Effective as of: July 24, 2020

(Effective 30 days from member notification on June 23, 2020)


Our Philosophy

  • Safeguarding the privacy and security of your Personal Data and Shared Data is of the utmost importance. 
  • We understand and respect the sensitive nature of the information you may provide to us, and we strive to be transparent in our collection, use and disclosure of this information and to ask for your explicit consent to share sensitive information with third parties. 
  • We are committed to providing a secure, private, and safe environment for our services.

 

Information We Collect or You Share

  • Information you share with us. When you use and access our Services you may choose to share or make available information including: Customer Data, Personal Data, and Shared Data as defined in our LunaDNA Terms of Use. 
  • Information we collect. We collect Web-Behavior Information via cookies and other similar tracking technologies when you use and access our Services. See our Terms of Use for more information on Services. Our Cookie Policy is defined below.

 

How We Share/Use Your Data

LunaDNA assembles information from you when you register an account on our Website, contribute Shared Data or Personal Data, including self-reporting information through surveys, forms, features or applications, use social media connections and features, refer contacts to us, share information through various interactions with us and our partners, and through our use of cookies and similar tracking technologies.

 

LunaDNA does not access, use, or share Customer Data in any way. This data is secured within the Customer’s sandbox, and only available for the specific Customer’s use.

 

LunaDNA accesses Shared Data and/or Personal Data as follows:

 

  1. Population-level Research. Luna DNA's Manager, LunaPBC, Inc. (which we refer to as LunaPBC) or an approved and contracted Customer (e.g. researcher) may perform population-level searches based on a pre-defined study design. We refer to these searches as queries.  Based on the results of a query, a subset of aggregated, de-identified Shared Data is populated in a private, secured compute environment controlled by LunaDNA, which we refer to as a sandbox, in order to complete the analysis required by the study design. This population-level research may have various purposes including the advancement of genomic science and identifying links between genomics and disease or other conditions. Researchers will be able to associate your Shared Data with a unique data file identification number that is independent from your Personal Data. Your Personal Data will not be viewable in any of the above activities.

  2. Research or Community Inquiries. In some situations, a Customer (e.g., a researcher or community administrator) may want to contact Members directly, for example for clinical trial recruitment or to inform Members of new community resources. Members’ preference whether to receive these invitations (which we call opt-in) can be turned on or off within your account settings page. For those who opt-in LunaDNA enables this contact via an automated process, which allows the Customer to invite you into a direct communication but does not grant them access to any of your Personal Data or individual Shared Data. It is then your choice whether you will engage in direct contact with the Customer or not. The invitation list is typically determined by LunaDNA or the Customer querying our platform, using the unique data file identification number linked to your Shared Data, and based on specific query parameters defined by the researcher or contracted third party.

  3. Member Inquiries. In some situations, a Member may want to contact Customers directly, for example to inquire about upcoming community events or studies. A Customer's preference whether to receive these invitations (which we call opt-in) can be turned on or off within its account settings page. For those who opt-in, LunaDNA enables this contact via an automated process, which allows the Member to invite the Customer into a direct communication but does not grant the Customer access to any of the Member’s Personal Data.

  4. LunaDNA Communications. LunaDNA or LunaPBC may contact you about your account and any relevant information about our Services. You can set your preferences for receiving these communications in your account settings.

  5. Advertising. LunaDNA may display advertisements to you on our website.  Your preference whether to receive these advertisements (which we call opt-in) can be turned on or off within your account settings page or on your home page. If we select any advertisement for you based on information that LunaDNA has collected about you, we will display it in such a way that neither LunaDNA nor the advertiser will know which particular Members or Customers have received the advertisement; however, you may identify yourself to such an advertiser by answering or otherwise responding to the advertisement. These advertisements will be chosen because LunaPBC believes that they will create value for you. Advertisements may be targeted for you based on information that LunaDNA collects about you, including communications between you and LunaDNA that are administrative in nature or by tracking your website usage using cookies (please see our Cookie Policy below). LunaDNA will target advertisements to you based on your Shared Data only if you provide further permission to us for doing so.

  6. Improving LunaDNA Services.  LunaDNA may use information it collects to improve its services, for example, improving the design and structure of our website or databases; to detect, prevent, or otherwise address fraud, security, or technical issues; and to protect against harm to the rights, property or safety of LunaDNA or our affiliates or members.

  7. As Required By Law. LunaDNA may use or disclose any information it collects as required by law or legal process, for example, in responding to a court-issued subpoena. However, we believe the steps LunaDNA takes to protect your information, such as its de-identified data segregation architecture, which does not allow for re-identification of Shared Data without the consent of the contributing member, provides substantial protection to our members in these situations. Where allowed by law or legal process and where reasonably possible, we will notify you in advance of any such proposed use or disclosure of your data.

  8. Enforcement of Agreements. LunaDNA may use your data to enforce our Terms of Use, any member Subscription Agreement, or our Operating Agreement, including in each case investigations of potential violations.

Security & Privacy Measures

LunaDNA takes the security and privacy of your data very seriously. LunaDNA uses technical, physical, and administrative controls designed to protect member Personal Data and Shared Data from unauthorized access or disclosure and to regulate the appropriate use of this information. 

 

We take steps designed to de-identify Shared Data that is provided in a sandbox, in order to make it very difficult for a researcher to identify you based on individual pieces of information or combinations of information in your Shared Data. These steps include a policy to aggregate the Shared Data of no less than three persons in the sandboxed query result data set.  Your Personal Data is separated from Shared Data, so that you cannot be reasonably re-identified as an individual by researchers given access to Shared Data for population-level research.  Additionally, LunaDNA’s terms of use prohibits researchers from attempting to circumvent our steps and policies to prevent re-identification (except through our opt-in process for targeted research participation described above).

 

Additionally, each type of data is uniquely tagged with a sequence of characters that is determined by a one-way hash function, designed in such a way that it is extremely difficult with today’s technology to reverse engineer the given value. This disaggregated data is currently stored across separate private cloud storage sites, increasing the barriers for anyone trying to access any member’s complete data profile.  LunaDNA leverages what it believes to be best-in-class HIPAA compliant infrastructure in all processes including data storage and processing (even though we are not subject to HIPAA regulations). 

 

We protect data via safeguards such as data backups, audit controls, access controls, data encryption, data segregation by type, and account creation and login verification.  Our site and application program interfaces (APIs) use Secure Socket Layer (SSL) technology to encrypt all connections to and from our site and APIs to enhance security of electronic data transmissions. Additionally, we use nationally recommended standards and processes for securing and encrypting all stored member data.   

 

Each member will be in control of the selection and safety of his or her password. LunaDNA has put additional measures in place to assist with account security including email verification at account creation and two-factor authentication for members signing into their LunaDNA account. Data within LunaDNA may exist across international jurisdictions, but in all cases, abides by LunaDNA’s security and privacy policies.

 

Third Party Tools

  • Data hosting. LunaDNA uses Amazon Web Services for our cloud services.

  • Health Records. LunaDNA enables you to share your Electronic Health Record (EHR) data for research. We use the Greenlight Health API Service to enable our members to connect their patient portals, and through them, their EHR data to our platform. A member authorizes the collection of EHR data through the Greenlight Health user interface within the LunaDNA platform. The Greenlight Health API service is responsible for collecting, normalizing, and collating the data and delivering it to the LunaDNA platform.  You may remove the connection to your patient portal(s) and delete all of your data shared from your patient portals at any time. Greenlight Health is aligned with LunaDNA's standards for privacy and data control. You may view their Privacy Policy at: https://greenlighthealth.com/greenlight-health-privacy-statement/. Note: Greenlight Health was formerly known as Medfusion.

  • Referrals. LunaDNA enables Customers and Members to refer family and friends to LunaDNA using a service provided by FriendBuy. FriendBuy is used to provide a Non-Shared Data Service as defined in our Terms of Use. Within their Privacy Policy, you are referred to as an “End User” and your data is considered: “End User Information”. You may view their privacy Policy at: https://www.friendbuy.com/privacy/.

  • LunaDNA & LunaPBC Communications. LunaDNA uses a third-party tool provided by Mailchimp to assist with communications to Customers, Members, and prospective members. Customer and Member Personal Data, e.g. email addresses, may be ingested into MailChimp into a “Distribution List” for managing communications. MailChimp is used to provide a Non-Shared Data Service as defined in our Terms of Use. To learn more about how MailChimp handles Distribution Lists, you may review their Privacy Policy at: https://mailchimp.com/legal/privacy/

  • LunaDNA & LunaPBC Support Tools. LunaDNA uses Freshworks software to manage our online support chat and help desk services. Freshworks enables GDPR-compliant support for all of their customers worldwide. https://www.freshworks.com/privacy/

 

Your Choices

As explained in our LunaDNA Consent, Members may choose at any time to revoke your consent to all of your data, purge some or all of your data, and even delete your account completely from our databases. Customers may also delete their Customer Data at any time or delete their Account dependent on any terms in their LunaPBC contract.

 

Cookie Policy

This cookie policy explains how LunaDNA uses cookies and similar technologies when you visit our website or any other websites, apps, pages, features, or content we own or operate and/or interact with LunaDNA online advertisements or marketing emails. We encourage you to read the full policy so that you can understand what information is collected using cookies and how LunaDNA uses that information.

  1. What Are Cookies?  Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page. To learn more about cookies, including how you can turn them off, you can visit allaboutcookies.org.

  2. Use of Cookies on Our Website.  We use cookies to collect information about your online preferences.  We use the following categories of cookies on our website:

Strictly Necessary Cookies. These cookies are essential in order to enable you to navigate through our website and use its features. Without these cookies, we cannot remember your login details or otherwise keep track of any services you have requested.

Performance Cookies. These cookies collect anonymous information on how visitors use our website. For example, we currently use Google Analytics cookies to help us understand how customers arrive at our site, browse or use our site and highlight areas where we can improve areas such as navigation, data uploading experience and marketing campaigns.

Functionality Cookies. These cookies remember choices you have made, such as the country you visit our website from, your preferred language and search parameters such as size, color or product line. These can then be used to provide you with an experience more appropriate to your selections and to make your visits more tailored and pleasant.

Targeting or Advertising Cookies. These cookies collect information about your browsing habits in order to make advertising more relevant to you and your interests. They may also be used to limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. The cookies are usually placed by third party advertising networks. They remember the websites you visit and that information is shared with other parties such as advertisers.

                To learn more about advertising cookies and to control your preferences, visit https://youradchoices.com/.

 Third Party Cookies.  Other parties may use cookies on our website to provide services to us and the businesses that advertise on our website.  For example, Google Analytics may set cookies while you are browsing our website as described above under Performance Cookies.

  1. Deleting or Blocking Cookies. You can control how they are used on your browser. To learn more about clearing and managing cookies, visit allaboutcookies.org/manage-cookies/clear-cookies-installed.html.

Minors

LunaDNA is not designed for, intended to attract, or directed toward minor children under the age of 13. Only persons age 18 or older (an “adult”) may establish an account in LunaDNA and contribute Shared Data or Personal Data on their own behalf.  A parent or legal guardian (either, a “guardian”) of a person under the age of 18 (a “child”) may create and control a Member account on behalf of the child (“Minor Account”) and provide Shared Data and Personal Data for the child until the child reaches the age of 18.  

  • Within a Minor Account, and as long as the child remains under 18 years of age, a guardian may act on behalf of the child in such activities including but not limited to: (a) consenting via the LunaDNA consent, (b) sharing the child’s Shared Data and Personal Data, and (c) responding to research requests (if the guardian has chosen to allow such requests in the privacy settings).

  • The guardian's contact information linked to the Minor Account is considered Personal Data associated with the guardian's account.  

  • Currently, a Minor Account is not eligible for the issuance of shares in LunaDNA.

  • The guardian may choose to convert a Minor Account to an account directly in the child’s control (a “conversion”) once the child is at least 13 years of age and is eligible to act on their own behalf for sharing and controlling their personal data under relevant laws and regulations. Following a conversion, the consent for use of the child’s Shared Data is revoked unless and until the child re-consents to the LunaDNA consent on their own behalf. The guardian is responsible for confirming the child is eligible to control their own account and consent on their own behalf based on the applicable legal requirements in the jurisdiction in which they live prior to initiating a conversion.

  • If the guardian has not completed a conversion prior to the child’s 18th birthday, then upon the child’s 18th birthday, the guardian will be locked out of the child’s account, except to perform a conversion, and the consent for use of the child’s Shared Data will be revoked. Following conversion, the former child beneficiary of the account will have the option to re-consent to the LunaDNA consent on their own behalf.

  • The LunaDNA Consent Agreement details what happens when consent is revoked.

 

Wards

LunaDNA recognizes that some adults (18 years of age or older) may not be able to create or manage their own accounts due to health conditions or legal circumstances (i.e. they are “incapacitated”). We refer to these adults as “wards”. An individual to whom the ward has granted authority to act on their behalf, which we refer to as a caregiver-life proxy (or “caregiver”), may establish an account in LunaDNA and contribute Shared Data or Personal Data on behalf of their ward. 

  • Within a Ward Account, and as long as the adult remains incapacitated, a caregiver may act on behalf of the ward in such activities including but not limited to: (a) consenting via the LunaDNA consent, (b) manage the Ward's privacy settings, (c) sharing the ward’s Shared Data and Personal Data, and (d) responding to research requests (if the caregiver has chosen to allow such requests in the privacy settings).

  • The caregiver's contact information, linked to the Ward Account, is considered Personal Data associated with the caregiver’s account.  

  • The caregiver must agree to convert a Ward Account to an account directly in the ward’s control (a “conversion”) if the ward re-establishes capacity and is capable of acting on their own behalf for sharing and controlling their personal data under relevant laws and regulations. Following a conversion, the consent for use of the ward’s Shared Data is revoked unless and until the ward re-consents to the LunaDNA consent on their own behalf. The caregiver is responsible for confirming the ward is capable of controlling their own account and consent on their own behalf based on the applicable legal requirements in the jurisdiction in which they live prior to initiating a conversion.

  • The LunaDNA Consent Agreement details what happens when consent is revoked.

Contact Information

If you have any questions about our Privacy Policy, including requests for certain information by California residents regarding our disclosure of personal information to third parties for their direct marketing purposes, you may contact us at:

 

            LunaDNA, LLC

            Attention:  Data Protection and Privacy

            4110 Campus Point Court

            San Diego, CA 92121

            Email: privacy@lunadna.com

 

Changes to This Privacy Policy

LunaDNA cannot foresee all of the potential applications of the data we collect, particularly in a rapidly developing field such as genomics and medical research.  Therefore, LunaDNA reserves the right to update this Privacy Policy from time-to-time.  Before implementing any changes that involve LunaDNA’s use of your Shared Data (including any linkage of Personal Data to Shared Data), LunaDNA will first notify you of the proposed changes at least 30 days before their effectiveness to provide you with the opportunity to revoke your consent, purge some or all of your Shared Data, or even delete your account completely from our databases (as described in the LunaDNA Consent Agreement) if you do not want to be bound by the revised terms.  If you do not take one of those actions after receiving notice of those proposed changes, to the maximum extent permitted by applicable law, you agree that you will be bound by the new terms when they become effective.

 

LunaDNA reserves the right to update this Privacy Policy as it applies to Personal Data only (which therefore excludes any changes involving linkage of Personal Data to Shared Data, covered by the above paragraph) from time-to-time without advance notice.  When these changes are made, LunaDNA will make a new copy of this Privacy Policy available on its website. Such changes will not apply retroactively but may be effective immediately on being made available on our website. You acknowledge and agree that if you use any of our services covered by this Privacy Policy after the effective date of the change, to the maximum extent permitted by applicable law, you agree that you will be bound by the new terms.

 

You are responsible for ensuring that your contact information (i.e., email listed on your profile page) remains up to date and valid.

 

Definitions 

  • Community. A group of members self-assembling inside the platform with a shared purpose, e.g. similar health condition, similar lifestyle interests, etc. The community may be supported by personnel, who are also members, to provide additional resources to the group members.
  • Customer. A user on the LunaDNA platform who accesses Customer Services (e.g. researchers, community administrators, etc.) or accesses Member Services on behalf of a Member (e.g. proxy, legal guardian, etc.). It is possible for a user to be both a Customer and Member.
  • Customer Data. Any private or proprietary information that a customer chooses to import into their private, secure compute environment, also known as a "sandbox".
  • Member. A user on the LunaDNA platform who accepts the LunaDNA Consent with the intention or action of sharing data (Shared Data) on the platform. It is possible for a user to be both a Customer and Member.
  • Non-Shared Data Services. Those Services that do not involve use of Member Shared Data.
  • Personal Data. Any personal information (for example, your name, contact information, payment information).  Personal Data does not include Shared Data.
  • Services. Any of LunaDNA’s products, software, services, and website (including but not limited to text, graphics, images, and other material and information) as accessed from time to time by the user, regardless if the use is in connection with an account or not. Customers and Members may not have access to all of the same Services.
  • Shared Data. Genomic data (that is, data about an individual’s genes, or DNA) and medical or health data (for example, medications, allergies, surveys, health records, information collected by integrated apps and devices).
  • Share Holder Members. Members who hold shares in LunaDNA (which we offer to some members in exchange for rights to Shared Data). The term Share Holder Member in these Terms corresponds to the term “member” as used in LunaDNA’s Operating Agreement and Offering Circular defining the rights of Share Holder Members.