Last updated: February 8, 2021

This privacy policy governs how Gene2Rx may process or use your personal data. You can contact us via the contact form on Gene2rx.com if you have any questions or concerns regarding your privacy on Gene2Rx.

Gene2Rx (the “Website”) is a genetic annotation system that creates a personal report (a “Report”) based on a raw DNA data file (“DNA Data File”) uploaded by the user, using the scientific and medical literature cited by the Clinical Pharmacogenetics Implementation Consortium (CPIC®). We do not have any affiliation with the CPIC organization. Gene2Rx is a platform for genetic analysis, that allows its users to: (i) upload DNA Data Files generated by different DNA testing service providers; (ii) optionally store DNA Data Files; (iii) generate Reports based on the uploaded DNA Data Files; and (iv) optionally create a private account through which they can manage the DNA Data Files and the Reports. Gene2Rx is a service for a personal, private and informational use only and may not be used in connection with any clinical purpose and/or commercial or research endeavors. Illegal and/or unauthorized use of Gene2Rx is prohibited.

Your privacy is important to us. By using Gene2Rx and uploading a DNA Data File, you consent to the collection, use and storage by us of your DNA Data File in accordance with this Privacy Policy, until the DNA Data File is deleted by you or by us.

What personal data is collected?

If you upload a DNA Data File and/or create an account, your DNA Data File and your email address will be processed by us. We will process this information for as long as needed to provide you with the service. We collect the full name, country of residence and age of new users during account signup to ensure compliance with privacy laws and better serve our users.

If you make a payment to use Gene2Rx, we use the Stripe service for billing and therefore we do not store your credit card information or other billing information on Gene2Rx; it is stored by Stripe and we do not have access to it.

When you generate a Report, you must enter your email address for the Report to be emailed to you.

Storage of your information

Gene2Rx maintains a copy of your report and DNA data file unless otherwise requested. If you delete your account, your data will be deleted with it.

You can log into your account at any time and request to delete any of your data. While your DNA Data File is stored with Gene2Rx, you can re-generate a Report for free with the latest CPIC guidance.

If you upload a DNA Data File but you do not continue and generate a Report, the DNA Data File is automatically deleted within 24 hours.

DNA data storage

DNA data storage is optional. You may opt-out from the storage option at the time of requesting the Report, in which case we will delete your DNA Data within 24 hours of your Report being generated. If you create an account and store DNA Data in it, you can delete your data at any time after your Report is generated. Otherwise, an encrypted copy of your data will be maintained on our servers.

Rights; License

We do not claim any ownership rights in your DNA Data File and genome and it belongs to you only.

By uploading your DNA Data File, you grant us a temporary, limited, revocable, royalty-free, world-wide license to process and use your DNA Data File for the purpose of providing you with the service. i.e., for generating and re-generating Reports, and if you created an account and stored your DNA Data File, also to use it with new genetic features of the service we may develop in the future, at no additional cost to you. You may delete your DNA Data File at any time.

By uploading DNA Data to Gene2Rx, you acknowledge that you acquire no rights in any research or commercial products that may be developed by us (whether or not they relate to the said DNA Data).

Use of your personal data

We may use your personal data under the following circumstances

1. To provide you with the service.
2. To communicate with you. We may communicate with you for the purpose of informing you of changes or additions to the service or of any of our products and services or to seek feedback from you on the service. We may send updates when new CPIC guidance is available.
3. For internal business purposes, i.e. To improve Gene2Rx or to develop new products and/or services
4. We store de-identified summary statistics, called alleles, for further product development and system performance monitoring

Security

When you provide us with any personal data, that personal data may be transferred to and stored by us in our secure data centers which may provide a different level of protection for personal data than in your country of residence. By providing us with personal data, you specifically consent to the transfer and processing of personal data and its storage in our data centers. By using services, you consent to have your personal data transferred to and processed in the United States and you acknowledge that your personal data may be used as described herein.

All traffic is encrypted via https and your upload is retained in a well-protected location, and we take industry standard security measures to ensure the privacy protection of the personal data provided by you. We have implemented commercially reasonable security measures in place to attempt to protect users' data under our control. However, we cannot guarantee unauthorized use. You acknowledge that you provide your personal data at your own risk.

You hereby acknowledge and agree that:

1. Downloading your Reports will create a copy that is not protected by our security and privacy settings;
2. Download and the storage of your Reports after you have downloaded them, shall all be made at your own risk
3. We shall not have any control over the downloaded Reports and shall not be liable to you or to any third party in connection with any such download and/or storage.

Third-parties

Your personal data (including the DNA Data Files and/or the Reports) will never be sold, licensed or otherwise shared by us with any other third parties without your explicit informed consent, except in the very specific scenarios described below:

1. To third parties providing services on our behalf, like processing payments from you by Stripe or storing data on AWS. The use of the personal data by such third parties is limited in scope and subject to contractual protections. Such parties are prohibited from using it for any other purposes other than providing us or you with the required services. With respect to processors outside Europe, we attempt to ensure adequate safeguards for your personal data, as required by applicable law.
2. In business transfers. In the event that Gene2Rx, or substantially all of its assets or stock, are acquired, transferred, disposed of (in whole or part and including in connection with any merger, bankruptcy or similar proceedings), personal information including DNA Data will be one of the transferred assets. In such event, your personal information would remain subject to the promises made in the pre-existing Privacy Policy prior to the event.

We will never sell or license your DNA information to insurance companies under any circumstances.

Email

We may send to you the following types of emails

1. Transactional emails. Emails that are sent following a purchase of a Report. For example, if you make a payment, you will receive an email with a confirmation that your payment was received, or the charge has failed.
2. Notification emails. Emails that include a link to your Report or information concering privacy policy updates.
3. Announcement emails. Emails concerning the service that announce new features, promotions and offers.

You cannot unsubscribe from transactional and notification emails, and by providing your email address you give your consent to receive such emails as necessary.

Legal ground for processing

Under EU data protection law, all processing of personal information is justified by a "condition" for processing. In the majority of cases, any processing will be justified on the basis that:

1. As is necessary for the performance of a contract with you, in this case, your usage of our services; 2. As is necessary for our legitimate commercial interests subject to your interests and fundamental rights (e.g. analytics which we carry out of your use of the service) 3. The processing is necessary for us to comply with a relevant legal obligation.

In addition, the processing of "special category data" is only permitted where a relevant exemption exists. Special category data includes genetic information. The special category data is processed on the basis of your explicit consent. Where the basis of processing is your consent, you have the right to withdraw your consent, and therefore prevent that processing, at any time.

Minors

If you are a child under the age of 18, please do not use our service. We will not knowingly contact or engage with children under the age of 18. If you have reason to believe that a child has provided us with their personal information, please contact us using the contact form on our website and we will endeavor to delete that information from our databases.

Modifications

Your use of Gene2Rx constitutes your agreement to follow and be bound by this Privacy Policy. We reserve the right to update or modify this Privacy Policy at any time. For this reason, we encourage you to review this Privacy Policy whenever you use the service.

If we decide to modify our Privacy Policy, we will issue an updated version of this Privacy Policy with an updated date legend (and notify you via email or by other appropriate means if the changes are material) so that you will be aware of what information we collect, how we use it and under what circumstances we disclose it in accordance with applicable law. If you do not consent to the Privacy Policy or to any changes thereto and as a result you would like us not to use or hold your information in accordance with the revised terms, you may delete your DNA Data and/or delete your account.

Use of the Website following any changes constitutes your acceptance of the revised Privacy Policy then in effect.

GDPR

You have the right to request access to your personal data that we process, and further have such personal data rectified or erased.

If you feel like your data protection rights under the GDPR have been violated, you may lodge a complaint at the supervisory authority in the Member State in which you reside, or alternatively with the ICO.

California privacy rights

California residents are entitled to ask us for a notice describing what categories of personal customer information we share with third parties or corporate affiliates for those third parties or corporate affiliates’ direct marketing purposes. We do not share your personal information with third parties or corporate affiliates for their direct marketing purposes.

If you do not agree to this Privacy Policy, please do not use the service.