This Policy is designed to help you understand better on how we collect, use, store, process, and transfer your information when operating our platform, mobile application, products, software and other services (the "Service" or "Services").
We strive to protect your information through our compliance with this policy. By accessing or using our services, you signify your acceptance of this policy. If you do not agree with our practices and policies, you can choose not to use our services.
Please read this page carefully. By accessing or using our services, you agree to our practices described in this policy.
This policy will be effective on the 5th of June, 2017. If there is any modification to the policy, we will make public notice of it through posting it on the bulletin board of our platform or individual notice through e-mails.
1. What information we collect
2. Use of collected information
3. Sharing collected information
5. Users' right to access and option
7. Protection of personal information of children
8. Security Incident Notification
9. Guidelines for residents in California
11. Contact Information
Information provided directly by the users
We may collect the information provided directly by the users as listed below.
- Registration Information. When you register an account with MyGenomeBox or purchase our services, we collect personal information, such as user ID, the password you create, nationality, your name, Credit card or other payment information and contact information such as your email and phone number. Your Registration information also includes records and copies of any correspondence with you and details of any transactions you carry out through our services.
- Self-Reported Information. You have the option to provide us with additional information about yourself through surveys, forms, features or applications. For example, you may provide us with information about your picture, gender, date of birth, blood type.
- Shipping information. When you use shipping services, we collect shipping address, addressee, nationality, and phone number.
Information related to our genetic Application services
- DNA DATA (Genetic Information). You may provide us with DNA data in connection with our services, MyGenomeBox collects, processes and stores this DNA data. We make sure to secure your DNA DATA beyond the healthcare industry standards to ensure that your information is safe.
Information collected through tracking technology (e.g. cookies or similar technologies)
Besides of information directly provided by the users, we may collect information in the course that the users use the service provided by us.
As you interact with our services online, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and usage patterns. This data may include details like listed below:
- Log Information. As is true of most platforms, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, operating system, date/time stamp. We may combine this automatically collected log information with other information we collect about you, such as your user profile ID or order number. We do this to improve services we offer you, and to improve marketing, analytics, and site functionality.
Other Types of Information.
We constantly strive to improve our services with new products, applications and features that may result in the collection of new and different types of information. We will update our privacy statement, as necessary.
We will use the collected information of users for the following purposes:
- Member management and identification(e.g. verifying your identity, providing you notices about your account, recognizing you when you return to our services)
- Open your account, enable purchases and process payments, communicate with you, and implement your requests
- Host our platform, provide custom, personalized content, and information, and track your usage of our services
- Provide you appropriate search results and personalized content
- Process your purchases
- Ship your purchases
- Perform quality control and quality improvement activities
- To provide information on promotional events as well as opportunity to participate
- Usage of information with prior consent from the users
- To detect and deter unauthorized or fraudulent use of or abuse of the Service
- Improvement of existing services and development of new services
- Make notice of function of MyGenomeBox’ service matters on policy change
- Comply with applicable laws or legal obligation
- Improvement of existing services and development of new services
We will share your DNA data, registration information and self-reported information with our partners only after you have explicitly authorized us to do so as part of purchasing apps and products on the Mygenombox Platform.
We will only share the DNA data needed to provide genetic reports using apps, not the complete set of your DNA data. We enter into a written agreement with each partner that requires the partner to do the following:
- Maintain the confidentiality and security of the DNA data, account information and self-reported information
- Usage of the DNA data, Account Information, and the self-reported information is only for the specific purposes that you have authorized.
We may disclose registration information, self-reported information, and information about your usage of our services other than your DNA data only in the following circumstances:
- To contractors, service providers and other third-party vendors we use to support our business (such as for payment processing and DNA Collection Kit shipment), and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of MyGenomeBox’s assets, in which personal information held by MyGenomeBox about our users is among the assets transferred. This policy would continue to apply to information collected while it was in place.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of MyGenomeBox, our users or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
We may also disclose your personal information, including your DNA data:
- To comply with a valid court order, law or legal process, provided that we will not disclose your DNA data without a valid subpoena or search warrant specific to your DNA data. If we are required to disclose your information, we will do our best to provide you with notice in advance, unless we are prohibited by law from doing so.
- To enforce or apply our Terms of Service and other agreements
Other than as described above, we will never provide your information to anyone for any purpose under any circumstances.
We may collect collective and impersonal information through 'cookies'. Cookies are very small text files to be sent to the browser of the users by the server used for the operation of the platform of the Company and will be stored in hard-disks of the users' computer.
These functions are used for evaluating, improving services and setting up users' experiences so that much improved services can be provided by MyGenomeBox to the users. The items of cookies to be collected by the Company and the purpose of such collection are as follows:
Strictly necessary cookies. This cookie is a kind of indispensable cookie for the users to use the functions of the platform of the Company. Unless the users allow this cookie, the services such as shopping cart or electronic bill payment cannot be provided. This cookie does not collect any information which may be used for marketing or memorizing the sites visited by the users.
- Memorize the information entered in an order form while searching other pages during web browser session
- For the page of products and check-out, memorize ordered services
- Check whether login is made on platform
- Check whether the users are connected with correct services of the platform while we change the way of operating its platform
- Connect the users with certain application or server of the services
Functionality cookies. This cookie is used for memorizing the set-ups so that MyGenomeBox provides improved services for users. Any information collected by this cookie does not identify the users individually.
- Memorize set-ups applied such as layout, text size, basic set-up and colors
- Memorize when the customer respond to a survey conducted by the Company
The users have an option for cookie installation. So, they may either allow all cookies by setting option in web browser, make each cookie checked whenever it is saved, or refuses all cookies to be saved: Provided that, if the user rejects the installation of cookies, it may be difficult for that user to use the parts of services provided by MyGenomeBox.
The users or their legal representatives, as main agents of the information, may exercise the following options regarding the collection, use, and share of personal information by MyGenomeBox:
- Exercise right to access to personal information
Make corrections or deletion
- Make temporary suspension of treatment of personal information; or
- Request the withdrawal of their consent provided before
If, in order to exercise the above options, you, as an user, use the menu of ‘My Account’ in webpage or contact the Company by using representative telephone or sending a document or e-mails, or using telephone to the responsible department (or person in charge of management of personal information), the Company will take measures without delay: Provided that the Company may reject the request of you only to the extent that there exists either proper cause as prescribed in the laws or equivalent cause.
We use a number of methods to keep your information as private and secure as we can. Our methods at least meet industry standards. Our methods include encrypting data both while moving (being sent) and while at rest (being stored). They also include using strict authentication requirements for any access to the data. From time to time, MyGenomeBox also tests how secure our systems are. This allows us to find and fix points of weakness. We will also test the security of our partners’ systems.
We limit access to your information to MyGenomeBox’s employees and contractors who we believe need access to it to provide services to you or to do their jobs. In addition, beyond industry standard, we physically, technically, and procedurally secure your DNA data, account information, self-reported information and any other personal information from accidental loss and from unauthorized access, use, alteration and disclosure.
In principle, we do not collect any information from the children under 13 or equivalent minimum age as prescribed in the laws in relevant jurisdiction. The platform, products and services of MyGenomeBox are the ones to be provided to ordinary people, in principle. The platform or application of the MyGenomeBox has the function to do age limit so that children cannot use it and the Company does not intentionally collect any personal information from children through that function.
However, if MyGenomeBox collects any personal information from children under 13 or equivalent minimum age as prescribed in the laws in relevant jurisdiction for the services for unavoidable reason, the Company will go through the additional procedure of the followings for protecting that personal information of children:
- obtain consent from the parents or guardian of children so as to collect personal information of children or directly send the information of products and services of MyGenomeBox
- give the parents or guardian of children a notice of Company's policy of privacy protection for children including the items, purpose, and sharing of personal information collected
- grant to legal representatives of children a right to access to personal information of that children/correction or deletion of personal information/temporary suspension of treatment of personal information/ and request for withdrawal of their consent provided before
- limit the amount of personal information exceeding those necessary for participation in online activities
We notify the relevant customer in the event of any unauthorized access to Customer Data or unauthorized access to processing equipment or facilities resulting in loss, disclosure or alteration of Customer Data.
Customer notification items are as follows:
- a description of the incident
- the time period
- the consequences of the incident
- the name of the reporter
- to whom the incident was reported
- the steps taken to resolve the incident (including the person in charge and the data recovered)
If there is any security incident, we will make public notice of it through posting it on the bulletin board of our platform or individual notice through e-mails within 5 days of the incident.
If the user resides in California, certain rights may be given. The Company prepares preventive measures necessary for protecting personal information of members so that the Company can comply with online privacy protection laws of California.
In case of leakage of personal information, a user may request the Company to check the leakage. In addition, all the users on the platform of the Company can modify their information at any time by using the menu for changing information by connecting their personal account.
Moreover, the Company does not trace the visitors of its platform nor use any signals for 'tracing prevent'. The Company will not collect and provide any personal identification information through ad services without the consent of users.
We have the right to amend or modify this Policy from time to time and, in such case, the Company will make a public notice of it through bulletin board of its platform (or through individual notice such as written document, fax or e-mail) and obtain consent from the users if required by relevant law.
Whenever the policy is modified in a material way, a notice will be posted as part of the policy and on our customer’s account login pages for 30 days. After 30 days the changes will become effective. In addition, all customers will receive an email with notification of the changes prior to the change becoming effective.
We designate the following department and person in charge of personal information in order to protect the personal information of customers and deal with complaints from customers:
- Department: Information Security
- Tel: +82-32-715-6335
- E-mail: firstname.lastname@example.org
- Chief Information Security Officer(CISO), Chief Privacy Officer(CPO): Young Tae, Park
- CISO Tel: +82-32-715-6335
- CISO E-Mail: email@example.com
The latest update date: 5th of June, 2017
Link: Read the previous version of the document.