This legal notice regulates the operation of the website http://www.arcensus-diagnostics.com (hereinafter referred to as “Website”).
1. Information we collect
1.1. Information you provide directly to us or through a third party
Registration Information: When you purchase our Services or create an Arcensus account, we collect Personal Information, which includes your name, date of birth, billing and shipping address, payment information (e.g., credit card) and contact information (e.g. email, phone number and license number).
Self-Reported Information: You have the option to provide us with additional information about yourself through surveys, forms, features, and applications. For example, you may provide us with information about your personal traits (e.g., eye color, height), ethnicity, disease conditions (e.g., Type 2 Diabetes), other health-related information (e.g., pulse rate, cholesterol levels, visual acuity), and family history information (e.g., information similar to the foregoing about your family members). Before you disclose information about a family member, you should make sure you have permission from the family member to do so.
Social media features and widgets: Our Services include Social Media Features, such as the Facebook “Like” or “Share” button and widgets (“Features”). These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. They may also allow third party social media services to provide us information about you, including your name, email address, and other contact information. The information we receive is dependent upon your privacy settings with the third-party social media service. Features are either hosted by a third party or hosted directly on our site. Your interactions with these Features are governed by the privacy statements of the third-party companies providing them. You should always review and, if necessary, adjust your privacy settings on third party websites and services before linking or connecting them to our Website or Service.
Third party services (e.g., social media): If you use a third party site, such as Facebook or Twitter, in connection with our Services to communicate with another person (e.g., to make or post referrals or to request that we communicate with another person), then in addition to that person’s name and contact information, we may also collect other information (e.g., your profile picture, network, gender, username, user ID, age range, language, country, friends lists or followers) depending on your privacy settings on the third party site. We do not control the third-party site’s information practices, so please review the third party’s privacy statement and your settings on the third party’s site carefully.
Customer service: When you contact Customer Care or correspond with us about our Service, we collect information to track and respond to your inquiry; investigate any breach of our Terms of Service, Privacy Statement or applicable laws or regulations; and analyze and improve our Services.
1.2. Information related to our genetic testing services
Sample: To use our genetic testing services, you must purchase an Arcensus Personal Genetic Service testing kit, create an online account, and register your kit, and ship your sample to us and/or our third-party laboratory. Your DNA will be extracted from your sample for analysis. During kit registration you are asked to review our Consent Document for Sample Storage and Genomic Analyses.
1.3. Web-Behavior Information collected through tracking technology (e.g. from cookies and similar technologies)
- help us recognize you when you use our Services,
- customize and improve your experience,
- provide security,
- analyze usage of our Services (such as to analyze your interactions with the results, reports, and other features of the Service),
- gather demographic information about our user base,
- offer our Services to you,
- monitor the success of marketing programs, and
- serve targeted advertising on our site and on other sites around the Internet.
We may receive reports based on the use of these technologies from third party service providers as de-identified, Individual-level Information or as Aggregate Information (as described in Section 4.c).
Google Analytics: Google Analytics is used to perform many of the tasks listed above. We use the User-ID feature of Google Analytics to combine behavioral information across devices and sessions (including authenticated and unauthenticated sessions). We have enabled the following Google Analytics Advertising features: Remarketing, Google Display Network Impression Reporting, Google Analytics Demographics and Interest Reporting, and DoubleClick Campaign Manager integration. We do not merge information collected through any Google advertising product with individual-level information collected elsewhere by our Service. Learn more about how Google collects and uses data here. To opt out of Google Analytics Advertising Features please use Google Ad Settings. To opt out of Google Analytics entirely please use this link.
1.4. Other Types of Information
We continuously work to enhance our Services with new products, applications and features that may result in the collection of new and different types of information. We will update our Privacy Statement and/or obtain your prior consent to new processing, as needed.
2. How we use your Information
2.1. To provide you with Services and to analyze and improve our Services
We use the information described above in Section 1 to operate, provide, analyze and improve our Services. These activities may include, among other things, using your information in a manner consistent with this Privacy Statement to:
- open your account, enable purchases, and process payments, communicate with you, and implement your requests (e.g., referrals),
- enable and enhance your use of our website and mobile application(s), including authenticating your visits, providing personalized content and information, and tracking your usage of our Services,
- contact you about your account, and any relevant information about our Services (e.g. policy changes, security updates or issues, etc.),
- enforce our Terms of Service and other agreements,
- monitor, detect, investigate, and prevent prohibited or illegal behaviors on our Services, to combat spam and other security risks, and
- perform research & development activities, which may include, for example, conducting data analysis in order to develop new or improve existing products and services, and performing quality control activities.
2.2. To process, analyze and deliver your genomic testing results
As described above, to receive results through the Personal Genetic Service, you must create an Arcensus account, register your kit, and submit your sample to be processed and analyzed by us and/or our contracted laboratory. Once processed, we further interpret your Genomic Information to provide you with our health reports, depending on the Service purchased. Arcensus continuously works to improve our Services based on our research and product development, and genetic associations identified in scientific literature. If you are eligible to receive additional reports or updates in the future, you may be notified of or may directly access these updates.
2.3. To allow you to share your Personal Information for Arcensus Research purposes
You have the choice to participate in Arcensus Research by providing your specific consent during the registration process.
Arcensus Research may be sponsored by, conducted on behalf of, or in collaboration with third parties, such as non-profit foundations, academic institutions, or pharmaceutical companies. Arcensus Research may study a specific group or population, identify potential areas or targets for therapeutics development, conduct or support the development of drugs, diagnostics, or devices to diagnose, predict or treat medical or other health conditions, work with public, private and/or non-profit entities on genetic research initiatives, or otherwise create, commercialize, and apply this new knowledge to improve health care. Arcensus Research uses Aggregate and/or Individual-level Genetic Information and Self-Reported Information as specified in the appropriate Consent Document(s), as explained in greater detail below.
Your De-identified Genetic and Self-Reported Information may be used for Arcensus Research only if you have consented to this use by completing a Consent Document. If you have completed the main Research Consent Document:
- Your Genomic Information and/or Self-Reported Information will be used for research purposes, but it will be de-identified and will not be linked to your Registration Information.
- Arcensus may use individual-level Genetic Information and Self-Reported Information internally at Arcensus for research purposes.
- Arcensus may share summary statistics, which do not identify any individual and/or contain individual-level information, with our qualified research collaborators.
Withdrawing your Consent: You may withdraw your consent to participate in Arcensus Research at any time by writing to [email protected] Arcensus will not include your Genomic Information or Self-Reported Information in studies that start more than 30 days after you withdraw (it may take up to 30 days to withdraw your information after you withdraw your consent). Any research involving your data that has already been performed or published prior to your withdrawal from Arcensus Research will not be reversed, undone, or withdrawn. You may also discontinue your participation in Arcensus Research by deleting your Arcensus account (as described in Section 6.4.).
Unless the analysis for your sample has already been performed, Arcensus will not perform the analysis once you withdraw your consent. However, if you withdraw your consent and/or request destruction of your sample, you further get no medical reports about your genetic data anymore.
2.4. To provide Customer Support
When you contact Customer Care, we may use or request Personal Information, including Sensitive Information, as necessary to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints. In some instances, we may be required to process one customer’s Personal Information to resolve another customer’s dispute or request. For example, if a customer reports behavior that violates our Terms of Service, we will separately process both customers’ Personal Information and respond separately to each individual as appropriate. We will not share your Personal Information with another customer without your consent.
2.5. To conduct Surveys and obtain Testimonials
We value your feedback and may send you surveys, polls, or requests for testimonials to improve and optimize our Services. You are in control of the information you would like to share with us. If you do not wish to receive these requests, you can manage them in your Arcensus Account Settings.
2.6. To provide you with marketing communications
By creating an Arcensus account, you are agreeing that we may send you product and promotional emails or notifications about our Services, and offers on new products, services, promotions, or contests. You may also opt-in to receiving similar notifications on the website or mobile application(s). You can unsubscribe from receiving these marketing communications at any time. To unsubscribe, click the email footer “unsubscribe” link or go to the “Preferences” section of your Arcensus Account Settings to edit your email notification preferences. To opt-out of receiving website and mobile notifications, you may do so within your browser or device settings. Please note, the opt-out process differs between web browsers and mobile devices. You may not opt-out of receiving non-promotional messages regarding your account, such as technical notices, purchase confirmations, or Service-related emails.
Payment data are necessary to perform the payment transactions of our services or to pay the amounts against invoice that the editors send us. The means of payment we use are the following:
4. Social Media
Plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the “Like button” (“Like”) on our page. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/
If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.
On our website you will find plugins from the social network LinkedIn and LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). You can recognize the plugins of LinkedIn at the corresponding logo or the “Recommend” button.
When you visit our website, the plugin is used to establish a direct connection between your browser and the LinkedIn server. This gives LinkedIn the information that you visited our site with your IP address. If you click the LinkedIn button while you are logged into your LinkedIn account, you can link the content of our pages to your LinkedIn profile. This allows LinkedIn to map the visit of our pages to your user account. We would like to point out that we, as a provider of the pages, do not receive any knowledge of the content of the transmitted data as well as their use by LinkedIn. For more information, see the Privacy Statement from LinkedIn at http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv.
5. Analysis Tools and Advertising
5.1. Google (Universal) Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
Objection to data collection:
You can prevent the collection of your data by Google Analytics by clicking on the following https://tools.google.com/dlpage/gaoptout. An opt-out cookie will be set, which will prevent the collection of your data during future visits to this website: Disable Google Analytics via Opt-Out.
Order data processing: We have concluded an order data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics. Demographic characteristics with Google Analytics: This website use the “demographic characteristics” function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item “Objection to data collection”.
5.2. Google Tag Manager
We use the Google Tag Manager of the provider Google Inc., which enables us to integrate and manage so-called website tags or markers on our website interface (via which we can, for example, integrate the services described above, such as Google Ads, into our website). Website tags themselves are small code elements that can be used, for example, to measure traffic to our website and user behavior. The Tag Manager itself (which implements the tags) is a cookie-less domain and does not process any user data.
5.3. Google Ads (formerly Google AdWords)
We use “Google Ads” (formerly Google AdWords) on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Ads enables us to draw attention to our attractive offers with the help of advertising media on external websites. This enables us to determine how successful individual advertising measures are. These advertising media are delivered by Google via so-called “AdServers”. For this purpose, we use so-called AdServer cookies, which can be used to measure certain parameters for measuring success, such as display of the ads or clicks by users. If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies enable Google to recognize your web browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked across Ads customers’ websites. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users based on this information. Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through using of Google Ads. According to our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on an ad from us. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is a possibility that Google learns your IP address and stores it.
You can prevent the installation of cookies by deleting existing cookies and deactivating a storage of cookies in the settings of your web browser. We point out that in this case you may not be able to use all features of our website in full. It is also possible to prevent the storage of cookies by setting your web browser to block cookies from the domain “www.googleadservices.com” (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted when you delete your cookies. In addition, you can deactivate interest-based ads via the link http://optout.aboutads.info. We would like to point out that this setting will also be deleted when you delete your cookies. Information of the third-party provider:Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
5.4. Facebook Pixel
We use the “Facebook Pixel” of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. If the pixel is called up within your browser, Facebook can recognize whether an ad was successful via Facebook. A success can be, for example, an online purchase. Only statistical information/data is transmitted to us by Facebook without reference to a specific person. This is necessary to record the effectiveness of the Facebook ads for market research and statistical purposes. Incidentally, we refer to the Facebook privacy information: https://www.facebook.com/about/privacy/.
5.5. Facebook Custom Audience / Data Exchange with Facebook
Within our website, we use the “Facebook pixel” of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
On the one hand, this allows us to track the behavior of users after they have been redirected to our website via a Facebook ad (after a click). This is necessary to record the effectiveness of the Facebook ads for market research and statistical purposes. The data collected in this way is pseudonymous for us, which means that we do not see the personal data of individual users.
Furthermore, we can determine you as a visitor to our website as a target group for Facebook ads (Facebook Ads) through the “Facebook Pixel”. Thus, we use the Facebook pixel to display Facebook ads placed by us only to users who have indicated an interest in our products or our online presence. This may be, for example, interest in a particular product determined on the basis of a visit to a particular themed website. We transmit these characteristics and information to Facebook (so-called “Custom Audiences”).
This data is stored and processed by Facebook, about which we inform you according to our level of knowledge. Facebook may link this data to your Facebook account and also use it for its own advertising purposes, according to Facebook’s data usage policy https://www.facebook.com/about/privacy/.
You can object to this processing at any time. To do so, simply click on the following link: Disable Facebook Audiences. After clicking, an opt-out cookie will be set within your browser. This prevents the future collection of your data during a visit to this website. If you delete your cookies, you must click the link again to object to the processing.
5.6. MailChimp Newsletter
We offer you the opportunity to subscribe to our free newsletter via our website.
For newsletter dispatch, we use MailChimp, a service of The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA, hereinafter only referred to as “The Rocket Science Group”.
Through certification under the EU-US Privacy Shield (“EU-US Privacy Shield”):
https://www.privacyshield.gov/participantid=a2zt0000000TO6hAAG&status=Active, the Rocket Science Group guarantees that the data protection requirements of the EU are also complied with when processing data in the USA. In addition, The Rocket Science Group offers a data protection service at http://mailchimp.com/legal/privacy/ for further data protection information.
The newsletter subsequently sent via The Rocket Science Group also contains a so-called tracking pixel, also called “web beacon”. With the help of this tracking pixel, we can evaluate whether and when you have read our newsletter and whether you have followed any further links contained in the newsletter. In addition to other technical data, such as the data of your IT system and your IP address, the processed data is stored so that we can optimize our newsletter offer and respond to the wishes of the readers. The data is thus used to increase the quality and attractiveness of our newsletter offer.
The legal basis for the dispatch of the newsletter and the analysis is Art. 6 para. 1 lit. a.) GDPR. In accordance with Art. 7 (3) GDPR, you can revoke your consent to the sending of the newsletter at any time with effect for the future. To do so, you simply need to inform us of your revocation or click on the unsubscribe link contained in each newsletter.
5.7. Google Optimize / Kameleon
This website uses Google Optimize. Google Optimize is a service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Optimize enables the simultaneous playout and analysis of different variants of our website. With the help of Google Optimize, we can improve the user experience according to the behavior of our users on the website.
The user data collected is anonymous. Google Optimize is a tool integrated into Google Analytics. Google Optimize cookies are stored on the basis of Art. 6 (1) lit. f GDPR. You can prevent the collection and storage of your anonymized data by Google Optimize at any time. (see above Opt-Out Google Universal Analytics).
We use Hotjar by Limited (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) on this website to statistically analyze visitor data. Hotjar is a service that analyzes user behavior and feedback on websites through a combination of analytics and feedback tools. Hotjar-based websites have a tracking code embedded on their websites that is transmitted to our servers located in Ireland (EU). This tracking code contacts Hotjar’s servers and sends a script to the computer or device you use to access the Hotjar-based website. The script collects certain data related to the user’s interaction with the corresponding web page. This data is then sent to Hotjar’s servers for processing.
If you do not want Hotjar to collect your data, you can opt out by consulting the user guide under https://www.hotjar.com/legal/policies/privacy. There you have the option to disable or re-enable the collection of data by Hotjar by simply clicking on the red disable Hotjar button. Attention: Deleting cookies, using the incognito/private mode of your browser, or using a different browser will result in data being collected again.
6. Your Choices
6.1. Access to your Account
We provide access to your Arcensus data within your Arcensus account. You can access and download data processed by Arcensus within your Arcensus account Settings and within applicable Reports, Tools, and features. If you lose access to your Arcensus account or account email address, please contact Customer Care for assistance. If you lose access to your Arcensus account, in certain circumstances, we may require that you submit additional information sufficient to verify your identity before providing access or otherwise releasing information to you. If you choose not to submit the required documentation, or the information provided is not sufficient for the purposes sought, Arcensus will not be able to sufficiently verify your identity in order to complete your request.
You may access, correct or update most of your Registration Information on your own within your Arcensus Account Settings. You may also review and update your consent to Arcensus Research and Sample Storage. You may be able to correct Self-Reported Information entered into a survey, form, or feature within your account. Please note that you may not be able to delete User Content that has been shared with others through the Service and that you may not be able to delete information that has been shared with third parties.
6.2. Marketing Communications
You may be asked to opt-in to receive product and promotional emails or notifications when creating your Arcensus account or when using our Services. You may view or update your notification preferences for marketing communications by visiting your Arcensus Account Settings, opting out at the browser or device level, or by contacting our Privacy Administrator at [email protected]. You can also click the “unsubscribe” button at the bottom of promotional email communications, as applicable.
6.3. Sharing outside of the Arcensus Services
You may decide to share your Personal Information with friends and/or family members, doctors or other health care professionals, and/or other individuals outside of our Services, including through third party services such as social networks and third-party apps that connect to our website and mobile apps through our application programming interface (“API”). These third parties may use your Personal Information differently than we do under this Privacy Statement. Please make such choices carefully and review the privacy statements of all other third parties involved in the transaction. Arcensus does not endorse or sponsor any API applications and does not affirm the accuracy or validity of any interpretations made by third party API applications.
In general, it can be difficult to contain or retrieve Personal Information once it has been shared or disclosed. Arcensus will have no responsibility or liability for any consequences that may result because you have released or shared Personal Information with others. Likewise, if you are reading this because you have access to the Personal Information of an Arcensus User, we urge you to recognize your responsibility to protect the privacy of each person within that account.
6.4. Account deletion
If you no longer wish to participate in our Services, or no longer wish to have your Personal Information be processed, you may delete your Arcensus account and Personal Information via contacting Arcensus support. Once you submit your request, we will send an email to the email address linked to your Arcensus account detailing our account deletion policy and requesting that you confirm your deletion request. Once you confirm your request to delete your account and data, your account will no longer be accessible while we process your request. Once you confirm your request, this process cannot be cancelled, undone, withdrawn, or reversed. When your account is deleted, all associated Personal Information is deleted and any stored samples are discarded, subject to the following limitations:
– Information previously included in Arcensus Research. As stated in any applicable Consent Document, Genetic Information and/or Self-Reported Information that you have previously provided and for which you have given consent to use in Arcensus Research cannot be removed from completed studies that use that information. Your data will not be included in studies that start more than 30 days after your account is closed (it may take up to 30 days to withdraw your information after your account is closed).
– Legal Retention Requirements: Arcensus and/or our contracted laboratories will retain your Genetic Information, date of birth, and sex as required for compliance with applicable legal obligations. Arcensus will also retain limited information related to your account and data deletion request, including but not limited to, your email address, account deletion request identifier, communications related to inquiries or complaints and legal agreements for a limited period of time as required by law, contractual obligations, and/or as necessary for the establishment, exercise or defense of legal claims and for audit and compliance purposes.
7. Security Measures
Arcensus takes seriously the trust you place in us. Arcensus implements physical, technical, and administrative measures to prevent unauthorized access to or disclosure of your information, to maintain data accuracy, to ensure the appropriate use of information, and otherwise safeguard your Personal Information. Our team regularly reviews and improves our security practices to help ensure the integrity of our systems and your information. These practices include, but are not limited to the following areas:
– We maintain information security management system, which protects Arcensus systems; if we work with third party providers we assure that they are certified.
– Encryption: Arcensus uses industry standard security measures to encrypt Sensitive Information both at rest and in transit.
– Limited access to essential personnel: We limit access to Sensitive Information to authorized personnel, based on job function and role. Arcensus access controls include multi-factor authentication, single sign-on, and strict least-privileged authorization policy.
Please recognize that protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party and should immediately notify Arcensus of any unauthorized use of your password. Arcensus cannot secure Personal Information that you release on your own or that you request us to release.
Your information collected through the Service may be stored and processed in the United States or any other country in which Arcensus or its subsidiaries, affiliates or service providers maintain facilities and, therefore, your information may be subject to the laws of those other jurisdictions which may be different from the laws of your country of residence.
8. Children’s Privacy
Arcensus is committed to protecting the privacy of children as well as adults. Neither Arcensus nor any of its Services are designed for, intended to attract, or directed toward children under the age of 18. A parent or guardian, however, may collect a sample from, create an account for, and provide information related to, his or her child who is under the age of 18. The parent or guardian assumes full responsibility for ensuring that the information that he/she provides to Arcensus about his or her child is kept secure and that the information submitted is accurate.
If you believe that we have infringed your rights, we encourage you to contact us so that we can try to address your concerns or dispute informally. Our contact information is:
Tel: +49 (0)381 2026 7000
Fax: +49 (0)381 2026 7001
Email: [email protected]