Privacy Policy

DNA Diagnostics Center dba "HomeDNA.com" Privacy Policy

At DDC, we respect and protect the privacy of our customers and those who use our websites, products and services. DNA Diagnostic Center, Inc., (“DDC” or “we” or “us”) is committed to protecting your privacy. We prepared this privacy policy (the “Privacy Policy”) to describe our practices regarding the information we collect from users of our websites that link to this policy, and use of our related services, including without limitation our testing services and web applications.

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND OUR VIEWS AND PRACTICES REGARDING YOUR INFORMATION AND HOW WE WILL TREAT IT. BY SUBMITTING INFORMATION THROUGH OUR WEBSITE OR USING OUR SERVICES, YOU ARE EXPRESSLY ACCEPTING AND CONSENTING TO THE PROCESSING DESCRIBED IN THIS PRIVACY POLICY.

1. TYPES OF INFORMATION WE COLLECT.

1.1 Information You Provide Us Directly. We may collect information related to you, including, but not limited to your username, first and last name, e-mail, password, phone number, mailing address, and credit card information, when you create an account to log in to our network or at other times. If you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, in order to send you a reply. For customers who engage us for our testing services, we may also collect genetic information and other basic information in order to perform the applicable service and/or test. This information may include but is not limited to DNA, date of birth, gender, blood transfusion and bone marrow transplant history, height and weight. This information is used to provide accurate and complete testing results applicable to the test requested by the client. We may also collect information that is necessary for our legitimate interests, which will be disclosed to you at the time of collection. DDC will use this information for the purposes of which it was collected.

1.2 Information Collected via Technology. To make our website and related services more useful to you, our servers (which may be hosted by a third party service provider) collect information from you, including browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit. We also use Cookies (as defined below) and navigational data to gather information regarding the date and time and duration of your visit and the solutions and information for which you searched and which you viewed. This information includes, without limitation, characters you type, your search and browsing history, articles you click, and pages you view. Like most Internet services, we automatically gather this information and store it in log files each time you visit our website or access your account on our network. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing a web site. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our website. Persistent Cookies can be removed by following Internet browser help file directions. If you choose to disable Cookies, some areas of our website or service may not work properly. We use Google Analytics on our site. Google Analytics is a web analytics service provided by Google. Google Analytics uses cookies to collect anonymous traffic data to help use analyze how users use the website. The information generated by a cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the site, compiling reports on site activity for us and providing other services relating to site activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. By using the website, you consent to the processing of data about you by Google in the manner and for the purposes described in this Privacy Policy.

1.3 Do Not Track. We do not respond to browser-based “do not track” signals. We do not have any third parties that push content to our site.

1.4 US – EU Privacy Shield. The United States Department of Commerce and the European Commission have agreed on a set of data protection principles (the “Privacy Shield Principles”) to enable U.S. companies to satisfy the EU law requirement that all personal information transferred from the European Economic Area (“EEA”) to the United States be adequately protected. DDC has elected to participate in the Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of all personal data received from the EEA. We certify that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the Privacy Shield program, and to view our certification or find more information on the Privacy Shield, please visit http://www.privacyshield.gov or at our Privacy Shield Policy.

DDC PRIVACY SHIELD POLICY

Effective Date: September 30, 2016

DNA Diagnostics Center, Inc. (“DDC”) is a leading provider of private DNA testing. Since 1995, DDC has performed hundreds of thousands of genetic tests. DDC offers comprehensive DNA testing services in several specialty areas, focusing primarily on relationship establishment. This Privacy Shield Privacy Policy (“Policy”) outlines how DDC and its subsidiaries, branches, divisions and business units in the United States, collect, use and disclose certain Personal Data that we receive in the United States from the European Economic Area (“EEA”), and the choices affected individuals have regarding DDC’s use of, and the individual’s ability to correct that information.

Protecting the privacy of its clients is important to DDC. DDC has elected to participate in the Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding Personal Data transferred to the United States from European Economic Area member states. DDC has certified that it adheres to the Privacy Shield Privacy Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.

For the purposes of enforcing the Privacy Shield, DDC is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”).To learn more about the Privacy Shield program, please visit the U.S. Department of Commerce’s Privacy Shield website. To review DDC’s certification, please visit the U.S. Department of Commerce’s Privacy Shield self-certification list.

This Policy is intended to supplement our DNA Diagnostics Center Privacy Policy. In the event of any inconsistency, the terms of this Policy will govern.

Definitions The following definitions apply throughout this Policy:

Agent Any third party that uses Personal Data provided to DDC to perform tasks on behalf of and under the instruction of DDC.

DDC DNA Diagnostics Center, its subsidiaries, branches, divisions, and business units in the United States.

Personal Data Any information or set of information that identifies a living individual, or could reasonably be used to identify a living individual (in each case, whether alone or in combination with any other information in the possession, or likely to come into the possession of DDC).

Sensitive Personal Data Personal Data that reveals racial or ethnic origin, political opinions, religious beliefs (or beliefs of a similar nature), trade union membership, physical or mental health or condition, sexual life, the commission or alleged commission of any offence or any proceedings for any offence committed or alleged to have been committed. In addition, DDC will treat as Sensitive Personal Data genetic data and any information received from a third party where that third party treats and identifies such information as sensitive.

 Privacy Principles

Notice When DDC collects Personal Data directly from individuals in the EEA, it will inform them about the purposes for which it collects their Personal Data and the choices and means, if any, that DDC offers individuals for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to DDC, or as soon as practicable thereafter, and in any event before DDC uses or discloses the information for a purpose other than that for which it was originally collected. The DNA Diagnostics Center Privacy Policy describes the categories of Personal Data that we may receive in the United States under the Privacy Shield Framework as well as the purposes for which we use such Personal Data.

If DDC receives Personal Data from its subsidiaries, affiliates, or other entities in the EEA, it will use such information in accordance with the notices such entities provided and the consents or choices made by the individual about whom such Personal Data relates.

Choice DDC will offer individuals the opportunity to choose (“opt-out”) whether their Personal Data is (a) to be disclosed to a non-Agent third party (unless allowed or required by contract), or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

For Sensitive Personal Data, DDC will give individuals the opportunity to affirmatively and explicitly consent (“opt-in”) to the disclosure of the information to a non-Agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

Accountability for Onward Transfer We may transfer Personal Data to our third-party Agents or business partners as described in the DNA Diagnostics Center Privacy Policy. Where required by the Privacy Shield, DDC will obtain assurances and enter into contracts with its Agents or business partners, stating they will safeguard Personal Data consistently with the Principles and limiting their use of the data to the specified services provided on our behalf. If DDC has knowledge that an Agent or business partner is using or disclosing Personal Data in a manner contrary to this Policy, DDC will take reasonable steps to prevent or stop the use or disclosure. Under certain circumstances, DDC may remain liable under the Principles if the third party Agents that it engages to process Personal Data on its behalf do so in a manner inconsistent with the Principles.

Access Upon request, DDC will grant individuals reasonable access to Personal Data that it holds about them. In addition, DDC will take reasonable steps to permit individuals to correct, amend or delete that information where it is inaccurate, incomplete or has been processed in violation of the Principles. These access rights may not apply fully in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment or deletion of your Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information. Recourse, Enforcement and Liability DDC will conduct internal compliance reviews of its relevant privacy practices to verify adherence to this Policy. Any employee that DDC determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment. Any questions or concerns regarding the use or disclosure of Personal Data should be directed to the DDC Privacy Department at the address given below. DDC will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles contained in this Policy. For complaints that cannot be resolved between DDC and the complainant, DDC has agreed to participate in dispute resolution using JAMS International (located in the United States) as a third party resolution provider to resolve disputes pursuant to the Privacy Shield Principles. You may submit, at no charge to you, your complaint to JAMS for mediation under the JAMS International Mediation Rules, which are accessible on the JAMS website. You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with DDC and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the U.S. Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see the U.S. Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration).

Limitation on Application of Principles Adherence by DDC to these Privacy Shield Principles may be limited (a) to the extent necessary to meet national security, public interest, or law enforcement requirements; (b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations, provided that, in exercising any such authorization, an organization can demonstrate that its non-compliance with the Principles is limited to the extent necessary to meet the overriding legitimate interests furthered by such authorization; or (c) if the effect of the Directive or Member State law is to allow exceptions or derogations, provided such exceptions or derogations are applied in comparable contexts. Consistent with the goal of enhancing privacy protection, DDC strives to implement these Principles fully and transparently, including indicating in our privacy policies where exceptions to the Principles permitted by (b) above will apply on a regular basis. For the same reason, where the option is allowable under the Principles and/or U.S. law, DDC will opt for the higher protection where possible.

Contact Information Questions or comments regarding this policy should be submitted to:

DDC Attn: Privacy Department—Privacy Shield One DDC Way Fairfield, OH 45014 privacy-officer@dnacenter.com 1-800-362-2368

Changes to this Policy This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. DDC will post appropriate notice about such changes and amendments, including by updating the effective date at the top of this Policy.

2. USE OF YOUR DATA.

2.1 General Use. In general, information you submit to us is used either to respond to requests that you make, or to aid us in serving you better. DDC uses your information to facilitate the creation of and secure your account on our network; identify you as a user in our system; provide improved administration of our website and services; improve the quality of experience when you interact with our website and services; send you administrative e-mail notifications; respond to your inquiries related to employment opportunities or other requests; to enhance our website for optimal user experience; to monitor the usage and performance of our website and services; to facilitate transactions and process payments; to provide maintenance, support, and customer service for our site; to conduct research and analysis; and to fulfill other legitimate purposes permitted by applicable law.

2.2 Use of your Information. Except as expressly provided herein, we will only use your information in order to provide you the services you have requested, process your order, respond to any order or billing related questions, and to send you promotional and marketing information as further described herein.

2.3 Creation of Anonymous Data. We may create anonymous data records from your information by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyze request and usage patterns so that we may enhance the content of our services and improve site navigation. DDC reserves the right to use anonymous data for any purpose in its discretion.

Feedback.If you provide feedback on any of our services to us, we may use such feedback for any purpose, provided we will not associate such feedback with your information. DDC will collect any information contained in such communication and will treat the information in such communication in accordance with this Privacy Policy and our Terms of Use.

3. DISCLOSURE OF YOUR INFORMATION.

3.1 Affiliates. We may share some or all of your information with our parent company, any subsidiary, or any other company under a common control (collectively, “Affiliates”), including for marketing purposes. If we do share your information, we will require our Affiliates to honor this Privacy Policy. If another company acquires our company or our assets, that company will possess the information collected by it and us and will assume the rights and obligations regarding your information collected by us as described in this Privacy Policy.

3.2 Services Providers. We may share your information with agents to the extent necessary for them to provide their products and services to us, or to provide you with the products and services that you have requested. For example, if you engage us for testing services through a local laboratory, the laboratory is acting as our agent. Other examples include, database storage, file storage and file destruction, hosting services, marketing assistance, analyzing user data, processing payment card information, and for other legitimate purposes permitted by applicable law.

3.3 Business Partners. We may partner with other companies and individuals with respect to particular products or services. These third parties may be provided access to your information, and/or may hold your information, based on the need to perform their function. To restrict sharing of information with these third parties for their marketing purposes, please see the section below titles “Your Choices and Rights Regarding Your Information.”

3.4 Other Disclosures. Regardless of any choices you make regarding your information (as described below), DDC, may disclose information if it believes in good faith that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants served on DDC; (b) protect or defend the rights or property of DDC, or users of our services; (c) to protect against fraud or for risk management purposes; or (d) or to honor a request that you have made to DDC.

4. THIRD PARTY WEBSITES.

We may link to third party websites. Our provision of a link to any other website or location is for your convenience and does not signify our endorsement of such other website or location or its contents. When you click on such a link, you will leave our site and go to another site. During this process, another entity may collect information from you. We have no control over, do not review, and cannot be responsible for, these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or framed websites, or to any collection of data after you click on links to such outside websites.

5. YOUR CHOICES REGARDING YOUR INFORMATION.

5.1 Choices. We offer you choices regarding the collection, use, and sharing of your information. We will periodically send you free newsletters and e-mails that directly promote the use of our website or services and may contain advertisements for third party companies or our Affiliates. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the e-mail you receive or by contacting us directly at optout@dnacenter.com. Should you decide to opt-out of receiving future mailings, we may share your e-mail address with third parties to ensure that you do not receive further communications from third parties, except that any such third party may have its own opt-out policy to stop receiving further communications from such third party, and such opt-out policy will be included in the communications received from such third party. Despite your indicated e-mail preferences, we may send you emails related to your account or transactions there under, or notices of any updates to our Terms and Conditions or Privacy Policy.

5.2 Withdrawal of Consent You have the right to withdraw your consent to processing that is currently underway with your consent. Consent can be withdrawn by sending an email. Without your consent, DDC will use information, only insofar as such processing is permitted by applicable law (e.g., for the performance of an Agreement between DDC and you) or where such processing is necessary for compliance with a legal obligation to which DDC is subject.

5.3 Accessing, deleting and updating your information. At your request, we will inform you of what personal information we have on file. In accordance with applicable data protection laws, you may have the right to request: access to, rectification, and erasure of your personal information; restriction of processing of personal information; objecting to certain processing of personal information; and the right to data portability. To exercise your rights under these provisions, please contact us at the “Contact Information” details below. When we receive your requests, we may ask you to verify your identity before we can act on your request. We may withhold information where the search for that information would require disproportionate effort or have a disproportionate effect to, for example, the cost of providing the information, the time it would take to retrieve the data, or how difficult it may be to obtain the information requested. Please note that we may be required (by law, accrediting bodies, or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). Please be advised that by deleting your personal information, it will limit or eliminate our ability to provide future communication or explanation regarding any products or services, test results or other offerings in connection with DNA Diagnostics Center. Please be further advised that after your personal information is deleted that residual copies may take a period of time before they are deleted from all latent and backup systems.

6. RETENTION OF DATA

The data you provide to us may be necessary to carry out tasks prior to testing, such as verifying identity or payment details when signing in to use an account. We retain required data based on testing regulatory requirements and other standards, such as meeting our financial obligations and to carry out our responsibilities and enforce our rights arising from service agreements entered into between you and us. The following summarizes the data retention timeframes based on two main categories of testing.

Legal/Chain of Custody/Accredited Tests-We store your samples for a minimum of six months or according to contractual and legal requirements if longer. All accompanying data and records associated with these tests are maintained as required by accrediting bodies, which is a minimum of five years or longer in some instances as required by law. New York Department of Health requires all testing records be maintained for a period of 7 years. All such accompanying data will be destroyed following the minimum timeframes at intervals annually thereafter.

Non Legal/Non-Chain of Custody Tests-We store your samples for a period of 6-8 weeks or according to contractual and legal requirements if longer. All accompanying data and records associated with these tests are maintained for a minimum period of one year and will be destroyed at intervals annually thereafter.

7. SECURITY OF YOUR INFORMATION.

We are committed to protecting the security of your information. We use a variety of reasonable security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. Access to your personal information is limited and we take reasonable measures to ensure that your personal information is not accessible. Although DDC attempts to protect the personal information in its possession, no security system is perfect, and DDC cannot promise that your personal information will remain absolutely secure in all circumstances.

8. DISPUTE RESOLUTION.

If you have any questions or concerns, please contact DDC by email at contact@dnaCenter.com. We will do our best to address your concerns. If you feel that your complaint has been addressed incompletely, we invite you to let us know for further investigation. If you and DDC are unable to reach a resolution to the dispute, you may submit your complaint to JAMS (located in the United States) for mediation under the JAMS International Mediation Rules, which are accessible on the JAMS website at https://www.jamsadr.com. Questions or comments regarding this policy should be submitted to privacy-officer@dnaCenter.com.

Where you believe that we have not processed your information in accordance with applicable data protection laws, you may lodge a complaint with your respective supervisory authority or data protection regulator.

9. A NOTE TO USERS OUTSIDE OF THE UNITED STATES.

DDC is based, and this website is hosted, in the United States of America. If you are from a country outside of the United States of America with laws governing data collection, use, and disclosure that may differ from U.S. law and you provide information to DDC, please note that any information that you provide to DDC may be transferred to the United States of America. By providing your information, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein or in any terms and conditions related to the use of and access to the website and our Services as describe in this Privacy Policy.

10. CHANGES TO THIS PRIVACY POLICY.

This Privacy Policy is subject to occasional revision, and if we make any substantial changes in the way we use your information, we will notify you by sending you an e-mail to the last e-mail address you provided to us and/or by prominently posting notice of the changes on our website or on our service. Any material changes to this Privacy Policy will be effective upon the earlier of thirty (30) calendar days following our dispatch of an e-mail notice to you or thirty (30) calendar days following our posting of notice of the changes on our site or on our service. These changes will be effective immediately for new users of our website or services. Please note that at all times you are responsible for updating your information to provide us with your most current e-mail address. In any event, changes to this Privacy Policy may affect our use of information that you provided us prior to our notification to you of the changes. If you do not wish to permit changes in our use of your information, you must notify us prior to the effective date of the changes that you wish to deactivate your account with us. Continued use of our website, or services, following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

11. CONTACT INFORMATION.

We welcome your comments or questions regarding this Privacy Policy. Please e-mail us at privacy-officer@dnacenter.com or contact us at the following address or phone number:

ONE DDC WAY
FAIRFIELD OH 45014
1-800-362-2368

If DDC needs, or is required, to contact you concerning any event that involves information about you, we may do so by email, telephone, or mail.

Revised February 20, 2020