Effective as of: September 14, 2019

Change: Addition of notice of electronic health record integration partner; a new feature on LunaDNA.


In this LunaDNA Privacy Policy, we refer to genomic data (that is, data about your genes, or DNA) and medical or health data (for example, medications, allergies, surveys, health records, information collected by integrated apps and devices) as Shared Data.


We refer to any personal information (for example, your name, contact information, payment information) as Personal Data.  Personal Data does not include your Shared Data.

  

Our Philosophy

  • The privacy and security of your Personal Data and Shared Data is of the utmost importance.
  • We understand and respect the sensitive nature of the information you may provide to us, and we strive to be transparent in our collection, use and disclosure of this information and to ask for your explicit consent to share sensitive information with third parties.
  • We are committed to providing a secure, private, and safe environment for our services.


How We Share/Use Your Data

LunaDNA collects information from you when you register an account on our Website, contribute Shared Data or Personal Data, including self-reporting information through surveys, forms, features or applications, use social media connections and features, refer contacts to us, share information through various interactions with us and our partners, and through our use of cookies and similar tracking technologies.



LunaDNA will use your Shared Data and Personal Data as follows:

  1. Population-level Research: LunaDNA or a contracted third party may perform population-level searches based on a pre-defined study design. We refer to these searches as queries.  Based on the results of a query, a subset of aggregated, de-identified Shared Data is populated in a private, secured  computer environment controlled by LunaDNA, which we refer to as a sandbox, in order to complete the analysis required by the study design. This population-level research may have various purposes including the advancement of genomic science and identifying links between genomics and disease or other conditions.  Researchers and third parties will be able to associate your Shared Data with a unique data file identification number that is independent from your Personal Data.
  2. Targeted Research Participation: In some situations, such as clinical trial recruitment, a researcher or contracted third party may want to contact you and other members directly. LunaDNA enables this via an anonymous, automated process, which allows the researcher or contracted third party to invite you into a direct communication but does not grant them access to any of your Personal Data or individual Shared Data. It is then your choice whether you will engage in direct contact with the researcher or contracted third party or not. Your preference whether to receive these invitations (which we call opt-in) can be turned on or off within your account settings page. The invitation list is typically determined by LunaDNA, the researcher or the contracted third party querying our platform, using the unique data file identification number linked to your Shared Data, and based on specific query parameters defined by the researcher or contracted third party.
  3. Advertising: LunaDNA may display advertisements to you on our website.  These advertisements will be chosen because our manager, LunaPBC, believes that they will create value for members. Advertisements may be targeted for you based on information that LunaDNA collects about you, including communications between you and LunaDNA that are administrative in nature or by tracking your website usage using cookies (please see our Cookie Policy below).  LunaDNA will target advertisements to you based on your Shared Data only if you provide further consent to us for doing so. If we select any advertisement for you based on information that LunaDNA has collected about you, we will display it in such a way that neither LunaDNA nor the advertiser will know which particular members have received the advertisement; however, you may identify yourself to such an advertiser by answering or otherwise responding to the advertisement.
  4. Improving LunaDNA Services:  LunaDNA may use the information it collects to improve its services, for example, improving the design and structure of our website or databases; to detect, prevent, or otherwise address fraud, security, or technical issues; and to protect against harm to the rights, property or safety of LunaDNA or our affiliates or members.
  5. As Required By Law:  LunaDNA may use or disclose any information it collects as required by law or legal process, for example, in responding to a court-issued subpoena.  However, we believe the steps LunaDNA takes to protect your information, such as its data segregation architecture which does not allow for re-identification of Shared Data without the consent of the contributing member, provides substantial protection to our members in these situations.  Where allowed by law or legal process and where reasonably possible, we will notify you in advance of any such proposed use or disclosure of your data.
  6. Enforcement of Agreements.  LunaDNA may use your data to enforce our Terms of Service, any member Subscription Agreement, or our Operating Agreement, including in each case investigations of potential violations.


Security & Privacy Measures


LunaDNA takes the security and privacy of your data very seriously. LunaDNA uses technical, physical, and administrative controls designed to protect member Personal Data and Shared Data from unauthorized access or disclosure and to regulate the appropriate use of this information.


We take steps designed to de-identify Shared Data that is provided in a sandbox to make it more difficult for a researcher to identify you based on individual pieces of information or combinations of information in your Shared Data. These steps include a policy to aggregate the Shared Data of no less than three persons in the sandboxed query results.  Your Personal Data is separated from Shared Data, so that you cannot be reasonably re-identified as an individual by researchers or third parties given access to Shared Data for population-level research.  LunaDNA’s terms of service for researchers will prohibit them from attempting to circumvent our steps and policies to prevent re-identification (except through our opt-in process for targeted research participation described above).


Additionally, each type of data is uniquely tagged with a sequence of characters that is determined by a one-way hash function, designed in such a way that it is extremely difficult with today’s technology to reverse engineer the given value. This disaggregated data is currently stored across separate private, cloud storage sites, which increases the barriers for anyone trying to access any member’s complete data profile.  LunaDNA leverages what it believes to be best-in-class HIPAA compliant infrastructure (even though we are not subject to HIPAA).


We protect data via safeguards such as data backup, audit controls, access controls, data encryption, and account creation and login verification.  Our site and application program interfaces (APIs) use Secure Socket Layer (SSL) technology to encrypt all connections to and from our site and APIs to enhance security of electronic data transmissions. Additionally, we use standards and processes for securing and encrypting all stored member data.   Each member will be in control of the selection and safety of his or her password, but LunaDNA has put measures in place to assist account security. Additionally, LunaDNA requires email verification at account creation and two-factor authentication for members signing into their LunaDNA account.


Third-Party Tools

Health Records. LunaDNA enables you to share your Electronic Health Record (EHR) data for research. We use the Medfusion API Service to enable our members to connect their patient portals, and through them, their EHR data to our platform. A member authorizes the collection of EHR data through the Medfusion user interface within the LunaDNA platform. The Medfusion API service is responsible for collecting, normalizing, and collating the data and delivering it to the LunaDNA platform.  You may remove the connection to your patient portal(s) and delete all of your data from your patient portals at any time. Medfusion is aligned with LunaDNA's standards for privacy and data control. You may view their Privacy Policy at: https://web.medfusion.net/privacy-statement/mfapi.


Your Choices

As explained in our LunaDNA Consent, you may choose at any time to revoke your consent to all of your data, purge some or all of your data, and even delete your account completely from our databases.


Cookie Policy

This cookie policy explains how LunaDNA uses cookies and similar technologies when you visit our website or any other websites, apps, pages, features, or content we own or operate and/or interact with LunaDNA online advertisements or marketing emails. We encourage you to read the full policy so that you can understand what information is collected using cookies and how LunaDNA uses that information.


1. What Are Cookies?  Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page. To learn more about cookies, including how you can turn them off, you can visit allaboutcookies.org.


2. Use of Cookies on Our Website.  We use cookies to collect information about your online preferences.  We use the following categories of cookies on our website:


Strictly Necessary Cookies.  These cookies are essential in order to enable you to navigate through our website and use its features. Without these cookies, we cannot remember your login details or otherwise keep track of any services you have requested.


Performance Cookies.  These cookies collect anonymous information on how visitors use our website. For example, we currently use Google Analytics cookies to help us understand how customers arrive at our site, browse or use our site and highlight areas where we can improve areas such as navigation, data uploading experience and marketing campaigns.


Functionality Cookies.  These cookies remember choices you have made, such as the country you visit our website from, your preferred language and search parameters such as size, color or product line. These can then be used to provide you with an experience more appropriate to your selections and to make your visits more tailored and pleasant.


Targeting or Advertising Cookies.  These cookies collect information about your browsing habits in order to make advertising more relevant to you and your interests. They may also be used to limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. The cookies are usually placed by third party advertising networks. They remember the websites you visit and that information is shared with other parties such as advertisers.


To learn more about advertising cookies and to control your preferences, visit aboutads.info.


3. Deleting or Blocking Cookies.  You can control how they are used on your browser. To learn more about clearing and managing cookies, visit allaboutcookies.org/manage-cookies/clear-cookies-installed.html.


Minors


LunaDNA is not designed for, intended to attract, or directed toward minor children under the age of 13, and we will not accept any contributions of information or data from minor children under the age of 13.



Contact Information

If you have any questions about our Privacy Policy, including requests for certain information by California residents regarding our disclosure of personal information to third parties for their direct marketing purposes, you may contact us at:

            

LunaDNA, LLC

Attention:  Data Protection and Privacy

415 S. Cedros Avenue

Solana Beach, CA 92075

Email: privacy@lunadna.com


Changes to This Privacy Policy

LunaDNA cannot foresee all of the potential applications of the data we collect, particularly in a rapidly developing field such as genomics and medical research.  Therefore, LunaDNA reserves the right to update this Privacy Policy from time-to-time.  Before implementing any changes that involve LunaDNA’s use of your Shared Data (including any linkage of Personal Data to Shared Data), LunaDNA will first notify you of the proposed changes at least 30 days before their effectiveness to provide you with the opportunity to revoke your LunaDNA consent, purge some or all of your Shared Data, or even delete your account completely from our databases (as described in the LunaDNA Consent) if you do not want to be bound by the revised terms.  If you do not take one of those actions after receiving notice of those proposed changes, to the maximum extent permitted by applicable law, you agree that you will be bound by the new terms when they become effective.


LunaDNA reserves the right to update this Privacy Policy as it applies to Personal Data only (which therefore excludes any changes involving linkage of Personal Data to Shared Data, covered by the above paragraph) from time-to-time without advance notice.  When these changes are made, LunaDNA will make a new copy of this Privacy Policy available on its website. Such changes will not apply retroactively but may be effective immediately on being made available on our website. You acknowledge and agree that if you use any of our services covered by this Privacy Policy after the effective date of the change, to the maximum extent permitted by applicable law, you agree that you will be bound by the new terms.


You are responsible for ensuring that your contact information (i.e., email listed on your profile page) remains up to date and valid.



Version 1.0, 112918