1.1 This Privacy Policy, together with our Privacy Notice, sets out how The DNA Company Inc with registered office at 3425 Laird Avenue, Unit 2, Mississauga, Ontario, L5L 5R8 Canada ("The DNA Company") and its subsidiaries, related bodies corporate and franchisees (collectively referred to in this policy as "The DNA Company", "we" or "us") protects the privacy of your Personal Information (as defined below) and the basis on which any Personal Information we collect from you, or that you provide to us, will be processed by us. 

1.2 The DNA Company is committed to ensuring that your privacy is protected and to ensuring that your Personal Information is processed in accordance with applicable laws and regulations (as amended or replaced from time to time) protecting the privacy of Personal Information in the jurisdictions in which we operate ("Applicable Laws"). For the purposes of this Privacy Policy, Personal Information means information that is about you as an identifiable individual, such as personal health information or other personal information as defined by the Applicable Laws. The DNA Company will only collect, use, store, disclose and transfer your Personal Information in accordance with this Privacy Policy, any related Privacy Notices and Applicable Laws. 

1.3 Please read the following carefully to understand The DNA Company’ views and practices regarding your Personal Information and how we will treat it. By subscribing to our genetic testing program which is a DNA based testing program ("Program"), you confirm that you have read, understood and agree with the collection, use, storage, disclosure and transfer of your Personal Information in accordance with this Privacy Policy and the related Privacy Notice. If you do not agree or withdraw your consent, you should not subscribe to or use the Program. 

1.4 This Program is intended for individuals 16 years of age and older. If you are under the age of 16, you must not use the Program or submit Personal Information unless you have the consent of and are supervised by a parent or guardian.The DNA Company does not knowingly collect information from people under the age of 16 without such consent. 

1.5 This Privacy Policy was last updated on, and is effective as of, January 01, 2020. The DNA Company reserves the right, in its sole discretion, to modify, revise, delete and update this Privacy Policy from time to time. The DNA Company will notify you in advance of any modifications to the terms of this Privacy Policy (e.g. by posting the revised policy with anew effective date and by publishing the information about such modification on its web page www.thednacompany.com/privacy). If you do not agree with the modifications, revisions, deletions or updates, your exclusive remedy is to cease using the Program. By continuing to subscribe to the Program after those changes are made, you shall be deemed to have accepted and agreed to the changes.

2. THE PERSONAL INFORMATION THAT WE COLLECT FROM YOU

2.1 When you use and subscribe to the Program, we collect the following Personal Information about you:
(a) Information you give us: You may give us information about you by subscribing to the Program, such information may include, but is not limited to:

(i) your name, title, gender and/or date of birth;
(ii) your contact information including phone/mobile number and email address;
(iii) billing and shipping address;
(iv) payment information (e.g. credit card); and
(v) your age, height, weight, waist measurement and health history. 

(b) Information The DNA Company collects about you: In order to provide you with our Program, we collect the following information for you: 

(i) genetic and biological health information, including information regarding your genetic profile generated through processing and analysis of your saliva by The DNA Company or by its contractors, successors, and assignees; or otherwise processed by and/or contributed to The DNA Company (“Genetic Information”); 

(ii) for greater certainty, your saliva sample, once submitted to and analyzed by us, is processed in an irreversible manner and cannot be returned to you. Any Genetic Information derived from your saliva remains your information, subject to any specific rights we retain as set forth in this Privacy Policy and any related Privacy Notices; and 

(iii) other personal health information, such as any disease conditions or other health related information as provided by you to us through the screener form on our website. 

(c) Cookies and tracking

(i) We use cookies and similar technologies (such as web beacons, tags, scripts and device identifiers) to help us recognize you, customize and improve your experience, provide security, analyze usage of our Program (such as to analyze your interactions with the results, reports, and other features of the Program), gather demographic information about our user base, to offer our products and services to you, to monitor the success of marketing programs, and to serve targeted advertising on our site and on other sites around the Internet. We and our third party partners do not use your sensitive information, such as Genetic Information, for targeted advertising. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.

(ii) In addition to the above, when interacting with our website, we gather certain information automatically about the website’s users and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information we collect about you, such as your user profile ID or order number. We do this to improve services we offer you, and to improve marketing analytics, and site functionality. 

(iii) When you access our website by or through a mobile device, we may receive or collect and store a unique identification numbers associated with your device or our mobile application (including, for example, a UDID, UniqueID for Advertisers ("IDFA"), Google Ad ID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number, and, depending on your mobile device settings, your geographical location data, including GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device

3. WHAT WE DO WITH YOUR INFORMATION

3.1 The DNA Company may collect, store and process your Personal and Genetic Information described above for the following purposes: 

(a) to administer and operate the Program, and the services provided in connection with the Program, including processing and analyzing your genetic testing results and Genetic Information, and providing nutritional supplements related to such results and Genetic Information; 

(b) to perform research and development activities, which may include, for example, conducting data analysis and research in order to develop new or improve existing products and services, and performing quality control activities.The DNA Company may use Genetic Information for the purposes of conducting scientific research, 

(c) conduct analytics to improve and enhance our Program; 

(d) offer new products, programs or services to you, including through emails, promotions or contests; 

(e) implement online marketing campaigns and targeted advertising, including by utilizing third-party ads (subject to your cookie settings and preferences), and to measure the effectiveness of our marketing and targeted advertising; 

(f) for our internal record keeping requirements including collection of anonymized details about use of the Program to compile aggregate statistics or produce internal reports;

(g) to share your Personal Information with selected third parties in accordance with Section 4 of this Privacy Policy; 

(h) to provide you, or permit selected third parties acting on The DNA Company’ behalf to provide you with information by SMS, e-mail or other electronic messaging service about goods or services we feel may interest you including, without limitation brochures, details of promotions, events, new products and services; 

(i) to the extent we have a legal obligation, right or duty under the Applicable Law to use or disclose your information (including for crime and fraud prevention and related purposes); and 

(j) to anonymize and aggregate the Personal Information (including Genetic Information) for any other purposes, provided that no identifiable personal information can be readily identified. 

3.2 The DNA Company will only retain your Personal Information for as long as reasonably necessary having regard to the purposes for which your Personal Information was collected and will delete such Personal Information after the expiry of such period unless otherwise required under the Applicable Law and any anonymized and aggregated information will be retained be The DNA Company. The DNA Company will retain your Personal Information for an indefinite period of time for the purposes and uses indicated in this policy. If you would like to opt-out of the storage of your personal and genetic information after you have received information and/or services related to the Program, please send a written intention via email to [email protected] and specify which information you wish to have removed or used for purposes beyond the administration of the Program. 

4. DISCLOSURE OF YOUR PERSONAL INFORMATION

4.1 The DNA Company may share your Personal Information that it collects from you or that you provide to The DNA Company with selected third parties in order to operate the Program and provide the services in connection with the Program or for the following purposes: 

(a) to operate the Program and provide the services in connection with the Application or any other purposes as set out in paragraph 3.1 above; 

(b) to enforce or apply the Program’s Subscription Agreement and/or other agreements or to investigate potential breaches of such agreements; 

(c) For greater certainty, your Genetic Information will not be disclosed by The DNA Company except to provide you with the Program unless we have obtained your express consent to do so. 

4.2 The DNA Company may share your anonymized and aggregated Personal Information with limitations to: 

(a) business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you; 

(b) companies that provide statistical analysis services; and

(c) analytics and search engine providers, such as Google Inc, that assist us in the improvement and optimization of our website. 

4.3 The DNA Company may disclose Personal Information: 

(i) to comply with any applicable laws, regulations, governmental and quasi-governmental requests, court orders or subpoenas;
(ii) to enforce the Program’s Subscription Agreement or other agreements; or
(iii) to protect The DNA Company’ rights, property or safety or the rights, property or safety of other users of the Program or others (e.g., for fraud protection etc.).

4.4 Except as set out in this Privacy Policy, we will not disclose, sell, distribute, rent or lease your Personal Information to third parties unless we have your permission or to complete a transaction for you. We do not share your identifiable Personal Information with third parties for their direct marketing use without your express consent.

5. SECURITY

5.1 The DNA Company has in place security measures to store all Personal Information collected and received securely. We use appropriate technical, organizational, administrative and physical measures to protect your Personal Information contained in our system against accidental damage, deletion, misuse, loss and unauthorized access or alteration. Although we will do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted by a Re-Seller to us. Once The DNA Company has received your Personal Information, we will use strict procedures and security features (including by encrypting the Personal Information) to try to prevent unauthorized access. 

5.2 Independent security certification and audit. Our processing systems, which protects The DNA Company information assets supporting our Services, has been certified under the internationally recognized ISO/IEC 27001:2013 standard. Some of those controls are described below. 

5.3 Encryption. The DNA company uses industry standard security measures to encrypt Sensitive Information both when it is stored and when it is being transmitted. 

5.4 Limited access to essential personnel. We limit access of information to authorized personnel, based on job function and role. The DNA Company access controls include multi-factor authentication, single sign-on, and a strict least-privileged authorization policy.

6. YOUR RIGHTS

6.1 You have the right to, at any time, ask us not to process or share your Personal Information for marketing purposes (even where you have previously given consent). The DNA Company will inform you (before collecting your Personal Information) if it intends to use your Personal Information for such purposes or if The DNA Company intends to disclose your Personal Information to any third party for such purposes (subject to obtaining your prior consent). 

6.2 You have the right to access details of your Personal Information that we hold about you by written request and to request rectification or erasure of such Personal Information, if the Applicable Laws allows you to do so. 

6.3 You may choose to no longer receive communications from us by replying STOP to communications (if any) you receive from The DNA Company. You may unsubscribe to any email from us using the instructions in the email you receive; this will not stop us from sending emails about your account or transactions with us or other information required for your use or subscription to the Program. 

6.4 You also have the right to change your mind about consenting to the use, disclosure and transfer of your Personal Information in accordance with this Privacy Policy by contacting us at the address listed below. If you withdraw your consent for The DNA Company to process your Personal Information in accordance with this Privacy Policy, The DNA Company may not be able to provide you with the entire Program. 

6.5 You have the right to make a complaint about a possible breach of the Applicable Laws to us. We will consider any complaints we receive and respond to your complaint within a reasonable period of time. You also may lodge a complaint about the treatment of your Personal Information with the supervisory authority located in your jurisdiction, if the Applicable Laws allows you to do so. 

6.6 You can exercise your rights above by contacting us at the address listed below.

7. CONTACT

7.1 Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed The DNA Company, Inc, 3425 Laird Avenue, Unit 2, Mississauga, Ontario, L5L 5R8 or to [email protected]