CRI Genetics Privacy Statement
As of August 28, 2017
This document (this "Privacy Statement") provides information on what personal information is collected from you while using the DNA Service and how we use the personal information to provide you the DNA Service. CRI Genetics (sometimes referred to as “us” or “we”, as context allows) offers a DNA testing service which allows customers ("Users", sometimes referred to as “you” as permitted by context) to submit saliva samples (“DNA Samples”) to us, for the purpose of performing certain tests on the DNA Samples ("DNA Tests"), extracting genetic information from the DNA Sample and interpreting such genetic information (“Genetic Information”), and reporting the findings (“DNA Results”) from such DNA Sample to the User (collectively the “DNA Service”). This involves the collecting, processing, storing and sharing of personal information such as, but not limited to, the User’s name, contact information, financial information and Genetic Information (“Personal Information”). We understand and respect the sensitive nature of your Personal Information and strive to ensure the collection of Personal Information is done in a secure, dependable, transparent and legal manner. The security of your Personal Information is of great importance to us. We have security measures in place to attempt to protect against the loss, misuse or alteration of your Genetic Information, DNA Results, and Personal Information. We periodically review and update our security and privacy policies as necessary and only allow authorized personnel to have access to Genetic Information, DNA Results, and Personal Information. We use secure server software to encrypt financial information collected and we only work with third parties who have agreed and complied with our security standards. We cannot fully guarantee that loss, misuse or alteration of data will not occur, however we use commercially reasonable efforts to prevent this. It is also your responsibility to guard against unauthorized access to any and all Personal Information.
CRI Genetics operates a website located at crigenetics.com (the "Website," collectively with the DNA Service, “CRI Services”). Through the CRI Services, we collect and handle Personal Information in order to provide, evaluate, and improve our CRI Services. Though it is not currently our practice, we may, in the future, collect Personal Information as permitted by law and regulation, and with your express consent, for further genetic research purposes, as well as for marketing and advertising purposes. We may also utilize Personal Information to protect the security and safety of our company, employees, customers, as we reasonably believe is permitted by laws and regulations, and to comply with any laws and regulations we are subject to. We will not distribute your Personal Information to any third-party for any purpose without your express prior consent.
What Personal Information we collect
CRI Genetics only collects Personal Information believed to be necessary to provide you the CRI Services. Examples of the types of Personal Information we collect include:
- Name, contact information, and payment details. CRI Genetics requires your name, date of birth, email address, phone number, billing and shipping address, payment information (e.g. credit card number), and a password for when you register for an account (“User Account”) as well as when you sign in to use certain features, such as viewing your DNA Results.
- Genetic Information. This is generated when you submit a DNA Sample and we perform the DNA Test. The resulting Genetic Information, including the DNA Results, is stored at our testing lab. All DNA Samples are also stored at our testing lab and is kept by us for one (1) year unless or until circumstances require us to dispose of the sample at an earlier time. We may use the DNA Samples for additional genetic testing, subject to your consent.
- Minors. The CRI Services are intended solely for persons over the age of eighteen (18) (“Adults”). Any offers to use or purchase the CRI Services are solely meant to be marketed to Adults. Persons under the age of eighteen (18) (“Minors”) should consult with their parent(s) or legal guardian to determine if the CRI Services are appropriate for use. When a Minor uses the CRI Services, CRI Genetics will hold the parent or legal guardian of that Minor responsible for the Minor’s actions and are deemed to have consented to the use of the Minor’s information by CRI Genetics. We do not knowingly collect or intend to collect Personal Information from children under the age of thirteen (13). If CRI Genetics becomes aware that we have unknowingly collected Personal Information from a child under the age of 13, we will delete all such Personal Information from our databases by reasonable commercial means.
How we use Personal Information
All Personal Information, including the DNA sample, provided to CRI Genetics, will be stored and processed in the United States of America (“USA”). You expressly consent to the transfer, storage, and processing of your Personal Information and DNA Sample in the United States. Subject to this Privacy Statement, the Data Consent Agreement and applicable law, CRI Genetics may use your Personal Information for any reasonable purpose related to the CRI Services. This includes using your Personal Information to communicate with you, to provide you information about CRI Genetics products and services, to respond to your requests, to update our product offerings, to improve the CRI Services, and to prepare and perform demographic, benchmarking, advertising, marketing, and promotional studies.
We will primarily use your Personal Information to provide you CRI Services, and let you know about new features or other offers of interest from CRI Genetics, or to address customer service needs and requests. Relevant information such as the DNA Results (including updates to your Results) requires such use of Personal Information. We will also use Personal Information to fulfill the purposes for which you have provided the Personal Information, such as processing your order or registering your User Account. Additionally, we will use your Personal Information to verify and carry out financial transactions relating to payments you make through the Website.
We will also use your Personal Information to communicate with you. CRI Genetics may communicate with you in order to provide you with updates pertaining to the CRI Services or future products or services offered by CRI Genetics, or to reply to customer service requests or questions. We may also seek feedback from you regarding the CRI Services. Our preferred choice of communication is via email, but we may contact you via telephone, direct mail, or any other appropriate form of communication as warranted under the circumstances. You may also receive promotional offers from us. If you do not want to continue to receive such emails from us, you may opt out at any time by using the unsubscribe link listed in the email or by changing your Email Preferences.
Personal Information is also used for internal business purposes, such as to improve the CRI Services, for internal data analysis, Website usage analysis, and promotional campaign analysis. Additionally, subject to your voluntarily consent as described in the Consent Agreement, we may use your Genetic Information, Personal Information, DNA Results, and other DNA information for the purposes of research as specified in the Data Consent Agreement.
Sharing Personal Information with 3rd Parties
CRI Genetics will not share Personal Information to 3rd parties, except as required by law, regulatory authorities, and legal process, or to protect the rights or property of CRI Genetics or other users (including outside your country of residence); to enforce our Terms and Conditions; to protect our rights, privacy, safety, confidentiality, reputation or property, and/or that of the Website, or others; to prevent fraud or cybercrime; to permit us to pursue available remedies or limit the damages that we may sustain; or to investigate rare cases involving reported abuse of this Privacy Statement.
In the instance that CRI Genetics is, or substantially all of its assets or stock are, acquired, transferred, disposed of (in whole or part and including in connection with any bankruptcy or similar proceedings), Personal Information will as a matter of course be one of the transferred assets.
We use 3rd parties to perform various tasks for us such as processing payments or processing and storing your DNA samples. These third parties operate under strict agreements protecting your Personal Information and are only given access to the Personal Information needed to perform their functions, and are prohibited from using it for other purposes.
Use of the CRI Services may result in the storage or collection of information that does not personally identify you (“Non-Personal Information”), such as demographic data, year of birth or age groups, geographic areas, gender and the fact that a DNA Test is attached to your account. Use of the CRI Services may also collect Non-Personal Information such as the website from which you have come to the Website, your computer type, screen resolution, Operating System version, mobile device details (if applicable) and Internet browser. We have to use your IP address, your device type, your website interactions, and other Non-Personal Information to deliver the Website and DNA Services to you and to help diagnose problems with our server. This technology helps us to, for example, compile aggregated statistics about our Users and their use of the Website. We use these statistics to improve the design and content of the Website and to prepare and deliver our marketing programs Non-Personal information also includes information that has been collected so that the end-product does not personally identify you or any other user of the Website, such as, the percentage of our users from a particular region of the country or who are male. Because Non-Personal Information does not personally identify you, we may use such Non-Personal Information for any purpose. In addition, we reserve the right to share such Non-Personal Information.
If you access the Website using a mobile device (e.g. your phone or tablet), we may collect mobile device identifiers such as the device type, IP address and the operating system. We use mobile analytics software to deliver to you, and further understand the functionality of, the CRI Services. The Website may also collect other Non-Personal Information from your mobile device, as you permit, such as your geographic location.
We constantly work towards enhancing the CRI Services with new products, applications and features. Such improvements may result in the collection of new types of information. We will update this Privacy Statement, as needed.
Changes to Privacy Statement
Managing your Personal Information
You may choose to disclose your Personal Information to friends and/or family members, doctors or other health care professionals, and/or other individuals outside of CRI Genetics and the CRI Services, including through third-party services such as social networks. These third-parties may not adhere to this Privacy Statement and may use your Personal Information differently than does CRI Genetics under this Privacy Statement. Please make such choices carefully and review the privacy policies of all other third-parties involved in the transaction. In general, once Personal Information is shared or disclosed, it can be difficult to contain or retrieve. CRI Genetics will have no responsibility or liability for any consequences that may result because you have released or shared Personal Information with others. Likewise, if you have access to the Personal Information of a CRI Genetics User, we urge you to protect the privacy of such person.
Important Other Measures
CRI Genetics takes your trust and confidence in us and our CRI Services seriously. To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of information, CRI Genetics uses a range of physical, technical, and administrative measures to safeguard your Personal Information. In particular, all connections to and from our website are encrypted using Secure Socket Layer (SSL) technology. However, protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access the CRI Services. You should not disclose your authentication information to any third-party and should immediately notify CRI Genetics of any unauthorized use of your password. CRI Genetics cannot secure Personal Information that you release on your own or that you request us to release. Your Personal Information collected through the CRI Services may be stored and processed in the United States or any other country in which CRI Genetics or its subsidiaries, affiliates or service providers maintain facilities and, therefore, your information may be subject to the laws of those other jurisdictions which may be different from the laws of your country of residence.
If you have questions about this Privacy Statement, the Website, or your dealings with the Website, or wish to request access to and receive information about the Personal Information we maintain about you, have the Personal Information blocked or deleted, as appropriate, or oppose (in case of legitimate reasons) the processing carried out with respect to your Personal Information please email CRI Genetics at email@example.com.