Information we collect
- Information from our DNA testing services. With your consent, we extract your DNA from your DNA sample and analyse it to produce your Genetic Information (the As, Ts, Cs, and Gs at particular locations in your genome) in order to provide you with reports.
- Information from third parties who lawfully provide it to us.
How We Use Information
- To provide our Services. We process Personal Information in order to provide our Service, which includes processing payments, shipping kits to customers, creating customer accounts and authenticating logins, analysing DNA samples and DNA, and delivering results and powering tools that benefit our customers.
- To analyse and improve our Services. We constantly work to improve and provide new reports, tools, and Services. We may also need to fix bugs or issues, analyse use of our website to improve the customer experience or assess our marketing campaigns.
- For SuperDNA, with your consent. If you choose to consent to participate in SuperDNA, SuperDNA researchers can include your anonymised Genetic Information and Self-Reported Information in a large pool of customer data for analyses aimed at making scientific discoveries.
Control your choices
- SuperDNA gives you the ability to share information in a variety of ways. You choose:
- To store or discard your DNA sample after it has been analysed. In the event that you choose to store your DNA sample, it will be stored securely in our medical laboratory and has internal quality and access control procedures as required by international standards.
- When and with whom you share your information, including friends, family members, health care professionals, or other individuals outside our Services, including through third-party services that accept SuperDNA data and social networks.
- To give or decline consent for SuperDNA. You can give consent for the use of your data for scientific and/or medical research and development.
- Delete your SuperDNA account and data at any time.
- You have the right to make a complaint about how your data is handled.
Disclosure of your info
- With our service providers as necessary for them to provide their services to us.
- With research collaborators, only if you have given your consent.
- We will not sell, lease, or rent your individual-level protected health information to any third party or to a third-party for research purposes without your consent.
- We do not share customer data with any public databases.
- We will not provide any Personal Information to an insurance company or employer.
- We will not provide information to law enforcement or regulatory authorities unless required by law to comply with a valid court order, subpoena, or search warrant for genetic or Personal Information.
How we secure info
- SuperDNA implements measures and systems to ensure confidentiality, integrity, and availability of SuperDNA data.
- Anonymisation, encryption, and data segmentation. Registration Information is stripped from Sensitive Information, including genetic and phenotypic data. This data is then assigned a random ID so the person who provided the data cannot be identified. SuperDNA uses industry-standard security measures to encrypt sensitive personal data both when it is stored (data-at-rest) and when it is being transmitted (data-in-flight). Additionally, data are segmented across logical database systems to further prevent re-identifiability.
- Limiting access to essential personnel. We limit access of information to authorised personnel, based on job function and role. SuperDNA access controls include a strict least-privileged authorisation policy.
- Detecting threats and managing vulnerabilities. SuperDNA uses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our build pipeline and regularly engage third party security experts to conduct penetration tests.
1. Key Definitions
- Registration Information: information you provide about yourself when registering for and/or purchasing our Services (e.g. name, email, phone number, address, user ID and password, and payment information).
- Genetic Information: information regarding your genotypes (i.e. the As, Ts, Cs, and Gs at particular locations in your genome), generated through processing of your DNA sample by SuperDNA or by its contractors, successors, or assignees; or otherwise processed by and/or contributed to SuperDNA.
- Self-Reported Information: information you provide directly to us, including your disease conditions, other health-related information, personal traits, ethnicity, family history, and other information that you enter into surveys, forms, or features while signed in to your SuperDNA account.
- Sensitive Information: information about your health, Genetic Information, and certain Self-Reported Information such as racial and ethnic origin, sexual orientation, and political affiliation.
- User Content: all information, data, text, software, music, audio, photographs, graphics, video, messages, or other materials other than Genetic Information and Self-Reported Information-generated by users of SuperDNA Services and transmitted, whether publicly or privately, to or through SuperDNA.
- Web-Behaviour Information: information on how you use SuperDNA Services is collected through log files, cookies, web beacons, and similar technologies, (e.g., browser type, domains, page views).
- Pseudonymised Information: means replacing the identifying markers of your Information with artificial identifiers to reduce the association between the data subject and the Information during processing.
2. Information we collect
- Registration Information. When you purchase our Services or create a SuperDNA account and register your kit, we collect Personal Information, such as your name, date of birth, billing and shipping address, payment information (e.g., credit card) and contact information (e.g. email, phone number and license number).
- Self-Reported Information. You have the option to provide us with additional information about yourself through surveys, forms, features and applications. For example, you may provide us with information about your personal traits (e.g., eye colour, height), ethnicity, disease conditions (e.g. Type 2 Diabetes), and other health-related information (e.g. pulse rate, cholesterol levels, visual acuity), and, where applicable, family history information (e.g. information similar to the foregoing about your family members).
- User Content. Some of our Services allow you to create and post or upload content, such as data, text, software, music, audio, photographs, graphics, video, messages, or other materials that you create or provide to us through either a public or private transmission (User Content) . For example, User Content includes any discussions, posts, or messages you send on SuperDNA’s platforms.
- Social media features and widgets. Our services include social media features. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. They may also allow third-party social media services to provide us information about you, including your name, email address, and other contact information. The information we receive is dependent upon your privacy settings with the social network. Features are either hosted by a third-party or hosted directly on our site. Your interactions with these Features are governed by the privacy policies of the third-party companies providing them. You should always review and, if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our website or Services.
- Referral information and sharing. When you refer a person to SuperDNA, we will ask for that person’s email address. We will use their email address solely, as applicable, to make a referral to them, and we will let your contact know that you requested the communication. By participating in a referral program or by choosing to share information with another person, you confirm that the person has given you consent for us to communicate (e.g., via email) with him or her. The person you referred may contact us at firstname.lastname@example.org to request that we remove this information from our database.
- DNA samples. To use our genetic testing services, you must purchase, or receive as a gift, a SuperDNA Sample Collection kit, create an online account and register your kit, and ship your DNA sample to our laboratory. Our laboratory will extract your DNA from your DNA sample for analysis. Your DNA sample and DNA are destroyed after our laboratory completes its work, subject to legal and regulatory requirements.
- Genetic Information. Information regarding your genotype (e.g. the As, Ts, Cs, and Gs at particular locations in your genome), your Genetic Information, is generated when we analyse and process your DNA sample, or when you otherwise contribute or access your Genetic Information through our Services. Genetic Information includes the SuperDNA results reported to you as part of our Services, and may be used for other purposes, as outlined in Section 3 below.
- Help us recognise you when you use our Services;
- Customise and improve your experience;
- Provide security;
- Analyse usage of our Services (such as to analyse your interactions with the results, reports, and other features of the Service);
- Gather demographic information about our user base;
- Offer our Services to you;
- Monitor the success of marketing programs; and
- Serve targeted advertising on our site and on other sites around the Internet.
Google Analytics. Google Analytics is used to perform many of the tasks listed above. We use the User-ID feature of Google Analytics to combine behavioural information across devices and sessions (including authenticated and unauthenticated sessions). We have enabled the following Google Analytics Advertising features: Remarketing, Google Display Network Impression Reporting, Google Analytics Demographics and Interest Reporting, and DoubleClick Campaign Manager integration. We do not merge information collected through any Google advertising products with individual-level information collected elsewhere by our Service. Learn more about how Google collects and uses data here. To opt out of Google Analytics Advertising Features please use Google Ad Settings.
3. How do we use your information?
- Open your account, enable purchases and process payments, communicate with you, and implement your requests (e.g., referrals);
- Enable and enhance your use of our website and mobile application(s), including authenticating your visits, providing personalised content and information, and tracking your usage of our Services;
- Contact you about your account, and any relevant information about our Services (e.g. policy changes, security updates or issues, etc.);
- Enforce our Terms of Service and other agreements;
- Monitor, detect, investigate and prevent prohibited or illegal behaviours on our Services, to combat spam and other security risks; and
- Perform research & development activities, which may include, for example, conducting data analysis and research in order to develop new or improve existing products and services, and performing quality control activities.
- Your Genetic Information and/or Self-Reported Information will be used for research and development purposes, but it will be anonymised and will not be linked to your Registration Information.
- SuperDNA may use individual-level Genetic Information and Self-Reported Information at SuperDNA for research and development purposes.
- SuperDNA may share summary statistics, which do not identify any particular individual or contain individual-level information, with our qualified research collaborators.
If you have completed the Informed Consent, or additional consent agreement, in addition to the uses above under the Consent form, SuperDNA may share anonymised Individual-level Genetic Information and Self-Reported Information with selected third-party research collaborators for SuperDNA partners for Research purposes.
Withdrawing your Consent. You may withdraw your consent to participate in SuperDNA at any time by changing your consent status within your Account Settings. If you experience difficulties changing your consent status, contact email@example.com
When you contact Customer Care, we may use or request Personal Information, including Sensitive Information, as necessary to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints. In some instances, we may be required to process one customer’s Personal Information to resolve another customer’s dispute or request. For example, if a customer reports behaviour that violates our Terms of Service, we will separately process both customers’ Personal Information and respond separately to each individual as appropriate. We will not share your Personal Information with another customer without your consent.
g. To conduct surveys or polls, and obtain testimonials
We value your feedback and may send you surveys, polls, or requests for testimonials to improve and optimise our Services. You are in control of the information you would like to share with us. If you do not wish to receive these requests, you can manage them in your Account Settings. Our legal basis for processing your Personal Information for the purpose described above is based on our legitimate interest. We think it is important to continue improving our Services to ensure your continued enjoyment.
h. To provide you with marketing communications
4. Information we share with third parties
- Order fulfillment and shipping. When you purchase a SuperDNA kit from the www.mysuperdna.com online store, our payment processor processes certain Registration Information, such as your billing address and credit card information, as necessary to enable you to purchase a SuperDNA kit online. Our logistic services providers ship your kit(s) to you, and help return your kit safely to our laboratory so your sample can be processed. If you purchase a SuperDNA kit from retail outlets, our logistic services providers help return your kit to our laboratory.
- Customer Care support. Our Customer Care team uses a number of tools to help organise and manage the requests we receive.These tools help to ensure we provide timely, high-quality support.
- Cloud storage, IT, and Security. Our cloud storage and other services providers provide secure storage for information in SuperDNA databases, ensure that our infrastructure can support continued use of our Services by SuperDNA customers, and protect data in the event of a natural disaster or other disruption to the Service. Our IT and security providers assist with intrusion detection and prevention measures to stop any potential attacks against our networks. We have these third-party experts perform regular penetration tests and periodically audit SuperDNA’s security controls.
- Marketing and analytics. When you use our Services, including our website or mobile app(s), we and our third-party service providers may collect Web-Behaviour Information about your visit, such as the links you clicked on, the duration of your visit, and the URLs you visited. This information can help us improve site navigability and assess our Marketing campaigns. Per applicable data protection regulations, our websites present visitors with a cookie opt out to allow the processing described above via Functionality and Advertising Cookies.
We may share Aggregate Information, which is information that has been stripped of your name and contact information and combined with information of others so that you cannot reasonably be identified as an individual, with third parties. This Information is different from Individual-level information and is not Personal Information because it does not identify any particular individual or disclose any particular individual’s data. For example, Aggregate Information may include a policy that 30% of our female users share a particular genetic trait, without providing any data or testing results specific to any individual user. In contrast, Individual-level Genetic Information or Self-Reported Information consists of data about a single individual’s genotypes, diseases or other traits/characteristics information and could reveal whether a specific user has a particular genetic trait, or consist of all of the Genetic Information about that user. SuperDNA will ask for your consent to share Individual-level Genetic Information or Self-Reported Information with any third-party, other than our service providers as necessary for us to provide the Services to you.
5. Your choices
As noted in Section 3(h), you may be asked to opt in to receive product and promotional emails or notifications when creating your SuperDNA account. Otherwise, you may view or update your email notification preferences by contacting our Privacy Administrator at firstname.lastname@example.org. You can also click the unsubscribe button at the bottom of promotional email communications.
c. Sharing outside of the SuperDNA Services
- Information previously included in SuperDNA. As stated in Informed Consent, Genetic Information and/or Self-Reported Information that you have previously provided and for which you have given consent to use in SuperDNA cannot be removed from completed studies that use that information. Your data will not be included in studies that start more than 30 days after your account is closed (it may take up to 30 days to withdraw your information after your account is closed).
- Legal Retention Requirements. SuperDNA and our laboratory will retain your Genetic Information, date of birth, and sex as required for compliance with applicable legal obligations. SuperDNA will also retain limited information related to your account and data deletion request, including but not limited to, your email address, account deletion request identifier, and record of legal agreements for a period of time as required by contractual obligations, and/or as necessary for the establishment, exercise or defense of legal claims and for audit and compliance purposes.
6. Security measures
SuperDNA produces secure applications by design. SuperDNA incorporates explicit security reviews in the software development lifecycle, quality assurance testing and operational deployment.
Anonymisation. Registration Information is stripped from Sensitive Information, including Genetic and Self-Reported Information. This data is then assigned a randomly generated ID so an individual cannot reasonably be identified.
Encryption. SuperDNA uses industry standard security measures to encrypt Sensitive Information both at rest and in transit.
Separation of Environments. SuperDNA ensures processing, production, and research environments are separated and access is restricted. Data, including Registration Information, Genetic Information, and Self-Reported Information are segmented across logical database systems to further prevent re-identifiability.
Limiting access to essential personnel. We limit access to Personal Information to authorised personnel, based on job function and role. SuperDNA access controls include strict least-privileged authorisation policy.
Detecting threats and managing vulnerabilities. SuperDNA uses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our processes and regularly engage third party security experts to conduct penetration tests.
Incident Management. SuperDNA maintains a formal incident management program designed to ensure the secure, continuous delivery of its Services. SuperDNA has implemented an incident management program using industry best practices.
Managing third party service providers. SuperDNA requires service providers to implement and maintain accepted industry standard administrative, physical and technical safeguards to protect Personal Information.
Your Responsibility. Please recognise that protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party and should immediately notify SuperDNA of any unauthorised use of your password. SuperDNA cannot secure Personal Information that you release on your own or that you request us to release.
7. Children’s privacy
SuperDNA is committed to protecting the privacy of children as well as adults. Neither SuperDNA nor any of its Services are designed for, or directed toward children under the age of 18. A parent or guardian, however, may collect a DNA sample from, create an account for, and provide information related to, his or her child who is under the age of 18. The parent or guardian assumes full responsibility for ensuring that the information that he/she provides to SuperDNA about his or her child is kept secure and that the information submitted is accurate. SuperDNA is not available to users under the age of 18 (eighteen) years old and therefore information is not knowingly collected for such Data Subjects.
8. Linked websites
10. Contact Information
SuperDNA Sdn Bhd
Unit 6-8, Tower A
Vertical Business Suite
Avenue 3, Bangsar South
No. 8, Jalan Kerinchi
59200 Kuala Lumpur