CRI Genetics Privacy Policy

Last Revised: September 10, 2024

CRI Genetics, LLC (“CRI Genetics,” “we”, “our”, or “us”) is committed to safeguarding your privacy. We ask that you carefully review this Privacy Policy, as it applies to all information CRI Genetics collects from and about you, whether in writing, verbally, or electronically. This includes information we collect from you while using CRIGenetics.com (the “Website”) and when you register your DNA sample kit (“Kit”) through your account on the Website (collectively, our “Services”). By using our Services, you agree to the collection, use, and disclosure of your information, as described in this Privacy Policy. If you do not agree, please do not access or use our Services.

California Notice at Collection

We collect the categories of personal information (as defined in the California Consumer Privacy Act (CCPA)) listed in the table below.

Category of Personal Information Collected Sold or Shared
Identifiers, including name, postal and email address, phone number, online identifiers, IP address, and other similar identifiers. Yes
Personal information categories listed in the Customer Records statute, including name, physical characteristics or descriptions, postal address, telephone number, credit and debit card information, and genetic information. Some information included in this category may overlap with other categories. No
Protected classification characteristics under California law, including age, sex/gender expression, and genetic information. No
Commercial information, including items purchased, obtained, or considered and other purchasing or consuming histories or tendencies. Yes
Geolocation data, such as IP location. Yes
Inferences, meaning inferences drawn from any of the information in the above-listed categories of information to create a consumer profile reflecting preferences, characteristics, behavior, etc. Yes
Sensitive personal information, including genetic information, account log-in, financial account, debit card, or credit card, geolocation, racial or ethnic origin, and biometric information. No

As further described in the “Information Use” section below, we generally collect and use the above-listed categories of personal information to best serve you and conduct, support, and market our business.

As noted in the table above, we “sell” or “share” (as defined in the CCPA) certain categories of personal information and you may exercise your right to opt out of such disclosures by clicking on the link here and selecting to opt out. Alternatively, where available, you may choose to enable an online tool that automatically communicates your opt-out preferences, such as the Global Privacy Control (“GPC”). When detected, we will process such signals as a request to opt out.

We retain each category of personal information that we collect for as long as necessary to fulfill the purposes described in our Privacy Policy, including to satisfy legal or reporting requirements.

More information, including a description of your legal rights, can be found below in the “Additional Information For U.S. Residents” section (under the “Additional Information for California Residents” subheading).

  1. Information We Collect

    We collect and obtain information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household (“Personal Information”) from and about you as described below.

    A. Information You Provide

    CRI Genetics collects personal information from you when you use our Services and when you choose to share information with us, including but not limited to name, birthdate, and contact information. It also involves our laboratory analyzing our customers’ DNA sample (the “Genetic Information”), which CRI Genetics uses to report results (the “Results”) directly to you. “Results” include your genetic reports and genetic matches with potential close and extended family members through our Relative Finder.

    We may also collect other personal information directly from you. For example, when you buy a Kit from us, you may provide some of your personal information to us (e.g., your name, postal address, email address, phone number, and your payment information, such as your credit/debit card information and billing address). We may also collect personal information directly from you when you register your Kit, consent to receive marketing communications from us, disclose any information on the Website, provide us with feedback or submit a request to our customer service team, interact with our social media pages, or otherwise interact with us.

    B. Information Automatically Collected

    When you visit or interact with the Website, we or our third-party advertising and analytics partners and service providers may use a variety of technologies, such as cookies, tags, and scripts, to collect certain information regarding your browser and device as well as information about how you interact with the Website (as further described below). Collecting this information helps us determine whether you are a new or recurring visitor to the Website and allows us to remember your preferences. It also helps us analyze the performance of the Website to make improvements, serve targeted advertising, and collect limited demographic information for marketing/advertising purposes. The cookies and other similar technologies deployed on the Website do not collect directly-identifiable information (e.g., your name) or sensitive information (e.g., your genetic information).

    The specific types of information that we and our partners and service providers may automatically collect when you visit and interact with the Website include:

    • Device and Browser Information. When you access the Website, information about your device and browser may be collected automatically, including your device’s Internet Protocol (“IP”) address and/or other unique identifiers, browser type, device type, internet service provider, and operating system. When you access the Website from a mobile device, your device’s approximate location (derived from your device’s IP address or other signals) may also be collected.
    • Usage Information. When you interact with the Website, certain information may be collected, including the date and time of your visit, the pages you view immediately before and after you access the Website, the areas or pages of the Website that you visit, the amount of time you spend viewing or using the Website, and other site usage information.
    • Additionally, if you receive an email from us, information may be collected about your interactions with the message (e.g., whether you opened, forwarded, or clicked through to the Website).
    • Cookies and Other Similar Technologies. “Cookies” are text files that are placed on your browser by the websites that you visit. Cookies are used for various purposes, including to distinguish you from other users, make your site navigation more efficient, help remember your preferences, enhance your browsing experience, and improve the use and functionality of the Website and related content. They can also enable the delivery of relevant and personalized advertisements to you across the Internet.

    We (and our partners and service providers) use the following types of cookies:

    • Strictly Necessary Cookies. These cookies are essential to enable you to move around the Website and use its features. These cookies allow us to provide some of the basic functionalities of the Website.
    • Performance Cookies. These cookies generally collect information about how visitors use the Website so that we can improve our Services. These cookies do not collect identifiable information.
    • Functionality Cookies. These cookies allow the Website to remember the choices you make as you browse the Website. They provide more enhanced and personal features. The information collected is anonymized, and they cannot track your browsing activity on other sites once you leave the Website.
    • Targeting/Advertising Cookies. These cookies may be set by our advertising partners, including social media platforms. They may be used by our partners to build a profile of your interests and show you relevant advertisements on other online services, which is known as “interest-based advertising.” These cookies uniquely identify your browser and device and observe your behaviors and browsing activities over time across multiple websites or platforms.

    Please note that cookies (and other similar technologies) provided by third parties may be placed on the Website and the providers of these technologies may combine information collected from your interaction(s) with the Website with information they collect from other sources and use the combined information for analytics and/or advertising purposes. You may adjust your device or Internet browser settings to limit certain tracking or to decline cookies. Please refer to your device’s settings or your Internet browser’s “Help” section for more information on how to delete cookies and/or disable your device or browser from receiving cookies or controlling your tracking preferences. To learn more about your interest-based advertising choices, please see "Your Choices and Opt-Outs".

    C. Information Collected from Other Sources

    We may acquire your personal information from third-party sources (e.g., our business partners, service providers, analytics providers, advertising networks, etc.). We may use the personal information we receive from third-party sources to help us maintain the accuracy of the information we collect; prevent fraud; personalize your experience with our Services; send you targeted communications about third-party products, services, or other offers that may be of interest to you; and measure ad quality and responses. We may also combine personal information that we receive from third parties with personal information that we collect when you use our Services or that you choose to share with us.

  2. Information Use

    A. Use by or for CRI Genetics

    CRI Genetics recognizes that some of the information it collects is very sensitive, and we take your privacy seriously.

    CRI Genetics may use the personal information we collect from and about you for the following business purposes:

    • To provide you with our Services, including our Relative Finder;
    • If you enable our Relative Finder, to market and communicate with you based on your genetics; specifically, compare your DNA profile against others in our database to identify matches, create a list of your potential relatives, and notify you of new matches;
    • To fulfill our contractual obligations;
    • To process your payments and fulfill your orders;
    • To create, maintain, customize, and secure your account with us;
    • To communicate with you, including to respond to your inquiries/requests and request feedback from you, and to send you messages about updates and changes to our Services, this Privacy Policy, and/or other applicable terms and conditions;
    • To provide status updates on kit shipment and processing; and genetic report releases;
    • To review the usage and maintain the operation of the Website;
    • To conduct analyses and develop and/or improve our products and services;
    • To monitor, protect, and maintain the security and integrity of our Services and our business, such as protecting against and preventing fraud, unauthorized transactions, claims and other liabilities;
    • To comply with applicable laws and regulations and respond to lawful requests and communications from law enforcement and other government officials;
    • To carry out sales and business transactions in which information held by us is among the assets transferred or is otherwise relevant to the evaluation, negotiation, or completion of the transaction;
    • To protect our rights, privacy, safety, property and/or those of others; and
    • To fulfill any other purpose for which you provide your personal information or as explained to you at the point of information collection.

    CRI Genetics may also use the personal information we collect from and about you for the following commercial purposes:

    • To provide you with customized content or targeted offers;
    • To send you information, newsletters, and marketing/promotional material from CRI Genetics and, or on behalf of, our marketing partners and affiliates; and to remind you about items that remain in your shopping cart;

    Additionally, if you use our Services to connect with third-party services, you authorize us to use your personal information, on your behalf, to interact with the third-party services.

    B. Use for Interest-Based Advertising

    We may use third parties to serve advertisements on our behalf that are tailored to your interests (and measure the effectiveness of such advertisements). We allow these third-party companies to use cookies, web beacons, pixel tags, and other similar technologies to collect certain information that is used to display advertisements for CRI Genetics on the Website or across other websites, mobile applications, social media, or online services that you use

    To learn more about your interest-based advertising choices, please see "Your Choices and Opt-Outs".

  3. Information Disclosure

    We may disclose your personal information to the following categories of recipients:

    • Our Service Providers: We disclose your personal information to third-party service providers that provide business, professional, or technical support functions for us; help us operate our business and our Services; or administer activities on our behalf.
    • Our Research Partners: We disclose your personal information to our research partners, including those that administer surveys or conduct research projects in partnership with us or on our behalf.
    • Our Analytics Partners: We disclose your personal information to our partners that assist us in performing analytics and help us measure the effectiveness of the Website’s content and our marketing and advertising efforts.
    • Our Marketing & Advertising Partners: We disclose your personal information to third parties for marketing and advertising purposes, including social media platforms, third-party advertising networks, and other parties that assist us in serving and optimizing our advertisements. Please note that we do not share genetic information with our marketing and advertising partners for any reason.
    • Relative Finder Customers: If you opt-in to our Relative Finder, then we will notify close and extended family members with whom your DNA profile has a match. Our notifications to matches may indicate the amount of relevant DNA and shared genetic traits they have in common with you, the predicted family relationship between you, and some of your personal information such as your display name, your country of residence, your ethnicity estimate and genetic groups, and other profile information, depending on your privacy settings. This means your match will be able to contact you through our website messaging system.
    • Competent Governmental, Regulatory, and Public Authorities: We may access and disclose your personal information in response to subpoenas, court orders, or other legal process. We may also disclose your personal information to protect the security of our Services, servers, network systems, and databases. Finally, we may disclose your personal information as necessary, if we believe that there has been a violation of our Terms and Conditions, any other legal document or contract related to our Services, or the rights of any third party.
    • Relevant Third Parties As Part of a Corporate Transaction: We may sell or purchase assets during the normal course of our business. If another entity acquires us or any of our assets, your personal information may be transferred to such entity. In addition, if any bankruptcy or reorganization proceeding is brought by or against us, such information may be considered an asset of ours and may be sold or transferred to third parties. Should such a sale or transfer occur, we will use reasonable efforts to require that the transferee use the transferred personal information in a manner that is consistent with this Privacy Policy.
    • Other Third Parties: We will disclose your personal information to other third parties at your direction or with your consent. Additionally, we will disclose your personal information as we believe necessary or appropriate to: (a) comply with applicable law; (b) enforce our terms and conditions; (c) protect our operations; (d) protect our rights, privacy, safety, or property, and/or those of you or others; and (e) allow us to pursue available remedies or limit damages that we may sustain.

    If you reside in the United States, depending on your state residency, some of the disclosures listed above constitute “sales” or “shares” of personal information under applicable law. Details on how to exercise your legal rights with respect to such “sales” or “shares” can be found in “Additional Information for U.S. Residents” section below.

    Please note that we may de-identify or aggregate personal information so that it will no longer be considered “personal information” and disclose such information to other parties for purposes consistent with those described in this Privacy Policy.

  4. Your Choices And Opt-Outs

    A. Opting Out of Analytics and Interest-Based Advertising

    We may use third party services, such as Google Analytics, Adroll, Crazy Egg, and Facebook Pixel to help us track, segment, and analyze usage of the Website and our Services, and to help us or those third parties service more targeted advertising to you on our Services and across the Internet. These third parties may use technologies such as cookies, web beacons, pixel tags, log files, Flash cookies, or other technologies to track online activity. They may also combine information they collect from your interaction with our Service with information they collect from other sources. We may not have access to information that these third parties collect using cookies or other tracking technologies. You can decline to be tracked for analytics and/or advertising purposes by adjusting the settings in your web browser or your privacy settings on your mobile device. Doing so will mean we may not be able to remember your preferences or deliver relevant advertising to you.

    You may be able to opt out of receiving interest-based advertisements using the browser opt-out tools and consumer choice mechanisms provided by interest-based advertising self-regulatory groups by following the links below:

    You also have the ability to control whether you see interest-based advertisements on your mobile device(s) in the following ways:

    • Your device operating system may provide mechanisms that allow you to opt in or opt out of the use of information about your use of mobile apps to deliver interest-based advertising to your mobile device. For more information, consult your device settings.
    • The DAA offers a tool for opting out of the collection of cross-app data on mobile devices for interest-based advertising. To exercise your choices with respect to participating companies, please download the AppChoices tool at www.youradchoices.com/appchoices.

    You will need to opt out separately on all of your browsers and devices, as each opt-out will apply only to the specific browser or device from which you opt out. If you delete or reset your cookies or mobile identifiers, change browsers, or use a different device, any opt-out cookie or tool may no longer work and you will have to opt out again.

    Even if you choose to opt out of receiving interest-based advertising, you may still receive advertising, but the advertisements may be less relevant.

    Some of our partners may provide you with additional choices with respect to interest-based advertising. For example, certain social media platforms allow you to control your advertising preferences directly through their services. Please review the privacy policies of the third-party services you use for more information.

    If you reside in the United States, depending on your state residency, you may have additional choices with respect to our use and disclosure of information for interest-based advertising purposes. Details on how to exercise your legal rights can be found below.

    B. Unsubscribing from our Marketing and Promotional Communications

    From time to time, we may send you marketing and promotional communications, including special offers from us and new matches as the result of our Relative Finder service. If you no longer wish to receive promotional and marketing emails from us, you may opt out of such communications at any time by following the opt-out instructions included in any promotional or marketing email you receive from us. Even if you opt out of receiving promotional and marketing emails from us, we may still send you administrative and transactional emails from which you cannot opt out.

    C. Destruction of Genetic Information/Deletion of Genetic Data and Results

    At CRI Genetics, we pride ourselves in giving you control over your genetic information and genetic data. If you would like to request that we destroy your genetic information, or request that we delete your genetic data or Results, please call our customer service line at 1-800-571-9216. We may take steps to verify your identity before responding to your request by asking questions about your interactions with us.

  5. Additional Information for U.S. Residents

    A. Privacy Rights and Requests

    Depending on your U.S. state of residence, under applicable law, you may have certain rights in relation to your personal information, including:

    • Right to Know: You may have the right to know what personal information we have collected about you, including the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information (including the names of such third parties where required by law), the categories of personal information disclosed to third parties, and the specific pieces of personal information we have collected about you.
    • Right to Delete: You may have the right to request that we delete personal information that we have collected from you, subject to certain exceptions.
    • Right to Correct: You may have the right to correct inaccurate personal information that we may maintain about you, subject to appropriate verification.
    • Right to Opt Out of Certain Types of Personal Information Uses and Disclosures: As described below, we use and disclose to third parties personal information for analytics and advertising purposes. Accordingly, you may have the right to opt out of the “sale” or “share” of your personal information or the use and disclosure of your personal information for “targeted advertising” (as these terms are defined in applicable law).
    • Right to Revoke Consent: You may withdraw consent you have given us to collect and use your personal information at any time.

    Where applicable, you also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

    If you are interested in exercising one or more of the rights outlined above, you can contact us at legal@crigenetics.com or 1-800-571-9216. You must put the statement “Your Privacy Rights” in the subject field. We may take steps to verify your identity before responding to your request by asking you a series of questions about your previous interactions with us.

    You may request to opt out of the "sale" or “share” of your personal information at any time by clicking the  link at the bottom of the Website’s homepages or you can email us at legal@crigenetics.com. We will work to comply with your opt-out request within 15 days.

    Submitting an opt-out request does not require you to create an account with us.

    Upon receipt of your request, we will endeavor to honor it based on the information that we collect and maintain.

    Alternatively, if you are a California resident, where available, you can use certain preference signals to exercise your sale and sharing opt-out right automatically with all businesses that you interact with online, including CRI Genetics. If you enable a browser-based opt-out preference signal that complies with the CCPA, such as Global Privacy Control (GPC), upon receipt or detection, we will treat the signal as a valid request to opt out of the sale or sharing of personal information linked to that browser and any consumer profile we have associated with that browser. Please note that if you use different browsers or browser profiles, you will have to enable the signal on each one that you use.

    Depending on your U.S. state of residence, you may authorize someone to submit a request on your behalf using the submission methods described above. Where appropriate, we will request information or documentation to verify your identity as well as the agent’s authority to act on your behalf, unless you have provided the agent with power of attorney in accordance with applicable probate law. We may also require you to verify your identity directly with us or directly confirm with us that you provided the agent with permission to submit the request on your behalf.

    Depending on your U.S. state of residence, you also have the right to appeal a decision we have made in connection with your privacy rights request. To appeal a decision, please contact us at legal@crigenetics.com or 1-800-571-9216. If you are unsatisfied with the way that we have handled your appeal, you may have the right to complain to your state’s Attorney General.

    Submitting a privacy rights request does not require you to create an account with us.

    Only you, or someone legally authorized to act on your behalf, may submit a request related to your personal information. You may also submit a request on behalf of your minor child.

    Please note that we are not required to respond to your requests “to know” or access specific pieces of personal information more than twice in any 12-month period.

    Please note that, where appropriate under applicable law, we may decline a request if we are unable to verify your identity (or an agent’s authority to make the request) and confirm the personal information we maintain relates to you.

    Submitting a privacy rights request does not require you to create an account with us.

    Our Response and Its Format

    We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, up to forty-five (45) additional days (or ninety (90) days total), we will inform you of the reason and extension period in writing.

    We will deliver our written response by mail or electronically, at your option.

    The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, unless the disclosure would require us to reveal trade secrets, we will provide your personal information that is readily useable and should allow you to transmit the information to another entity without hindrance up to two times per calendar year.

    We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

    We will not discriminate against you if you decide to exercise your privacy rights.

    B. Additional Information for California Residents

    Pursuant to the CCPA, we are providing the following additional details regarding the categories of personal information that we collect, use, and disclose.

    Personal Information Collection and Disclosure

    The following chart details which categories of personal information we have collected from and about California residents in the past twelve (12) months, the source(s) of each category of information, the categories of third parties to whom we have disclosed each category of information for a business purpose, and the categories of third parties to whom we have “sold” or with whom we have “shared” each category of information (as such terms are defined in the CCPA) (where applicable). Please note that the first column in the chart lists by category the types of information described in the “Information We Collect” section above, as required by the CCPA.

    Category of Personal Information Categories of Sources Disclosures of Personal Information for a Business Purpose Sale or Sharing of Personal Information
    Identifiers, including names, postal addresses, email addresses, online identifiers, IP addresses, and other similar identifiers. Directly from consumers, Through automated means, Third-party sources Our service providers, Our research partners, Our analytics partners Our analytics partners, Our marketing and advertising partners (including social media platforms), Data aggregators
    Personal information categories listed in the California Customer Records statute, including names, physical characteristics (such as hair color, height, and other characteristics you share for your DNA report), postal addresses, telephone numbers, and credit and debit card information. Directly from consumers Our service providers N/A
    Protected classification characteristics under California law, including age, sex/gender expression, or other characteristics you provide for your DNA report. Directly from consumers Our service providers N/A
    Commercial Information, including your purchase and usage history, and preferences. Directly from consumers, Through automated means, Third-party sources Our service providers, Our analytics partners Our analytics partners, Our marketing and advertising partners (including social media platforms), Data aggregators
    Internet or other electronic network activity information, including internet browsing history, search history, and interactions with the Website and advertisements Through automated means Our service providers, Our analytics partners Our analytics partners, Our marketing and advertising partners (including social media platforms), Data aggregators
    Geolocation, including your IP location. Through automated means Our service providers, Our analytics partners N/A
    Inferences, including inferences that we draw from your information and web activity to create a personalized profile so we can better identify goods and services that may be of interest. Through automated means, Third-party sources Our service providers, Our analytics partners Our analytics partners, Our marketing and advertising partners (including social media platforms), Data aggregators
    Sensitive personal information, including genetic information, account log-in, financial account, debit card, or credit card, geolocation, racial or ethnic origin, and biometric information. Directly from consumers Our service providers N/A
    Purposes for Collecting Personal Information

    As described in more detail in the “Personal Information Collection and Disclosure” section above, we collect personal information to provide our Services and manage the Website, process and fulfill orders, and as otherwise necessary to support or promote our business.

    Disclosures of Personal Information

    As detailed in the “Information Disclosure” section above, we disclose personal information to fulfill the purposes described above. We will also disclose certain categories of personal information to competent governmental and public authorities and other third parties as necessary or appropriate, including when we have a legal or contractual obligation to disclose the information.

    Sale and Sharing of Personal Information

    As detailed in the list above, we “sell” and “share” (as such terms are defined in the CCPA) certain categories of personal information to and with third parties and have “sold” and “shared” certain categories of personal information in the past twelve (12) months.

    We do not “sell” or “share” the personal information of individuals we know to be under 16 years of age.

    Use and Disclosure of Sensitive Personal Information

    As detailed in the chart above, we collect certain “sensitive personal information” (as defined in the CCPA). However, we do not use or disclose such information for any purpose outside of the limited permissible purposes set forth in the regulations implementing the CCPA. Such purposes including providing our Services and verifying, maintaining the quality of, and improving our Services.

    Information Related to Genetic Testing and Information
    • Collection Methods: CRI is never in possession of your physical genetic sample (genetic information). When you make a purchase of a Kit, your Kit is mailed directly to you. You create an online account, register your Kit, and personally swab your mouth to create the genetic information. You will then ship the sample directly to our third-party laboratory where the lab will extract the genetic information from the sample. The laboratory will send the genetic information through an encrypted process to CRI so we can input the genetic information into our algorithm and provide you with the Results. The laboratory destroys all genetic information within six months after initial testing.
    • Use: With your consent, CRI may use genetic information to provide you with Results. CRI may use pseudonymous information for research purposes after obtaining additional consent. CRI does not sell genetic information.
    • Consent: CRI obtains consent from you prior to collecting, testing, and storing genetic information. You may review your consent choices for these various potential uses in CRI’s customer portal where CRI hosts your ability to review your options on the use of your genetic information.
    • Maintenance: CRI stores your genetic information after obtaining your consent. The genetic information is destroyed within six months after initial testing. You may request that the genetic information be destroyed sooner upon request in your Account Settings. CRI maintains only pseudonymized genetic information in secure encrypted locations.
    • How to Access Your Data: Depending on the state you reside, you may request access to your data.
    • How to Delete Your Data: Under applicable laws, you may request any stored identifiable genetic information and Results be deleted. CRI retains only pseudonymized genetic information and Results.

  6. Additional Information For EEA, UK, And Switzerland Residents

    A. Legal Basis for Processing

    Applicable law in certain jurisdictions requires us to set out the “legal basis” that we rely on to collect and use your personal information. Where applicable, the legal bases upon which we rely on in order to collect and use your personal information are as follows:

    • Consent. We may collect, use, and disclose your personal information on the basis of the consent that you provide us at the point of information collection or disclosure. You have the right to revoke your consent at any time.
    • Contractual necessity. We may collect and use certain personal information where it is either necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. This may include personal information used to provide you with our products and related services and related transaction information.
    • Compliance with a legal obligation. We are subject to various legal requirements in the jurisdictions in which we operate, and we may use, disclose, and retain your personal information if necessary for us to comply with a legal obligation arising under an applicable law to which we are subject.
    • Legitimate interests. We may collect and use your personal information to the extent necessary to carry out our legitimate interests (or those of a third party), provided that such interests do not outweigh your interests or fundamental rights and freedoms. For example, we may collect and use your personal information in reliance on a legitimate interest in managing our relationship with you; conducting and managing our business; providing you with customer support; conducting market research; developing and enhancing the Website as well as our products and services; detecting and preventing fraud and other harmful activities; and monitoring and maintaining the security of our data, systems, and networks.

    B. Privacy Rights and Requests

    Under applicable law, you may have certain rights in relation to your personal information, including:

    • Right to Access: You have the right to request access to, or copies (and transmission) of, the personal information we hold about you and the purposes for which we are using it.
    • Right to Rectify: You have the right to correct inaccurate personal information that we have collected from and maintain about you, subject to appropriate verification.
    • Right to Erase: You have the right to erase personal information pertaining to you. We will assess any deletion request after verifying your identity and work to respond within one calendar month, and let you know if we need additional time.
    • Right to Object: You have the right to object to processing the personal data we process, under certain conditions.
    • Right to Data Portability: You have the right to receive the data we have collected from you. Under certain conditions, you may request that we transfer your data to another organization, or directly to you.
    • Right to Lodge a Complaint: You have the right to file a complaint with the supervisory authority in your jurisdiction.

    At any time, you may request or assert any of the rights above by emailing us at legal@crigenetics.com. If you believe there has been a violation of your privacy rights, please contact us at the email above.

  7. External Links

    The Website may have links to third-party websites, which may have privacy policies that differ from our own. We are not responsible for the practices of such sites.

  8. Publication of User Submissions

    Any information you may disclose on the Website (e.g., ratings and reviews), in blogs, on social media, or in other public areas becomes public information. Please exercise caution when disclosing personal information in these public areas, including personal health information.

  9. Children's Privacy

    The Website is not designed for or intentionally targeted at children under the age of 16, and we do not knowingly collect personal information from anyone under 16 years of age.

  10. Information Security

    CRI Genetics takes your trust and confidence in us seriously. To prevent unauthorized access to or disclosure of personal information, to maintain the accuracy of personal information, and to ensure the appropriate use of personal information, CRI Genetics uses a range of physical, technical, and administrative measures to safeguard the personal information under its control. While we make every effort to help ensure the integrity and security of our network and systems, we cannot guarantee our security measures.

    CRI takes appropriate steps to ensure that your personal information is properly stored in a secure environment to prevent unauthorized access. We use a lab based in the United States to process your genetic information, but the genetic information goes directly from you to the lab. Our contract with the lab includes appropriate safeguards to secure your genetic and personal information.

    All connections to and from the Website are encrypted using Secure Socket Layer (SSL) technology.

  11. Information Storage and Retention

    We receive your genetic information when you send in your saliva sample to our third party laboratory. Genetic information is stored at our lab for six months after testing. We keep your Results on file indefinitely unless you request otherwise.

    Your personal information may be stored on servers in the United States and is subject to the laws of the United States, where the data protection and other laws may differ from those of other countries.

    By using our Services, and providing us with your personal information, you are acknowledging that your personal information may be transferred to countries outside of your country of residence, including to the United States. Where applicable, we will ensure that appropriate safeguards are in place to protect your personal information.

    If you are located in the European Economic Area, Switzerland, or the United Kingdom, please note that we may need to transfer your personal information to countries that have not been recognized as providing an adequate level of data protection. We generally use EU Standard Contractual Clauses (or other government-approved contracts) or other lawful data transfer mechanisms that provide appropriate safeguards for personal information that is transferred to countries that have not been recognized as providing an adequate level of protection. To learn more about the cross-border transfer of your personal information or the transfer mechanism we use to lawfully carry out such transfers, you can contact us as set forth in the “How to Contact Us” section below.

    We will retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

    To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information; the potential risk of harm from unauthorized use or disclosure of the personal information; the purposes for which we use the personal information; whether we can achieve the purposes through other means; and the applicable legal requirements.

    If we de-identify information, we will maintain and use the information in de-identified form and not attempt to re-identify the information except as required or permitted by law.

  12. Revisions to this Privacy Policy

    We reserve the right, at our sole discretion, to change, modify, add, remove, or otherwise revise portions of this Privacy Policy at any time. The “Last Revised” date at the top of this page indicates when this Privacy Policy was last revised. When we make changes, we will revise the date at the top of this page to reflect the date such changes occurred. Where required by law, we will provide appropriate notice to you of any material changes to the Privacy Policy to the contact information we have on file or via our website. Unless otherwise stated, your continued use of our Services following the posting of a revised version of this Privacy Policy constitutes your acceptance of the changes.

  13. How to Contact Us

    If you have questions about this Privacy Policy or our information handling and privacy practices, please email CRI Genetics at legal@crigenetics.com.