1. TYPES OF INFORMATION WE COLLECT.
1.1 Information You Provide Us Directly. We may collect information related to you, including, but not limited to your username, first and last name, e-mail, password, phone number, and mailing address, credit card information, when you create an account to log in to our network or at other times. If you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, in order to send you a reply, and any information that you submit to us, such as a resume. For customers who engage us for our testing services, we may also collect basic information in order to perform the applicable service and/or test. This information may include but is not limited to date of birth, gender, blood transfusion and bone marrow transplant history, height and weight. This information is used to provide accurate and complete testing results applicable to the test requested by the client. We may also collect information that is necessary for our legitimate interests, which will be disclosed to you at the time of collection. EDC will use this information for the purposes of which it was collected.
1.3 Do Not Track. We do not respond to browser-based “do not track” signals. We do not have any third parties that push content to our site.
1.4 US – EU Privacy Shield. The United States Department of Commerce and the European Commission have agreed on a set of data protection principles (the “Privacy Shield Principles”) to enable U.S. companies to satisfy the EU law requirement that all personal information transferred from the European Economic Area (“EEA”) to the United States be adequately protected. EDC has elected to participate in the Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of all personal data received from the EEA. We certify that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the Privacy Shield program, and to view our certification or find more information on the Privacy Shield, please visit
http://www.privacyshield.gov or at our Privacy Shield Policy.
2. USE OF YOUR DATA.
2.1 General Use. In general, information you submit to us is used either to respond to requests that you make, or to aid us in serving you better. EDC uses your information to facilitate the creation of and secure your account on our network; identify you as a user in our system; provide improved administration of our website and services; improve the quality of experience when you interact with our website and services; send you administrative e-mail notifications; respond to your inquiries related to employment opportunities or other requests; to enhance our website for optimal user experience; to monitor the usage and performance of our website and services; to facilitate transactions and process payments; to provide maintenance, support, and customer service for our site; to conduct research and analysis; and to fulfil other legitimate purposes permitted by applicable law.
2.2 Use of your Testing Information. We will only use your Testing Information in order to provide you the services you have requested, process your order, and respond to any order or billing related questions.
2.3 Creation of Anonymous Data. We may create anonymous data records from information (including without limitation, Testing Information) by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyze request and usage patterns so that we may enhance the content of our services and improve site navigation. EDC reserves the right to use anonymous data for any purpose in its discretion.
3. DISCLOSURE OF YOUR INFORMATION.
3.2 Services Providers. We may share your information with agents to the extent necessary for them to provide their products and services to us, or to provide you with the products and services that you have requested. For example, if you engage us for testing services through a local laboratory, the laboratory is acting as our agent. Other examples include, database storage, file storage and file destruction, hosting services, marketing assistance, analyzing user data, processing payment card information, and for other legitimate purposes permitted by applicable law.
3.3 Business Partners. We may partner with other companies and individuals with respect to particular products or services. These third parties may be provided access to your information needed to perform their function. To restrict sharing of information with these third parties for their marketing purposes, please see the section below titles “Your Choices and Rights Regarding Your Information.”
3.4 Other Disclosures. Regardless of any choices you make regarding your information (as described below), EDC, may disclose information if it believes in good faith that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants served on EDC; (b) protect or defend the rights or property of EDC, or users of our services; (c) to protect against fraud or for risk management purposes; or (d) or to honor a request that you have made to EDC.
4. THIRD PARTY WEBSITES.
5. YOUR CHOICES REGARDING YOUR INFORMATION.
5.2 Withdrawal of Consent You have the right to withdraw your consent to processing that is currently underway with your consent. Consent can be withdrawn by sending an email. Without your consent, EDC will use information, only insofar as such processing is permitted by applicable law (e.g., for the performance of an Agreement between EDC and you) or where such processing is necessary for compliance with a legal obligation to which EDC is subject.
5.3 Accessing, deleting and updating your information.At your request, we will inform you of what personal information we have on file. In accordance with applicable data protection laws, you may have the right to request: access to, rectification, and erasure of your personal information; restriction of processing of personal information; objecting to certain processing of personal information; and the right to data portability.. To exercise your rights under these provisions, please contact us at the “Contact Information” details below. When we receive your requests, we may ask you to verify your identity before we can act on your request. We may withhold information where the search for that information would require disproportionate effort or have a disproportionate effect to, for example, the cost of providing the information, the time it would take to retrieve the data, or how difficult it may be to obtain the information requested. Please note that we may be required (by law, accrediting bodies, or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). Please be advised that by deleting your personal information, it will limit or eliminate our ability to provide future communication or explanation regarding any products or services, test results or other offerings in connection with DNA Diagnostics Center. Please be further advised that after your personal information is deleted that residual copies may take a period of time before they are deleted from all latent and backup systems.
6. RETENTION OF DATA
The data you provide to us may be necessary to carry out tasks prior to testing, such as verifying identity or payment details when signing in to use an account. We retain required data based on testing regulatory requirements and other standards, such as meeting our financial obligations and to carry out our responsibilities and enforce our rights arising from service agreements entered into between you and us. The following summarizes the data retention timeframes based on two main categories of testing.
Legal/Chain of Custody/Accredited Tests-We store your samples for a minimum of six months or according to contractual and legal requirements if longer. All accompanying data and records associated with these tests are maintained as required by accrediting bodies, which is a minimum of five years or longer in some instances as required by law. New York Department of Health requires all testing records be maintained for a period of 7 years. All such accompanying data will be destroyed following the minimum timeframes at intervals annually thereafter.
Non Legal/Non-Chain of Custody Tests-We store your samples for a period of 6-8 weeks or according to contractual and legal requirements if longer. All accompanying data and records associated with these tests are maintained for a minimum period of one year and will be destroyed at intervals annually thereafter.
7. SECURITY OF YOUR INFORMATION.
We are committed to protecting the security of your information. We use a variety of reasonable security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. Access to your personal information is limited and we take reasonable measures to ensure that your personal information is not accessible. Although EDC attempts to protect the personal information in its possession, no security system is perfect, and EDC cannot promise that your personal information will remain absolutely secure in all circumstances.
8. DISPUTE RESOLUTION.
If you have any questions or concerns, please contact EDC by email at
contact@dnaCenter.com. We will do our best to address your concerns.
If you feel that your complaint has been addressed incompletely, we invite you to let us know for further investigation.
If you and EDC are unable to reach a resolution to the dispute, you may submit your complaint to JAMS (located in the United States) for mediation under the JAMS International Mediation Rules, which are accessible on the JAMS website at https://www.jamsadr.com. Questions or comments regarding this policy should be submitted to privacy-officer@dnaCenter.com.
Where you believe that we have not processed your information in accordance with applicable data protection laws, you may lodge a complaint with your respective supervisory authority or data protection regulator.
9. A NOTE TO USERS OUTSIDE OF THE UNITED STATES.
11. CONTACT INFORMATION.
address or phone number:
If EDC needs, or is required, to contact you concerning any event that involves information about you, we may do so by email, telephone, or mail.
Revised May 25, 2018