Last updated: Nov 27, 2018
Protecting your privacy is very important to us. We’re telling you about our privacy policy and
notice so you
know what information we collect, why we collect it, and what we do with it. The GenoBank.io
Service (“Service”)
is owned and operated by GenoBank.io Inc. (“GenoBank.io”, “us”, “we”, or “our”), a Delaware
corporation. We
operate the www.GenoBank.io as well as the
GenoBank.io.com website
(collectively the “Website”). Your use of the Website and Service is governed by the privacy
policy and
notifications contained herein together (the ” Privacy Policy”, “Policy”). Please read this
Privacy Policy
carefully. By accessing, browsing or otherwise using the Website or any GenoBank.io Service, you
acknowledge
that you have read, understood, and agree that you have been so notified of this Privacy Policy.
If you do not
accept the terms and conditions of this Privacy Policy, you should not access, browse or use the
Website. This
page informs you of our policies regarding the collection, use and disclosure of Personal
Information when you
use our Service.
-
GenoBank.io and researchers on our platform will not retain, use or share any
individual-level sequencing, surveys, or
other information except as explicitly allowed in this section.
-
Researchers and every entity retaining or using individual-level information will publicly
register with GenoBank.io and
create a cryptographic identity which only they control.
-
Researchers will announce every instance of every data sharing of individual-level
information on GenoBank.io with a
minimum of 60 days’ advanced notice.
-
GenoBank.io and researchers will announce every instance of data loss or unintentional
sharing immediately and publicly
on GenoBank.io.
-
GenoBank.io and researchers will destroy all individual-level information it controls within
90 days unless it can
confirm current use permission through GenoBank.io. GenoBank.io and researchers will perform
this check at least once
every 30 days.
-
Every program participant will anonymously register with GenoBank.io and create a
cryptographic identity which only they
control. And participants will initially allow researchers full access to retain, use and
share their individual
information.
-
Note that GenoBank.io is based on blockchain and permissions are registered directly by
participants using cryptographic
identities which only they control – this means that GenoBank.io, including its employees,
is unable to impersonate,
1. Data Utilization
Description
GenoBank.io collects information from you when you register an account on our Website or create a
wallet using
our dapp, contribute Shared Data or Personal Data, including self-reporting information through
surveys, forms,
features or applications, use social media connections and features, refer contacts to us, share
information
through various interactions with us and our partners, and
similar tracking
technologies.
GenoBank.io will use your Shared Data and Personal Data as follows:
- Population-level Research: GenoBank.io or a contracted third party may perform
population-level searches
based on a pre-defined study design. We refer to these searches as queries. Based on the
results of a query,
a subset of aggregated, de-identified Shared Data is populated in a private, secured
computer environment
controlled by GenoBank.io, which we refer to as a sandbox, in order to complete the analysis
required by the
study design. This population-level research may have various purposes including the
advancement of genomic
science and identifying links between genomics and disease or other conditions. Researchers
and third
parties will be able to associate your Shared Data with a unique data file identification
number (Data
Tokenization process) that is independent from your Personal Data using proprietary or open
source
algorithms.
- Targeted Research Participation: In some situations, such as clinical trial recruitment, a
researcher or
contracted third party may want to contact you and other members directly. GenoBank.io
enables this via an
anonymous or incognito, automated process, which allows the researcher or contracted third
party to invite
you into a direct communication but does not grant them access to any of your Personal Data
or individual
Shared Data. It is then your choice whether you will engage in direct contact with the
researcher or
contracted third party or not. Your preference whether to receive these invitations (which
we call opt-in)
can be turned on or off within your personal wallet settings or account page. The invitation
list is
typically determined by GenoBank.io, the researcher or the contracted third party querying
our platform,
using the unique data file identification number linked to your Shared Data, and based on
specific query
parameters defined by the researcher or contracted third party.
- As Required By Law: GenoBank.io may use or disclose any information it collects as required
by law or legal
process, for example, in responding to a court-issued subpoena. However, we believe the
steps GenoBank.io
takes to protect your information, such as its data segregation architecture which does not
allow for
re-identification of Shared Data without the consent of the contributing member, provides
substantial
protection to our members in these situations by using an individual data container and
encryption key for
each user or wallet. Where allowed by law or legal process and where reasonably possible, we
will notify you
in advance of any such proposed use or disclosure of your data.
- Enforcement of Agreements. GenoBank.io may use your data to enforce our Terms of Service,
any member
Subscription Agreement, or our Operating Agreement, including in each case investigations of
potential
violations.
We will not use or share your information with anyone except as described in this Privacy Policy.
As explained in
our GenoBank.io Consent, you may choose at any time to revoke your consent to all of your data,
purge some or
all of your data, and even delete your account completely from our databases.
We use your Personal Information for providing and improving the Service. By using the Service,
you agree to the
collection and use of information in accordance with this policy. Unless otherwise defined in
this Privacy
Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions,
accessible at
our Website.
While using our Service, we may ask you to provide us with certain personally identifiable
information that can
be used to contact or identify you. Personally identifiable information may include, but is not
limited to, your
first name, last name, address and email address (“Personal Information”). We collect this
information for the
purpose of providing the Service, identifying and communicating with you, responding to your
requests/inquiries,
servicing your purchase orders, and improving our services. We do not collect social security
number or other
similar information unless you choose to provide it. We do collect other limited information
automatically from
visitors who read, browse, and download information from our site. We do this, so we can
understand how the site
is being used and how we can make it more helpful.
Certain information about your visit can be collected when you browse websites. When you browse
the GenoBank.io
Website, we, and in some cases our third-‐party service providers, can collect the following
types of
information about your visit, including:
- Domain from which you accessed the Internet
- IP address (an IP or internet protocol address is a number that is automatically assigned to
a device
connected to the web)
- Approximate geographic location based on the IP address of the user’s local system
- Operating system (which is software that directs a computer’s basic functions such as
executing programs and
managing storage) for the device that you are using and information about the browser you
used when visiting
the site
- Date and time of your visit
- Pages you visited
- Address of the website that connected you to our Website (such as google.com or bing.com)
- Device type (desktop computer, tablet, or type of mobile device)
- Screen resolution
- Browser language
- Geographic location
- Time spent on page
- Scroll depth – The measure of how much of a web page was viewed
- User events (e.g. clicking a button)
- We use this information to measure the number of visitors to our site and its various
sections, to help make
our site more useful to
2. No Cookies
- We are putting your privacy at the highest of our priorities which is why we take pride in claiming that we don't track cookies
3. Do Not Track Disclosure
- Do Not Track (“DNT”) is a preference you can set in your web browser to inform websites that
you do not want
to be
- io automatically observes the DNT browser setting for digital advertising that uses
“conversion-‐tracking”
or “re-‐targeting”. If “Do Not Track” is set
before a
device visits the GenoBank.io website, third party conversion tracking and
retargeting
tools will not load on the site. For more information on DNT or information on how to set
the Do Not Track
setting in your browser go to the Do Not Track website.
- So you can enable or disable Do Not Track by visiting the Preferences or Settings page of
your web
4. Service Providers
- We may employ third party companies and individuals to facilitate our Service, to provide
the Service on our
behalf, to perform Service-‐related services and/or to assist us in analyzing how our
Service is used. We
will only share PII with third party vendors, consultants, agents, partners, and other
service providers
with whom we contract to help us provide or improve our
- These third parties will not have access to your Personally Identifiable Information and are
obligated not
to disclose or use your information for any other
- Please note that GenoBank.io will only share your information in accordance with this
Policy, except in the
following situations:
- You have given us your consent to share or use information about you;
- We believe that we need to share information about you to provide a service that you have
requested from us
or from others;
- We are required by law to disclose information; or
- We believe that it is necessary to protect our rights or to avoid liability or violations of
the law.
5. Communications
- We may use your Personal Information to contact you with newsletters, marketing or
promotional materials and
other information that may be of interest to
- We also engage certain service providers for purposes of tracking and associating internet
search and
browsing behavior to provide improved functionality on the GenoBank.io website. We enable
them to use
tracking technologies, web beacons, on or in conjunction
with
the io website. These companies
may
use non-‐personally identifiable information about your
visits
to other websites, together with non-‐personally
identifiable
information about your purchases and interests from other online and offline sources, to
provide you with
newsletters, marketing or promotional materials and goods and services that may be of
interest to you.
- The use and collection of information by these service providers is governed by their
respective privacy
statements and thus is not covered by this Policy. In addition, we may share Website usage
information with
these service providers to manage and target ads and for market research
- Finally, information obtained through these processes may be combined with personally
identifiable
information in order to analyze our marketing efforts. You may opt out of receiving any, or
all, of these
communications from us by contacting
6. Compliance with Laws
- io recognizes it may be subject to the requirements of the Health Insurance Portability and
Accountability
Act of 1996 (“HIPAA”) and the regulations set forth thereunder at 45 C.F.R. Part 160 and
Part 164 (the
“HIPAA Privacy Regulations”) because GenoBank.io provides certain services which involve (i)
the use and
disclosure of Protected Health Information (as defined in the HIPAA Privacy Regulations) by
GenoBank.io, and
(ii) the disclosure of Protected Health Information by or on behalf of registered user by
GenoBank.io.
Accordingly, pursuant to the HIPAA Privacy Regulations, Service Company may be a “Business
Associate” (as
defined in the HIPAA Privacy Regulations). GenoBank.io complies with all of the requirements
of HIPAA and
the HIPAA Privacy Regulations applicable to Business Associates respectively.
- Additionally io complies in all material respects with all federal and state-‐mandated
regulations, rules,
or orders applicable to the services provided herein, including but not limited to
regulations promulgated
under Title II, Subtitle F of the Health Insurance Portability and Accountability Act
(Public
Law 104-‐91) (“HIPAA”). We will not disclose
your
Personal Information unless required to do so by law or subpoena or if we believe that
such action is
necessary to comply with the law and the reasonable requests of law enforcement or to
protect the security
or integrity of our Service. These regulations may require us to disclose to proper
authorities information
related to your usage of the Service, such as -‐ but not limited to -‐ time and date of
your registration,
your logins and logouts, your changes of passwords to the Service, time and date of your CCD
and Fitbit (or
weareables) uploads and authorizations to release your healthcare related data.
7. Security
- io acknowledges that, during its engagement by registered users, it will have access to
Personal Information
including identity attributes and health information. GenoBank.io in its collection,
receipt, transmission,
storage, disposal, use and disclosure of such Personal Information will be a responsible
keeper of that
information.
- While no method of internet transmission, or electronic storage is totally secure,
GenoBank.io strives to
implement and maintain reasonable, commercially acceptable security procedures and practices
appropriate to
the nature of the information we store. GenoBank.io shall implement administrative, physical
and technical
safeguards to protect Personal Information that are no less rigorous than accepted industry
practices
(including the International Organization for Standardization’s standards: ISO/IEC
27001:2005 – Information
Security Management Systems – Requirements and ISO-‐IEC
27002:2005 –
Code of Practice for International Security Management, other
applicable industry
standards for information security), and shall ensure that all such safeguards, including
the manner in
which Personal Information is collected, accessed, used, stored, processed, disposed of and
disclosed,
comply with applicable data protection and privacy laws, as well as the terms and conditions
of this Privacy
8. International Transfer
Your information, including Personal Information, may be transferred and maintained on computers
located outside
of your state, province, country or other governmental jurisdiction where the data protection
laws may differ
than those from your jurisdiction. If you are located outside United States and choose to
provide information to
us, please note that we transfer the information, including Personal Information, to United
States and process
it there. Your consent to this Privacy Policy followed by your submission of such information
represents your
agreement to that transfer.
9. Changes to this Privacy Policy
GenoBank.io may amend this Privacy Policy from time to time, at its sole discretion. Use of
information we
collect now is subject to the Privacy Policy in effect at the time such information is used. If
we make changes
to the Privacy Policy, we will notify you by posting an announcement on the GenoBank.io website
so you are
always aware of what information we collect, how we use it, and under what circumstances if any,
it is
disclosed.
10. GenoBank.io users located
in the European
Data Region
For GenoBank.io users located in the European Data Region, all processing of Personal Data is
performed in
accordance with privacy rights and regulations following the EU Directive 95/46/EC of the
European Parliament
and of the Council of 24 October 1995 (the Directive), and the implementations of the Directive
in local
legislation. From May 25th, 2018, the Directive and local legislation based on the Directive
will be replaced by
the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on
the protection
of natural persons with regard to the processing of Personal Data and on the free movement of
such data, known
as the General Data Protection Regulation (GDPR), and GenoBank.io ’s processing will take place
in accordance
with the GDPR.
11. GenoBank.io users located in the US Data Region
For GenoBank.io users in the GenoBank.io US Data Region, GenoBank.io processes data solely in
data centers
located in the US. GenoBank.io has adopted reasonable physical, technical and organizational
safeguards which
substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction,
loss,
alteration, disclosure, access, use or processing of the user’s data in GenoBank.io ’s
possession. GenoBank.io
will promptly notify the user in the event of any known unauthorized access to, or use of, the
user’s data.
12. Users located in European Data Region: GenoBank.io
as
Controller
- GenoBank.io processes Personal Data both as a
Processor and as a
Controller, as defined in the Directive and the GDPR:
- GenoBank.io adheres to the Directive of 1995 and
the GDPR from
May 25th, 2018.
- All data collected by GenoBank.io will be stored exclusively in secure hosting facilities
provided by GDPR
compliant Amazon AWS Cloud. GenoBank.io has a data processing agreement
in place with
its provider, ensuring compliance with the Directive. All hosting is performed in accordance
with the
highest security regulations. All transfers of data internally in the EEA is done in
accordance with this
data processing agreement.
- See the GenoBank.io GDPR DATA PROCESSING ADDENDUM
In the case of a personal data breach, the controller shall without undue delay and, where
feasible, not later
than 72 hours after having become aware of it, notify the effected parties unless the personal
data breach is
unlikely to result in a risk to the rights and freedoms of natural persons. 2Where
the notification
to the affected parties is not made within 72 hours, it shall be accompanied by reasons for the
delay.
13. Retention and Deletion
GenoBank.io will not retain data longer than is necessary to fulfill the purposes for which it
was collected or
as required by applicable laws or regulations. For user data, users have control of the purpose
for collecting
data, and the duration for which the Personal Data may be kept.
14. Conditions of Use
We assume that all users of our Website and platform have carefully read this document and agree
to its contents.
If someone does not agree with this privacy policy, they should refrain from using our Website
and platform. We
reserve the right to change our privacy policy as necessity dictates. Continued use of
GenoBank.io’s Website and
platform after having been informed of any such changes to these conditions implies acceptance
of the revised
privacy policy. This privacy policy is an integral part of GenoBank.io ’s terms of use.
15. Links to Other Sites
Your activity on the third-‐party websites that GenoBank.io links to (such as Facebook or
Twitter) is governed
by the security and privacy policies of those websites. You should review the privacy policies
of all websites
before using them so that you understand how your information may be used. We have no control
over, and assume
no responsibility for the content, privacy policies or practices of any third party sites or
services. You
should also adjust privacy settings on your account on any third-‐party website to match your
preferences.
16. Children’s Privacy
GenoBank.io is committed to protecting the privacy of children who visit our GenoBank.io website.
Only persons
age 18 or older have permission to access our Service. We do not knowingly collect personally
identifiable
information from persons under 18. GenoBank.io follows the U.S. Children’s Online Privacy
Protection Act
(“COPPA”). For more information about COPPA, please visit https://www.consumer.ftc.gov/articles/0031-‐protecting-‐your-‐childs-‐privacy-‐online.
17. Changes to This Privacy
Policy
We may revise this Privacy Policy from time to time. The most current version of the policy dated
Nov 27, 2018
will govern our use of your information and will always be at GenoBank.io.com/privacy. If we
make a change to
this policy that, in our sole discretion, is material, we will notify you via email to the email
address
associated with your account and/or prominent notice on our GenoBank.io website. By continuing
to access or use
the Services after those changes become effective, you agree to be bound by the revised Privacy
Policy.
GenoBank.io reserves the right to update this Privacy Policy as it applies to Personal Data only
(which therefore
excludes and changes involving linkage of Personal Data to Shared Data, covered in this policy)
from
time-to-time without advance notice. When these changes are made, GenoBank.io will make a new
copy of this
Privacy Policy available on its Website and through our P2P private messaging system (when
available). Such
changes will not apply retroactively but may be effective immediately on being made available on
our website.
You acknowledge and agree that if you use any of our services covered by this Privacy Policy
after the effective
date of the change, to the maximum extent permitted by applicable law, you agree that you will
be bound by the
new terms.
18. Contact Us
Thoughts or questions about this Privacy Policy? Please let us know by contacting us
at:
GenoBank.io
Inc,
Atte: Data protection & Privacy
Office: 650-999-0905
Email: [email protected]