Your privacy is a top priority to SelfDecode. We recognize how important it is to keep your information secure and confidential, and most importantly, yours. Privacy matters for your information, and in particular your Genetics, Laboratory and Self-Reported Information.
Our goal at SelfDecode is to create an environment where you can learn about your genetic makeup, easily discover information relevant to your genetics, conventional biomarkers and lifestyle, and connect with other people on the same journey. We aim to create tools that you can use to identify genetic variations of interest to you. We also aim to provide information that you can consider when thinking about how to respond to those variants of interest. In order for us to provide you with the services described above we need to analyze files that contain data about your genetic variations. With this in mind please take the time to read through our Terms of Service.
What is Personal Identifiable Information?
Personal Identifiable information (PII) is information that can be used to identify you, either alone or in combination with other information. SelfDecode collects and stores the following types of Personal Information:
What do we mean by Genetic Information?
With this term we refer to any information regarding your genotypes, generated through processing the Genetic Information you have uploaded on SelfDecode´s Platform, or that has been uploaded by any of our clients, independent contractors; or otherwise processed by and/or contributed to SelfDecode.
What do we mean by Laboratory Information?
With this term we refer to any laboratory test data you have uploaded on SelfDecode´s Platform, or that has been uploaded by any of our clients, independent contractors; or otherwise processed by and/or contributed to SelfDecode.
What is included in the term “Sensitive Information”?
This term refers to information about your health, Genetic, Laboratory and Self-Reported Information, and information related to your racial and ethnic origin, sexual orientation, and political affiliation.
What kind of information Do We Collect?
We collect several types of information from and about users of our Services.
We may collect some of your Personal Demographic Information. You must provide certain information when you access our Services through our platform or by logging into our website. This information includes your name, email address, the password you create, and credit card or other payment information. Your account information also includes records and copies of any correspondence with you and details of any transactions you carry out through our Services.
You will have the chance to upload what we call “Self-Reported Information”. This is information you provide directly to us, either through our web portal or through any third party, including your disease conditions, other health-related information, personal traits, ethnicity, family history, and other information that you enter into surveys, forms, or features while signed in to your SelfDecode account. SelfDecode may ask you to provide data about yourself, including demographic data such as personal and family medical history, age, sex, physical features such as eye color, behavioral information such as exercise habits, or self-declared ethnicity.
We also collect “Online Behavior” Information collected through tracking technology. Online Behavior information is that info that can show us how you use our Services collected through log files, cookies, web beacons, and similar technologies, (e.g., device information (device identifiers), IP address, browser type, domains, page views).
Aggregate information is information that has been combined with that of other users and analyzed or evaluated as a whole, such that no specific individual may be reasonably identified.Google Analytics is used to perform many of the tasks listed above. SelfDecode works with Google Analytics to better understand our audience and users, to improve our marketing campaigns, and to enhance our services. You can learn more about Google Analytics’ privacy choices or opt out at any time.
We may collect your information to send you some promotional offers of our services. If you do not wish to have your contact information used by SelfDecode to promote our Services, you can opt-out by changing your account settings. You may not be able to opt out of receiving certain Service-related emails, such as communications about orders, billing, account creation, registration and policy updates. If we have sent you a promotional email or other informational email not related to your order or account, the email will have an “unsubscribe” feature that will allow you to opt-out of receiving future email distributions.
Some other parties' information you provide to us:
If you have purchased a product as a gift for someone else, your gift recipient must create their own account. SelfDecode will not share any personal information of the gift recipient with you.
Our Services are not intended for anyone under 18 years of age. We do not knowingly collect personal information from or on behalf of someone under 18. If you are under 18, do not register on our website or provide any information about yourself to us. If we learn we have collected or received personal information from or on behalf of someone under 18, we will make commercially reasonable efforts to remove the information and/or user account and not make future use of that information to contact a minor. If you believe we might have any information from or about someone under 18, please contact us at firstname.lastname@example.org.
You may provide us with a Genetic Information file, by uploading it to our software. In connection with our Services, SelfDecode processes and stores this Genetic Information, including your SelfDecode Insights. Self Decode Insights means the process by which SelfDecode interprets your Genetic Information to produce SelfDecode Insights when you request to receive that feature in your SelfDecode Account. If you do not wish to have SelfDecode Insights produced for you, do not request to receive this feature or products related to it. You do not need to receive your SelfDecode Insights in order to use other parts of the SelfDecode Platform.
With your consent, as described in our Platform Consent, we do the following:
- store the Genetic Information you upload;
- provide you SelfDecode Insights;
In the following sections, we describe how we use your Genetic Information and Self-Reported Information in particular:
When you upload your Genetic Information, SelfDecode stores it. When you choose to receive SelfDecode Insights, SelfDecode will use certain portions of your Genetic Information to produce your SelfDecode Insights. For the SelfDecode Services you purchase, you allow SelfDecode to use certain portion(s) or all of your Genetic Information to deliver the genetic interpretations offered by our Services to you and improve them over time. Your Genetic Information may be combined with that of other users as “Aggregated Genetic Information.” Aggregated Genetic Information is that that does not include any data that would reasonably permit someone to identify you individually. SelfDecode may use Aggregated Genetic Information for its internal business purposes, such as to improve our products, data quality and laboratory processes. Aggregated Genetic Information may also be used for our promotional purposes. This could include describing users of our Services in general terms (e.g., “50% of our users are male” or “on average our users have 2% Neanderthal DNA”).
You may provide us with Laboratory Information, by uploading it to our software or manually entering lab test results. In connection with our Services, SelfDecode processes and stores this Laboratory Information, including your SelfDecode Insights. Your Laboratory Information may be combined with your Genetic Information to improve interpretations of your Genetic Information, including SelfDecode Insights. Self Decode Insights means the process by which SelfDecode interprets your Laboratory Information to produce SelfDecode Insights when you request to receive that feature in your SelfDecode Account. If you do not wish to have SelfDecode Insights produced for you, do not request to receive this feature or products related to it. You do not need to receive your SelfDecode Insights in order to use other parts of the SelfDecode Platform.
With your consent, as described in our Platform Consent, we do the following:
- store the Laboratory Information you upload;
- provide you SelfDecode Insights;
In the following sections, we describe how we use your Genetic Information, Laboratory Information and Self-Reported Information in particular:
When you upload your Laboratory Information, SelfDecode stores it. When you choose to receive SelfDecode Insights, SelfDecode will use certain portions of your Laboratory Information to produce your SelfDecode Insights. For the SelfDecode Services you purchase, you allow SelfDecode to use portion(s) or all of your Laboratory Information to deliver the lab test interpretations offered by our Services to you and improve them over time. Your Laboratory Information may be combined with that of other users as “Aggregated Laboratory Information.” Aggregated Laboratory Information is that that does not include any data that would reasonably permit someone to identify you individually. SelfDecode may use Aggregated Laboratory Information for its internal business purposes, such as to improve our products, data quality and laboratory processes. Aggregated Laboratory Information may also be used for our promotional purposes. This could include describing users of our Services in general terms (e.g., “50% of our users have high blood pressure” or “on average, our users have 20% body fat”).
Many traits are also influenced by non-genetic factors, as discussed in our Terms of Service and Platform Consent. Your Self-Reported Information may be combined with your Genetic Information to improve interpretations of your Genetic Information, including SelfDecode Insights. Some Products may require this information for purposes of interpreting your Genetic Information, but it is up to you to provide this information. If you do not provide this information, you may not be able to purchase or use certain SelfDecode Products.
How do we use your information?
To provide you with Services and to analyze and improve our Services:
For individuals located in the European Economic Area (“EEA”) and the United Kingdom:
To process, analyze and deliver our reports based on your Genetic or Laboratory Information:
We will analyze your Genetic, Laboratory and Self-Reported Information to provide you with health insights and other related Services. SelfDecode continuously works to improve our Services based on our research and product development, and genetic associations identified in scientific literature. If you are eligible to receive additional reports or updates in the future, you may be notified of or may directly access these updates.
For individuals located in the European Economic Area (“EEA”): Our legal basis for processing your Sensitive Information for the purposes described above is based on your consent. You may withdraw your consent at any time by sending an email to email@example.com, however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
You have the choice to participate in our Research studies by providing your consent. “Research" refers to research aimed at publication in peer-reviewed journals and other research conducted by SelfDecode.
SelfDecode Research may be conducted on behalf of, or in collaboration with third parties. In those Researches, we may study a specific group or population, identify potential areas or targets for therapeutics development, conduct or support the development of drugs, diagnostics or devices to diagnose, predict or treat medical or other health conditions, work with public, private and/or non-profit entities on genetic research initiatives, or otherwise create, commercialize, and apply this new knowledge to improve health care. We may use Aggregate and/or Individual-level Genetic Information.
Your anonymized Genetic, Laboratory and Self-Reported Information may be used for Research purposes only if you have consented to this use by completing a Consent Document. Anonymized information is that that has been stripped of other pieces of information that can trace back the first piece with you, such that you cannot reasonably be identified as an individual, also known as pseudonymized or anonymized information. If you have given us consent to use your Genetic, Laboratory and Self-Reported Information for Research, your Genetic, Laboratory and Self-Reported Information will be used for research purposes, but it will be anonymized and will not be linked to your Registration Information. We may still use individual-level Genetic, Laboratory and Self-Reported Information to enhance the results of other internal research at SelfDecode. We may also share summary statistics, which do not identify any particular individual or contain individual-level information, with our qualified research collaborators.
Research is an important aspect of our Services and we want to ensure interested participants are aware of additional opportunities to contribute to scientific research conducted by healthcare organizations and pharmaceutical companies. If you have chosen to participate in any Research, from time to time send you an email to ask you if you want to participate in any of these Researches. We will not share Genetic, Laboratory or Self-Reported Information with any third party without your explicit consent.
For individuals located in the European Economic Area (“EEA”) or the United Kingdom: Our legal basis for processing your Sensitive Information for the purpose described above is based on your consent. You may withdraw your consent at any time, however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
If you have given us express consent to use your Genetic and Laboratory Information for Research purposes, SelfDecode may share anonymized Genetic and Laboratory Information and with select third party research collaborators for Research purposes.
Withdrawing your Consent. You may withdraw your consent to participate in any of our Research efforts at any time by contacting us at firstname.lastname@example.org. Any research involving your data that has already been performed or published prior to your consent withdrawal will not be reversed, undone, or withdrawn.
For individuals located in the European Economic Area (“EEA”) or the United Kingdom, the legal basis for processing your Sensitive Information for the purpose described above is based on your consent. You may withdraw your consent at any time, however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
What do we share with others?
We sometimes share the information described above with our third party service providers, as necessary for them to provide their services to us and help us perform our contract with you. Service providers are other companies or individuals that help us to provide, analyze and improve our Services. We engage some third party service providers to assist in supporting our Services.
How do we store your information?We store your information using third-party cloud storage services providers. Our cloud storage providers provide secure storage for information in dedicated databases, ensuring that our infrastructure can support continued use of our Services, and protect data in the event of a natural disaster or other disruption to our Service. Our IT and security service providers assist with intrusion detection and prevention measures to stop any potential attacks against our networks.
When you use our Services, including our website and online platform, our third party service providers may collect Online Behavior Information about your visit, such as the links you clicked on, the duration of your visit, and the URLs you visited. This information can help us improve site navigability and assess our Marketing campaigns. Per applicable data protection regulations, our EU, UK, and International websites present visitors with a cookie opt in to allow the processing of cookies and other marketing functionalities.
We implement procedures and maintain contractual terms with each service provider to protect the confidentiality and security of your information. However, we cannot guarantee the confidentiality and security of your information due to the inherent risks associated with storing and transmitting data electronically.
We may share Aggregate Information, which is information that has been stripped of your name and contact information and combined with information of others so that you cannot reasonably be identified as an individual, with third parties. This Information is different from "Individual-level" information and is not Personal Identifiable Information because it does not identify any particular individual or disclose any particular individual’s data. In contrast, we will ask for your consent to share your individual Genetic Information with any third party, other than our service providers as necessary for us to provide the Services to you.
How Do You Access, Correct or Remove Your Information?
Knowing what we know about you:
We provide access to our platform by the use of a dedicated account. You can access all your Genetic, Laboratory, and Self-Reported Information, and all reports and information created for you as part of our Services, including SelfDecode Insights. You may access, correct or update most of your Personal Identifiable Information through our platform.
When you access our services, whether entering into our website, signing in to the web portal, or when purchasing any of our products and Service, you may be asked to opt-in to receive promotional emails or notifications when creating your account with SelfDecode or when using our Services. You may view or update your notification preferences for marketing communications by contacting our Privacy Administrator at email@example.com
Deleting your info:
If you no longer wish to have access to our Services, or no longer wish to have your Personal Identifiable Information be processed, you may delete your account and Personal Identifiable Information by requesting it to firstname.lastname@example.org. Once you submit your request, we will send an email to the email address linked to your account detailing our account deletion policy and requesting that you confirm your deletion request. Once we confirm your identity, your request will become effective. This process cannot be canceled, undone, withdrawn, or reversed. When your account is deleted, all associated Personal Identifiable Information is deleted and any stored Genetic, Laboratory or and Self-Reported Information will be discarded. However, some information will not be erased. For example, information previously included in Research, for which you have given consent to use in any of our Research, cannot be removed from completed studies that use that information.
Additionally, there are legal retention requirements that we need to comply with some legal processes in certain locations, for which some of your Personal Identifiable Information will not be subject to complete erasure. We will retain limited information related to your account and data deletion request, including your email address, account deletion request, any emails or communications related to inquiries or complaints and legal agreements for a limited period of time as required by law, contractual obligations, and/or as necessary for the establishment, exercise or defense of legal claims and for audit and compliance purposes.
Other third parties privacy policies:
Information for our customers in the European Economic Area (“EEA”) and the United Kingdom. The following rules apply to you.
Your Personal Information will be transferred to, stored, and processed in data centers located within the European Union (“EU”) territories.
If you have questions about how we process your information, contact us at email@example.com.
For the most part of our Services we will be the “controller” of your Personal Identifiable Information, as we determine the means and purposes of processing your information when using our Services. A “controller” is a natural or legal person, public authority, agency or other body which alone or jointly with others, determines the purposes and means of the processing of your Personal Information. For some other Services, we will act as a simple “processor” of your Personal Identifiable Information, as we will act on behalf of other third parties.
We may process your Personal Identifiable Information if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights, our customers or others.
Promotional Offers from SelfDecode. If you do not wish to have your contact information used by SelfDecode to promote our Services, you can opt-out by changing your account settings. You may not be able to opt out of receiving certain Service-related emails, such as communications about orders, billing, account creation, registration and policy updates. If we have sent you a promotional email or other informational email not related to your order or account, the email will have an “unsubscribe” feature that will allow you to opt-out of receiving future email distributions. You may also withdraw your consent at any time by emailing firstname.lastname@example.org
We will only share your Personal Identifiable Information with third parties for marketing purposes with your explicit consent. If you do not want us to use your Personal Identifiable Information in this way, you may withdraw your consent at any time by emailing email@example.com. You may raise such objections with regard to initial or further processing for purposes of direct marketing at any time and free of charge. The withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
How do you exercise your rights?
You can exercise your privacy rights by following the instructions below or contacting us at firstname.lastname@example.org. We will handle your request under applicable law. When you make a request, we may verify your identity to protect your privacy and security.
You have the right to withdraw consent at any time. To the extent we request you provide your consent to the processing of your Personal Identifiable Information, you can withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
You have the right to know what Personal Identifiable Information we have of you, and you can request us to correct any part of it. At any point in time you can send us an email to email@example.com and request a correction of your Personal Identifiable Information. In some cases, we may reject part or all of your request if responding to your request could adversely affect the rights and freedoms of others.
You have the right to be forgotten. That's right, you can request us to delete your account at any time. You can request erasure of Personal Information that: (a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) was collected in relation to processing to which you previously consented, but later withdrew such consent; or (c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing. If we have shared your Personal Identifiable Information with any third parties, but we are still required to erase such Personal Identifiable Information, we will take reasonable steps, including technical measures, to inform controllers that are processing any links to or copies or replications of your Personal Identifiable Information of your erasure request. Our assistance with your request for erasure is subject to limitations by relevant data protection laws, available technology and the cost of implementation.
You have the right to take your info with you. If we process your Personal Identifiable Information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request your Personal Identifiable Information in a structured, commonly used and machine-readable format. You may also request the transfer of your Personal Information directly to another controller, where technically feasible, unless choosing to exercise this right adversely affects the rights and freedoms of others.
You have the right to ask us to stop processing your Personal Identifiable Information. You can restrict our processing of your Personal Identifiable Information where one of the following applies: (a) you dispute the accuracy of Personal Information processed by us (for a period enabling us to verify its accuracy); (b) the processing is unlawful and you oppose the erasure of the Personal Identifiable Information and request the restriction of its use instead; (c) we no longer need the Personal Information for the purposes of the processing, but we are required to do it by you for the establishment, exercise or defense of legal claims; and (d) you have objected to certain processing relying on legitimate interest, pending the verification whether our legitimate grounds override your rights. Restricted Personal Information shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will notify you if the restriction is lifted.
You can also limit the scope of what we do with your Personal Identifiable Information. Where the processing of your Personal Information is based on consent, contract, or legitimate interests described under the Legal Bases for Processing heading above, you may restrict or object, at any time, to the processing of your Personal Information as permitted by applicable law. We may continue to process your Personal Information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
What happens with any information we have already shared with others?
We will provide notice to each recipient that we disclosed your Personal Information to regarding any rectification or erasure of Personal Information or restriction of processing, unless you initiated the disclosure or providing notice proves impossible or involves disproportionate effort. Upon your request, we will share the list of recipients with you.
You will never process your info through automated profiling systems. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you, except as allowed under applicable data protection laws.
How long will we keep your Personal Identifiable Information?
Unless you request us to delete your account or any of your Personal Identifiable Information, we will store it as long as your account is open, unless a longer retention period is required or permitted by law.
The rights described above may be limited by local laws. Have in mind that your right of access and deletion is not absolute and may not be available if fulfillment of such right would, if they can cause interference with execution and enforcement of the law and legal private rights (such as in the case of the investigation or detection of legal claims or the right to a fair trial); or if that causes to breach or prejudice the rights of confidentiality and security of others; prejudice security or grievance investigations, corporate reorganizations, or in any way violate the interests of others or where the burden or cost of providing access would be disproportionate.
If you believe your rights have been infringed:
You should immediately reach out to us so that we can activate our internal processes to remediate your concerns. You can contact us at:
13727 SW 152nd Street #896
Miami, Florida 33177
Alternatively, you may contact our EU member representative, DataRep, at firstname.lastname@example.org
You also have a right to file a complaint with your member country's supervisory authority of your habitual residence, place of work, or place of alleged infringement. You can find the relevant supervisory authority name and contact details here: