Last updated: Nov 27, 2018
1. Data Utilization Description
Genobank.io will use your Shared Data and Personal Data as follows:
- Population-level Research: Genobank.io or a contracted third party may perform population-level searches based on a pre-defined study design. We refer to these searches as queries. Based on the results of a query, a subset of aggregated, de-identified Shared Data is populated in a private, secured computer environment controlled by Genobank.io, which we refer to as a sandbox, in order to complete the analysis required by the study design. This population-level research may have various purposes including the advancement of genomic science and identifying links between genomics and disease or other conditions. Researchers and third parties will be able to associate your Shared Data with a unique data file identification number (Data Tokenization process) that is independent from your Personal Data using proprietary or open source algorithms.
- Targeted Research Participation: In some situations, such as clinical trial recruitment, a researcher or contracted third party may want to contact you and other members directly. Genobank.io enables this via an anonymous or incognito, automated process, which allows the researcher or contracted third party to invite you into a direct communication but does not grant them access to any of your Personal Data or individual Shared Data. It is then your choice whether you will engage in direct contact with the researcher or contracted third party or not. Your preference whether to receive these invitations (which we call opt-in) can be turned on or off within your personal wallet settings or account page. The invitation list is typically determined by Genobank.io, the researcher or the contracted third party querying our platform, using the unique data file identification number linked to your Shared Data, and based on specific query parameters defined by the researcher or contracted third party.
- As Required By Law: Genobank.io may use or disclose any information it collects as required by law or legal process, for example, in responding to a court-issued subpoena. However, we believe the steps Genobank.io takes to protect your information, such as its data segregation architecture which does not allow for re-identification of Shared Data without the consent of the contributing member, provides substantial protection to our members in these situations by using an individual data container and encryption key for each user or wallet. Where allowed by law or legal process and where reasonably possible, we will notify you in advance of any such proposed use or disclosure of your data.
- Enforcement of Agreements. Genobank.io may use your data to enforce our Terms of Service, any member Subscription Agreement, or our Operating Agreement, including in each case investigations of potential violations.
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to, your first name, last name, address and email address (“Personal Information”). We collect this information for the purpose of providing the Service, identifying and communicating with you, responding to your requests/inquiries, servicing your purchase orders, and improving our services. We do not collect social security number or other similar information unless you choose to provide it. We do collect other limited information automatically from visitors who read, browse, and download information from our site. We do this, so we can understand how the site is being used and how we can make it more helpful.
Certain information about your visit can be collected when you browse websites. When you browse the Genobank.io Website, we, and in some cases our third-‐party service providers, can collect the following types of information about your visit, including:
- Domain from which you accessed the Internet
- IP address (an IP or internet protocol address is a number that is automatically assigned to a device connected to the web)
- Approximate geographic location based on the IP address of the user’s local system
- Operating system (which is software that directs a computer’s basic functions such as executing programs and managing storage) for the device that you are using and information about the browser you used when visiting the site
- Date and time of your visit
- Pages you visited
- Address of the website that connected you to our Website (such as google.com or bing.com)
- Device type (desktop computer, tablet, or type of mobile device)
- Screen resolution
- Browser language
- Geographic location
- Time spent on page
- Scroll depth – The measure of how much of a web page was viewed
- User events (e.g. clicking a button)
- We use this information to measure the number of visitors to our site and its various sections, to help make our site more useful to
- When you visit a website, its server may generate a piece of text known as a “cookie” to place on your device. The cookie, which is unique to your browser, allows the server to “remember” specific information about your visit while you are connected. There are two types of cookies, single session (temporary), and multi-‐session (persistent). Single session cookies last only as long as your web browser is open. Once you close your browser, the session cookie disappears. Persistent cookies are stored on your device for longer periods. Both types of cookies create an ID that is unique to your
- Session Cookies: We use session cookies for technical purposes such as to allow better navigation through our site. These cookies let our server know that you are continuing a visit to our
- Persistent Cookies: We use persistent cookies to understand the differences between new and returning visitors to the io website. Persistent cookies remain on your device. Between visits to our site until they expire or are removed by the user. We do not use persistent cookies to collect personally identifiable information. Genobank.io does not identify a user by using such technologies.
- The cookie makes it easier for you to use the dynamic features of Genobank.io. Information that you enter into the application is not associated with cookies on Genobank.io. Depending on the third-‐party tool’s business practices, privacy policies, terms of service, and/or the privacy settings you selected, information you have provided to third parties could be used to identify you when you visit the Genobank.io website. These third parties do not/will not share your identity with io.
- You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most browsers provide information on how to accept cookies, disable cookies or to notify you when receiving a new cookie. If you do not accept cookies, you may not be able to use some features of our Service and we recommend that you leave them turned on.
3. Do Not Track Disclosure
- Do Not Track (“DNT”) is a preference you can set in your web browser to inform websites that you do not want to be
- io automatically observes the DNT browser setting for digital advertising that uses “conversion-‐tracking” or “re-‐targeting”. If “Do Not Track” is set before a device visits the Genobank.io website, third party conversion tracking and retargeting tools will not load on the site. For more information on DNT or information on how to set the Do Not Track setting in your browser go to the Do Not Track website.
- So you can enable or disable Do Not Track by visiting the Preferences or Settings page of your web
4. Service Providers
- We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-‐related services and/or to assist us in analyzing how our Service is used. We will only share PII with third party vendors, consultants, agents, partners, and other service providers with whom we contract to help us provide or improve our
- These third parties will not have access to your Personally Identifiable Information and are obligated not to disclose or use your information for any other
- Please note that Genobank.io will only share your information in accordance with this Policy, except in the following situations:
- You have given us your consent to share or use information about you;
- We believe that we need to share information about you to provide a service that you have requested from us or from others;
- We are required by law to disclose information; or
- We believe that it is necessary to protect our rights or to avoid liability or violations of the law.
- We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to
- We also engage certain service providers for purposes of tracking and associating internet search and browsing behavior to provide improved functionality on the Genobank.io website. We enable them to use tracking technologies, such as cookies and web beacons, on or in conjunction with the io website. These companies may use non-‐personally identifiable information about your visits to other websites, together with non-‐personally identifiable information about your purchases and interests from other online and offline sources, to provide you with newsletters, marketing or promotional materials and goods and services that may be of interest to you.
- The use and collection of information by these service providers is governed by their respective privacy statements and thus is not covered by this Policy. In addition, we may share Website usage information with these service providers to manage and target ads and for market research
- Finally, information obtained through these processes may be combined with personally identifiable information in order to analyze our marketing efforts. You may opt out of receiving any, or all, of these communications from us by contacting
6. Compliance with Laws
- io recognizes it may be subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the regulations set forth thereunder at 45 C.F.R. Part 160 and Part 164 (the “HIPAA Privacy Regulations”) because Genobank.io provides certain services which involve (i) the use and disclosure of Protected Health Information (as defined in the HIPAA Privacy Regulations) by Genobank.io, and (ii) the disclosure of Protected Health Information by or on behalf of registered user by Genobank.io. Accordingly, pursuant to the HIPAA Privacy Regulations, Service Company may be a “Business Associate” (as defined in the HIPAA Privacy Regulations). Genobank.io complies with all of the requirements of HIPAA and the HIPAA Privacy Regulations applicable to Business Associates respectively.
- Additionally io complies in all material respects with all federal and state-‐mandated regulations, rules, or orders applicable to the services provided herein, including but not limited to regulations promulgated under Title II, Subtitle F of the Health Insurance Portability and Accountability Act (Public Law 104-‐91) (“HIPAA”). We will not disclose your Personal Information unless required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service. These regulations may require us to disclose to proper authorities information related to your usage of the Service, such as -‐ but not limited to -‐ time and date of your registration, your logins and logouts, your changes of passwords to the Service, time and date of your CCD and Fitbit (or weareables) uploads and authorizations to release your healthcare related data.
- io acknowledges that, during its engagement by registered users, it will have access to Personal Information including identity attributes and health information. Genobank.io in its collection, receipt, transmission, storage, disposal, use and disclosure of such Personal Information will be a responsible keeper of that information.
- While no method of internet transmission, or electronic storage is totally secure, Genobank.io strives to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store. Genobank.io shall implement administrative, physical and technical safeguards to protect Personal Information that are no less rigorous than accepted industry practices (including the International Organization for Standardization’s standards: ISO/IEC 27001:2005 – Information Security Management Systems – Requirements and ISO-‐IEC 27002:2005 – Code of Practice for International Security Management, other applicable industry standards for information security), and shall ensure that all such safeguards, including the manner in which Personal Information is collected, accessed, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Privacy
8. International Transfer
10. Genobank.io users located in the European Data Region
For Genobank.io users located in the European Data Region, all processing of Personal Data is performed in accordance with privacy rights and regulations following the EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the Directive), and the implementations of the Directive in local legislation. From May 25th, 2018, the Directive and local legislation based on the Directive will be replaced by the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR), and Genobank.io ’s processing will take place in accordance with the GDPR.
11. Genobank.io users located in the US Data Region
For Genobank.io users in the Genobank.io US Data Region, Genobank.io processes data solely in data centers located in the US. Genobank.io has adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the user’s data in Genobank.io ’s possession. Genobank.io will promptly notify the user in the event of any known unauthorized access to, or use of, the user’s data.
12. Users located in European Data Region: Genobank.io as Controller
- Genobank.io processes Personal Data both as a Processor and as a Controller, as defined in the Directive and the GDPR:
- Genobank.io adheres to the Directive of 1995 and the GDPR from May 25th, 2018.
- All data collected by Genobank.io will be stored exclusively in secure hosting facilities provided by GDPR compliant Amazon AWS Cloud. Genobank.io has a data processing agreement in place with its provider, ensuring compliance with the Directive. All hosting is performed in accordance with the highest security regulations. All transfers of data internally in the EEA is done in accordance with this data processing agreement.
- See the GENOBANK.IO GDPR DATA PROCESSING ADDENDUM
In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the effected parties unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. 2Where the notification to the affected parties is not made within 72 hours, it shall be accompanied by reasons for the delay.
13. Retention and Deletion
Genobank.io will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. For user data, users have control of the purpose for collecting data, and the duration for which the Personal Data may be kept.
14. Conditions of Use
15. Links to Other Sites
Your activity on the third-‐party websites that Genobank.io links to (such as Facebook or Twitter) is governed by the security and privacy policies of those websites. You should review the privacy policies of all websites before using them so that you understand how your information may be used. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services. You should also adjust privacy settings on your account on any third-‐party website to match your preferences.
16. Children’s Privacy
Genobank.io is committed to protecting the privacy of children who visit our Genobank.io website. Only persons age 18 or older have permission to access our Service. We do not knowingly collect personally identifiable information from persons under 18. Genobank.io follows the U.S. Children’s Online Privacy Protection Act (“COPPA”). For more information about COPPA, please visit https://www.consumer.ftc.gov/articles/0031-‐protecting-‐your-‐childs-‐privacy-‐online.
18. Contact Us
Atte: Data protection & Privacy