SECTION 1 – TYPES OF INFORMATION WE COLLECT.
a. Information You Provide Us Directly. We may collect information from you, including, but not limited to your username, first and last name, e-mail, password, phone number, and mailing address, when you create an account to log in to our network or at other times. If you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, in order to send you a reply, and any information that you submit to us, such as a resume. For customers who engage us for our testing services, we may also collect your genetic information and the genetic information of other individuals necessary for testing purposes (“Testing Information”).
c. Do Not Track. We do not respond to browser-based “do not track” signals. We do not have any third parties that push content to our site.
d. US – EU Privacy Shield. The United States Department of Commerce and the European Commission have agreed on a set of data protection principles (the “Privacy Shield Principles”) to enable U.S. companies to satisfy the EU law requirement that all personal information transferred from the European Economic Area (“EEA”) to the United States be adequately protected. EDL has elected to participate in the Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of all personal data received from the EEA. We certify that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the Privacy Shield program, and to view our certification or find more information on the Privacy Shield, please visit http://www.privacyshield.gov or at our EDL Privacy Shield Policy.
e. EU General Data Protection Regulation 2018. The General Data Protection Regulation (GDPR), which will apply from 25 May 2018, creates consistent data protection rules across Europe. It applies to companies that are based in the European Union and global companies that process personal data about individuals in the EU. In summary, the GDPR gives consumers the rights of access, rectification, automated decision making and profiling, as well as the rights to erasure, restrict processing, data portability and object. You may learn more about GDPR through the European Commissions page under Data Protection.
SECTION 2 – USE OF YOUR DATA.
a. General Use. In general, information you submit to us is used either to respond to requests that you make, or to aid us in serving you better. EDL uses your information to facilitate the creation of and secure your account on our network; identify you as a user in our system; provide improved administration of our website and services; improve the quality of experience when you interact with our website and services; send you administrative e-mail notifications; or respond to your inquiries related to employment opportunities or other requests.
b. Use of your Testing Information. We will only use your Testing Information in order to provide you the services you have requested, process your order, and respond to any order or billing related questions. Your de-identified sample data may be used for internal research purposes. If you would like to “opt-out” from us using your de-identified sample data, please contact us at firstname.lastname@example.org and provide your case number.
c. Creation of Anonymous Data. We may create anonymous data records from information (including without limitation, Testing Information) by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyze request and usage patterns so that we may enhance the content of our services.
SECTION 3 – DISCLOSURE OF YOUR INFORMATION.
b. Agents. We may share your information with agents to the extent necessary for them to provide their products and services to us, or to provide you with the products and services that you have requested. For example, if you engage us for testing services through a local laboratory, the laboratory is acting as our agent. Other examples include, database storage, file storage and file destruction.
c. Business Partners. We may partner with other companies and individuals with respect to particular products or services. These third parties may be provided access to your information needed to perform their function. To restrict sharing of information with these third parties for their marketing purposes, please see the section below titles “Your Choices Regarding Your Information.”
d. Subprocessors. We may share your information with subprocessors to the extent necessary for them to provide their products and services to us, or to provide you with the products and services that you have requested. To restrict sharing of information with these third parties for their marketing purposes, please see the section below titles “Your Choices Regarding Your Information.”
e. Other Disclosures. Regardless of any choices you make regarding your information (as described below), EDL, may disclose information if it believes in good faith that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants served on EDL; or (b) protect or defend the rights or property of EDL, or users of our services.
SECTION 5 – YOUR CHOICES REGARDING YOUR INFORMATION.
b. Changes to information. You may change any of your information in your account by sending an email to us at email@example.com. You may request deletion of your information by us, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives.
c. Storage of information. We may store your DNA samples for up to a 6-month period, depending on storage availability and legal requirements. Per our AABB Accreditation, we must archive AABB Legal reports and data for a period of 5 years. Per our Ministry of Justice Accreditation, Legal reports and data are archived for a period of 6 months. Peace of Mind and International Legal reports and data are archived for a period or 2 years.
SECTION 6 – SECURITY OF YOUR INFORMATION.
We are committed to protecting the security of your information. We use a variety of industry-standard security technologies and procedures to help protect your information from unauthorized access, use, or disclosure.
SECTION 7 – DISPUTE RESOLUTION.
If you have any questions or concerns, please contact EDL by email at firstname.lastname@example.org. We will do our best to address your concerns. If you feel that your complaint has been addressed incompletely, we invite you to let us know for further investigation. If you and EDL are unable to reach a resolution to the dispute, you may submit your complaint to the Better Business Bureau for mediation under the BBB Dispute Handling and Resolution, which are accessible on the BBB website at www.bbb.org. Questions or comments regarding this policy should be submitted to email@example.com.
SECTION 8 – AGE OF CONSENT.
By using this site and our services, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site. We do not intentionally gather information about visitors who are under the age of majority. If you are under the age of majority you should not use our site or service.
SECTION 9 – A NOTE TO USERS OUTSIDE OF THE UNITED STATES.
Your information may be processed in the country in which it was collected and in other countries, including the United States, where laws regarding processing of information may be less stringent than the laws in your country. See our US – EU Privacy Shield Policy if you are a resident of the EU.
SECTION 10 – DATA BREACH.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
SECTION 11 – CONTACT INFORMATION.
Endeavor DNA, Inc.
[Re: Data Protection Officer]
6955 North Mesa Street
El Paso, TX 79912
+1 (915) 519-1600
Revised May 18, 2018