I. Key Definitions.
- Aggregate Information: information that has been combined with that of other users and analyzed or evaluated as a whole, such that no specific individual may be reasonably identified.
- De-Identified Information: information that has been stripped of your Registration Information (e.g., your name and contact information) and other identifying data such that you cannot reasonably be identified as an individual.
- Individual-level Information: information about a single individual’s genotypes, diseases or other traits/characteristics, but which is not necessarily tied to Registration Information.
- Personal Information: information that can be used to identify you, either alone or in combination with other information. HLI collects and stores the following types of Personal Information:
- Registration Information: information you provide about yourself when registering for and/or purchasing our Services (e.g. name, email, address, user ID and password).
- Genetic Information: information regarding your genotype (e.g. the As, Ts, Cs, and Gs at particular locations in your genome), that is generated when sequencing your genome, or is uploaded by you when using our Services.
- Self-Reported Information: all information about yourself, including your disease conditions, other health-related information, personal traits, ethnicity, family history, and other information that you provide to HLI.
- Sensitive Information: information about your health, Genetic Information, and certain Self-Reported Information such as racial and ethnic origin and sexual orientation.
- User Content: all information, data, text, software, music, audio, photographs, graphics, video, messages, or other materials – other than Genetic Information and Self-Reported Information-generated or uploaded by you while using our Services.
- Web Behavior Information: information on how you use our Services (e.g. browser type, domains, page views) collected through log files, cookies, and web beacon technology.
- Service or Services: HLI products, software, services, and website (including but not limited to text, graphics, images, and other material and information) as accessed by the user.
II. HLI Core Privacy Principles:
- We collect, store, handle and share information in ways we reasonably believe are permitted by laws and regulations for the following purposes: (1) to provide, assess, and improve our Services; (2) to comply with laws we are subject to; and (3) in an aggregated and/or de-identified format for research, development, and quality improvement purposes.
- We will not sell, lease, or rent your individual-level personal information (i.e. your individual genomic information, disease or health related data) to any third-party without your express consent.
- The core mission of HLI is to seek to improve our understanding of the human genome. HLI researchers may use your de-identified individual-level personal and genomic information to conduct internal research to advance our knowledge of the genome. However, we will not publish research based on individual-level personal and genomic data unless you have provided HLI with consent to use your data for this purpose.
- We believe your genomic information, and personal information such as race, ethnicity, disease condition, physical traits, etc., are incredibly sensitive information. We try to be very transparent in our collection, use and disclosure of this information. We will ask for your express consent to share personally identifiable information with any third party.
- We are committed to data security practices needed to protect your data.
III. What information does HLI collect?
We collect the following types of information:
A. Information You Provide to Us:
Registration Information. When you register an account with HLI we collect personal information, such as your name, and contact information such as your email.
Self-Reported Information. You may have the option to provide us with additional information about yourself through features or applications. For example, we may ask you for information related to ethnicity, personal traits, disease conditions, and other health-related information and family history information. We will collect and store information you provide us in response. Where you are disclosing information about a family member, you should make sure that you have permission from the family member to do so.
User Content. Some of our Services allow you to create and post or upload content, such as data, text, software, messages, genomic data files, or other materials that you create or provide to us through either a public or private transmission.
Customer Service. When you contact our Customer Service we collect information to: track and respond to your inquiry, analyze and improve our Services, and investigate any breach of our Terms of Service, Privacy Statement or applicable laws or regulations.
Genetic information. When you have your genome sequenced by HLI as part of our Services, or if you upload files containing your genetic information into HLI Services, we will store that information and it may be used internally, and for other purposes as outlined below.
B. Information Collected Automatically:
Certain usage information we collect (such as the numbers and frequency of visitors to the HLI website, and HLI Open Search), we only use in aggregate form, and not in a manner that would identify you personally. For example, this aggregate data tells us how often users use parts of our Website, or certain online Services, so that we can make the Services appealing to as many users as possible. We may also provide this aggregate information to our partners; our partners may use such information to understand how often and in what ways people use HLI Services, so that they, too, can provide you with an optimal experience. However, our data capture and analysis tools, and other similar tools may also capture your identifiable data. For example, it may be possible for us to associate your queries on certain Services, like HLI Open Search, with your identity. We will not use such identifiable data for any purposes other than to operate, promote, and improve HLI Services and to develop new ones.
C. Other types of information:
IV. How will HLI use and share the Personal Information it receives?
A. Information used to provide, assess, and improve our Services.
HLI will use personally identifiable information that you provide in order to provide, assess, and improve our Services.
- Agents: We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide Services to you. Unless we tell you differently, our agents do not have any right to use the Personal Information we share with them beyond what is necessary to assist us.
B. Protection of HLI and Others: We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of HLI, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
C. Internal HLI Knowledge Generation: The core mission of HLI is to seek to improve our understanding of the human genome. HLI researchers may use your de-identified individual-level personal and genomic information to conduct internal research to advance our knowledge of the genome. However, we will not share your individual-level data outside of HLI, or publish research referencing individual-level personal and genomic data unless you have provided HLI with consent to use your data for this purpose.
D. With Your Consent: Except as set forth above, you will be notified when your Personal Information may be shared with third parties in personally identifiable form, and will be able to prevent the sharing of this information.
- Consent process for research: If you complete the Consent Document, HLI may use your individual-level Genetic Information and Self-Reported Information internally at HLI for Research purposes, and may share your data with certain third parties who are helping HLI conduct research, or who are themselves conducting scientific research. HLI will require third parties to attest that they will abide by certain rules intended to protect your individual-level data. These rules will include the following: 1) an agreement only to use your data for the specific purpose for which access has been granted; 2) that appropriate security measures are in place to protect your data; and 3) that they will protect your data from inappropriate disclosure, and will promptly notify HLI in the event of any data breach. Even when your individual-level data is shared, it will be de-identified, so that it is not readily linked back to your identity. Users of your data will agree that they will not make any effort to attempt to identify you from your data.
- Withdrawing your Consent: You may withdraw your consent to participate in Research at any time by notifying HLI that you no longer wish to consent. HLI will not include your Genetic Information or Self-Reported Information in new research occurring after 30 days from the receipt of your request. However, research involving your data that has already been done or published prior to your withdrawal of consent will not be withdrawn. Withdrawing your consent for research only impacts use of your individual level Genetic Information and Self-Reported Information. HLI may still use and share your Aggregate information, which means that it is bundled with other data such that you are not individually identifiable.
E. Aggregate information. HLI may share aggregate information with third-parties. Aggregate information is any information that has been stripped of personally identifying information, such as your name and contact information, and has been aggregated with information of others so that you cannot reasonably be identified as an individual. Aggregate information is different from “individual-level” information, which consists of data about an individual person’s genetic information, diseases or other traits/characteristics information. For example, Aggregate information may describe a trait shared by a group, such as “10% of people whose genome was sequenced by HLI share a specific genetic variant.” HLI would not provide the individual-level data used to support this statement. We may provide Aggregate information to third parties, such as academic institutions, pharmaceutical companies, and other businesses. Aggregate information does not reveal whether an individual has a particular genetic trait or variant. HLI will only share your individual-level data if you have consented to allowing it to be shared.
V. Is Personal Information about me secure?
We endeavor to protect the privacy of your Personal Information we hold in our records, and utilize security safeguards such as a web application firewall, Secure Socket Layer and other encryption of transmitted and stored Personal Information; but we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
VI. Important Information
- Children’s privacy: HLI is committed to protecting the privacy of children as well as adults. The HLI Website and Services are not designed for, intended to attract, or directed toward children under the age of 13. A parent or guardian, however, may upload data related to his or her child. The parent or guardian attests that he/she has legal authority to upload the minor child’s data and assumes full responsibility for the information.
- EU General Data Protection Regulation (GDPR) Disclaimer: HLI’s intent is to target and offer services to citizens of the United States. HLI does not market its services to citizens of the European Union (EU), and has not made attempts to target EU citizens for its services. Any EU citizen who wishes to enroll in this research study should understand that the data regulations of the US differ from those of the EU. HLI’s data storage and privacy regulations comply with US regulations but do not specifically comply with those of the EU’s GDPR. HLI removes identifying information, such as name, date of birth, address, from your data before placing it in the HLI database, and allowing it to be used for further research, but may not comply with all of the GDPR requirements. The GDPR regulation applies to the use and processing of personal data that can be used to directly or indirectly identify a person. GDPR defines personal data as any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly, or indirectly, in particular by reference to an identifier such as name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Any EU citizen who uses this site acknowledges and understands that HLI has not made any representation that it is in compliance with the GDPR requirements, nor can offer all of the protections and rights that may be required under the GDPR.
VII. Contact Information
If you have any questions about viewing or updating information we have on file about you, please contact us at firstname.lastname@example.org. Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: email@example.com.
IX. Questions or Concerns
If you have any questions or concerns regarding our privacy policies, please send us a detailed message to firstname.lastname@example.org, and we will try to resolve your concerns.