PRIVACY POLICY STATEMENT

Privacy INTRODUCTION
Please read this privacy policy (the "Privacy Policy") to learn more about how BodySync ("BodySync," "we," or "us") treats personally identifiable information that you provide to us. If you have comments, suggestions, questions, or concerns about our Privacy Policy, please contact us at privacy@bodysync.com.

What This Privacy Policy Covers.
This policy covers our treatment of personally identifiable information that we obtain from you. Personally identifiable information also includes health information that you disclose to us and information generated from tests that we conduct for you. We regard personally identifiable information as information that someone can use to identify or contact you in person, such as real name, telephone number, email address, physical mailing address, financial account information, genetic information, and certain medical information you voluntarily provide to us such as your birth date, gender, and personal and family disease history. Information that we use internally to identify you as a customer in our system, such as your selected username or password, is not considered personally identifiable information.

What This Privacy Policy Does Not Cover.
This policy does not cover the privacy practices of third parties that we do not own or control, such as our partners and advertisers. In addition, we may provide links to other services and on occasion to other sites that may interest you. All of these sites operate independently and they have their own privacy or security practices. We have no control over, do not review, and cannot be responsible for these outside websites or their content. Accordingly, we encourage you to review their policies before submitting any personal information to them.


HOW INFORMATION IS COLLECTED

1. Information You Provide.
Required Registration Information. When you register as a customer, we collect your full name, email address, and the username and password you have created.

Email Information. In addition to providing the foregoing information to us, if you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses. We provide the same protections for these electronic communications that we employ in the maintenance of information received by mail and telephone.  It will remain safeguarded and not be shared with any outside services or companies, except as necessary to provide the services that you have requested.

Access to Your Personal Information.In general, we make it easy for you to view the personally identifiable information we have collected from you in your customer profile, where you can add, edit, or delete it as you see fit.

2. Information We Track.
Similar to other commercial web sites, our Website utilizes a standard technology called cookies and web server logs to collect information about how our Website is used. Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our Website, and the websites visited just before and just after our Website. This information is collected on an aggregate basis. None of this information is associated with you as an individual.

Cookies are stored on computers to increase the security of your personal information and make it easier for you to navigate a website. Session cookies are automatically deleted when you close your web browser, while other cookies, called persistent cookies, remain on your computer for long periods of time.  To remove persistent cookies from your computer, follow the instructions in the help menu of your web browser.  If your internet settings block cookies altogether, you will not be able to log into an account on the website.


INFORMATION WE DO NOT COLLECT

Personal Information of Individuals Under the Age of 18. You should be aware that our Website is not intended for or designed to attract individuals under the age of 18 and as such, we do not intentionally gather personally identifiable information of individuals who are under the age of 18. If you believe that we have collected personal information about a person who is under the age of 18, please contact us at privacy@bodysync.com and such personal information will be deleted.


HOW PERSONALLY IDENTIFIABLE INFORMATION IS USED, CONTROLLED, AND SECURED

1. Use of Your Personally Identifiable Information That You Provide To Us.
We may use your personally identifiable information for the following purposes:

• To generate and send you requested test results.
• To communicate with you and to send you information by email, mail, or other means about our products and new service we think you will find valuable.
• To notify you about important changes to our Website.

2. Use of Information We Collect From Cookies.
We may use the information we collect from cookies for the following purposes:
• To analyze trends and statistics about the use of our Website
• To design our Website in the most user-friendly manner so that we can enhance your experience
• To help us improve our Website, and better serve our existing and potential customers.

3. Control of Your Personally Identifiable Information.
Except as otherwise described in this Privacy Policy, personally identifiable information you provide to us will not be shared outside of BodySync and its controlled subsidiaries and affiliates without your permission.

4. Security of Personally Identifiable Information.
To prevent unauthorized access to personally identifiable information, we have put into practice a number of procedures set forth below:
• User access is protected using personally assigned usernames and passwords.
• DNA samples are assigned a unique, anonymous barcode to track the Genetic Information independent of the user information.
• User information is always stored separately from Genetic Information so that Genetic Information remains anonymous to laboratory personnel.
• This Website is encrypted to secure personally identifiable information. All information and genetic assessment results will be stored in an encrypted, anonymous, database, served on a dedicated, HIPAA-hardened server, housed in a world-class data center.
• Our network is secured using server firewalls. In addition, the Website will use firewalls to protect information from unauthorized access, disclosure, alteration, and/or destruction. This highly secure server configuration includes: regular patches and updates; Virus, Worm, Trojan & Malware protection; blocking and logging of unauthorized access attempts; dedicated firewall support with enhanced security rules for secured SSH & Remote Desktop connection.
• Archives containing personally identifiable information are securely stored on the database server which will be securely stored behind the firewall.
• Employee and third party consultant access to personally identifiable information is limited to their needs related to provision of Services. Employees and third party consultants may only access this information using a password.

All employees and third party consultants with access to personally identifiable information are trained appropriately and are required to sign a confidentiality agreement that aligns with this Privacy Policy.

Please note that email correspondence that you may send to us may not be secure unless we advise you that security measures will be in place prior to your transmitting the information. For that reason, we ask that you do not send confidential information to us through an unsecured email.

HOW INFORMATION IS SHARED AND DISCLOSED
1. With Third Parties.
We may provide anonymous, aggregate information about our customers, sales, Website traffic patterns and related information to our affiliates, partners or reputable third parties, but this information will not include personally identifiable information.

2. Linked Services.
In some cases, we may allow you to access or link to other products or services through our Website. In all of these cases, our partners may choose to collect your personal information as they deem appropriate. We are not responsible for or in control of how our partners collect, use, or disclose your information obtained through these linked services. We encourage you to be aware when you are using these partner services and, for your best online experience, we encourage you to review their policies before submitting any personal information to them.

3. As Necessary In Certain Legal Circumstances.
We reserve the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect the rights, property or safety of BodySync or others, respond to claims and/or to comply with a judicial proceeding, court order, or legal process served on us.

TEST RESULTS
Customer samples are processed in our state-of-the art CLIA-certified laboratory with the utmost standards of quality and according to government regulations.

Your DNA sample will only be tested for the information requested. Results will be provided by mail to the address designated or electronically via a secure, password protected Website.  No one outside our laboratory will have access to the results unless directed to do so in writing.  This includes family members.

To further protect your privacy, we will destroy samples within ten days after completing your requested test.

COMMUNICATION
We will contact customers using the method of communication they specify.  Information will not be communicated to any other individual unless the customer directs us to do so in writing or it is required by law.

ACCOUNT TERMINATION
If a customer decides to terminate his or her account with BodySync, we will delete the customer's user account, access and personally identifiable information from our system.  However, we are required by law to archive and retain copies of the test report for seven years. 

FEDERAL LAWS PROTECTING YOU
Some people worry that once they know a genetic fact about themselves, they could be forced to share that information with an insurer or employer.  The United States instituted a law on May 21, 2008 called the Genetic Information Nondiscrimination Act (GINA), which protects Americans against unfair treatment from employers and insurers on the basis of genetic information.  As a result, you are not required to disclose genetic information to an employer or insurer, nor can they legally discriminate against you.

STATE LAWS PROTECTING YOU
There are also state laws that prevent insurers, employers and others from using genetic test results for discriminatory purposes. You may have additional protection under these laws, depending on where you are located.

NOTICE TO CALIFORNIA RESIDENTS
California Civil Code Section 1798.83 permits customers who are California residents and who have provided BodySync with "personal information" (as that term is defined in Section 1798.83) to request certain information about the disclosure of that information to third parties for their direct marketing purposes.  If you are a California resident with questions regarding this, please contact BodySync at privacy@bodysync.com or at BodySync, PO Box 3611, Redondo Beach, CA 90277.

FOR OUR CANADIAN CUSTOMERS
Canadian citizens, except under circumstances defined by law, are entitled to access their own Personal Information collected by BodySync by writing to: BodySync, PO Box 3611, Redondo Beach, CA 90277 U.S.A. If you believe that the personally identifiable information about you that we have collected is incomplete or inaccurate, we will correct the information upon verification of the omission or error and of the identity of the person requesting the change. If you wish additional information about our personal identifiable management, to access, correct or have us investigate any matters in relation to your personally identifiable information, please contact us at the address provided above.


NOTICE TO VISITORS OUTSIDE OF THE UNITED STATES
You should be aware that the United States and other countries have not harmonized their privacy regulations. Because BodySync and its servers are located in the United States, we have written our Privacy Policy to satisfy United States regulations. By registering as a customer, you expressly agree to the transfer into and out of the United States and the use of your personally identifiable information as necessary to provide the services that you request. You also agree to the level of privacy protection set out in this Privacy Policy.

LINKED WEBSITES
Our Website contains links to third-party websites operated by other organizations.  We are not responsible for their privacy practices and we encourage our customers to read the privacy policies of each website that collects personally identifiable information.  We will not disclose our customers' personal information to these organizations. 

BUSINESS TRANSITION
In the event that BodySync undergoes a business transition such as a merger or an acquisition by another company, or if any personally identifiable information is transferred to another company, we will require the successor to comply with the terms of this Privacy Policy.

CHANGES TO THIS PRIVACY POLICY
This Privacy Policy is subject to occasional revision, and changes will be posted on our Website.  If we make any substantial changes in the way we use or disclose your personally identifiable information, we will notify you at the email address listed in your customer profile. If you object to any such changes, you may request that we delete your customer account.

© 2018 COPYRIGHT BODYSYNC, INC.