1. Introduction
  2. What information we may collect
    1. Personal data
    2. Non-Personal data
    3. Cookies
    4. Posts that contains Personal Health Information
  3. Consent to FDNA receiving and processing information about you
  4. USES OF THE PERSONAL DATA WE COLLECT
  5. Direct marketing
  6. FDNA’s communications to you
  7. Sharing information with third parties
  8. Surveys and Polls
  9. Communications to other Users
  10. Minors
  11. Your rights and choices
  12. Your obligations
  13. Data retention
  14. How we protect your information
  15. Data Protection Officer
  16. Changes to this Privacy Policy
  17. Additional information for Users of the European Union
    1. Scope
    2. GDPR Compliance
    3. Identity and details of the Data Controller
    4. Legal basis of processing
    5. Data retention
    6. Your rights
    7. Data Protection Officer
  18. Additional information for Users of California
    1. Personal Information we collect
    2. California Privacy Rights
    3. Access to Specific Information and Data Portability Rights
    4. Deletion Request Rights
    5. Non-Discrimination
    6. Opting-Out of Sale
    7. Direct Marketing

 

I. Introduction

FDNA Inc. (“FDNA“) understands how important privacy is to our users and we are committed to protecting it. This Privacy Policy will tell you what information we collect about you and your use of the services we provided through our websites or mobile applications (“Services”). It will explain the choices you have about how your personal data is used and how we protect that information.

We recommend you to read this Privacy Policy carefully because by using our Services you agree to the collection and use of information as set forth in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use our Services.

Please note that some privacy rights and obligations may differ in certain locations based on local law, in which case FDNA will comply with the local legal requirements.

 

II. What information we may collect

a. Personal data

You are under no obligation to provide personal data but your refusal to do so may prevent you from using certain Services. FDNA may collect certain personal data about you, including without limitation, your title, name, e-mail address, occupation, specialty, affiliation to an academic or medical institution, office address, phone and fax numbers.

Personal data is collected at the following times:

  • When you register to our Services or update your profile, we ask you to provide your name, occupation, specialty, office phone, email address and password. We collect this information and use it to verify that you are a professional healthcare provider in order for our network to be comprised by trusted members from the medical community. If we are unable to verify your credentials from the information you provide at registration, you may be required to send us additional evidence to support your affiliation to an academic or medical institution or board certifications.
  • When you set up or update your network profile, you have an option to provide additional information that will be linked to your account. You can add such information by updating your profile yourself or importing such information from third party vendors. Providing such information is completely optional, but enables you to better identify yourself and communicate with your peers. All of the information that you voluntarily provide and choose to include in your profile, will be accessible to other members of our network.
  • When you invite others to join our Services, you may enter their names and email addresses, which FDNA will use to send your invitation including a message that you write.
  • When you contact customer support, we may collect information in order to, among other things, accurately categorize and respond to your inquiry and deliver appropriate service levels.
  • When you use our mobile application to locate services near you, we collect your precise geolocation data.
  • When you select to receive educational and event communications or product or other related communications.

b. Non-Personal data

In addition to the personal data we may collect, when using our Services, we may collect non-personal data about your use of our Services, including pages and screens that you view, your computer’s internet protocol (IP) addresses, your computer’s or mobile device operating system and/or browser type, the identity of your internet service provider, referring/exit pages, date/time stamp, and click-stream data (i.e., a list of pages or URLs visited). In some cases, this non-personal data may be collected automatically and stored in log files to help us analyze trends, administer the site, track users’ movements around the site, and gather demographic information about our user base as a whole. However, this information, when used together with cookies (see “cookies” below for more information) or if collected when you are logged-in, may be used to link or associate such information to your personally identifiable information.

c. Cookies

We use various cookies on our websites. A cookie is a tiny data file which resides on your computer which allows us to recognize you as a User when you return to our website using the same computer and web browser. For more information about our cookies, please see the following site.

d. Posts that contains Personal Health Information

Although our systems are designed to be Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) compliant and to comply with other privacy laws, we do not intend to collect or maintain information that would associate with a specific patient or individual. However, some information which contains Personal Health Information (“PHI”), such as facial photos, names, dates of birth and other identifiers, may be shared with us when you post data on message boards and forums, submit search queries through our Services, or when you store information on your personal account.
Thus, certain Services we provide may involve access to, and the processing of PHI. This PHI is provided to us pursuant to a business associate agreement that we have entered with our Users (practitioners, health care providers or their medical institutions) that also govern our use of PHI of their patients provided by our Users.
FDNA only uses such PHI as a “business associate” of its Users, who are “covered entities,” in accordance with any instructions or restrictions provided to FDNA by the User and in full compliance with the applicable provisions of HIPAA.
Special provisions regarding our treatment of data containing PHI, are included in our Data Sharing and Protection Policy, which is incorporated into this Privacy Policy by reference and supersedes any conflicting provisions contained herein.

WE URGE YOU TO READ OUR DATA SHARING AND PROTECTION POLICY AND SECTIONS PERTAINING TO HOW WE TREAT PHI POSTED OR UPLOADED THROUGH OUR SERVICES IN USER AGREEMENT BEFORE DOING SO. IF YOU DO NOT AGREE TO THESE TERMS, DO NOT POST ANY PHI THROUGH OUR SERVICES.
If you are a patient of a User, our use and disclosure of your PHI is governed by HIPAA and other applicable laws and the applicable documents with your provider – not by this Privacy Policy. Your provider’s collection, use, disclosure, and transfer of such PHI are governed, in turn, by the relevant provider’s terms and conditions and privacy practices between you and your provider. Please submit all requests and questions related to your PHI directly to your provider. We are not responsible for how the User treats PHI we collect on their behalf, and we recommend you review their own privacy policies.

Certain information you provide to FDNA may reveal, or allow others to identify, your nationality, ethnic origin, religion or other aspects of your private life, and more generally about you, including sensitive personal data as defined in different privacy laws. Please be aware that in providing information to FDNA for the purposes of opening your user account, you are expressly and voluntarily accepting the terms and conditions of this Privacy Policy and FDNA’s User Agreement.

The supplying of all such information by you to FDNA, including all information deemed sensitive by applicable law, is entirely voluntary on your part. You have the right to withdraw your consent at any time, in accordance with the terms of this Privacy Policy and the User Agreement, but please note that your withdrawal of consent will not be retroactive.

IV. Uses of the personal data we collect

Our Service help medical professionals to search and reference genetic syndromes, maintain their personal search history archive and facilitate easy peer communication. The information you choose to provide on our Service is used to help you describe yourself to other Users. Other information, that does not personally identify you as an individual, is collected by FDNA from Users (such as, for example, patterns of utilization) and is exclusively owned by FDNA. This information is used by us to continue to improve our Services and to perform our marketing communications.
Moreover, we use your personal data for the following additional purposes:

  • To enter into, and to perform, contracts with you or the person that you work for.
  • To provide additional Services to Users.
  • To obtain goods and Services from suppliers.
  • To manage and administer our relationships with customers, suppliers or other Users.
  • To communicate with you.
  • To respond to your query and for the purpose of further contact in this matter.
  • To advertise, market and provide information about us or our services.
  • To process your requests to participate in market researches, including polls and surveys.
  • To defend against or to make claims.
  • To fulfil legal obligations of FDNA (e.g. tax, accounting).
  • To administer our website under our terms and for internal operations, including troubleshooting, and data analysis, testing, research, statistical and survey purposes.
  • To improve our site to ensure that content is presented in the most effective manner for you and for your computer.
  • To customize your experience on our Services (for example, to build a personal search history archive and display them in the context of references to a new case).
  • To keep our website and other systems safe and secure.
  • To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising (adapted to your preferences).
  • To make suggestions and recommendations about services that may interest you or the person that you work for and subject to your stated preferences, where relevant.
  • To comply with applicable laws, such as tax laws, and to maintain appropriate records for internal administrative purposes, and to comply with applicable legal and regulatory obligations and respond to lawful government requests, as needed.
  • We may process certain personal data in order to fulfill any other business or commercial purposes at your direction or with your consent.

V. Direct Marketing

By creating an account, you are agreeing that we may send you product and promotional emails or notifications about our Services, and offers on new products, services or promotions.
You can unsubscribe from receiving these marketing communications at any time. To unsubscribe, click the email footer “unsubscribe” link or go to the preferences section of your account settings to edit your email notification preferences or send an email to dpo@fdna.com.
To opt-out of receiving website and mobile notifications, you may do so within your browser or device settings. Please note, the opt-out process differs between web browsers and mobile devices. You may not opt-out of receiving non-promotional messages regarding your account, such as technical notices, purchase confirmations, or Service-related emails.
We will only share your personal data with third parties for marketing purposes with your explicit consent. If you do not want us to use your Personal Data in this way, please review and update your account settings as necessary or contact us by sending an email to dpo@fdna.com.

VI. FDNA’s communications to you

FDNA will communicate with you through email, through notices posted on our website or mobile applications or through other means available through our Service, including mobile alerts, push notifications, text and other forms of messaging. If we send any communications to you via the carrier service with which you have a mobile communications subscription or otherwise have access, you understand you will pay any service fees associated with any such access (including text messaging charges for messages to your mobile device).

Our communications to you include emails which help us operate and improve our Services, respond to your comments and questions and provide customer service, provide and deliver products and services you request, send you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages, better understand you so that we may tailor messaging and services based on your interests, preferences, needs and specialties, send you information via email about products and services or new features, we or our selected partners offer.

By accepting the terms of this Privacy Policy, you are giving us your consent to receiving these communications. You may revoke your authorization to participate in these features of our Services at any time by sending a request to dpo@fdna.com.

VII. Sharing information with third parties

FDNA does not share any Personal data it collects with any third party, except for the following cases.

We may employ other companies or individuals to perform functions on our behalf. Examples of those service providers include analyzing data, providing marketing assistance and providing customer service. They may receive limited access to personal data needed to perform their functions, but they may not use it for other purposes.

We may use third-party software for various internal needs. Examples of those software include file storage services, analytics tools, infrastructure platforms and communication platforms.

We may segment our Users by occupation, specialty, geographic location or other similar information and provide information from your public profile as part of our Services and product offerings.

When you use the FDNA Service through our websites, newsletters, mobile apps or other medium, you may be presented with advertisements or opportunities to engage in informational programs consisting of sponsor-selected content. Examples of these programs include sponsored news alerts or branded or unbranded discussion groups. All sponsored programs are labeled clearly as sponsored. When you choose to engage with a sponsored program, such as engaging with a commercial client’s sponsored news alert, you give your consent to provide the sponsor of such content with your personal data and information about the type of engagement (e.g., whether you viewed, interacted with or requested information about such promotional content). By accepting the terms of this Privacy Policy, you are consenting to receiving these communications. You may revoke your authorization to participate in these features of our Services at any time by sending a request to dpo@fdna.com.

We may also disclose your personal data and other information you provide, to another third party as part of a reorganization or a sale of the assets of FDNA. Any third party to which we transfer or sell FDNA’s assets will have the right to continue to use the personal data and other information that you provide to us in accordance with this Privacy Policy, our Terms of Use, and any applicable data protection and privacy regulations.
It is possible that we may need to disclose personal data when required by law, such as responses to civil or criminal subpoenas, or other requests by law enforcement personnel. We will disclose such information when we have a good-faith belief that it is necessary to comply with a court order, ongoing judicial proceeding, subpoena, or other legal process or request to FDNA brought in any country throughout the world, or to exercise our legal rights or defend against legal claims.

VIII. Surveys and Polls

As a User, you may receive requests to participate in market research, including polls and surveys submitted by other FDNA members. If you participate in surveys and polls offered through our Services, the information you provide may be visible to others. By accepting the terms of this Privacy Policy, you are consenting to receiving these communications. You may revoke your authorization to participate in these features of our Services at any time by sending a request to dpo@fdna.com.

IX. Communications to other users

Communications you initiate through FDNA, such as a colleague invitation sent to a non-User or posting a comment in any of our professional message boards, will list your name in the message.
In order to diffuse the information posted in our public message boards to a wider audience, we may, from time to time, collect your postings and group them together to use in a specific publication, print, electronic mailing or other public dissemination. When your postings are used in this fashion, they may be edited to fit with the general content of the publication being prepared.

X. Minors

The Services are intended for a specific audience and are not intended for minors under the age of eighteen. FDNA does not wish to obtain any information from or about such minors. If you are under eighteen years old, do not use our Services.
We do not knowingly gather personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) about children under the age of 13. If you are a parent or guardian and you believe we have collected information from your child in a manner not permitted by law, please contact our us at any time by emailing us at dpo@fdna.com. We will remove the data to the extent required by applicable laws.

XI. Your rights and choices

You have a right to modify or remove the data about you, which has been collected pursuant to your decision to become a User.

Modifying information

You can review the personal information you provided us and make any desired changes to the information you publish, or to the settings for your account, including your email and contact preferences, at any time by emailing us at dpo@fdna.com. You may also make these changes by updating your Profile on our website or mobile application. Please be aware that even after your request for a change is processed, we may keep a copy of the information which you originally provided to us in our backup and/or archival copies of our database, as we deem necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Changing your selections about our communications to you.

You can choose to receive educational and event communications or product or other related communications from us at any time, or, if you have chosen to receive such communications, choose to unsubscribe from receiving such communications at any time, by updating your communications preferences at https://www.face2gene.com/preferences or by emailing us at dpo@fdna.com. As long as you continue to use the Services, we will continue to communicate to you any information relating to product support, operations and updates and related communications. If you wish to stop those communications, you will be requested to close your account and stop using our services.

Removing information and Closing Your Account

You can also request to remove your personal information and close your account at any time. If you do so, we will remove all of the information that you have provided to FDNA from our publicly viewable database, as well as any private information that you have stored with us and we will deny further access to our Services. We may retain certain data contributed by you if we believe it may be necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally identifiable data, account recovery, or if required by law. We may also retain and use your information if necessary to provide the Services to other Users. For example, just as an email you may send to another person through an email service provider resides in that person’s inbox even after you delete it from your sent files or close your account, communications to other Users, as well as your contributions to professional message boards, may remain visible to others after you have closed your account. Similarly, other information you have shared with others, or that other Users have copied, may also remain visible. FDNA disclaims any liability in relation to the deletion or retention (subject to the terms herein) of information or any obligation not to delete the information, subject to applicable data protection and privacy regulations. FDNA does not control when search engines update their cache, which may contain certain public profile information that has since been removed from FDNA’s publicly viewable database.

To request that we close your account and remove your information, please send your request to dpo@fdna.com. Please send your request using an email account that you have registered with FDNA under your name. You will receive a response within ten (10) business days of its receipt.

XII. Your obligations

As a User, you have certain obligations toward the other Users with whom you will be communicating. Certain of these obligations are imposed by applicable law and regulations, and others have become commonplace in user-friendly communities of like-minded members:

  • You must, at all times, respect the terms and conditions of the then-current Privacy Policy and the User Agreement. This includes respecting all intellectual property rights which may belong to third parties (such as photographs).
  • You must not download or otherwise disseminate any information which may be deemed to be injurious, defamatory, violent, offensive, racist, sexist or xenophobic, or which may otherwise violate the purpose and spirit of FDNA and its community of Users.
  • You must not provide information to FDNA and/or other Users which you believe might be injurious or detrimental to your person, professional or social status.
  • You must use our public message boards for clinical, not commercial use. While we do allow selected client outreach for market research, these messages have a distinct format and channel-level opt-outs to protect our members. Those found soliciting, scamming, or spamming other members will be removed or suspended from the network at our sole discretion.

Any violation of this Privacy Policy may lead to the restriction, suspension or termination of your account by FDNA notwithstanding any legal remedies we may pursue, as we take these principles seriously and consider them to be the basis on which our Users adhere to the FDNA website and the services which it offers.

XIII. Data retention

We process personal data only for so long as is necessary for the purposes for which it was originally collected, after which it will be deleted or archived except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose.
The data retention periods may be extended, if necessary, in the event of any claims and court proceedings – for the duration of these proceedings and their settlement.
Sometimes your personal data may be available in different sites and places such as the Internet for indefinite period, and the group of recipients of your data is therefore unlimited.

XIV. How we protect your information

We are committed to protecting the security of your information. Therefore, we use a variety of industry-standard security technologies and procedures to help protect such information from unauthorized access, use, or disclosure. We also require you to enter a complex password to access your personal account. In addition, we protect your information from unauthorized physical access by storing such information in a controlled facility.
Our servers are located in the Republic of Ireland; however, we may store and process information in the United States and other countries, all in accordance with applicable data protection and privacy regulations.
Finally, except as provided elsewhere in this Privacy Policy, we limit access to personal data collected by us to only those persons (including employees and contractors) who have a business need for such access, have signed confidentiality agreements with FDNA, and in the case of contractors and/or service providers agree to adhere to applicable data protection and privacy regulations.
Protecting your personal data is also your responsibility. We ask you to be responsible for safeguarding your passwords used to access our Services. You should not disclose your account information to any third party and should immediately notify us of any unauthorized use of your password.

XV. Data Protection Officer

FDNA has a “Data Protection Officer” (DPO) who is responsible for matters relating to privacy and data protection.
This Data Protection Officer can be reached at the following address:
FDNA Inc.
Attn: Data Protection Officer
490 Sawgrass Corporate Parkway, Suite 200 Sunrise, FL 33325, United States of America
email: dpo@fdna.com

XVI. Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time, so please make sure to review this frequently. Our most updated Privacy Policy is posted on our website and accessible through our mobile applications. We will also notify you by email or in-app notifications. All changes will apply with immediate effect. By continuing to use our Service after notice of changes have been sent to you or published on our website or through the Service, you are consenting to the changes.

XVII. Additional information for users of the European Union

a. Scope

This section applies to the processing of personal data that is within the scope of the EU General Data Protection Regulation (GDPR)– when it is carried out by FDNA (as a data controller) and concerns Users who are in the European Economic Area (the “EEA”). In case of any doubts please contact us at dpo@fdna.com.

b. GDPR Compliance
FDNA complies with the GDPR in regards to collecting, processing, and transferring the personal data of our EEA to non-EEA areas.
Our servers and data processing facilities are based in Ireland. In principle, all data processing activities are conducted within the EEA. However, in case we rely on a provider with data processing premises in a non-EEA country or in a jurisdiction that has not been declared adequate by the European Commission, we implement the relevant FDNA uses EU standard contractual clauses (an agreement approved by the European Commission which gives personal data the same protection it has in the EU for data processing in non-EU countries) to ensure compliance with applicable EEA data protection and privacy regulations for our EU Users.
The EU standard contractual clauses used are available under the URL https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en
If you have any questions or concerns, please send an email to dpo@fdna.com.

c. Identity and details of the Data Controller

The data controller is FDNA Inc., 490 Sawgrass Corporate Parkway, Suite 200 Sunrise, FL 33325. United States of America.

When FDNA is processing your personal data in conjunction with the contract that is being concluded with you such as the Terms of Use, the legal basis for such processing will then be Art. 6(1)(b) GDPR (it is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract).
If you are contacting us on your own behalf, for example, you have given us your information with a request to send you particular information, we process your data in order to respond to your query and for the purpose of further contact in this matter. The legal basis for the processing of your personal data in accordance with this purpose will be your consent (Art. 6(1)(a) GDPR).
If you are acting on behalf of our User, client, supplier, or another entity, we process your data in the context in which you are acting in the name of the third party, as well as for the conclusion and/or processing of a contract with that third party and/or carry out a joint project. The legal basis for processing of your personal data in accordance with this purpose will be our legitimate interest (Art. 6(1)(f) GDPR) – building and maintaining relations with the third party in whose name you are acting, including the conclusion and performance of relevant contracts with that party.
Regardless of the foregoing, your personal data can be used by us in order to promote FDNA (for example, to contact you from time to time to promote our Services). The legal basis for processing of your personal data in accordance with this purpose will be our legitimate interest (Art. 6(1)(f) GDPR) – maintaining relations and marketing of our Services.
The processing of functional cookies is necessary to enable you to visit the website (Art. 6 (1) point (b) GDPR).
Additionally, with regard to processing of your personal data in order to:
• defend against or to make claims – the legal basis for processing of your personal data will be our legitimate interest (Art. 6(1)(f) GDPR);
• fulfil legal obligations of the data controller (e.g. tax, accounting) – the legal basis for processing of your personal data will be the necessity for compliance with a legal obligation to which the controller is subject (Art. 6(1)(c) GDPR).
We process data regarding using of our website for the purpose of proper management of our website, to improve its performance, ensure its security, adapt its content to your preferences. In addition, we gather this data for internal purposes, including resolving issues, conducting data analyses, testing, research, statistics, and for survey purposes. The legal basis of our activities is your consent, except for cases when the use of such data is essential for the functioning of our website (electronic provision of a service to you within that scope); in such cases the legal basis will be our legitimate interest (Art. 6(1)(f) GDPR).

e. Data retention

As a rule, personal data:
• collected for the purposes of conclusion and performance of a contract such as our Terms of Use will be processed for the duration of the contract and its settlement;
• processed on the basis of our legitimate interest will be processed until the objection to processing or the fulfilment of the purpose for which it has been processed;
• processed on the basis of your consent will be processed until its possible withdrawal or fulfilment of the purpose for which it was given;
The above-mentioned rules will apply unless the law (e.g. regarding archiving, taxation, accounting) obliges us to process such data for a longer period, or in case of potential claims, for such claim’s limitation period specified by law – whichever is longer.

f. Your rights
You may assert the following rights towards FDNA at any time free of charge. We will need to verify your identity in such circumstances and may request more information or clarifications from you if needed to help us locate and provide you with the personal data requested.
• Right of access.
You have the right to obtain confirmation as to whether personal data concerning you are being processed by us and if so, which personal data concerning you is processed by us and to learn which third parties domestic or abroad your personal data has been transferred to. Furthermore, your have the right to obtain a copy of the personal data undergoing processing by us.

• Right to rectification.
You have the right to obtain rectification of any inaccurate or completion of any incomplete personal data concerning you. You can also request that your data be corrected accordingly by third parties to whom we have transferred this data.

• Right to erasure.
You have the right to obtain the erasure of your personal data if the legal conditions are met. Accordingly, you may obtain the erasure of your data, for instance, if it is no longer necessary for the purposes for which it was collected. Furthermore, you may obtain erasure if we process your data on the basis of your consent and you withdraw this consent. You can also request that your data be erased accordingly by third parties to whom we have transferred this data.

• Right to restriction of processing.
You have the right to obtain the restriction of the processing of your data if the legal requirements are met. This is the case, for example, if you contest the accuracy of your data. For the duration of the verification of the accuracy of the data you can then obtain the restriction of the processing.

• Right to object.
You have the right to object to the processing of your personal data in the following cases:
◦ If the processing is for direct marketing purposes, including profiling related to direct marketing.
◦ If the processing, including profiling, is based on the following legal grounds:
▪ necessary for us to perform a task in the public interest under Article 6 (1) point (e) of GDPR; or
▪ necessary for the data controller’s or a third party’s legitimate interests under Article 6 (1) point (f) of GDPR and if we are not able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. In case of such objection, we kindly ask you to state the reasons for objecting to the data processing.

• Right to data portability.
If personal data processing is based on consent or contract performance and, in addition, is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller. Furthermore, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

• Right to withdrawal.
If data processing is based on your consent, you have the right to withdraw your consent at any time and free of charge, with effect for the future.

• Right to lodge a complaint.
You also have the right to lodge a complaint with a supervisory authority or other applicable privacy regulator about our processing of your data. This can be for example the data protection authority in your country of residence. A list with all data protection authorities in the European Union can be found here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. We certainly encourage you to first contact us at dpo@fdna.com.

g. Data Protection Officer

Our Data Protection Officer (DPO) is available to you as a contact person for all data protection-related concerns and for exercising your rights under Section e above. We will inquire into any concerns you have and respond to your requests regarding your rights under data protection law to you in writing within one month of receipt of the request. That period may be extended by us two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. Where you make the request by electronic form means, the information will be provided by electronic means where possible, unless otherwise requested by you. If you are not satisfied with our response, you can exercise your right to lodge a complaint referred to in Section e above.

 

XVIII. Additional information for Users of California

This section applies only to California residents. Pursuant to the CCPA below is a summary of the “Personal Information” categories, as identified and defined by the CCPA (see California Civil Code section 1798.140(o)), that we collect, the reason we collect your Personal Information, where we obtain the Personal Information, and the third-parties with whom we may share your Personal Information. As described further below, FDNA does not “sell” your Personal Information.

a. Personal Information we collect

We generally collect the following categories of Personal Information about you when you use our Sites:
• Identifiers such as a name, address, unique personal identifier, email, phone number, your device’s IP address, software, and identification numbers associated with your devices.
• Commercial information such as records of products or services purchased, obtained, or considered by you.
• Internet or other electronic information regarding you browsing history, search history, the webpage visited before you came to our Site, length of visit and number of page views, click-stream data, locale preferences, your mobile carrier, date and time stamps associated with transactions, and system configuration information.
• Your geolocation, to the extent you have configured your device to permit us to collect such information.
• Professional or employment-related information.
• Inferences about your preferences, characteristics, behavior and attitudes.
For more information about the Personal Information we collect and how we collect it, please refer to “Information We Collect” section above.
We collect your Personal Information for the business purposes described in the “Uses of the personal data we collect” above. The CCPA defines a “business purpose” as the use of Personal Information for the business’s operational purposes, or other notified purposes, provided the use of Personal Information is reasonably necessary and proportionate to achieve the operational purpose for which the Personal Information was collected or another operational purpose that is compatible with the context in which the Personal Information was collected.
The categories of third-parties with whom we may share your Personal Information are listed in the “Sharing information with third parties” section above.

b. California Privacy Rights

If you are a California resident, you have rights in relation to your Personal Information; however, your rights are subject to certain exceptions. For instance, we cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us or the security of our network systems.

c. Access to Specific Information and Data Portability Rights

Subject to certain exceptions, if you are a California resident you have the right to request a copy of the personal information that we collected about you during the 12 months before your request. Once we receive your request and verify your identity, we will disclose to you:
• The categories of personal information we have collected about you;
• The categories of sources for the personal information we have collected about you;
• Our business or commercial purpose for the information collection;
• The categories of third parties with whom we share that personal information;
• The specific pieces of personal information we collected about you

d. Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.

e. Non-Discrimination

We will not discriminate against you for exercising your right to know, delete, or opt-out of sales.

f. Opting-Out of Sale

In the preceding twelve months we have not sold personal information as that term is generally understood. We do not sell personal information.
In addition to the “Cookie Policy” description for opting out of interest-based advertising and controlling browser settings, California consumers may also use the Digital Advertising Alliance’s tool to send requests under the CCPA for a web browser to opt out of the sale of personal information by some or all of that framework’s participating companies by accessing the DAA’s tool here: https://www.privacyrights.info/, or by downloading the DAA’s AppChoices mobile application opt-out here: https://www.privacyrights.info/appchoices.

g. Direct Marketing

If you are a California resident, you can request a notice disclosing the categories of personal information we have shared with third parties for the third parties’ direct marketing purposes. To request a notice, please submit your request by postal mail as described in the relevant section above.

 

Last Updated: January 1, 2023