CRI Genetics Privacy Statement
As of June 10, 2020
This document (this "Privacy Statement") describes what information CRI Genetics, LLC (“CRI Genetics” or “us,” “we,” or “our”) collects from you while using CRIGenetics.com (the “Website”) and when a your register your a DNA sample kit through your account on the Website.
We understand and respect the sensitive nature of your data and strive to ensure the collection of your data is done in a secure, dependable, transparent and legal manner. The security of your data is of great importance to us. We use secure server software to encrypt financial information and we only work with third parties who have agreed and complied with our strict security standards. We periodically review and update our security and privacy policies and only allow authorized personnel to have access to your data.
To help us improve our Website, we use tracking technologies such as cookies, tags, scripts and identifiers like your IP address and mobile device identifier. Tracking this data tells us whether you are a new or recurring visitor to our Website and allows us to remember your preferences. It also helps us analyze our Website to make improvements, serve targeted advertising, and collect limited demographic information for marketing purposes. These cookies and tracking data do not include sensitive data like your name or genetic information.
Here are the main third-party tracking services we use to track your IP address and identify mobile devices by using cookies:
Facebook Pixel, to track your IP address and identify mobile devices by using cookies so we can deliver relevant advertising.
Adroll, to track your IP address and identify mobile devices by using cookies. Adroll also collects “hashed” (scrambled) identifiers from e-mail addresses for tracking you across devices for targeted advertising. These identifiers may be shared with Adroll’s advertising partners. Adroll has information about opting out of cross-device tracking here and additional information for California residents here.
Opting Out. You can decline to be tracked for these purposes by adjusting the settings in your web browser or your privacy settings on your mobile device, but your enjoyment of our site might be compromised because we cannot remember your preferences and deliver relevant content to you. Another way to opt out is through a third-party tool such as the Network Advertising Initiative.
California Residents. Residents of California have additional rights under the California Consumer Privacy Act. Those residents may contact us to request access to their data, to request that we delete their data, to opt-out of the sale of their data, and to request the sources and categories of personal information we collect about them. California residents can contact us at email@example.com or 1-800-571-9216.
Use of Web Data. Similar to most websites, we gather certain information automatically and store it in log files. This may include internet protocol (IP) addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp, and/or clickstream data. When accessing the Website through a mobile device, we may collect and store a unique identification numbers associated with your device (including, for example, a UDID, Unique ID for Advertisers, Google Ad ID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, IP address, phone number, and, depending on your mobile device settings, your geographical location data, including GPS coordinates or similar information regarding the location of your mobile device.
Because CRI Genetics relies on third-party ad networks who may track you across websites over time for advertising purposes, we are not able to respond to your selection of the "Do Not Track" option provided by your browser. We cannot advise on whether your selection of "Do Not Track" option will have any effect on the collection of cookie information on our Website.
Non-Personal Information. Use of the Website may result in the storage or collection of information that does not personally identify you (“Non-Personal Information”), such as demographic data, year (not date) of birth or age groups, geographic areas, gender, your computer type, screen resolution, operating system, mobile device details (if applicable), internet browser, and the website from which you came to the Website. We have to use your IP address, your device type, your website interactions, and other Non-Personal Information to deliver the Website to you and to help diagnose problems with our server.
This technology helps us to, for example, compile aggregated statistics about our visitors and their use of the Website. We use these statistics to improve the design and content of the Website and to prepare and deliver our marketing programs. Because Non-Personal Information does not personally identify you, we may use such Non-Personal Information for any purpose. In addition, we reserve the right to share such Non-Personal Information.
Genetic Testing Service User Data
Our genetics testing service (the “Service”) uses our customers’ Personal Health Information (“PHI”) as defined under the Health Insurance Portability & Accountability Act (HIPAA), including but not limited to name, birthdate and contact information. It also involves our laboratory analyzing our customer’s DNA sample (the “Genetic Data”) which CRI Genetics uses to report results (the “Results”) directly to you.
CRI Genetics recognizes the data it collects is very sensitive so we take privacy very seriously. We never share Genetic Data or Results with any third parties. We even hide PHI from our laboratory. They never see any of our customers’ PHI when it processes a DNA sample – all PHI and other identifiable information is redacted from Genetic Data. Only you and, of course, CRI Genetics have access to Results. Payment Information is only shared with a secure third-party payment processor we have vetted and trust.
The Service is intended solely for persons over the age of eighteen (18) (“Adults”). Any offers to use the Service is solely meant for Adults. Persons under the age of eighteen (“Minors”) must consult with their parent(s) or legal guardian to determine if the Service is appropriate for use. When a Minor uses the Service, CRI Genetics will hold the parent or legal guardian responsible for the Minor’s actions and shall have consented to the use of the Minor’s data by CRI Genetics. We do not knowingly collect or intend to collect personal information from children under the age of thirteen (13). If CRI Genetics becomes aware that we have unknowingly collected personal information from a child under the age of 13, we will delete all such personal information from our databases by reasonable commercial means.
All data will be stored and processed in the United States. You expressly consent to the transfer, storage, and processing of data in the United States.
How CRI Genetics Uses Customer Data
Contact Information. CRI Genetics may use “Contact Information” such as customer name, e-mail address, physician’s name, and physician’s contact information, for any reasonable purpose related to the Services. This includes providing you information about other CRI Genetics products and services, to request feedback regarding the Services, to improve the Services, and to prepare and perform demographic, benchmarking, advertising, marketing, and promotional studies.
Our preferred choice of communication is via email, but we may contact a customer via telephone, direct mail, or any other appropriate form of communication as warranted under the circumstances. Our customers may also receive promotional offers from us. If you do not want to continue to receive such emails from us, you may opt out at any time by using the unsubscribe link listed in the email or by changing your email preferences.
Payment Information. CRI Genetics only uses Payment Information to process payment. Our payment processor, 1ShoppingCart.com also receives access to aggregated information about our customers in order for 1ShoppingCart.com to analyze performance and make improvements to 1ShoppingCart.com products.
Data Retention. Genetic Data is created and stored in our lab when analyzing a customer’s DNA sample. DNA samples are stored at our lab for three months after testing. We keep your data, including PHI and Results on file indefinitely unless you request otherwise.
Sharing Data With Third Parties
In the instance that CRI Genetics is, or substantially all of its assets or stock are, acquired, transferred, disposed of (in whole or part and including in connection with any bankruptcy or similar proceedings), data will as a matter of course be one of the transferred assets and will remain secure.
Managing Your Data
CRI Genetics strongly discourages sharing Results with anyone aside from your health care provider because third parties may not adhere to privacy standards including those described in this policy. Please choose carefully. In general, once your data is disclosed, it can be difficult to contain or retrieve. CRI Genetics will have no responsibility or liability for any consequences that because you have disclosed data with others. Likewise, if you are a physician with access to Results, you must protect the privacy of your patients.
Data Security Safeguards
CRI Genetics takes your trust and confidence in us seriously. To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of information, CRI Genetics uses a range of physical, technical, and administrative measures to safeguard data. In particular, all connections to and from our website are encrypted using Secure Socket Layer (SSL) technology.
If you have questions about this Privacy Statement, the Website, or the Services, or wish to request access to, modify, delete, or receive information about the data we collect, please email CRI Genetics at firstname.lastname@example.org.