Effective as of: September 14, 2019
Change: Addition of notice of electronic health record integration partner; a new feature on LunaDNA.
We refer to any personal information (for example, your name, contact information, payment information) as Personal Data. Personal Data does not include your Shared Data.
- The privacy and security of your Personal Data and Shared Data is of the utmost importance.
- We understand and respect the sensitive nature of the information you may provide to us, and we strive to be transparent in our collection, use and disclosure of this information and to ask for your explicit consent to share sensitive information with third parties.
- We are committed to providing a secure, private, and safe environment for our services.
How We Share/Use Your Data
LunaDNA will use your Shared Data and Personal Data as follows:
- Population-level Research: LunaDNA or a contracted third party may perform population-level searches based on a pre-defined study design. We refer to these searches as queries. Based on the results of a query, a subset of aggregated, de-identified Shared Data is populated in a private, secured
- Targeted Research Participation: In some situations, such as clinical trial recruitment, a researcher or contracted third party may want to contact you and other members directly. LunaDNA enables this via an anonymous, automated process, which allows the researcher or contracted third party to invite you into a direct communication but does not grant them access to any of your Personal Data or individual Shared Data. It is then your choice whether you will engage in direct contact with the researcher or contracted third party or not. Your preference whether to receive these invitations (which we call opt-in) can be turned on or off within your account settings page. The invitation list is typically determined by LunaDNA, the researcher or the contracted third party querying our platform, using the unique data file identification number linked to your Shared Data, and based on specific query parameters defined by the researcher or contracted third party.
- Improving LunaDNA Services: LunaDNA may use the information it collects to improve its services, for example, improving the design and structure of our website or databases; to detect, prevent, or otherwise address fraud, security, or technical issues; and to protect against harm to the rights, property or safety of LunaDNA or our affiliates or members.
- As Required By Law: LunaDNA may use or disclose any information it collects as required by law or legal process, for example, in responding to a court-issued subpoena. However, we believe the steps LunaDNA takes to protect your information, such as its data segregation architecture which does not allow for re-identification of Shared Data without the consent of the contributing member, provides substantial protection to our members in these situations. Where allowed by law or legal process and where reasonably possible, we will notify you in advance of any such proposed use or disclosure of your data.
- Enforcement of Agreements. LunaDNA may use your data to enforce our Terms of Service, any member Subscription Agreement, or our Operating Agreement, including in each case investigations of potential violations.
Security & Privacy Measures
LunaDNA takes the security and privacy of your data very seriously. LunaDNA uses technical, physical, and administrative controls designed to protect member Personal Data and Shared Data from unauthorized access or disclosure and to regulate the appropriate use of this information.
We take steps designed to de-identify Shared Data that is provided in a sandbox to make it more difficult for a researcher to identify you based on individual pieces of information or combinations of information in your Shared Data. These steps include a policy to aggregate the Shared Data of no less than three persons in the sandboxed query results. Your Personal Data is separated from Shared Data, so that you cannot be reasonably re-identified as an individual by researchers or third parties given access to Shared Data for population-level research. LunaDNA’s terms of service for researchers will prohibit them from attempting to circumvent our steps and policies to prevent re-identification (except through our opt-in process for targeted research participation described above).
Additionally, each type of data is uniquely tagged with a sequence of characters that is determined by a one-way hash function, designed in such a way that it is extremely difficult with today’s technology to reverse engineer the given value. This disaggregated data is currently stored across separate private, cloud storage sites, which increases the barriers for anyone trying to access any member’s complete data profile. LunaDNA leverages what it believes to be best-in-class HIPAA compliant infrastructure (even though we are not subject to HIPAA).
We protect data via safeguards such as data backup, audit controls, access controls, data encryption, and account creation and login verification. Our site and application program interfaces (APIs) use Secure Socket Layer (SSL) technology to encrypt all connections to and from our site and APIs to enhance security of electronic data transmissions. Additionally, we use standards and processes for securing and encrypting all stored member data. Each member will be in control of the selection and safety of his or her password, but LunaDNA has put measures in place to assist account security. Additionally, LunaDNA requires email verification at account creation and two-factor authentication for members signing into their LunaDNA account.
As explained in our LunaDNA Consent, you may choose at any time to revoke your consent to all of your data, purge some or all of your data, and even delete your account completely from our databases.
1. What Are Cookies? Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page. To learn more about cookies, including how you can turn them off, you can visit allaboutcookies.org.
Strictly Necessary Cookies. These cookies are essential in order to enable you to navigate through our website and use its features. Without these cookies, we cannot remember your login details or otherwise keep track of any services you have requested.
Performance Cookies. These cookies collect anonymous information on how visitors use our website. For example, we currently use Google Analytics cookies to help us understand how customers arrive at our site, browse or use our site and highlight areas where we can improve areas such as navigation, data uploading experience and marketing campaigns.
Functionality Cookies. These cookies remember choices you have made, such as the country you visit our website from, your preferred language and search parameters such as size, color or product line. These can then be used to provide you with an experience more appropriate to your selections and to make your visits more tailored and pleasant.
Targeting or Advertising Cookies. These cookies collect information about your browsing habits in order to make advertising more relevant to you and your interests. They may also be used to limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. The cookies are usually placed by third party advertising networks. They remember the websites you visit and that information is shared with other parties such as advertisers.
To learn more about advertising cookies and to control your preferences, visit aboutads.info.
3. Deleting or Blocking Cookies. You can control how they are used on your browser. To learn more about clearing and managing cookies, visit allaboutcookies.org/manage-cookies/clear-cookies-installed.html.
LunaDNA is not designed for, intended to attract, or directed toward minor children under the age of 13, and we will not accept any contributions of information or data from minor children under the age of 13.
Attention: Data Protection and Privacy
415 S. Cedros Avenue
Solana Beach, CA 92075
You are responsible for ensuring that your contact information (i.e., email listed on your profile page) remains up to date and valid.
Version 1.0, 112918