROVIDERS AND THIRD PARTY VENDORS ARE OUTSIDE DNAPACK’S CONTROL, AND, AS SUCH, DNAPACK CANNOT GUARANTEE AND MAKES NO REPRESENTATION ABOUT THE PRIVACY PROTECTION OF THE INFORMATION THAT IS TRANSMITTED IN THIS MANNER.
What do we do with this information?
What we do with information gathered from and about you depends on your relationship with us. In general, if we obtain your information solely because an End User communicates information about you within the Services, then our sole uses for your information are to fulfil the customer’s purposes. We do not use this information for our own purposes. However, unless limited by law or contract, we may use your information:
• To provide you with information about products, services, news, and events.
• To allow you to use, purchase, and/or download products and services.
• To analyze use of our services and products, develop new services and products, and customize our products, services, and other information we make available.
• To enable our customers to use the services as they deem necessary to conduct their business.
We may also disclose personal information about you if we believe that doing so is legally required or is necessary to protect our property or other legal rights (including but not limited to enforcement of our agreements or the rights of property of others).
Subject to the terms of our agreements with customers, we may partner with other businesses to assist us in our marketing, communications, and sales efforts, and may share information about you for these purposes. These partners are not allowed to use your information for any purpose other than doing business with DNAPACK.
In addition, subject to the terms of our agreements with customers, PII may be disclosed as part of any merger, acquisition, debt financing, sale of company assets, or similar transaction, as well as in the event of insolvency, bankruptcy or receivership in which PII could be transferred to third parties as one of our business assets.
INFORMATION COLLECTED FROM VISITORS TO DNAPACK’S WEBSITES
Automatically Collected Information
Some information may be automatically collected from Visitors, such as the name of the domain and host used to access the Internet, including the Internet Protocol (IP) address; the date and time you access the website, the length of stay and the specific pages, images or forms accessed when visiting the website; the Internet Address of the website from which you linked directly to our website, and, if applicable, the search engine that referred you; any search strings or phrases that you entered into that search engine; demographic information concerning the country of origin of your computer and the language(s) used. We use this information to monitor usage of our website, assess its performance, ensure technological compatibility with the computer used, and to understand the importance of the information provided on our website. We may also conduct statistical analyses on your usage patterns and other aggregated data.
PERSONALLY IDENTIFIABLE INFORMATION
DNAPACK only knowingly collects PII that is voluntarily provided by you. For example, you provide PII when registering for an account on DNAPACK’s website. PII provided by customers may include email addresses, phone numbers, payment card numbers, first and last name, and addresses. PLEASE NOTE THAT GIVEN THE STATE OF THE TECHNOLOGY, A TELEPHONE NUMBER USED IN THE PROVISION OF OUR SERVICES WITHOUT ANY ADDITIONAL IDENTIFYING INFORMATION IS NOT CONSIDERED PROTECTED PII.
DNAPACK is dedicated to protecting the PII it knowingly receives from End Users in a confidential and secure environment. When authorized third parties need to access PII, DNAPACK will provide the minimum amount of information required to complete the requested service or transaction.
If you register for an account on our website, your security relies on the strength and confidentiality of your password to your account. DNAPACK will never request that you send a password to us via email, but you will be required to enter your password when using certain products or services.
By using DNAPACK’s website and services, you understand and consent to the collection, processing, and use of information for the purposes and in the manner set forth under this Statement.
At DNAPACK, we do not intend to collect information from children under the age of 18 (or the applicable legal age in your location). If DNAPACK discovers that a child under the age of 18 submits PII to DNAPACK, we will delete such information as soon as we become aware of the source of the submission (unless we are required to retain information, and, if so, we will retain only that information that we are required to retain), and we will not use such information for any other purpose. While we don’t intend to attract, or direct toward children under the age of 18, a parent or guardian, however, may collect a DNA sample from, create an account/profile for, and give information related to his or her child. The guardian or parent assumes full responsibility for ensuring that the information that he/she shares with DNAPACK about his or her child is kept secure and that the information submitted is accurate.
DNAPACK encourages parents to take an active role in their children’s use of the Internet and cellular telephones and to inform them of the dangers of providing Information about themselves on the Internet or through cellular telephones.
DO NOT CONTACT
DNAPACK provides you the opportunity to opt-out of receiving electronic communications from either DNAPACK or our customers. If you do not want to receive communications from us, please contact us at [email protected], or if you are being contacted through a customer, please follow the instructions in the communication itself or contact the customer directly. You may also use the convenient opt-out feature included with emails. For instance, we add you to the mailing lists for DNAPACK updates, promotions and other useful information for our users. You always have option to out-out if you chose too.
Keep in mind, this opt-out does not apply to necessary communications, such as responding to an inquiry, and may be revoked if you later request information from us. Additionally, if you have various contact options that are not linked to your PII or account, we may not be able to identify which options link to you. Please provide the information necessary to honor your request as fully as possible.
There are locations in which individuals have certain rights under the law regarding their information. For example, DNAPACK does not disclose any person’s PII to any third party for direct marketing purposes. If you have additional privacy rights guaranteed to you under your local law or regulations, DNAPACK intends to honour those rights. You may contact us by sending an email to [email protected]
LINKS TO OTHER WEBSITES
When you click on links on DNAPACK’s website to third-party websites, you will be subject to such third parties’ privacy policies or statements. DNAPACK IS NOT BE RESPONSIBLE FOR THIRD-PARTY WEBSITES OR THEIR CONTENT OR ACTIONS. DNAPACK encourages you to read the posted privacy statement or policy of any and every website visited.
Also, you may have the opportunity to share your information through other websites, such as social media sites. We may provide a convenient link to let you do this easily, but we cannot control their website or your posts/sharing.
DNAPACK may use partner services to process genetic data to produce the DNA assessments (your Reports). For example, when you order your DNA kit with DNAPACK, we use third party laboratory services to sequence your DNA from your Saliva sample. Your sample is mailed to the lab directly and once processed, we receive the DNA file via secure servers to be processed. We also partner with ancestry service providers, to produce your Ancestry Reports. Therefore, once your sample is received at lab, an account with a temporary email and password will be created for you automatically which you will be able to access through a link sent to you and review your results. By providing your Saliva Sample using the DNA Kit (from any channel such as DNAPACK online store, Amazon or other partners, whether you create a DNAPACK account or not), you agree with creating such record and account. We may also use other services to process your genetic data to generate results or validation, in such case, we anonymize your data and won’t share your personal information, however a copy of your anonymized information is shared with such services.
DOWNLOADING YOUR DATA
We have made it available for you to download your data and reports at anytime. If you have uploaded your DNA file from other service providers, we keep a copy of DNA file for the processing and currently there is no link to download it again from DNAPACK portal. If you need to get a copy of it or any other information, send an email to [email protected]
DELETING YOUR ACCOUNT
You may stop using your account at anytime and if chose, delete it. When you delete your account, we remove your personal information, DNA File and DNA Reports generated for you from DNAPACK Portal. If you would like to also delete your other information that been used by third parties to provide the service to you (such as payment information or support tickets), please email [email protected] We will submit requests for such information starred with third parties to be removed within 30 days.
DNAPACK may in its sole discretion, update this Statement at any time and will post any amended Statement on its website. Users should visit this page regularly, especially prior to providing any PII.
EXCEPT AS TO REFERENCES TO DNAPACK’S CURRENT TEAM MEMBERS, ANY PII, INCLUDING NAMES AND PHONE NUMBERS AND PHOTOS, DISPLAYED ON DNAPACK’S WEBSITE ARE FICTITIOUS AND MERELY FOR ILLUSTRATIVE PURPOSES. ANY RESEMBLANCE OR SIMILARITY TO AN ACTUAL INDIVIDUAL IS MERELY COINCIDENTAL.
By using our website and services, you agree to be bound the terms and conditions of this Statement.
Please direct any questions you might have about this Privacy Statement to [email protected]
Copyright 2019 © DNAPACK - All rights reserved. Our DNA Testing is for scientific, educational and nutritional information only and is not intended to be a substitute for professional medical or clinical advice. If you have a question about a medical issue, please see your doctor.