BASE10 Privacy Statement
Last modified 4 | 28 | 2021
At BASE10 Genetics, Inc. ("BASE10"), we aim to help people achieve real health through a one of a kind-genetics-based medication and nutrition health program. To provide and improve our website, mobile apps, products, software and other services (including but not limited to text, graphics, images, and other material and information) (collectively the "Services"), we collect, process, and store "Personal Information," which is information that can identify you, such as your name, email or mailing address, or information that could reasonably be linked back to you, including in some cases your Genetic Information. This Privacy Statement describes our practices for collecting, storing, and processing your Personal Information and the controls we provide you to manage it within our Services.
Account Creation and Your Engagement with BASE10
The Personal Information required to create an account with BASE10 is limited to your Account Information as defined below. Account creation also requires you to agree to BASE10's Terms of Service and this Privacy Statement. By visiting BASE10's website (www.base10genetics.com) (the "Website"), using the Services, or creating an account you are telling us that you agree to BASE10 collecting, processing, and sharing your Personal Information (including your Genetic Information if you have taken a DNA test) as described in this Privacy Statement and to the Terms of Service. At any time, you can request that BASE10 delete information you have uploaded into your account. You can also delete your entire account as provided in detail below.
What Personal Information Does BASE10 Collect?
A. What Personal Information Does BASE10 Collect from You?
i. Account Information
When you register an account with us or purchase our Services, we collect personal information, such as your name, date of birth, billing and shipping information, email address or phone number, gender, and account username and password.
Our Website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request that we remove or anonymize your personal information from our blog or community forum, contact us at firstname.lastname@example.org. Please note that whenever you post something publicly, it may sometimes be impossible to remove the information, for example, if someone has taken a screenshot of your posting. Please exercise caution before choosing to share personal information publicly on our blogs, community forums or in any other posting. Note also that you may be required to register with a third-party application to post a comment. To learn how the third-party application uses your information, please review their privacy statement.
iii. Contests and Promotions
Personal information that you provide when you voluntarily participate in contests and special promotions we run or sponsor.
iv. Customer Service
When you contact our customer support services or correspond with us about our Service, we collect information to track and respond to your inquiry; investigate any breach of our Terms of Service, Privacy Statement or applicable laws or regulations; and analyze and improve our Services.
v. Individual-Level Information
Information about a single individual's test results, diseases or other traits/characteristics, but which is not necessarily tied to Account Information.
vi. Genetic Information
At our partner laboratories, they extract your DNA from the saliva sample that you provide through a DNA kit and convert it into machine-readable biometric data ("DNA Data"). Our partner laboratories then send us analytics on your DNA Data that we process to provide our Services. Your DNA Data and any information derived from it are Personal Information and referred to as "Genetic Information."
NOTE: Neither your saliva nor the extracted DNA (together referred to as "Biological Sample(s)") are Personal Information under this Privacy Statement.
vii. Genetic Information
Information such as your credit card number, billing and shipping address(es) when you make a purchase.
viii. Referral Information and Sharing
When you refer a person to BASE10 or choose to share results information with another person, we will ask for that person's email address. We will use the email address solely, as applicable, to make the referral or to share your results information, and we will let your contact know that you requested the communication. By participating in a referral program or by choosing to share information with another person, you confirm that the person has given you consent for BASE10 to communicate (e.g., via email) with him or her. The person you referred may contact us at info@BASE10genetics.com to request that we remove this information from our database.
ix. Self-Reported Information
Self-Reported Information includes all information about yourself, including your Genetic Information, disease conditions, other health-related information, personal traits, ethnicity, family history, and other information that you enter into surveys, forms, or features while signed in to your BASE10 account. You have the option to provide us with additional information about yourself through surveys, forms, features or applications. For example, you may provide us with information about your personal traits (e.g., eye color, height), ethnicity, disease conditions (e.g., Type 2 Diabetes), other health-related information (e.g., pulse rate, cholesterol levels, visual acuity), and family history information (e.g., information similar to the foregoing about your family members). Where you are disclosing information about a family member, you should make sure that you have permission from the family member to do so.
x. Test Information
Test Information includes the resulting analysis of your Genetic Information, generated through processing of your test by BASE10 or by its contractors, successors, assignees, or otherwise processed by and/or contributed to BASE10.
xi. User Content
Some of our Services allow you to create and post or upload User Content, such as data, text, software, music, audio, photographs, graphics, video, messages, or other materials that you create or provide to us through either a public or private transmission and transmitted, whether publicly or privately, to or through BASE10. For example, User Content includes any post or message you place on BASE10's community forums. This does not include Test Information and Self-Reported Information-generated by users of BASE10 Services.
B. What Information Does BASE10 Collect Through Your Use of the Services?
i. Social Media Features and Widgets
Our Website includes social media features. These features may collect your IP address and which page you are visiting on our site and may set a cookie to enable the feature to function properly. They may also allow third-party social media services to provide us information about you, including your name, email address, and other contact information. The data we receive is dependent upon your privacy settings with the social network. Features are either hosted by a third party or hosted directly on our Website. Your interactions with these Features are governed by the privacy statement and practices of the company providing it, and not BASE10. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Website or Service.
ii. Web Behavior Information Collected Through Tracking Technology. Social Media Features and Widgets
iii. Information from Your Use of the Service
Information about your use of the Services, such as which pages you view or links you click, which we may use to infer details about you as a customer and your interests to provide a better experience through, for example, search suggestions.
C. What Information Does BASE10 Collect from Other Sources?
We receive DNA Data and Test Information from our partner laboratories who receive the saliva samples that you provide to receive our Services. We may also receive other information about you from third parties to provide you with our Services or operate our business.
3. How Does BASE10 Use Your Personal Information?
i. Using Information to Provide, Analyze, and Improve Our Services.
We use the information described above to operate, provide, analyze, and improve our Services. These activities may include, among other things, using your information in a manner consistent with other commitments in this Privacy Statement, to:
i. open your account, enable purchases and process payments, communicate with you, and implement your requests (e.g., referrals);
ii. host our Website, run our mobile application(s), authenticate your visits, provide custom, personalized content and information, and track your usage of our Services;
iii. pair you and your Genetic Information with genetically trained, registered dietitians and healthcare professionals who can use the information to provide health-related services such as but not limited to weight management, absenteeism/presenteeism, blood pressure management, blood sugar management, hospitalization reduction, fitness optimization, stress management, morale boost, and more;
iv. conduct analytics to improve and enhance our Services;
v. offer new products or services to you, including through emails, promotions or contests;
vi. conduct surveys or polls, and obtain testimonials;
vii. process and deliver your testing results; and
viii. perform research and development activities, which may include, for example, conducting data analysis and research in order to develop new or improve existing products and services, and performing quality control activities.
ii. Aggregate Information.
We may share Aggregate Information with third parties, which is any information that has been anonymized, by stripping out your Account Information (e.g., your name and contact information), and aggregated with information of others so that you cannot reasonably be identified as an individual. This Aggregate Information is different from Individual-Level Information or Self-Reported Information. Individual-Level Information or Self-Reported Information consists of data about a single individual's genotypes, diseases or other traits/characteristics information. For example, Aggregate Information may include a statement that "30% of our male users share a particular test trait," without providing any data or testing results specific to any individual user. We may provide such Aggregate Information in commercial arrangements with our business partners or under arrangements with governmental agencies. In contrast, Individual-Level Information could reveal whether a specific user has a particular trait, or all of the Test Information about that user.
iii. Biological Sample
To use our Services, you must register an online account and provide your Biological Sample to a third-party laboratory. Once received, the third-party laboratory analyzes your Biological Sample(s) before sending your DNA Data to BASE10.
4. With Whom Does BASE10 Share Information?
a. General Service Providers.
We share the information described above with our service providers, as necessary to provide their services to us. Service providers are third-party companies or individuals that help us to provide, analyze, and improve our Services. For example, we work with third-party laboratories and contractors to process and analyze your Biological Sample for purposes of generating your Test Information.
NOTE: Our service providers act on BASE10's behalf. While we implement procedures and contractual terms to protect the confidentiality and security of your information, we cannot guarantee the confidentiality and security of your information due to the inherent risks associated with storing and transmitting data electronically. When you purchase a testing kit from BASE10, you are instructed to send a Biological Sample to our third-party laboratory with a unique barcode label. The unique barcode identifies you to us but not to the laboratory. We are also required to provide to the laboratory, your sex and date of birth or age pursuant to clinical laboratory requirements such as the Clinical Laboratory Improvement Amendments ("CLIA"). No other Account Information (such as your name, address, email, phone number or other contact information) is required or provided to the laboratory. The receiving personnel at the laboratory will remove and discard your "sender information" from the packaging (e.g., name, address) before testing personnel receive the samples for processing. Receiving personnel do not perform testing, and testing personnel handle Biological Samples that are labeled only with the unique barcode. Unless you choose to store your sample, Biological Samples are destroyed after the laboratory completes its work, provided that laboratory legal and regulatory requirements no longer require the actual samples to be maintained. A de-identified copy of data will be kept in accordance with CLIA. The laboratory securely sends the resulting Test Information to us along with your unique barcode. Test Information is stored securely on our servers; the laboratory also stores your Test Information, but again, labeled only with the barcode.
b. Targeted Advertising Service Providers.
c. Commonly Owned Entities
We may share some or all of your information with other companies under common ownership or control of BASE10, which may include our subsidiaries, our corporate parent, or any other subsidiaries owned by our corporate parent in order to provide you better service and improve user experience. We may provide additional notice and ask for your consent if we wish to share your information with our commonly owned entities in a materially different way than discussed in this Privacy Statement.
d. Research Partners
We may share Aggregated Information with research partners or external research organizations when you provide us with your consent to do so as provided above.
e. Law Enforcement
Under certain circumstances your information may be subject to disclosure pursuant to judicial or other government subpoenas, warrants, or orders, or in coordination with regulatory authorities, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. BASE10 will preserve and disclose any and all information to law enforcement agencies or others if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (a) comply with legal or regulatory process (such as a judicial proceeding, court order, or government inquiry) or obligations that BASE10 may owe pursuant to ethical and other professional rules, laws, and regulations; (b) enforce the BASE10 Terms of Service and other policies; (c) respond to claims that any content violates the rights of third parties; or (d) protect the rights, property, or personal safety of BASE10, its employees, its users, its clients, and the public.
f. If BASE10 Is Acquired
If BASE10 or its businesses are acquired or transferred (including in connection with bankruptcy or similar proceedings), we will share your Personal Information with the acquiring or receiving entity. The promises in this Privacy Statement will continue to apply to your Personal Information that is transferred to the new entity.
5. What Are BASE10's Retention Practices?
BASE10's Services are premised on the notion that personal health is not a one-time event and continues over one's lifetime. Additionally, and with particular regard to our DNA customers who pay fees or purchase DNA-related Services, the ongoing enhancement of our collections of DNA features provide benefits and insights to our users over time. As a result, our retention practices reflect this ongoing value by retaining user accounts on our system until our users inform us of their desire to delete their data or close their accounts. BASE10 will retain the Personal Information you provide while creating your account until such time as you ask us to delete it. We retain user information (e.g., visits to the Website) in a depersonalized or aggregated form. Once aggregated, this information ceases to be personal and will not be subject to user deletion requests. For DNA Data and Genetic Information, BASE10 retains them as needed to provide you with the features and functionality you purchased.
6. Your Choices and Access to Your Personal Information
a. Access to Your Account
If your Account Information changes, you may access, correct or update most of it from your Account Settings page. You may also modify and delete certain of your information or update your consent status and biobanking options. Please note that you may not be able to delete User Content that has been shared with others through the Service and that you may not be able to delete information that has been shared with third parties, though we can work with you to prohibit your data from being shared with third parties in the future. We will respond to your request to access within 30 days. Upon request BASE10 will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Information. To request this information please contact us at info@BASE10genetics.com.
b. Marketing Communications
By registering for an account, you are agreeing that we may send you promotional emails about our Services. You can opt-out of receiving certain messages or notifications from us by visiting your Account page (go to Account, Settings, Notifications) or by contacting our Privacy Administrator at email@example.com. You can also click the "unsubscribe" button at the bottom of promotional email communications. Please note that you may not opt-out of receiving non-promotional messages regarding your account, such as technical notices, purchase confirmations, or Service-related emails. For more information about our online advertising, please also refer above under the heading Targeted Advertising Service Providers.
c. Information You Choose to Share With Others
BASE10 gives you the ability to share information with other individuals who have BASE10 accounts. You may be required to opt-in to some of this sharing, but some features require an opt-out. Also, please note that certain types of your User Content may be viewable by other BASE10 users and once posted, you may not be able to delete or modify such content. You may decide to disclose your Personal Information to friends and/or family members, doctors or other health care professionals, and/or other individuals outside of our Services, including through third-party services such as social networks and third-party apps that connect to our Website and mobile apps through our API. These third parties may use your Personal Information differently than we do under this Privacy Statement. Please make such choices carefully and review the privacy policies of all other third parties involved in the transaction. For example, if you have enabled a BASE10 sharing feature with another person who downloads a third-party app that uses our API, your information may also be obtained by that third-party app developer and, potentially, by other users of that third-party app. In general, Personal Information, once shared or disclosed, can be difficult to contain or retrieve. BASE10 will have no responsibility or liability for any consequences that may result because you have released or shared Personal Information with others. Likewise, if you are reading this because you have access to the Personal Information of a BASE10 customer through a multi-profile account, we urge you to recognize your responsibility to protect the privacy of each person within that account. It is incumbent upon all users to share Personal Information and account access only with people they know and trust. Users with multi-profile accounts (e.g., where family member accounts are linked) should use caution in setting profile-level privacy settings.
d. Account Closure
If you no longer wish to participate in our Services or no longer wish to have your Personal Information be used, you may close your account by sending a request to firstname.lastname@example.org. When closing an account, we remove all Test Information within your account (or profile) within thirty (30) days of our receipt of your request. In addition, we retain limited Account Information related to your order history (e.g., name, contact, and transaction data) as long as your account is active or as needed to provide you services, as well as for accounting, audit and compliance purposes.
BASE10 takes seriously the trust you place in us. To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of information, BASE10 uses a range of physical, technical, and administrative measures to safeguard your Personal Information. In particular, all connections to and from our Website and mobile application are encrypted using Secure Socket Layer technology. Please recognize that protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party and should immediately notify BASE10 of any unauthorized use of your password. BASE10 cannot secure Personal Information that you release on your own or that you request us to release. Your information collected through the Service may be stored and processed in the United States or any other country in which BASE10 or its subsidiaries, affiliates or service providers maintain facilities and, therefore, your information may be subject to the laws of those other jurisdictions which may be different from the laws of your country of residence.
8. Linked Websites
BASE10 provides links to third-party websites operated by organizations not affiliated with BASE10. BASE10 does not disclose your Personal Information to organizations operating such linked third-party websites. BASE10 does not review or endorse, and is not responsible for, the privacy practices of these organizations. We encourage you to read the privacy statements of each and every website that you visit. This Privacy Statement applies solely to information collected by BASE10.
9. Children's Privacy.
BASE10 is committed to protecting the privacy of children as well as adults. Neither BASE10 nor any of its Services are designed for, intended to attract, or directed toward children under the age of 13. A parent or guardian, however, may collect a Biological Sample from, create an account for, and provide information related to, his or her child. The parent or guardian assumes full responsibility for ensuring that the information that he/she provides to BASE10 about his or her child is kept secure and that the information submitted is accurate.
10. Changes to this Privacy Statement.
Whenever this Privacy Statement is changed in a material way, a notice will be posted as part of this Privacy Statement and on our customers' account login pages for 30 days. After 30 days the changes will become effective. In addition, all customers will receive an email with notification of the changes prior to the change becoming effective.
11. California Resident Additional Privacy Statement.
BASE10 provides this California Resident Additional Privacy Statement ("California Statement"), applicable solely to California residents, as a supplement to our Privacy Statement to provide information as to how you may exercise your rights under the California Consumer Privacy Act ("CCPA"). This California Statement covers all BASE10's Services that link to this California Statement, including BASE10 (referred to throughout as "BASE10").
a. Categories of Personal Information
BASE10 collects, and has collected in the 12 months prior to the effective date of this California Statement, the following categories of Personal Information:
i. Identifiers, such as name, postal address, unique personal identifier, online identifier, IP address, your mobile device identifier, email address, account name, and driver's license.
ii. Categories of personal information described in subdivision (e) of Section 1798.80 not covered by an existing category (medical information, physical characteristics, or descriptions).
iii. Characteristics of protected classes under California or federal law, such as biological sex and date of birth, and, as provided by users, medical conditions. This also includes any other Self-Reported Information and User Content (defined above) you choose to share with us that is considered a legally protected class under California or federal law.
iv. Commercial information, such as products or services purchased, obtained, or considered or other purchasing or consuming histories or tendencies.
v. Biometric information, such as DNA Data (defined above). vi. Internet usage information, such as your Web Behavior Information, browsing history, search history, and information regarding your interaction with our sites and advertisements (also described above).
vii. Geolocation data, such as location of your device or computer and any metadata associated with digital photographs uploaded.
viii. Sensory data, such as audio, electronic, and visual information (e.g., recordings of calls with BASE10 Services or information you voluntarily share when doing consumer insights research with us).
ix. Inferences derived from Personal Information, such as to provide health-related information and to create consumer profiles for the purposes of research, product development and marketing. We do not sell your Personal Information.
NOTE: Some categories of information are collected only if you use certain of our Services.
b. Business Purposes
BASE10 uses the categories of Personal Information above for the following business purposes:
i. Providing personalized optimized health management through genetics-based medication and nutrition health program; ii. Communicating to you about the Services; and iii. Marketing new products and offers from us or our business partners based on your interests.
c. Categories of Sources of Personal Information
BASE10 collects, and has collected in the 12 months prior to the effective date of this California Statement, categories of Personal Information described above from the following categories of sources:
i. You, our user/visitor—this source of Personal Information depends on your use of the Services, including your DNA Data, Account Information, Self-Reported Information, User Content, and Web Behavior Information (defined above);
ii. Public records;
iii. Historical records; and
iv. Third parties.
d. Categories of Third Parties with Whom We Share Personal Information
BASE10 shares, and has shared in the 12 months prior to the effective date of this California Statement, with the following categories of third parties the correlating categories of Personal Information:
i. General and Targeted Service Providers. We provide information to third-party companies or individuals that help us to provide, analyze, and improve our Services. For example, we work with third-party laboratories and contractors to process and analyze your Biological Sample for purposes of generating your Test Information. The categories of Personal Information provided to these third parties include identifiers, categories of personal information described in Section 1798.80(e) of the California Civil Code, characteristics of protected classes under California or federal law, commercial information, biometric information, internet usage information, internet usage information, geolocation information, and inferences.
ii. Commonly Owned Entities. We provide information to commonly owned entities or affiliates that help us to provide, analyze, and improve our Services. The categories of Personal Information provided to these third parties include identifiers, categories of personal information described in Section 1798.80(e) of the California Civil Code, characteristics of protected classes under California or federal law, commercial information, biometric information, internet usage information, internet usage information, geolocation information, and inferences.
iii. Research Partners. With your consent, we may provide information to third-party research partners with the following categories of Personal Information provided to these third parties include identifiers, categories of personal information described in Section 1798.80(e) of the California Civil Code, characteristics of protected classes under California or federal law, commercial information, biometric information, internet usage information, internet usage information, geolocation information, and inferences.
iv. Law Enforcement. We do not voluntarily share your Personal Information with law enforcement or regulatory bodies. We require valid legal process as described above before we would provide any data to law enforcement.
e. Exercising Your Rights Under CCPA.
The CCPA gives California consumers the right to request that we disclose what Personal Information we collect, use, disclose, or sell. This includes the right to request the categories of Personal Information we have collected about them, the categories of sources of Personal Information, the business purpose for collecting Personal Information, the categories of third parties with whom we share categories of Personal Information, and the specific pieces of Personal Information we have collected about the requestor. If you are submitting a request to know on your own behalf, you may make your request by email. To email your request to know, email us at email@example.com. We will require you to provide proof of identity and California address (e.g., you may be required to provide a copy of your government ID, which will be used solely to verify your identity and address).
f. Right to Delete
The CCPA gives California consumers the right to request that we delete your Personal Information. If you are submitting a request to delete on your own behalf, you may make your request by email. To email your request to delete, email us at firstname.lastname@example.org. We will require you to provide proof of identity and California address (e.g., you may be required to provide a copy of your government ID, which will be used solely to verify your identity and address). Note that to delete your Personal Information, you must delete your account and that once an account deletion request is completed, this process is irreversible.
g. Authorized Agents
The CCPA allows California residents to use "authorized agents" to make requests to know and requests for deletion. To use an authorized agent, email us at email@example.com. Note that even if a consumer chooses to use an authorized agent for a request, the consumer will still need to work directly with us to provide the items below:
i. Proof that the authorized agent is registered with the Secretary of State to conduct business in California;
ii. Signed permission from the consumer allowing the authorized agent to act on the consumer's behalf;
iii. Verification of the consumer's identity (to be made directly by the consumer to us). We will require proof of identity and California address (e.g., a copy of your government ID, which will be used solely to verify your identity and address); and
iv. Confirmation that the consumer provided the authorized agent permission to submit the request to be confirmed directly by the consumer to us.
BASE10 does not sell your Personal Information and has not sold it in the 12 months prior to the effective date of this California Statement.
We will not discriminate against you for exercising any of your rights under the CCPA.
j. California's Shine the Light Law
California Civil Code Section 1798.83, known as the "Shine the Light" law, permits users who are California residents to request and obtain from us a list of what Personal Information (if any) we disclosed to third parties for their direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, BASE10 currently does not share any Personal Information with third parties for their own direct marketing purposes.
12. Contact Information
If you have questions about this Privacy Statement or the California Statement, please email BASE10's Privacy Administrator at firstname.lastname@example.org, or send a letter to:
BASE10 Genetics, Inc.
8 West Monroe, Suite 2101
Chicago, IL 60603
*This Privacy Statement was last updated on April 21, 2021.