Privacy Policy
This Privacy Policy highlights and provides an overview of some core components of our data handling practices.
Please be sure to review the Full Privacy Policy.
Information we collect
- Information we receive when you use our Services. We collect Web-Behaviour Information via cookies and other similar tracking technologies when you use and access our Services (our website, mobile apps, products, software and other services). See our Cookie Policy for more information.
- Information you share directly with us. We collect and process your information when you place an order, create an account, register your SuperDNA Collection Kit, complete surveys, post on our platform or use other messaging features, and contact Customer Care. This information can generally be categorised as Registration Information, Self-Reported Information, and/or User Content as defined in our full Privacy Policy.
- Information from our DNA testing services. With your consent, we extract your DNA from your DNA sample and analyse it to produce your Genetic Information (the As, Ts, Cs, and Gs at particular locations in your genome) in order to provide you with reports.
- Information from third parties who lawfully provide it to us.
How We Use Information
- To provide our Services. We process Personal Information in order to provide our Service, which includes processing payments, shipping kits to customers, creating customer accounts and authenticating logins, analysing DNA samples and DNA, and delivering results and powering tools that benefit our customers.
- To analyse and improve our Services. We constantly work to improve and provide new reports, tools, and Services. We may also need to fix bugs or issues, analyse use of our website to improve the customer experience or assess our marketing campaigns.
- For SuperDNA, with your consent. If you choose to consent to participate in SuperDNA, SuperDNA researchers can include your anonymised Genetic Information and Self-Reported Information in a large pool of customer data for analyses aimed at making scientific discoveries.
Control your choices
- SuperDNA gives you the ability to share information in a variety of ways. You choose:
- To store or discard your DNA sample after it has been analysed. In the event that you choose to store your DNA sample, it will be stored securely in our medical laboratory and has internal quality and access control procedures as required by international standards.
- When and with whom you share your information, including friends, family members, health care professionals, or other individuals outside our Services, including through third-party services that accept SuperDNA data and social networks.
- To give or decline consent for SuperDNA. You can give consent for the use of your data for scientific and/or medical research and development.
- Delete your SuperDNA account and data at any time.
- You have the right to make a complaint about how your data is handled.
Disclosure of your info
- With our service providers as necessary for them to provide their services to us.
- With research collaborators, only if you have given your consent.
- We will not sell, lease, or rent your individual-level protected health information to any third party or to a third-party for research purposes without your consent.
- We do not share customer data with any public databases.
- We will not provide any Personal Information to an insurance company or employer.
- We will not provide information to law enforcement or regulatory authorities unless required by law to comply with a valid court order, subpoena, or search warrant for genetic or Personal Information.
How we secure info
- SuperDNA implements measures and systems to ensure confidentiality, integrity, and availability of SuperDNA data.
- Anonymisation, encryption, and data segmentation. Registration Information is stripped from Sensitive Information, including genetic and phenotypic data. This data is then assigned a random ID so the person who provided the data cannot be identified. SuperDNA uses industry-standard security measures to encrypt sensitive personal data both when it is stored (data-at-rest) and when it is being transmitted (data-in-flight). Additionally, data are segmented across logical database systems to further prevent re-identifiability.
- Limiting access to essential personnel. We limit access of information to authorised personnel, based on job function and role. SuperDNA access controls include a strict least-privileged authorisation policy.
- Detecting threats and managing vulnerabilities. SuperDNA uses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our build pipeline and regularly engage third party security experts to conduct penetration tests.
Full Privacy Policy
Our Privacy Policy is designed to help you better understand how we collect, use, store, process, and transfer your information when using our Services. Our Privacy Policy is applicable to all new and existing Users of our Services, and applies to all websites owned and operated by SuperDNA Sdn Bhd and its subsidiaries and/or affiliates (collectively referred “SuperDNA”) , including www.mysuperdna.com, and any other websites, pages, features, or content we own or operate, and any related Services.
Please carefully review this Privacy Policy and our Terms of Service. By using our Services, you acknowledge all of the policies and procedures described in the foregoing documents. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy or our Terms of Service, you should immediately discontinue the use of our Services.
1. Key Definitions
- Registration Information: information you provide about yourself when registering for and/or purchasing our Services (e.g. name, email, phone number, address, user ID and password, and payment information).
- Genetic Information: information regarding your genotypes (i.e. the As, Ts, Cs, and Gs at particular locations in your genome), generated through processing of your DNA sample by SuperDNA or by its contractors, successors, or assignees; or otherwise processed by and/or contributed to SuperDNA.
- Self-Reported Information: information you provide directly to us, including your disease conditions, other health-related information, personal traits, ethnicity, family history, and other information that you enter into surveys, forms, or features while signed in to your SuperDNA account.
- Sensitive Information: information about your health, Genetic Information, and certain Self-Reported Information such as racial and ethnic origin, sexual orientation, and political affiliation.
- User Content: all information, data, text, software, music, audio, photographs, graphics, video, messages, or other materials other than Genetic Information and Self-Reported Information-generated by users of SuperDNA Services and transmitted, whether publicly or privately, to or through SuperDNA.
- Web-Behaviour Information: information on how you use SuperDNA Services is collected through log files, cookies, web beacons, and similar technologies, (e.g., browser type, domains, page views).
- Pseudonymised Information: means replacing the identifying markers of your Information with artificial identifiers to reduce the association between the data subject and the Information during processing.
2. Information we collect
- Registration Information. When you purchase our Services or create a SuperDNA account and register your kit, we collect Personal Information, such as your name, date of birth, billing and shipping address, payment information (e.g., credit card) and contact information (e.g. email, phone number and license number).
- Self-Reported Information. You have the option to provide us with additional information about yourself through surveys, forms, features and applications. For example, you may provide us with information about your personal traits (e.g., eye colour, height), ethnicity, disease conditions (e.g. Type 2 Diabetes), and other health-related information (e.g. pulse rate, cholesterol levels, visual acuity), and, where applicable, family history information (e.g. information similar to the foregoing about your family members).
- User Content. Some of our Services allow you to create and post or upload content, such as data, text, software, music, audio, photographs, graphics, video, messages, or other materials that you create or provide to us through either a public or private transmission (User Content) . For example, User Content includes any discussions, posts, or messages you send on SuperDNA’s platforms.
- Blogs and platforms. SuperDNA customers may participate in our online platforms. You should be aware that any information you provide or post in these areas may be read, collected, and used by others who access them. To request that we remove or anonymise your Personal Information from our blog or platform, contact us at care@mysuperdna.com. Please note that whenever you post something publicly, it may sometimes be impossible to remove all instances of the posted information, for example, if someone has taken a screenshot of your posting. Please exercise caution before choosing to share Personal Information publicly on our blogs, platforms or in any other postings. You may be required to register with a third-party application to post a comment. To learn how the third-party application uses your information, please review the third-party’s privacy policy.
- Social media features and widgets. Our services include social media features. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. They may also allow third-party social media services to provide us information about you, including your name, email address, and other contact information. The information we receive is dependent upon your privacy settings with the social network. Features are either hosted by a third-party or hosted directly on our site. Your interactions with these Features are governed by the privacy policies of the third-party companies providing them. You should always review and, if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our website or Services.
- Third-party services (e.g., social media). If you use a third-party site, such as Facebook or Twitter, in connection with our Services to communicate with another person (e.g., to make or post referrals or to request that we communicate with another person), then in addition to that person’s name and contact information, we may also collect other information (e.g., your profile picture, network, gender, username, user ID, age range, language, country, friends lists or followers) depending on your privacy settings on the third-party site. We do not control the third-party site’s information practices, so please review the third-party’s privacy policy and your settings on the third-party’s site carefully.
- Referral information and sharing. When you refer a person to SuperDNA, we will ask for that person’s email address. We will use their email address solely, as applicable, to make a referral to them, and we will let your contact know that you requested the communication. By participating in a referral program or by choosing to share information with another person, you confirm that the person has given you consent for us to communicate (e.g., via email) with him or her. The person you referred may contact us at care@mysuperdna.com to request that we remove this information from our database.
- If you provide us with Personal Information about others, or if others give us your information, for the purpose of ordering the Service as a gift, we will only use that information for the specific reason for which it was provided to us. Once a gift recipient registers for his or her Services and agrees to our Privacy Policy, our Terms of Service, and if applicable, provides certain consent , his or her Personal Information will be used in manners consistent with this Privacy Policy, and will not be shared with the purchaser, unless they independently choose to share their own Personal Information through the Services with the purchaser.
- Customer service. When you contact Customer Care or correspond with us about our Service, we collect information to: track and respond to your inquiry; investigate any breach of our Terms of Service, Privacy Policy or applicable laws or regulations; and analyse and improve our Services.
- DNA samples. To use our genetic testing services, you must purchase, or receive as a gift, a SuperDNA Sample Collection kit, create an online account and register your kit, and ship your DNA sample to our laboratory. Our laboratory will extract your DNA from your DNA sample for analysis. Your DNA sample and DNA are destroyed after our laboratory completes its work, subject to legal and regulatory requirements.
- Genetic Information. Information regarding your genotype (e.g. the As, Ts, Cs, and Gs at particular locations in your genome), your Genetic Information, is generated when we analyse and process your DNA sample, or when you otherwise contribute or access your Genetic Information through our Services. Genetic Information includes the SuperDNA results reported to you as part of our Services, and may be used for other purposes, as outlined in Section 3 below.
- Help us recognise you when you use our Services;
- Customise and improve your experience;
- Provide security;
- Analyse usage of our Services (such as to analyse your interactions with the results, reports, and other features of the Service);
- Gather demographic information about our user base;
- Offer our Services to you;
- Monitor the success of marketing programs; and
- Serve targeted advertising on our site and on other sites around the Internet.
Google Analytics. Google Analytics is used to perform many of the tasks listed above. We use the User-ID feature of Google Analytics to combine behavioural information across devices and sessions (including authenticated and unauthenticated sessions). We have enabled the following Google Analytics Advertising features: Remarketing, Google Display Network Impression Reporting, Google Analytics Demographics and Interest Reporting, and DoubleClick Campaign Manager integration. We do not merge information collected through any Google advertising products with individual-level information collected elsewhere by our Service. Learn more about how Google collects and uses data here. To opt out of Google Analytics Advertising Features please use Google Ad Settings.
We continuously work to enhance our Services with new products, applications and features that may result in the collection of new and different types of information. We will update our Privacy Policy and/or obtain your prior consent to new processing, as needed.
3. How do we use your information?
SuperDNA will use and share your Personal Information with third parties only in the ways that are described in this Privacy Policy.
- Open your account, enable purchases and process payments, communicate with you, and implement your requests (e.g., referrals);
- Enable and enhance your use of our website and mobile application(s), including authenticating your visits, providing personalised content and information, and tracking your usage of our Services;
- Contact you about your account, and any relevant information about our Services (e.g. policy changes, security updates or issues, etc.);
- Enforce our Terms of Service and other agreements;
- Monitor, detect, investigate and prevent prohibited or illegal behaviours on our Services, to combat spam and other security risks; and
- Perform research & development activities, which may include, for example, conducting data analysis and research in order to develop new or improve existing products and services, and performing quality control activities.
- Your Genetic Information and/or Self-Reported Information will be used for research and development purposes, but it will be anonymised and will not be linked to your Registration Information.
- SuperDNA may use individual-level Genetic Information and Self-Reported Information at SuperDNA for research and development purposes.
- SuperDNA may share summary statistics, which do not identify any particular individual or contain individual-level information, with our qualified research collaborators.
If you have completed the Informed Consent, or additional consent agreement, in addition to the uses above under the Consent form, SuperDNA may share anonymised Individual-level Genetic Information and Self-Reported Information with selected third-party research collaborators for SuperDNA partners for Research purposes.
Withdrawing your Consent. You may withdraw your consent to participate in SuperDNA at any time by changing your consent status within your Account Settings. If you experience difficulties changing your consent status, contact care@mysuperdna.com
If you choose not to provide consent to us or complete any additional agreement with SuperDNA, your Personal Information will not be used for SuperDNA. However, your Genetic Information and Self-Reported Information may still be used by us and shared with our third-party service providers in order for us to provide our Services to you as outlined in this Privacy Policy.
When you contact Customer Care, we may use or request Personal Information, including Sensitive Information, as necessary to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints. In some instances, we may be required to process one customer’s Personal Information to resolve another customer’s dispute or request. For example, if a customer reports behaviour that violates our Terms of Service, we will separately process both customers’ Personal Information and respond separately to each individual as appropriate. We will not share your Personal Information with another customer without your consent.
g. To conduct surveys or polls, and obtain testimonials
We value your feedback and may send you surveys, polls, or requests for testimonials to improve and optimise our Services. You are in control of the information you would like to share with us. If you do not wish to receive these requests, you can manage them in your Account Settings. Our legal basis for processing your Personal Information for the purpose described above is based on our legitimate interest. We think it is important to continue improving our Services to ensure your continued enjoyment.
h. To provide you with marketing communications
4. Information we share with third parties
- Order fulfillment and shipping. When you purchase a SuperDNA kit from the www.mysuperdna.com online store, our payment processor processes certain Registration Information, such as your billing address and credit card information, as necessary to enable you to purchase a SuperDNA kit online. Our logistic services providers ship your kit(s) to you, and help return your kit safely to our laboratory so your sample can be processed. If you purchase a SuperDNA kit from retail outlets, our logistic services providers help return your kit to our laboratory.
- Customer Care support. Our Customer Care team uses a number of tools to help organise and manage the requests we receive.These tools help to ensure we provide timely, high-quality support.
- Cloud storage, IT, and Security. Our cloud storage and other services providers provide secure storage for information in SuperDNA databases, ensure that our infrastructure can support continued use of our Services by SuperDNA customers, and protect data in the event of a natural disaster or other disruption to the Service. Our IT and security providers assist with intrusion detection and prevention measures to stop any potential attacks against our networks. We have these third-party experts perform regular penetration tests and periodically audit SuperDNA’s security controls.
- Marketing and analytics. When you use our Services, including our website or mobile app(s), we and our third-party service providers may collect Web-Behaviour Information about your visit, such as the links you clicked on, the duration of your visit, and the URLs you visited. This information can help us improve site navigability and assess our Marketing campaigns. Per applicable data protection regulations, our websites present visitors with a cookie opt out to allow the processing described above via Functionality and Advertising Cookies.
We may share Aggregate Information, which is information that has been stripped of your name and contact information and combined with information of others so that you cannot reasonably be identified as an individual, with third parties. This Information is different from Individual-level information and is not Personal Information because it does not identify any particular individual or disclose any particular individual’s data. For example, Aggregate Information may include a policy that 30% of our female users share a particular genetic trait, without providing any data or testing results specific to any individual user. In contrast, Individual-level Genetic Information or Self-Reported Information consists of data about a single individual’s genotypes, diseases or other traits/characteristics information and could reveal whether a specific user has a particular genetic trait, or consist of all of the Genetic Information about that user. SuperDNA will ask for your consent to share Individual-level Genetic Information or Self-Reported Information with any third-party, other than our service providers as necessary for us to provide the Services to you.
We may share some or all of your Personal Information with other companies under common ownership or control of us, which may include our subsidiaries, our corporate parent, or any other subsidiaries owned by our corporate parent in order to provide you better service and improve user experience. Generally, sharing such information is necessary for us to perform on our contract with you. We may provide additional notice and ask for your prior consent if we wish to share your Personal Information with our commonly owned entities in a materially different way than discussed in this Privacy Policy.
In the event that we go through a business transition such as a restructuring, merger, acquisition by another company, or sale of all or a portion of its assets your Personal Information will likely be among the assets transferred. In such a case, your information would remain subject to the promises made in any pre-existing Privacy Policy.
5. Your choices
You may access, correct or update most of your Registration Information on your own within your Account Settings. You may also review and update your consent to SuperDNA. To exercise one or more of the rights described in this Privacy Policy, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Information, please contact care@mysuperdna.com.
As noted in Section 3(h), you may be asked to opt in to receive product and promotional emails or notifications when creating your SuperDNA account. Otherwise, you may view or update your email notification preferences by contacting our Privacy Administrator at care@mysuperdna.com. You can also click the unsubscribe button at the bottom of promotional email communications.
c. Sharing outside of the SuperDNA Services
You may decide to share your Personal Information with friends and/or family members, doctors or other Healthcare Professionals, and/or other individuals outside of our Services, including through third party services such as social networks and third party apps that connect to our website and mobile apps through our application programming interface (API) . These third parties may use your Personal Information differently than we do under this Privacy Policy. Please make such choices carefully and review the privacy policies of all other third parties involved in the transaction. We do not endorse or sponsor any API applications, and does not affirm the accuracy or validity of any interpretations made by third party API applications.
- Information previously included in SuperDNA. As stated in Informed Consent, Genetic Information and/or Self-Reported Information that you have previously provided and for which you have given consent to use in SuperDNA cannot be removed from completed studies that use that information. Your data will not be included in studies that start more than 30 days after your account is closed (it may take up to 30 days to withdraw your information after your account is closed).
- Legal Retention Requirements. SuperDNA and our laboratory will retain your Genetic Information, date of birth, and sex as required for compliance with applicable legal obligations. SuperDNA will also retain limited information related to your account and data deletion request, including but not limited to, your email address, account deletion request identifier, and record of legal agreements for a period of time as required by contractual obligations, and/or as necessary for the establishment, exercise or defense of legal claims and for audit and compliance purposes.
6. Security measures
SuperDNA produces secure applications by design. SuperDNA incorporates explicit security reviews in the software development lifecycle, quality assurance testing and operational deployment.
Anonymisation. Registration Information is stripped from Sensitive Information, including Genetic and Self-Reported Information. This data is then assigned a randomly generated ID so an individual cannot reasonably be identified.
Encryption. SuperDNA uses industry standard security measures to encrypt Sensitive Information both at rest and in transit.
Separation of Environments. SuperDNA ensures processing, production, and research environments are separated and access is restricted. Data, including Registration Information, Genetic Information, and Self-Reported Information are segmented across logical database systems to further prevent re-identifiability.
Limiting access to essential personnel. We limit access to Personal Information to authorised personnel, based on job function and role. SuperDNA access controls include strict least-privileged authorisation policy.
Detecting threats and managing vulnerabilities. SuperDNA uses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our processes and regularly engage third party security experts to conduct penetration tests.
Incident Management. SuperDNA maintains a formal incident management program designed to ensure the secure, continuous delivery of its Services. SuperDNA has implemented an incident management program using industry best practices.
Managing third party service providers. SuperDNA requires service providers to implement and maintain accepted industry standard administrative, physical and technical safeguards to protect Personal Information.
Your Responsibility. Please recognise that protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party and should immediately notify SuperDNA of any unauthorised use of your password. SuperDNA cannot secure Personal Information that you release on your own or that you request us to release.
7. Children’s privacy
SuperDNA is committed to protecting the privacy of children as well as adults. Neither SuperDNA nor any of its Services are designed for, or directed toward children under the age of 18. A parent or guardian, however, may collect a DNA sample from, create an account for, and provide information related to, his or her child who is under the age of 18. The parent or guardian assumes full responsibility for ensuring that the information that he/she provides to SuperDNA about his or her child is kept secure and that the information submitted is accurate. SuperDNA is not available to users under the age of 18 (eighteen) years old and therefore information is not knowingly collected for such Data Subjects.
8. Linked websites
SuperDNA provides links to third party websites operated by organisations not affiliated with SuperDNA. We do not disclose your information to organisations operating such linked third party websites. We do not review or endorse, and is not responsible for the privacy practices of these organisations. We encourage you to read the privacy policies of each and every website that you visit. This Privacy Policy applies solely to information collected by us and our service providers on our behalf.
9. Changes to this Privacy Policy
Whenever this Privacy Policy is changed in a material way, a notice will be posted as part of this Privacy Policy and on our website for 30 days. After 30 days the changes will become effective. In addition, all customers will receive an email with notification of the changes prior to the change becoming effective. SuperDNA may provide additional just-in-time disclosures or additional information about the data collection, use and sharing practices of specific Services. Such notices may supplement or clarify our privacy practices or may provide you with additional choices about how we process your Personal Information.
10. Contact Information
If you have questions about this Privacy Policy, or wish to submit a complaint, please email SuperDNA Privacy Administrator at care@mysuperdna.com, or send a letter to:
SuperDNA Sdn Bhd
Unit 6-8, Tower A
Vertical Business Suite
Avenue 3, Bangsar South
No. 8, Jalan Kerinchi
59200 Kuala Lumpur