Privacy Policy

In accordance with the General Data Protection Regulation (GDPR), this Privacy Policy governs access to and use of this website.

Effective Date:  September 1, 2020, Last revision: February 18, 2023

Privacy Policy Statement

GeneHabit Private Limited is a registered company in Singapore with registration number 202017204N and a registered office at 7500A Beach Road, #05-319 The Plaza, Singapore 199591.

At GeneHabit, your information is treated with utter care. We handle your information responsibly in a secure manner by means of administrative, physical, and technical methods to safeguard it and process the information only for the legitimate purposes disclosed. Your personal information including genetic test results is maintained under a strict confidentiality policy. This policy applies to all users of our services, new and existing. This privacy policy outlines various purposes your information will be used and as per any additional consent or agreement that you may enter with us.

GeneHabit is a Preventative Health and Wellness Technology Company, we bring together laboratory diagnostics and digital technology to make available scientific insights about your health. We are committed to providing you with details of the information we collect, hold, and process. We will also provide you control, to the extent possible, of the information you provide to us.

The purposes for which we use your personal information are outlined in this Privacy Policy and any additional Consent Documents or Agreements we may enter into with you. By using any GeneHabit services, you consent to this Privacy Policy. You may not use our Services if you do not accept this Privacy Policy as it forms part of the GeneHabit Terms of Service. To be aware of any changes made, it is in your best interest to read our Policy each time you visit our website. The date this policy was last updated can be found at the policy’s beginning.

Key Definitions

We/Us/Our/GeneHabit means GeneHabit Private Limited.

You/Your/Yourself means the User of the Website.

Anonymized DNA sample: This means any Information that we have anonymized in a manner to result in the Information no longer being able to identify you, whether directly or indirectly, and is therefore no longer Personal Information.

“Applicable Law” – Means any law, by-law, ordinance, proclamation, and/or statutory regulation that the Parties are required to observe because of this Privacy Policy and matters incidental thereto, including, but not limited to, the GDPR.

“GDPR” – means the European Union’s General Data Protection Regulation, 2016/679.

“GDPR UK” – Refers to the United Kingdom General Data Protection Regulation, which was established post-Brexit to align with the EU GDPR. It regulates the processing of personal data for UK citizens and residents.

“EEA” – Means European Economic Area.

“Processing”, “Process” and “Processed” – means any operation or set of operations which is performed on Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Purpose” – This means the purposes for which we Process Information.

“Terms of Service” – means the specific terms that apply to our relationship when we provide you with Services.

What Kind of Information We Collect About You?

We collect several types of information about users of our services and website visitors. This information may be gathered automatically when you browse through our Websites or else directly from you when you choose to sign up for our Services:

  1. Your data is collected and processed when you register for a Service, through our website, through content on our website, through advertising third parties with whom you interact on our website, or when you submit any feedback by other means of communication. The information requested from you depends on the activity or services you avail, for example making payment for the service. If you reject the request to provide such information required for a particular activity, you will not be able to perform your desired activity or engage with our services successfully.
  2. We may also access your information from any public sources where you have chosen to make such Information public, for example, social media platforms, from third parties who lawfully provide it to us.
  3. We also collect your Internet Protocol (“IP”) address and device information. We use these to diagnose problems with our servers and/or software, to administer our Services, and to gather demographic information.

GeneHabit may collect the following types of information:

  1. Registration Information: Personal information will be collected when you set up an account with us, such information may include but may not be limited to your name, location, contact details, and date of birth.
  2. Self-Reported Information: Personal Information including but not limited to health issues, medical conditions, fitness or physical performance information, ethnicity,  family history, or health goals that you voluntarily share with us by means of surveys, forms, or features while entering our site may be collected by us. Such self-reported information may be anonymized and used in approved research to improve our services.
  3. Genetic Information:  Your genetic or biomarker information is generated through the analysis of your saliva or blood test or when you upload/provide such genetic or biomarker information to us by any means to avail of our services.
  4. Online activity information: This is the information about your usage of our websites, portals, social media pages, apps, or any other software solutions that you may use. Such information is collected through cookies, webhooks, logs, advertising, and analytical techniques.
  5. Payment Information: At the point of sale, payment card information will be taken to facilitate purchases. Genehabit does not store card information; instead, our third-party card processing provider handles it.

How do we use this information?

We use the personal information you give us in ways that are compliant with this privacy statement and for the primary purposes for which they were acquired. Any personal information you voluntarily provide to us, whether verbally or in writing, will be processed for one or more of the following purposes:

To fulfill our duties under the terms of the agreement that would have been entered into between you and GeneHabit, as well as to give you the Service for which you would have signed up. You will be informed in advance if the data is used for a purpose other than what was intended. When we transfer your data outside of the EEA or UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission, ensuring that your data is protected.

We will use the information that we collect about you for the following purposes to present, provide, and improve our Services. We primarily use your identifiers, demographic, commercial, internet, or other electronic network activity information and preferences to present and provide our Services to you. This includes the following:

  • Providing you with appropriate search results and personalized content;
  • Processing your purchases;
  • Verifying your identity;
  • Recognize you when you return to our Services;
  • Providing you notices about your account;
  • Notifying you about updates or changes to our Services or any DNA Product Partner or other third-party services we offer or provide through our platform.
  • We provide you with information or services that you otherwise request from us.

To improve our Services or to develop and provide new products and services, we may use your self-reported Information, identifiers, demographic information, biomarker information, commercial information, and internet or other electronic network activity information and preferences as follows:

  • To track your usage of our Services;
  • To administer a survey;
  • To perform quality control and quality improvement activities;
  • To develop new products and services;
  • To conduct data analysis about users of our Services, our audience size, and usage trends;
  • To conduct marketing campaigns and targeted online advertising, and to monitor the success of our marketing activities.

Brand Promotion and Advertising

We may communicate with you from time to time about our products, brands, services, new products and services, discounts, new research participation, and any key information that we deem useful to you.

We may advertise to you directly or via 3rd party including social media. All such advertising will be under this privacy policy, where you have given your consent to receive such communication, based on your cookie or browser settings and in case we think it is in our legitimate interest. You may change your consent or marketing preference at any time by informing us. If you wish to withdraw your consent to receiving marketing communications, you can do so at any time by following the unsubscribe link in any marketing email or contacting us directly at [email protected].

Research and Development Activities

We may include your self-reported information and biomarker information for which you have already provided consent in research and development. We may share such information with 3rd party contractors we engage to run only the R&D activities for GeneHabit. Your information or biomarker data will not be shared with any 3rd party for any other purposes.

We will contact you to get your consent beforehand for any new research that we plan to do. We will request consent from you before including your information, and anonymized samples in any scientific publications. 

Information Disclosure

To provide the services for which you have signed up, information or data may be disclosed or shared with our employees and third parties. Your Information will not be shared or passed on to unauthorized personnel.

You confirm that you are giving your explicit consent on behalf of yourself and all other people specified in the form when you complete and send us an online form that includes information about another person. You would need to inform the other individuals of the aforementioned Privacy Policy and have also obtained their consent.

You are hereby acknowledging and accepting that GeneHabit may be required to share your data with third parties, whether those third parties are directly or indirectly related to GeneHabit, to provide the services, you require by using our services and by directly or indirectly collecting personal data. Only the methods outlined below will be used to share the data.

Transfer of information or data may include but is not limited to:

  1. Providers of services: Contractual arrangements with service providers and other third parties enable us to provide and support some of our services. We and our service providers make use of a piece of software called “cookies,” which allows us to collect data about how people use the website and services, manage them more effectively, and deliver services. To provide you with the Service, we may, for instance, disclose your information to our Third Party Agents (TPAs), virtual offices, or testing laboratories. To provide you with the Service, the company has authorized TPAs representing it in some countries. To provide the Service, the labs with which we collaborate may also have access to your data. The standard operating procedures of the laboratory dictate the subsequent storage or disposal of this data.
  2. Cross-border: We may, to provide the Service, transfer your data outside of the country to our affiliated companies, subsidiaries, service providers, and authorized third-party agents.
  3. Continuity of Operations: We reserve the right to include your data, including personal data, in the assets transferred to the acquiring or surviving company if GeneHabit enters into a sale of all or part of its assets.
  4. Disclosure of information as required by law: When required by law, a subpoena, or other legal processes, or if we believe disclosure is reasonably necessary, we may be required to disclose certain information.

Your sensitive personal information may be among the details that we may disclose under this clause. You acknowledge and agree that GeneHabit will only disclose these details if required to do so by law or if we have good reason to believe that doing so is necessary. This disclosure does not include but is not limited to the following:

  • Implement the GeneHabit Service Agreements;
  • pursuing an investigation, taking preventative measures, taking action regarding actual or suspected illegal activities, or assisting law enforcement agencies;
  • respond to allegations or claims made against GeneHabit by third parties; or safeguard the public’s safety and GeneHabit’s rights, property, or both.

We will inform you when we are required to share any information under this clause, unless we are prohibited by law or court order, and if time permits. If we think a request is inappropriate, we will challenge it and verify that it is genuine.

It is important to point out that even if the sender and the receiver of the data are in the same country, data sent via the Internet can be sent across international borders. As a result, a country with a lower level of data protection than your home country may be used to transmit your data.

Self-Directed Communication and Sharing

Through our website, apps, and social media platforms, we may offer you the opportunity to interact with other users and share your information. Please refrain from posting any information that you do not wish to be made public. You can choose which information to share in this way, including sensitive personal data like your genetic information. Under this clause, sharing information is voluntary, and you decide what you share.

Your Data Rights, Updating or Correcting Data

You may have certain rights regarding the processing of your information, subject to applicable law, including:

  • Change or Correct the Data: You may get in touch with us to change your personal information, especially if it’s wrong. In some cases, we may ask for evidence to support this request.
  • Data Deletion: You have the right to ask us to delete all or some of your personal information, especially if it is no longer necessary to provide you with the service or if you have finished using the service. However, there are some circumstances in which this may not apply, such as when a test is carried out under Legal/Chain of Custody conditions.
  • Right to Have Access to and Use of Your Data: You have the right to request a machine-readable copy of your data on file.
  • Refusal to Provide us with Your Personal Information: You have the right not to provide us your information (using this right could prevent us from giving you all the benefits of Our Site and/or Services) or express opposition to the processing of your data.

All requests will be considered based on the nature of services and commitments we have entered to store your information. You can send a data request to [email protected], via the Contact Us form on our website or write to us at any of our offices to request information, modifications, or deletion of your data. We will process your request for modifications, and delete or amend your information after we successfully your identity within 30 days of your request.

Data Security, Retention, and Storage Policy

To ensure confidentiality, samples are also bar-coded to ensure that only you will have access to both your personal information and genetic information. Genehabit will store your bar-coded and anonymized DNA sample for up to 1 year so that you will have the opportunity to be tested for additional genetic variants as discoveries are made and the science develops. We do this so that new tests can be performed at your request without the need to collect another saliva sample and its associated costs. We retain your data only for as long as is necessary for the purposes set out in this policy, or as required by law. In certain circumstances, we may anonymize your data (so it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. However, you may have your sample destroyed by sending a written request to us. Your personal genetic information will never be disclosed to a third party without your explicit written consent to do so unless required by law.

GeneHabit uses the Secure Socket Layer (SSL) protocol to encrypt information that is transmitted over the Internet. This technology uses 256-bit encryption, which ensures that confidential information cannot be viewed, intercepted, or altered. To the best of our ability, we have taken all necessary precautions to safeguard your data. To safeguard your data, we have implemented security rules, policies, and technical measures.

However, by agreeing to use the Service, you acknowledge that security safeguards, by their nature, are capable of being circumvented and that cannot guarantee that personally identifiable information about you will not be accessed by unauthorized people who can overcome such safeguards, including actions aimed at accessing information over the Internet.

You should be careful about sharing the results of your Report and any related information. Genetic information that you share with others may be used against your interests. You may wish to seek legal advice to understand the extent of the legal protection of your genetic information before you share it with anybody. Genetic information that you choose to share with your physician or other health care provider may become part of your medical record and may become accessible to other health care providers or insurance. If you are asked by an insurance company whether you have learned about your genetic information and you do not disclose this to them, this may be considered to be a fraud. GeneHabit cannot be responsible for any personally identifiable genetic information about you that you release on your own, or that you request or authorize us to release.

Customers can write to us to request the eradication of their genetic data from our database. In that case, GeneHabit will not be able to offer future services. If you have given explicit consent to the use of genetic or biomarker information and/or self-reported information for any product development or Research and Development purpose, it will not be removed from any ongoing or completed studies that use such Information unless you explicitly revoke your consent concerning the use of such Information for those purposes. However, we will inform anyone who received your information for research & development that you have closed your account and that the information will not be used in any new research or product development. Any Processors who will keep your information for this purpose will be informed about amendments or deletion and all processors will be recorded by us.

Any paper consent documents will be secured and retained for up to 5 years while any electronic consent documents, consent logs, or scanned consent forms, will be retained indefinitely. We will retain information related to orders, consent, and services provided to you for accounting and statutory requirements.

You may exercise any of your rights under applicable data protection laws, including the right to access, correct, delete, or object to the processing of your data. To do so, contact us at [email protected]. We will respond to your request within 30 days, subject to legal or contractual constraints.

Data Breach Notification:

In the event of a data breach that compromises your data, we will notify the relevant authorities within 72 hours and inform you promptly if your rights and freedoms are at risk, under GDPR regulations.

Data Protection Officer (DPO):

We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure compliance with GDPR and other applicable data protection laws. For any questions or concerns, you may contact our DPO at [email protected].

Payment Information

At the point of sale, payment card information will be taken to facilitate purchases. Genehabit does not store card information; instead, our third-party card processing provider handles it. Our third-party payment processors receive that data directly, and their privacy policies govern how they use your personal information. The PCI Security Standards Council, a partnership of Visa, Mastercard, American Express, and Discover, oversees these payment processors’ compliances with PCI-DSS standards. The PCI-DSS requirements ensure that payment information is handled securely.

The payment processors we engage:

Strip Secure Payment Gateway – read their privacy policy at https://stripe.com/gb/privacy

Privacy Policy Changes

GeneHabit may update our privacy and security policies and practices from time to time. We will continue to use commercially reasonable safeguards against unauthorized disclosure of or access to your genetic data or other personally identifiable information about you. We’ll let you know about those changes by either contacting you via email or another means of communication, such as on a different website feature or page.

How can you get in touch with us with queries?

Please contact our Data Protection Officer at [email protected] if you have any inquiries regarding GeneHabit’s handling of your information or wish to request access to or deletion of your information.

You can contact [email protected] or send us a letter at our registered office address if you are dissatisfied with the way GeneHabit handles your information or would like to provide any other feedback regarding your experience with us.

Different countries may have rights by law in addition to those mentioned above, you may want to refer to your local privacy and data rights organization for further assistance. You may contact your local regulatory authority in case if you are not happy with GeneHabit’s handling of your private data.