Privacy Policy

DNA Direct, Inc. ("DNA Direct," "we" or "our") recognizes that medical privacy is essential and is dedicated to protect the privacy of its users ("users," "you" or "your") both on- and off-line. We understand that genetic information is very personal, even in the context of your own family members. We are also aware of your concerns regarding the potential for genetic information being misused by insurers and/or employers. DNA Direct has created a framework uniquely designed for the genetic testing service available through the DNA Direct website. Our website is supported by advanced technology that seeks to secure your interactions with DNA Direct. We believe that your genetic information is your property, and it is your right as a consumer to be able to confidentially obtain and control this information. Because the success of DNA Direct is dependent on building and maintaining goodwill with our customers, we are committed to implementing measures designed to protect your privacy. Moreover, we see it as our responsibility to help set an example and establish the standards for medical privacy on the Internet.

Although DNA Direct respects your privacy, we do collect information from you. This Privacy Policy governs your interaction with the DNA Direct website, and your registration for and use of DNA Direct's service. By using the DNA Direct website, you agree to the collection and use of information as set forth in this Policy. If you do not agree to this Policy, please do not use the DNA Direct website. This Policy is the sole authorized statement of our practices concerning the collection, use and protection of personal information through the DNA Direct website. Except as set forth within this Privacy Policy and our Terms of Service and other published guidelines, we do not release Personally Identifiable Information about our users without their permission.

  1. INTRODUCTION

    While you may use some of the functionality of the DNA Direct website without registration, some of the specific tools and services require registration. If you do not use the tools, features or services offered on or through the DNA Direct website, the only information we collect will be Non-Personal Information (i.e., Information that is not traceable back to you and cannot be used to identify you. Non Personal Information includes information such as the web pages that you have viewed through the use of Cookies (i.e., Small data files that are stored on the hard drive of a computer used to view websites that are accessible only by the party or site that placed the Cookie on the hard drive.). If you choose to register with our website for certain tools and/or services, we require you to submit Personally Identifiable Information (i.e., Information that can be traced back to you. Personally Identifiable Information includes information such as your name, home address, telephone number and email address). Depending on the tool or service you have selected, we also may collect Personal Health Information (i.e., The combination of Personally Identifiable Information with known health characteristics. Personal Health Information includes the combination of your Personally Identifiable Information with information that you provide to us about a certain disease or condition that you have). You are responsible for ensuring the accuracy of the Personally Identifiable Information and Personal Health Information you submit to DNA Direct. Inaccurate information will affect the information you receive when using our website and tools and our ability to contact you. For example, your email address should be kept current because that is the primary manner in which we communicate with you.

  2. THE INFORMATION WE GATHER

    DNA Direct gathers three types of information about users:

    2.1.  Non-Personal Information. When users come to the DNA Direct website, we collect and aggregate Non-Personal Information indicating, among other things, which pages of our website were visited, the order in which they were visited and which hyperlinks were "clicked." Collecting such information involves the logging of the IP addresses, operating system and browser software used by each user to the DNA Direct website. Although such information is not Personally Identifiable Information, we can determine from an IP address a user's Internet Service Provider and the geographic location of his or her point of connectivity.

    We also use Cookies and other technologies to help us determine the type of content and sites to which a user to the DNA Direct site links, the length of time each user spends at any particular area of the DNA Direct site and the DNA Direct services users choose to use. Essentially, Cookies are a user's identification card for the DNA Direct computers, or servers, that placed them there. Cookies are only read by the server that placed them, and are unable to execute any code or virus. Cookies allow DNA Direct to serve you better and more efficiently, and to personalize your experience at DNA Direct's website. Cookies also may be used to facilitate a user's log-in, but are not used to retain Personally Identifiable Information or Personal Health Information. We also do not link Non-Personal Information from Cookies to Personally Identifiable Information without your permission.

    You should be able to control how and whether Cookies will be accepted by your web browser. Most browsers offer instructions on how to reset the browser to reject Cookies in the "Help" section of the toolbar. If you reject our Cookies, certain of the functions and conveniences of our website may not work properly, but you do not have to accept our Cookies in order to productively use the DNA Direct website.

    This Privacy Policy covers the use of cookies by DNA Direct. Overture.com uses cookies on our site. We have no access to or control over these cookies. This Privacy Policy does not cover the use of cookies by Overture.com.

    2.2.  Personally Identifiable Information. We collect Personally Identifiable Information that you provide to us when you register with us to save partially-completed risk assessment questionnaires, order genetic tests made available by DNA Direct, sign-up for email messages, or leave us a return phone number and/or name through our toll free customer service number. Among other things, we use the Personally Identifiable Information that you provide to respond to your questions, provide you the specific services you select, send you email messages about website maintenance and updates, and inform you of significant changes to this Privacy Policy.

    (a)  Risk Assessment Questionnaires. In order to help our users in determining whether they might benefit from ordering a particular genetic test made available through the DNA Direct website, our users may answer a risk assessment questionnaire specific to the condition or disease in question that requires the users to provide Personal Health Information to DNA Direct. Upon completing a risk assessment questionnaire, DNA Direct will use the responses to the questionnaire to provide the user with a benefit index that will help the user in determining whether he or she might benefit from ordering the genetic test to which such risk assessment questionnaire relates. In some questionnaires, users may be asked to provide gender and/or their age range. DNA Direct does not collect Personally Identifiable Information (such as name, date of birth, address) as part of the risk assessment questionnaire.

    (b)  Saving Risk Assessment Questionnaires. As a service to the users of the DNA Direct website, users may save partially-completed risk assessment questionnaires and return to our website at a later time to complete such questionnaire. Users may also save fully-completed risk assessment questionnaires if they wish to return to our website at a later time to complete the ordering process. In order to save a risk assessment questionnaire, a user will need to provide DNA Direct with an email address and a unique password created by the user.

    (c)  Genetic Test Orders. When ordering a genetic test, users are required to provide DNA Direct with Personally Identifiable Information as part of the billing process in addition to the Personal Health Information they provided in completing the risk assessment questionnaire. DNA Direct uses this Personally Identifiable Information and Personal Health Information to process the order and to send the user the test kit that is needed to conduct the particular genetic test.

    (d)  Email Messages You Send to DNA Direct. This Privacy Policy does not protect you when you send Personally Identifiable Information, Personal Health Information, other information, feedback, suggestions, content, business ideas, concepts or inventions to DNA Direct by email. If you want to keep Personally Identifiable Information, Personal Health Information, other information, feedback, suggestions, content, business ideas, concepts or inventions private or proprietary, do not send them in an email message to DNA Direct. We try to answer every email within 48 business hours, but are not always able to do so.

    2.3.  Testimonials. In order to help our users determine whether or not they would find value from ordering our tests or using our services, we collect and post, with permission of our customers, testimonial statements. From time to time testimonial statements are published on our website. These statements are published with the customer's initials and their state of residence or their name, depending on their personal preference.

  3. HOW WE USE (AND DO NOT USE) THE INFORMATION WE GATHER

    Please take some time to familiarize yourself with the different ways DNA Direct uses the information that it gathers.

    3.1.  Non-Personal Information. DNA Direct uses Non-Personal Information in aggregate form to build higher quality, more useful services by performing statistical analyses of the collective characteristics and behavior of our users, and by measuring demographics and interests regarding specific areas of the DNA Direct website.

    3.2.  Personally Identifiable Information and Personal Health Information. This Privacy Policy serves as notice that DNA Direct collects Personally Identifiable Information and Personal Health Information in the manners described above. Except as set forth in this Privacy Policy or as specifically agreed to by you, DNA Direct will not disclose any Personally Identifiable or Personal Health Information it gathers from you on our website. DNA Direct will only release Personally Identifiable or Personal Health Information to third parties: (a) to comply with valid legal requirements such as a law, regulation, search warrant, subpoena or court order; or (b) in special cases, such as a physical threat to you or others. In the event that we are legally compelled to disclose your Personally Identifiable Information or Personal Health Information to a third party, we will attempt to notify you unless doing so would violate the law or court order. We cooperate with law enforcement agencies in identifying those who may be using our servers or services for illegal activities. We also reserve the right to report any suspected illegal activity to law enforcement individuals or entities for investigation or prosecution. Finally, we may disclose Personally Identifiable Information and Personal Health Information as described below.

    (a)  Disclosure to DNA Direct Operations and Maintenance Contractors. DNA Direct operations and maintenance contractors include vendors and suppliers that provide us with technology, services, and/or content related to better operation and maintenance of our website. Access by these contractors to either your Personally Identifiable Information or your Personal Health Information, but not to both, is limited to the information reasonably necessary for the contractor to perform its limited function for DNA Direct. We also contractually require that our operations and maintenance contractors not use or disclose your Personally Identifiable Information and Personal Health Information for any purpose other than providing us with products and services.

    Contractors such as our ecommerce vendor have access to your Personally Identifiable Information (i.e.- billing and demographic information) but not to your Personal Health Information in the course of providing products or services to DNA Direct. These contractors may have access to your email address to send newsletters to you on our behalf, such as confirmation of a purchase. Contractors such as our server support have access to your Personal Health Information and email address only. These contractors are not authorized to send any information on behalf of DNA Direct.

    (1)  Agents. We use an outside shipping company to fulfill orders, and a credit card processing company to bill you for goods and services. These companies do not retain, share, store, or use Personally Identifiable Information for any other purposes.

    (2)  Service Providers. We use other parties such as YourPay.com and Miva Merchant to provide e-commerce services on our site. When you order a product from us we will share your Personally Identifiable Information (i.e.- billing and demographic information) but not to your Personal Health Information as is necessary for them to provide e-commerce service. These contractors have access to your email address to send communications to you on our behalf, such as confirmation of a purchase. These third parties are prohibited from using your Personally Identifiable Information for any other purpose.

    (b)  Disclosure to Genetic Testing Labs. DNA Direct does not disclose your Personally Identifiable Information or Personal Health Information to any genetic testing lab that performs the genetic tests that you order through the DNA Direct website. The only information that DNA Direct will provide to any genetic testing lab on your behalf is your unique Order ID Number.

  4. CHILDREN

    We are committed to protecting the privacy of children. Neither DNA Direct nor any of its services are designed or intended to attract children under the age of 13. We do not collect Personally Identifiable Information from any person we actually know is under the age of 13. A parent or guardian, however, may do any of the following things on behalf of his or her child: (a) complete a risk assessment questionnaire; (b) register to save partially-completed risk assessment questionnaires; (c) save partially-completed risk assessment questionnaires; (d) order genetic tests; and (e) register to receive promotional communications. The parent or guardian assumes full responsibility for ensuring that the information that it provides to DNA Direct about his or her child is kept secure and that the information submitted is accurate.

  5. LINKED SITES

    For your convenience there are links to websites operated by companies other than DNA Direct ("Third Party Websites") that we believe may be of interest to you. DNA Direct does not disclose your Personally Identifiable Information or Personal Health Information to these Third Party Websites. DNA Direct does not endorse and is not responsible for the privacy practices of these Third Party Websites. If you choose to link to one of these Third Party Websites, you should review the privacy policy posted on this other website to understand how that Third Party Website collects and uses your Personally Identifiable Information and Personal Health Information.

  6. EMAIL AND MAILING LIST POLICY

    We use your e-mail, mailing address, and phone numbers only to confirm your order or communicate with you regarding your case, questions or requests, or other products or services you may find useful. Except as specified in our Privacy Policy, we do not share our email list, mailing list, or telephone numbers with anyone for third-party marketing or promotional use.

    Service-related Announcements

    We will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.

    Choice/Opt-out

    We provide you the opportunity to 'opt-out' of having your Personally Identifiable Information used for direct marketing purposes. For example, if you purchase a product/service but do not wish to receive any additional marketing material from us, you can 'opt-out' by emailing us at support@dnadirect.com, calling us at 1-877-646-0222, or mailing a letter to:

    DNA Direct
    Pier 9, Suite 105
    San Francisco, CA 94111

    If you no longer wish to receive our promotional communications, you may opt-out of receiving them by following the instructions included in our communications or by emailing us at support@dnadirect.com, calling us at 1-877-646-0222, or mailing a letter to the address above.

    Tell-A-Friend

    If you choose to use our referral service to tell a friend about our site, we will ask you for your friend's name and email address. We will automatically send your friend a one-time email inviting him or her to visit the site. DNA Direct stores this information for the sole purpose of sending this one-time email. Your friend may contact us at support@dnadirect.com to request that we remove this information from our database.

  7. DNA DIRECT SECURITY PROCEDURES

    The following are some of the security procedures that DNA Direct uses to protect your privacy:

    • DNA Direct requires both a personal username (an email address) and a password in order for users to access their Personally Identifiable Information or Personal Health Information, including their Personalized Report that is generated upon completion of genetic testing.
    • DNA Direct uses firewalls to protect information held in our servers.
    • DNA Direct utilizes Secure Socket Layer (SSL) encryption in transmitting Personally Identifiable Information to our servers. In order to take advantage of encryption technology, you must have an Internet browser which supports 128-bit encryption.
    • DNA Direct closely monitors the limited number of DNA Direct employees who have potential access to your Personally Identifiable Information.
    • DNA Direct requires all DNA Direct employees to abide by our Privacy Policy and be subject to disciplinary action if they violate it.
    • DNA Direct backs-up our systems to protect the integrity of your Personally Identifiable and Personal Health Information.
    • When you purchase a genetic test through the DNA Direct website, a unique Order ID Number is automatically generated and assigned to that test and the corresponding test results and such unique Order ID Number remains the only identifying code associated with your test sample and test results.
    • DNA Direct has an internal firewall to ensure, except as required for business purposes, that employees who have access to your Personally Identifiable Information (including name, address, and billing information) do not have access to your Personal Health Information (including risk assessment questionnaire and genetic test results), and vice versa, except as required for business purposes. The only link between these information servers is the unique Order ID Number.

    Despite DNA Direct's efforts to protect your Personally Identifiable Information and Personal Health Information, there is always some risk that an unauthorized third party may find a way around our security systems or that transmissions of your information over the Internet will be intercepted.

  8. DNA TALK DISCLOSURE

    DNA Direct, in maintaining the blog DNA Talk http://talk.dnadirect.com, owns all information published by DNA Direct on DNA Talk. DNA Direct will not publish any personally identifiable information on DNA Talk. DNA Direct is not responsible for and does not own any information published  in the "Comments"  section of each blog entry. This privacy policy does not cover comments posted in the blog.

  9. CHANGES TO THIS PRIVACY POLICY

    Please note that DNA Direct reviews its privacy practices from time to time, and that these practices are subject to change. We ask that you bookmark and periodically review this web page to ensure continuing familiarity with the most current version of our Privacy Policy. To contact DNA Direct about privacy issues, to report a violation of our Privacy Policy, or to raise any other issue, please e-mail us at expert@dnadirect.com.

    If we decide to change our privacy practices, we will post those changes to this Privacy Policy, the homepage, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We reserve the right to modify this Privacy Policy at any time, so please review it frequently. If we make material changes to this Policy, we will notify you here, or by means of a notice on our homepage.

  10. DELETING/UPDATING YOUR PERSONALLY IDENTIFIABLE INFORMATION

    If you want to delete your Personally Identifiable Information and/or Personal Health Information from our systems or update the Personally Identifiable Information that you have provided to us you can email us at customerservice@dnadirect.com. We try to answer every email within 48 business hours, but may not always able to do so. Another way to up-date your Personally Identifiable Information and/or Personal Health Information is to take a new questionnaire and register as a new user. Keep in mind, however, that there will be residual information that will remain within DNA Direct databases, access logs and other records, which may or may not contain such Personally Identifiable Information and/or Personal Health Information. The residual information will not be used for commercial purposes; however, DNA Direct reserves the right, from time to time, to recontact former customers or users of DNA Direct.

    If you do not receive adequate resolution of a privacy related problem, you may write to DNA Direct's Privacy Help Desk at:

    DNA Direct, Inc.
    Attn: Privacy Help Desk
    Pier 9 - Suite 105
    San Francisco, CA 94111

    Or call toll free:

    (877) 646-0222

  11. BUSINESS TRANSFERS

    We may sell or transfer assets or portions of our business as we continue to improve our product and service offerings. In the event of such transactions, in order to provide continuity of service, user information (whether Non-Personal Information, Personally, Personally Identifiable Information and/or Personal Health Information) may be transferred.

DNA Direct is a licensee of the TRUSTe Privacy Program. TRUSTe is an independent, non-profit organization whose mission is to build user's trust and confidence in the Internet by promoting the use of fair information practices. This Privacy Policy covers the site www.dnadirect.com. Because DNA Direct wants to demonstrate its commitment to your privacy, it has agreed to disclose its information practices and have its privacy practices reviewed for compliance by TRUSTe.

If you have questions or concerns regarding this statement, you should first contact Adam Ward at 1-877-646-0222. If you do not receive acknowledgement of your inquiry or your inquiry has not been satisfactorily address, you should contact TRUSTe at http://www.truste.org/consumers/watchdog_complaint.php. TRUSTe will then serve as a liaison with us to resolve your concerns.

last updated on 12/15/05

this page last updated: December 19, 2006