This Privacy Information is given by Dante Labs Inc., with registered office at 16192 Coastal Highway, Lewes, Delaware 19958, hereinafter “Dante Labs”) in the capacity of Data Controller, pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafther “Regulation”), with the intent to explain to you which are the purposes and means of processing your personal data.
Personal Data Categories
Dante Labs will process some of your personal information, including – but not limited to – your name, mailing address, e-mail address, telephone number and payment and invoicing information.
You are required to fill in with your personal data the fields flagged as obligatory in order to enable the performance of the contract, otherwise Dante Labs will not be able to accept and process your order.
Whenever you send us a biological sample after the purchase of the appropriate test, the analysis of such sample will be carried out by Dante Labs S.r.l., that will process your personal data accordingly with this specific Privacy Information.
Purposes and lawful basis for processing personal data
We will process your personal data in order to enable you to activate and access a customer account in the website www.Dante Labs.com (hereinafter the “Website”) and/or to purchase our services through our Website. Personal data are processed, thus, to adequately perform the contract, pursuant Art. 6 (1)(b) from the Regulation, as well in order to comply with tax and accounting obligations, pursuant Art. 6(1)(c) of the Regulation.
Based on your consent, Dante Labs can, furthermore, process your e-mail address to send you newsletters and marketing communications. You are entitle to withdraw your consent by anytime writing to email@example.com.
Means of data processing
Your personal data shall be processed both by manual and electronic means, subjected to the Regulation provisions or other applicable national laws, which includes any provisions from the competent Supervisory Authority for the protection of personal data.
Duration of processing activities and data retention period
Your personal data will be processed for the strictly necessary time for the provision of the requested services; whenever you activate a personal account on the Website, your personal data will be processed until you terminate that account. Your data will be yet retained for the following 10 years solely to comply with legal obligations and to eventually safeguard Dante Labs rights.
Third parties categories
Dante Labs can rely on third parties for some types of data processing. In that case, these parties will be nominated Data Processors, pursuant to Art. 28 of the Regulation, and will receive the proper operative instructions, especially regarding the adoption of appropriate security measures, to guarantee data security and data confidentiality. Data subjects may require to Dante Labs a list of Data Processors writing to firstname.lastname@example.org.
Data transfer to countries outside the European Economic Area
Dante Labs suppliers, responsible for the execution of activities related to the services you requested, may transfer your personal data to countries located outside the European Economic Area. The data transfer is regulated by standard contractual clauses adopted by the European Commission or with due regard for any other warranties provided for by the Regulation.
Data subjects rights
We inform you that, as data subject, you are entitled to exercise the rights under Articles 15, 16, 17, 18, 19, 20, 21, 22, 23 of the Regulation writing to our e-mail address email@example.com
Among other things, you may:
- ask and obtain information about whether or not Dante Labs is holding any of your personal data or whether or not your personal data are being processed and, in this case, you may have access to them;
- ask and obtain a copy of your personal data that are processed by automated means in a structured, commonly used and machine-readable format; you can also claim the right to transmit those data to another controller;
- ask and obtain the alteration and/or rectification of your personal data when you consider them to be inaccurate or incomplete;
- ask and obtain the erasure – and/or a processing restriction – of your personal data whenever they are not necessary – or no longer necessary – to fulfil the purposes for which they were collected, hence upon expiry of the retention period.
Please note that you can lodge a complaint with the supervisory authority whenever your personal data are unlawfully processed.
Please be advised that Dante Labs has designated Dante Labs S.r.l., with registered office in Tecnpopolo D’Abruzzo, Strada Statale 17, Loc. Boschetto di Pile, L’Aquila, 67100 AQ, Italy, as its representative inside the European Union, pursuant to Art. 27 of the Regulation.
Information We Collect
We generally collect the following information:
- Information you share directly with us. We collect and process your information when you place an order, create an account, register your Dante Labs' kit, complete research surveys, post on our Forums/Blogs or use other messaging features, and contact Customer Care. This information can generally be categorized as Registration Information, Self-Reported Information, and/or User Content.
- Information from our DNA testing services. With your consent, we extract your DNA from your saliva sample and analyze it to produce your Genetic Information ( in order to provide you with Dante Labs' reports.
How We Use Information
We generally process Personal Information for the following reasons:
- To provide our Services. We process Personal Information in order to provide our Service, which includes processing payments, shipping kits to customers, creating customer accounts and authenticating logins, analyzing saliva samples and DNA, and delivering results.
- To analyze and improve our Services. We constantly work to improve and provide new reports, tools, and Services. For example, we are constantly working to improve our ability to generate customized reports based on virtual gene panel. We may also need to fix bugs or issues, analyze use of our website to improve the customer experience or assess our marketing campaigns.
- For Dante Labs' Research, with your consent. If you choose to consent to participate in Dante Labs' Research, Dante Labs' researchers can include your de-identified Genetic Information and Self-Reported Information in a large pool of customer data for analyses aimed at making scientific discoveries.
Control: Your Choices
Dante Labs gives you the ability to share information in a variety of ways. You choose:
- To store or discard your saliva sample after it has been analyzed.
- To store or discard your genetic reports after they have been delivered.
- Which health report condition(s) you view and/or opt-in to view.
- When and with whom you share your information, including friends, family members, health care professionals, or other individuals outside our Services, including through third party services that accept Dante Labs' data and social networks.
- To give or decline consent for Dante Labs' Research. By agreeing to the Research Consent Document, Individual Data Sharing Consent Document, or participating in a Dante Labs' Research Community you can give consent for the use of your data for scientific research purposes.
- To delete your Dante Labs' account and data, at any time.
Access To Your Information
Your Personal Information may be shared information in the following ways:
- With our service providers, including our sequencing laboratory, as necessary for them to provide their services to us.
- With research collaborators, only if you have given your explicit consent.
Dante Labs will not sell, lease, or rent your individual-level information to any third party or to a third party for research purposes without your explicit consent.
- We do not share customer data with any public databases.
- We will not provide any person's data (genetic or non-genetic) to an insurance company or employer.
- We will not provide information to law enforcement or regulatory authorities unless required by law to comply with a valid court order, subpoena, or search warrant for genetic or Personal Information.
How We Secure Information
Dante Labs implements measures and systems to ensure confidentiality, integrity, and availability of Dante Labs data.
- De-identification/Pseudonymization, encryption, and data segmentation. Registration Information is stripped from Sensitive Information, including genetic and phenotypic data. This data is then assigned a random ID so the person who provided the data cannot reasonably be identified. Dante Labs uses industry standard security measures to encrypt sensitive personal data both when it is stored (data-at-rest) and when it is being transmitted (data-in-flight). Additionally, data are segmented across logical database systems to further prevent re-identifiability.
- Limiting access to essential personnel. We limit access of information to authorized personnel, based on job function and role. Dante Labs access controls include multi-factor authentication, single sign-on, and a strict least-privileged authorization policy.
- Detecting threats and managing vulnerabilities. Dante Labs uses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our build pipeline and regularly engage third party security experts to conduct penetration tests.
Risks and Considerations
There may be some consequences of using Dante Labs Services that you haven't considered.
- You may discover things about yourself and/or your family members that may be upsetting or cause anxiety and that you may not have the ability to control or change.
- In the event of a data breach it is possible that your data could be associated with your identity, which could be used against your interests.
Full Privacy Statement
This Privacy Statement applies to all websites owned and operated by Dante Labs, Inc ("Dante Labs"), including www.dantelabs.com, and any other websites, pages, features, or content we own or operate, and to your use of the mobile version of Dante Labs website and any related Services. Our Privacy Statement is designed to help you better understand how we collect, use, store, process, and transfer your information when using our Services.
Please carefully review this Privacy Statement and our Terms of Service. By using our Services, you acknowledge all of the policies and procedures described in the foregoing documents. If you do not agree with or you are not comfortable with any aspect of this Privacy Statement or our Terms of Service you should immediately discontinue use of our Services.
- Key Definitions
- Information we collect
- How we use your information
- Information we share with third parties
- Your choices
- Security Measures
- Children's Privacy
- Linked Websites
- Information for Customers in Designated Countries
- Changes to this Privacy Statement
- Contact information
- Key Definitions
- Aggregate Information: information that has been combined with that of other users and analyzed or evaluated as a whole, such that no specific individual may be reasonably identified.
- De-identified Information: information that has been stripped of your Registration Information (e.g., your name and contact information) and other identifying data such that you cannot reasonably be identified as an individual, also known as pseudonymized information.
- Individual-level Information: information about a single individual's genotypes, diseases or other traits/characteristics, but which is not necessarily tied to Registration Information.
- Personal Information: information that can be used to identify you, either alone or in combination with other information. Dante Labs collects and stores the following types of Personal Information:
- i) Registration Information: information you provide about yourself when registering for and/or purchasing our Services (e.g. name, email, address, user ID and password, and payment information).
- ii) Genetic Information: information regarding your genotypes, generated through processing of your saliva by Dante Labs or by its contractors, successors, or assignees; or otherwise processed by and/or contributed to Dante Labs.
iii) Self-Reported Information: information you provide directly to us, including your disease conditions, other health-related information, personal traits, ethnicity, family history, and other information that you enter into surveys, forms, or features while signed in to your Dante Labsaccount.
- iv) Sensitive Information: information about your health, Genetic Information, and certain Self-Reported Information such as racial and ethnic origin, sexual orientation, and political affiliation.
- v) User Content: all information, data, text, software, music, audio, photographs, graphics, video, messages, or other materials - other than Genetic Information and Self-Reported Information-generated by users of Dante LabsServices and transmitted, whether publicly or privately, to or through Dante Labs.
- vi) Web-Behavior Information: information on how you use Dante LabsServices collected through log files, cookies, web beacons, and similar technologies, (e.g., browser type, domains, page views).
- Information we collect
- Information you provide directly to us
- i) Registration Information. When you purchase our Services or create a Dante Labs account and register your kit, we collect Personal Information, such as your name, date of birth, billing and shipping address, payment information (e.g., credit card) and contact information (e.g. email, phone number and license number).
- ii) Self-Reported Information. You have the option to provide us with additional information about yourself through surveys, forms, features and applications. For example, you may provide us with information about your personal traits (e.g., eye color, height), ethnicity, disease conditions (e.g. Type 2 Diabetes), other health-related information (e.g. pulse rate, cholesterol levels, visual acuity), and family history information (e.g. information similar to the foregoing about your family members). Before you disclose information about a family member, you should make sure you have permission from the family member to do so.
iii) User Content. Some of our Services allow you to create and post or upload content, such as data, text, software, music, audio, photographs, graphics, video, messages, or other materials that you create or provide to us through either a public or private transmission ("User Content"). For example, User Content includes any discussions, posts, or messages you send on Dante Labs's Forums.
- iv) Blogs and Forums. Our website offers publicly accessible blogs. Additionally, Dante Labs customers may participate in our online Forums. You should be aware that any information you provide or post in these areas may be read, collected, and used by others who access them. To request that we remove or de-identify your Personal Information from our blog or Forums, contact us at firstname.lastname@example.org. Please note that whenever you post something publicly, it may sometimes be impossible to remove all instances of the posted information, for example, if someone has taken a screenshot of your posting. Please exercise caution before choosing to share Personal Information publicly on our blogs, Forums or in any other posting. You may be required to register with a third party application to post a comment. To learn how the third party application uses your information, please review the third party's privacy statement.
- v) Social media features and widgets. Our Services include Social Media Features, such as the Facebook "Like" or "Share" button and widgets ("Features"). These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. They may also allow third-party social media services to provide us information about you, including your name, email address, and other contact information. The information we receive is dependent upon your privacy settings with the social network. Features are either hosted by a third-party or hosted directly on our site. Your interactions with these Features are governed by the privacy statements of the third party companies providing them. You should always review and, if necessary, adjust your privacy settings on third party websites and services before linking or connecting them to our website or Service.
- vi) Referral information and sharing. When you refer a person to Dante Labs or choose to share your Dante Labs results with another person, we will ask for that person's email address. We will use their email address solely, as applicable, to make the referral or to communicate your sharing request to them, and we will let your contact know that you requested the communication. By participating in a referral program or by choosing to share information with another person, you confirm that the person has given you consent for Dante Labs to communicate (e.g., via email) with him or her. The person you referred may contact us at email@example.com to request that we remove this information from our database.
vii) Gifts. If you provide us with Personal Information about others, or if others give us your information, for the purpose of ordering the Service as a gift, we will only use that information for the specific reason for which it was provided to us. Once a gift recipient registers for his or her Services and agrees to our Privacy Statement, our Terms of Service, and if applicable, certain Consent Documents, his or her Personal Information will be used in manners consistent with this Privacy Statement, and will not be shared with the purchaser, unless they independently choose to share their own Personal Information through the Services with the purchaser.
viii) Customer service. When you contact Customer Care or correspond with us about our Service, we collect information to: track and respond to your inquiry; investigate any breach of our Terms of Service, Privacy Statement or applicable laws or regulations; and analyze and improve our Services.
- Information related to our genetic testing services
- i) Saliva sample and biobanking. To use our genetic testing services, you must purchase, or receive as a gift, a Dante Labs Personal Genetic Service testing kit, create an online account and register your kit, and ship your saliva sample to our in-house laboratory in Italy. Our laboratory will extract your DNA from your saliva sample for analysis. During kit registration you are asked to review our Consent Document for Sample Storage and Additional Genetic Analyses. Unless you consent to sample storage ("Biobanking") and additional analyses, your saliva sample and DNA are destroyed after the laboratory completes its work, subject to the laboratory's legal and regulatory requirements. You can update your sample storage preference to discard a stored sample within your Account Settings once your sample has completed processing.
- ii) Genetic Information. Information regarding your genotype, your Genetic Information, is generated when we analyze and process your saliva sample, or when you otherwise contribute or access your Genetic Information through our Services. Genetic Information includes the Dante Labs results reported to you as part of our Services, and may be used for other purposes.
- i) help us recognize you when you use our Services;
- ii) customize and improve your experience;
iii) provide security;
- iv) analyze usage of our Services (such as to analyze your interactions with the results, reports, and other features of the Service);
- v) gather demographic information about our user base;
- vi) offer our Services to you;
vii) monitor the success of marketing programs; and
serve targeted advertising on our site and on other sites around the Internet.
We may receive reports based on the use of these technologies from third party service providers as de-identified, Individual-level Information or as Aggregate Information (as described in section 4.c). We and our third party service providers do not use your Sensitive Information, such as Genetic Information and Self-Reported Information, for targeted advertising.
Google Analytics. Google Analytics is used to perform many of the tasks listed above. We use the User-ID feature of Google Analytics to combine behavioral information across devices and sessions (including authenticated and unauthenticated sessions). We have enabled the following Google Analytics Advertising features: Remarketing, Google Display Network Impression Reporting, Google Analytics Demographics and Interest Reporting, and DoubleClick Campaign Manager integration. We do not merge information collected through any Google advertising product with individual-level information collected elsewhere by our Service. Learn more about how Google collects and uses data here. To opt out of Google Analytics Advertising Features please use Google Ad Settings. To opt out of Google Analytics entirely please use this link.
- Other Types of Information. We continuously work to enhance our Services with new products, applications and features that may result in the collection of new and different types of information. We will update our Privacy Statement and/or obtain your prior consent to new processing, as needed.
- How we use your information
Dante Labs will use and share your Personal Information with third parties only in the ways that are described in this Privacy Statement.
- To provide you with Services and analyze and improve our Services. We use the information described above in Section 2 to operate, provide, analyze and improve our Services. These activities may include, among other things, using your information in a manner consistent with this Privacy Statement to:
- i) open your account, enable purchases and process payments, communicate with you, and implement your requests (e.g., referrals);
- ii) enable and enhance your use of our website and mobile application(s), including authentication your visits, providing personalized content and information, and tracking your usage of our Services;
iii) contact you about your account, and any relevant information about our Services (e.g. policy changes, security updates or issues, etc.);
- iv) enforce our Terms of Service and other agreements;
- v) monitor, detect, investigate and prevent prohibited or illegal behaviors on our Services, to combat spam and other security risks; and
- vi) perform research & development activities, which may include, for example, conducting data analysis and research in order to develop new or improve existing products and services, and performing quality control activities.
For individuals located in the European Economic Area ("EEA"), United Kingdom, or Switzerland (collectively the "Designated Countries"): We process your Personal Information in this way to provide our Services to you in accordance with our Terms of Service.
- To process, analyze and deliver your genetic testing results. As described above, to receive results through the Personal Genetic Service, you must create a Dante Labs account, register your kit, and submit your saliva sample to our contracted sequencing laboratory, which processes and analyzes your sample to provide us with your raw Genetic Information. Once we receive your raw Genetic Information from the laboratory, we further analyze it to provide you with our health and/or ancestry reports, dependent on the Service purchased. Dante Labs continuously works to improve our Services based on our research and product development, and genetic associations identified in scientific literature. If you are eligible to receive additional reports or updates in the future, you may be notified of or may directly access these updates.
For individuals located in the Designated Countries: Our legal basis for processing your Sensitive Information for the purposes described above is based on your consent. You may withdraw your consent at any time by deleting your Account via your Account Settings, however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
- To allow you to share your Personal Information for Dante Labs Research purposes. You have the choice to participate in Dante Labs Research by providing your consent. "Dante Labs Research" refers to research aimed at publication in peer-reviewed journals and other research funded by the federal government (such as the National Institutes of Health - NIH) conducted by Dante Labs. Dante Labs Research may be sponsored by, conducted on behalf of, or in collaboration with third parties, such as non-profit foundations, academic institutions or pharmaceutical companies. Dante Labs Research may study a specific group or population, identify potential areas or targets for therapeutics development, conduct or support the development of drugs, diagnostics or devices to diagnose, predict or treat medical or other health conditions, work with public, private and/or non-profit entities on genetic research initiatives, or otherwise create, commercialize, and apply this new knowledge to improve health care. Dante Labs Research uses Aggregate and/or Individual-level Genetic Information and Self-Reported Information as specified in the appropriate Consent Document(s), as explained in greater detail below. Your De-identified Genetic and Self-Reported Information may be used for Dante Labs Research only if you have consented to this use by completing a Consent Document. If you have completed the Main Research Consent Document:
- i) Your Genetic Information and/or Self-Reported Information will be used for research purposes, but it will be de-identified and will not be linked to your Registration Information.
- ii) Dante Labs may use individual-level Genetic Information and Self-Reported Information internally at Dante Labs for research purposes.
iii) Dante Labs may share summary statistics, which do not identify any particular individual or contain individual-level information, with our qualified research collaborators.
If you have completed the Individual Level Data Sharing Consent, or additional consent agreement, in addition to the uses above under the Main Consent Document, Dante Labsmay share De-identified Individual-level Genetic Information and Self-Reported Information with select third party research collaborators for Dante LabsResearch purposes.
Withdrawing your Consent. You may withdraw your consent to participate in Dante Labs Research at any time by contacting Dante Labs at the email address: firstname.lastname@example.org. Dante Labs will not include your Genetic Information or Self-Reported Information in studies that start more than 30 days after you withdraw (it may take up to 30 days to withdraw your information after you withdraw your consent). Any research involving your data that has already been performed or published prior to your withdrawal from Dante Labs Research will not be reversed, undone, or withdrawn.
- To recruit you for external research. Research is an important aspect of Dante Labs's Services and we want to ensure interested participants are aware of additional opportunities to contribute to interesting, novel scientific research conducted by academic institutions, healthcare organizations, pharmaceutical companies, and other groups. If you have chosen to participate in Dante Labs Research, from time to time we may inform you of third party research opportunities for which you may be eligible. For example, if a university tells us about a new cancer research project, we may send an email to Dante Labs research participants who potentially fit the relevant eligibility criteria based on their Self-Reported Information to make them aware of the research project and provide a link to participate with the research organization conducting the study. However we will not share Individual-level Genetic Information or Self-Reported Information with any third party without your consent. If you do not wish to receive these notifications, you can manage them by editing your preferences in your Account Settings.
- To provide customer support. When you contact Customer Care, we may use or request Personal Information, including Sensitive Information, as necessary to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints. In some instances, we may be required to process one customer's Personal Information to resolve another customer's dispute or request. For example, if a customer reports behavior that violates our Terms of Service, we will separately process both customers' Personal Information and respond separately to each individual as appropriate. We will not share your Personal Information with another customer without your consent.
- To conduct surveys or polls, and obtain testimonials. We value your feedback and may send you surveys, polls, or requests for testimonials to improve and optimize our Services. You are in control of the information you would like to share with us. If you do not wish to receive these requests, you can manage them in your Account Settings.
- To provide you with marketing communications
By creating a Dante Labsaccount, you are agreeing that we may send you product and promotional emails or notifications about our Services, and offers on new products, services, promotions or contests. You can unsubscribe from receiving these marketing communications at any time. To unsubscribe, click the email footer "unsubscribe" link or go to the "Preferences" section of your Account Settings to edit your email notification preferences. You may not opt-out of receiving non-promotional messages regarding your account, such as technical notices, purchase confirmations, or Service-related emails.
- Information we share with third parties
- General service providers. We share the information described above in Section 2 with our third party service providers, as necessary for them to provide their services to us and help us perform our contract with you. Service providers are third parties (other companies or individuals) that help us to provide, analyze and improve our Services. While Dante Labs directly conducts the majority of data processing activities required to provide our Services to you, we engage some third party service providers to assist in supporting our Services, including in the following areas:
- Order fulfillment and shipping. Our payment processor processes certain Registration Information, such as your billing address and credit card information, as necessary to enable you to purchase a Dante Labskit from the Dante Labs.com online store. Our distribution centers ship your kit(s) to you, and in some cases help return your kit safely to our in-house laboratory so your sample can be processed.
- Customer Care support. Our Customer Care team uses a number of tools to help organize and manage the requests we receive. These tools help to ensure we provide timely, high quality support.
- Cloud storage, IT, and Security. Our cloud storage providers provide secure storage for information in Dante Labs databases, ensure that our infrastructure can support continued use of our Services by Dante Labs customers, and protect data in the event of a natural disaster or other disruption to the Service. Our IT and security providers assist with intrusion detection and prevention measures to stop any potential attacks against our networks. We have these third party experts perform regular penetration tests and periodically audit Dante Labs's security controls.
- Marketing and analytics. When you use our Services, including our website or mobile app(s), our third party service providers may collect Web-Behavior Information about your visit, such as the links you clicked on, the duration of your visit, and the URLs you visited. This information can help us improve site navigability and assess our Marketing campaigns. Per applicable data protection regulations, our EU, UK, and International websites present visitors with a cookie opt in to allow the processing described above via Functionality and Advertising Cookies.
NOTE: Our service providers act on Dante Labs's behalf. We implement procedures and maintain contractual terms with each service provider to protect the confidentiality and security of your information. However, we cannot guarantee the confidentiality and security of your information due to the inherent risks associated with storing and transmitting data electronically.
- Aggregate information. We may share Aggregate Information, which is information that has been stripped of your name and contact information and combined with information of others so that you cannot reasonably be identified as an individual, with third parties. This Information is different from "Individual-level" information and is not Personal Information because it does not identify any particular individual or disclose any particular individual's data. For example, Aggregate Information may include a statement that "30% of our female users share a particular genetic trait," without providing any data or testing results specific to any individual user. In contrast, Individual-level Genetic Information or Self-Reported Information consists of data about a single individual's genotypes, diseases or other traits/characteristics information and could reveal whether a specific user has a particular genetic trait, or consist of all of the Genetic Information about that user. Dante Labswill ask for your consent to share Individual-level Genetic Information or Self-Reported Information with any third party, other than our service providers as necessary for us to provide the Services to you.
- Information we share with commonly owned entities. We may share some or all of your Personal Information with other companies under common ownership or control of Dante Labs, which may include our subsidiaries, our corporate parent, or any other subsidiaries owned by our corporate parent in order to provide you better service and improve user experience. Generally, sharing such information is necessary for us to perform on our contract with you. We may provide additional notice and ask for your prior consent if we wish to share your Personal Information with our commonly owned entities in a materially different way than discussed in this Privacy Statement.
- As required by law. Under certain circumstances your Personal Information may be subject to processing pursuant to laws, regulations, judicial or other government subpoenas, warrants, or orders. For example, we may be required to disclose Personal Information in coordination with regulatory authorities in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Dante Lab swill preserve and disclose any and all information to law enforcement agencies or others if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (a) comply with legal or regulatory process (such as a judicial proceeding, court order, or government inquiry) or obligations that Dante Labs may owe pursuant to ethical and other professional rules, laws, and regulations; (b) enforce the Dante Labs Terms of Service and other policies; (c) respond to claims that any content violates the rights of third parties; or (d) protect the rights, property, or personal safety of Dante Labs, its employees, its users, its clients, and the public. View our Transparency Report for more information.
NOTE: If you are participating in Dante Labs Research, Dante Labs will withhold disclosure of your Personal Information involved in such Research in response to judicial or other government subpoenas, warrants or orders in accordance with any applicable Certificate of Confidentiality that Dante Labs has obtained from the National Institutes of Health (NIH). There are limits to what the Certificate of Confidentiality covers so please visit the Certificates of Confidentiality Kiosk.
- Business transactions. In the event that Dante Labs goes through a business transition such as a merger, acquisition by another company, or sale of all or a portion of its assets your Personal Information will likely be among the assets transferred. In such a case, your information would remain subject to the promises made in any pre-existing Privacy Statement.
- Your choices
- Access to your account. We provide access to your Dante Labs data within your Dante Labs account. You can access and download data processed by Dante Labs within your Account Settings and within applicable Reports, Tools, and features. If you lose access to your Dante Labs account or account email address, please contact Customer Care for assistance. If you lose access to your Dante Labs account, in certain circumstances, we may require that you submit additional information sufficient to verify your identity before providing access or otherwise releasing information to you. If you choose not to submit the required documentation, or the information provided is not sufficient for the purposes sought, Dante Labs will not be able to sufficiently verify your identity in order to complete your request. You may access, correct or update most of your Registration Information on your own within your Account Settings. You may also review and update your consent to Dante Labs Research and Biobanking. You may be able to correct Self-Reported Information entered into a survey, form, or feature within your account, such as on the surveys page, by contacting Dante Labs at email@example.com.
- Marketing communications. As noted in Section 3.h. you may be asked to opt-in to receive product and promotional emails or notifications when creating your Dante Labs account depending on where you are located. Otherwise, you may view or update your email notification preferences by visiting your Account Settings or by contacting our Privacy Administrator at firstname.lastname@example.org. You can also click the "unsubscribe" button at the bottom of promotional email communications.
- Account deletion. If you no longer wish to participate in our Services, or no longer wish to have your Personal Information be processed, you may contact Dante Labs at email@example.com.
- Security measures
Dante Labs takes seriously the trust you place in us. Dante Labs implements physical, technical, and administrative measures to prevent unauthorized access to or disclosure of your information, to maintain data accuracy, to ensure the appropriate use of information, and otherwise safeguard your Personal Information.
- Dante Labs produces secure applications by design. Dante Labs incorporates explicit security reviews in the software development lifecycle, quality assurance testing and operational deployment.
- De-identification/Pseudonymization. Registration Information is stripped from Sensitive Information, including Genetic and Self-Reported Information. This data is then assigned a randomly generated ID so an individual cannot reasonably be identified.
- Encryption. Dante Labs uses industry standard security measures to encrypt Sensitive Information both at rest and in transit.
- Separation of Environments. Dante Labsensures processing, production, and research environments are separated and access is restricted. Data, including Registration Information, Genetic Information, and Self-Reported Information are segmented across logical database systems to further prevent re-identifiability.
- Limiting access to essential personnel. We limit access to Personal Information to authorized personnel, based on job function and role. Dante Labs access controls include multi-factor authentication, single sign-on, and strict least-privileged authorization policy.
- Detecting threats and managing vulnerabilities. Dante Lab suses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our processes and regularly engage third party security experts to conduct penetration tests.
- Incident Management. Dante Labs maintains a formal incident management program designed to ensure the secure, continuous delivery of its Services. Dante Labs has implemented an incident management program using industry best practices, including guidance from the National Institute of Standards and Technology (NIST).
- Managing third party service providers. Dante Labs requires service providers to implement and maintain accepted industry standard administrative, physical and technical safeguards to protect Personal Information.
Your Responsibility. Please recognize that protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party and should immediately notify Dante Labs of any unauthorized use of your password. Dante Labs cannot secure Personal Information that you release on your own or that you request us to release.
- Children's privacy
Dante Labs is committed to protecting the privacy of children as well as adults. Neither Dante Labs nor any of its Services are designed for, intended to attract, or directed toward children under the age of 18. A parent or guardian, however, may collect a saliva sample from, create an account for, and provide information related to, his or her child who is under the age of 18. The parent or guardian assumes full responsibility for ensuring that the information that he/she provides to Dante Labs about his or her child is kept secure and that the information submitted is accurate.
- Linked websites
Dante Labs provides links to third party websites operated by organizations not affiliated with Dante Labs. Dante Labs does not disclose your information to organizations operating such linked third party websites. Dante Labs does not review or endorse, and is not responsible for, the privacy practices of these organizations. We encourage you to read the privacy statements of each and every website that you visit. This Privacy Statement applies solely to information collected by Dante Labsand our service providers on our behalf.
- Information for Customers in Designated Countries
Section 9 only applies to individuals located in the European Economic Area ("EEA"), United Kingdom, or Switzerland (the "Designated Countries").
- Privacy Shield
Dante Labs participates in and has certified its compliance with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union (EU), European Economic Area (EEA), and Switzerland to the United States, respectively. Dante Labsis committed to subjecting all Personal Information received from the EU member countries, EEA and Switzerland, in reliance on the Privacy Shield Frameworks, to the Framework's applicable Principles. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit U.S. Department of Commerce's Privacy Shield List.
Dante Labs is responsible for the processing of Personal Information it receives, under the Privacy Shield Frameworks, or subsequently transfers to a third party acting as an agent on its behalf. Dante Labs complies with the Privacy Shield Principles for all onward transfers of Personal Information from the EU, EEA and Switzerland, including the onward transfer liability provisions.
With respect to Personal Information received or transferred pursuant to the Privacy Shield Frameworks, Dante Labs is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Dante Labs may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- GDPR: We're committed to complying with the EU's new data protection law, referred to as the GDPR. The GDPR applies to virtually all organisations, including Dante Labs, that process the personal data of EU residents through services offered to them, regardless of whether the organization is physically based in the EU. The GDPR applies to Dante Labs because we market and provide the Personal Genetic Service in EU Member States on Dante Labs European website. Dante Labs is committed to GDPR compliance through our robust data privacy and security protections. Privacy statement, terms of service, research consent document, sample storage consent document and frequently asked questions all provide information meant to help you understand our practices. If you have questions, please contact us at firstname.lastname@example.org. Particularly:
- Dante Labs is committed to being transparent about the kinds of information we collect, the reasons we collect it, and how it is used;
- Dante Labs generally processes personal data for the following purposes:
- Complete kit purchase(s).
- Create an account and register a kit(s) to that account.
- Market and advertise our products and promotions.
- Perform website maintenance, usage, and analytics, as well as network and infrastructure security.
- We generally process sensitive personal information, including genetic information, and other personal information in order to:
- Process customers' sample at our contracted lab.
- Compute and populate customers' reports.
- Maintain and develop account's tools, features, and functionality.
- Participate in Dante Labs Research.
- Assist customers through our Customer Care channel.
- Accessing, downloading, and deleting customers' personal data. At its core, the GDPR is about enabling individuals to find out what personal data we hold about them, why we hold it, and who we disclose it to.
- Dante Labs customers can access and download their own data from within your account. Specifically, they can:
- Access and download Dante Labs reports, genetic data, self-reported survey data, and other personal data at any time within your account.
- Request a copy of personal data processed by Dante Labs' third party service providers. We work with these third party service providers to provide, analyze, and improve our Service.
- Dante Labs' customers can delete their own Dante Labs account and data from within their account settings at any time. Once customers submit and confirm their request, Dante Labs will delete data. Data deletion is permanent and cannot be canceled, undone, withdrawn, or reversed.
- Dante Labs customers in the EU have additional rights under the GDPR, including:
- the right to object to the processing of their personal data, restrict the processing of their personal data, and to rectify inaccurate or incomplete personal data. While there is no general right to object to the processing of personal data under the GDPR, you have the right to object to:
- The processing of personal data for direct marketing purposes;
- The processing of personal data for purposes of scientific research and statistics;
- The processing of personal data based on legitimate interests. Dante Labs has implemented tools to ensure you can effectuate your right to object in these circumstance in various ways. Learn more about your right to object below.
Managing third party service providers. Dante Labs directly conducts the majority of data processing activities required to provide our Report to customers. However, Dante Labs does engage some third party service providers to assist in supporting these Services, including in the following areas:
- Our in-house sequencing lab.
- Customer Care Cloud storage.
- Marketing and analytics.
- IT and Security
Dante Labs; rigorous selection process ensures each third party service provider complies with the GDPR and can deliver the appropriate level of security and data protection.
Under the GDPR, organizations that collect and store personal data must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with processing personal data. Dante Labs uses industry-leading organizational and technical measures to keep personal data secure:
- Security by Design. Dante Labs produces secure applications by design, by following principles such as Confidentiality, Integrity and Availability. Dante Labs incorporates explicit security reviews in the software development lifecycle, quality assurance testing and operational deployment. Dante Labs' security controls are audited on a regular basis by a third party auditor.
- Separation of Environments. Dante Labs ensures processing, production, and research environments are separated and access is restricted.
- Availability and Resilience. Dante Labs' application components are deployed in a highly redundant configuration, in geographically distributed data centers to minimize any disruption. This ensures high availability of Dante Labs services and prevents data loss of our customers' information.
- Access Controls. At Dante Labs all access is limited to authorized personnel, based on job function and roles. Dante Labs access controls include multi-factor authentication, single sign-on, and follow a strict least-privileged authorization policy by default. Dante LAbs also uses industry standard, advanced protocols for authorization to supported internal platforms and Third-Party Apps. Furthermore, access to genetic and account information is enforced through different policies and encryption keys. That means your genetic information requires additional privileges to access.
- Encryption. Dante Labs uses industry standard security measures to encrypt sensitive personal data at rest. Dante Labs also uses HTTPS by default to encrypt all data in transit.
- Monitoring and Logging. Dante Labs uses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. Monitoring and logging used at Dante Labs provides real-time monitoring, correlation and analysis of logs and alerts across virtually any system implemented.
- Vulnerability Management. Damte Labs has integrated continuous vulnerability scanning in its build pipeline. In addition, regular penetration tests are conducted by third-party security experts. Dante Labs has also established a program for users to report security-related issues associated with our web application. If you'd like to report an issue, click here. Incident Management. Dante Labs maintains a formal incident management program designed to ensure the secure, continuous delivery of its Services. We implemented our incident management program, using industry best practices, including National Institute of Standards and Technology (NIST) guidance. The incident response plans are tested regularly to ensure our teams are adequately prepared to handle any type of incident, quickly and efficiently. Security Awareness and Training. Dante Labs requires all of our employees to complete security and privacy training on an annual basis.
- Legal bases for processing Personal Information from the EU. We describe how we process your Personal Information in Sections 2 through 4 of this Privacy Statement. We may process your Personal Information if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights or safety of Dante Labs, our customers or others.
- Direct Marketing. We will obtain your consent where required to send you marketing communications using electronic means. You may withdraw your consent at any time within your Account Settings or by emailing email@example.com. We will only contact you by electronic means (email, push notification, SMS, etc.) with information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. We will only share your Personal Information with third parties for marketing purposes with your explicit consent. If you do not want us to use your Personal Information in this way, please review and update your Account Settings as necessary or contact us at firstname.lastname@example.org. You may raise such objection with regard to initial or further processing for purposes of direct marketing at any time and free of charge. The withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal. Other marketing activities will happen based on the legitimate interests of Dante Labs. E.g., where we tailor marketing communications or send targeted marketing messages via post, phone or social media and other third party platforms; and in providing existing customers with information (via email or other channels) about similar products and services.
- Privacy Rights. You can exercise your privacy rights by following the instructions below or contacting us at email@example.com. We will handle your request under applicable law. When you make a request, we may verify your identity to protect your privacy and security.
- Right to withdraw consent. To the extent Dante Labs requests and you provide your consent to the processing of your Personal Information, you can withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
- Right of access to and rectification of your Personal Information. Our site allows you to access and rectify certain Registration Information within your Account Settings, and your Self-Reported Information by going to the surveys page. You can download your raw Genetic Information within your Account Settings or by going to the applicable tool in "Tools." If you would like to access or rectify any other information, contact Customer Care and we will do our best to assist you without undue delay. We may reject part or all of your request if responding to your request could adversely affect the rights and freedoms of others.
- Right to erasure (or, "Right to be Forgotten"). As explained under Section 5.d. ("Account Deletion"), we allow our customers to delete their accounts at any time. You can request erasure of Personal Information that: (a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) was collected in relation to processing to which you previously consented, but later withdrew such consent; or (c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing. If we have made your Personal Information public and we are required to erase such Personal Information, we will take reasonable steps, including technical measures, to inform controllers that are processing any links to or copies or replications of your Personal Information of your erasure request. Our assistance with your request for erasure is subject to limitations by relevant data protection laws, available technology and the cost of implementation.
- Right to data portability. If we process your Personal Information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your Personal Information in a structured, commonly used and machine-readable format, and to have us transfer your Personal Information directly to another controller, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. A "controller" is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of your Personal Information.
- Right to restriction of our processing. You can restrict our processing of your Personal Information where one of the following applies: (a) you dispute the accuracy of Personal Information processed by Dante Labs(for a period enabling us to verify its accuracy); (b) the processing is unlawful and you oppose the erasure of the Personal Information and request the restriction of its use instead; (c) Dante Labs no longer needs the Personal Information for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims; and (d) you have objected to certain processing relying on legitimate interest, pending the verification whether Dante Labs's legitimate grounds override your rights. Restricted Personal Information shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will notify you if the restriction is lifted.
- Notification of erasure, rectification and restriction. We will provide notice to each recipient that we disclosed your Personal Information to regarding any rectification or erasure of Personal Information or restriction of processing, unless you initiated the disclosure or providing notice proves impossible or involves disproportionate effort. Upon your request, we will share the list of recipients with you.
- Right to object to processing. Where the processing of your Personal Information is based on consent, contract, or legitimate interests described under the Legal Bases for Processing heading above, you may restrict or object, at any time, to the processing of your Personal Information as permitted by applicable law. We may continue to process your Personal Information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
- Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you, except as allowed under applicable data protection laws.
- Retention of your Personal Information. Unless you make a request for us to delete your account or delete certain Personal Information (i.e., User Content, etc.), we will store your Personal Information as long as your account is open. If you request to delete your account, we will take the steps described under "Your Choices – Account Deletion" and delete all your Personal Information, unless a longer retention period is required or permitted by law.
The rights described above may be limited by local laws. Further, your right of access and deletion is not absolute and may not be available if fulfillment of such right would, among other things:
- cause interference with execution and enforcement of the law and legal private rights (such as in the case of the investigation or detection of legal claims or the right to a fair trial);
- breach or prejudice the rights of confidentiality and security of others;
- prejudice security or grievance investigations, corporate reorganizations, future and ongoing negotiations with third parties, the compliance with regulatory requirements relating to economic and financial management; or
- otherwise violate the interests of others or where the burden or cost of providing access would be disproportionate.
If you believe that we have infringed your rights, we encourage you to contact us so that we can try to address your concerns or dispute informally. Our contact information is:
Andrea Riposati, CEO and Global Privacy Officer, Dante Labs, Inc.,
16192 Coastal Highway
Lewes, Delaware 19958
Alternatively, you may contact Dante Labs's EU member representative, DPR Group, at https://www.dpr.eu.com/Dante Labs.
Dante Labs's commitment to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks entitle you to lodge a complaint via our Privacy Shield independent dispute resolution mechanism.
Dante Labs has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
As a last resort and under limited circumstances, EU, EEA and Swiss individuals with residual privacy complaints may invoke a binding arbitration option before the Privacy Shield Panel.
You also have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence, place of work, or place of alleged infringement. You can find the relevant supervisory authority name and contact details here: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en.
- Changes to this Privacy Statement
Whenever this Privacy Statement is changed in a material way, a notice will be posted as part of this Privacy Statement and on our website for 30 days. After 30 days the changes will become effective. In addition, all customers will receive an email with notification of the changes prior to the change becoming effective. Dante Labs may provide additional "just-in-time" disclosures or additional information about the data collection, use and sharing practices of specific Services. Such notices may supplement or clarify Dante Labs's privacy practices or may provide you with additional choices about how Dante Labs processes your Personal Information.
If you have questions about this Privacy Statement, or wish to submit a complaint, please email Dante Labs's Privacy Administrator at firstname.lastname@example.org, or send a letter to:
Dante Labs, Inc.
16192 Coastal Highway
Lewes, Delaware 19958
*This Privacy Statement was last updated on Nov. 24, 2019