Last Updated: January 20, 2022
Table of Contents
- How We Collect Information
- Information We Collect
- Information You Provide to Us
- Information We Collect Through Automatic Data Collection Technologies
- How We Use Your Information
- Disclosure of Your Information
- Choices About How We Use and Disclose Your Information
- Deidentified-and-Aggregated Information
- Accessing and Correcting Your Information
- US state specific privacy laws
- European privacy laws/laws on data protection
- Data Security
- Children Under the Age of 18
- Contact Information
How We Collect Information
- On or when you use our Platform.
- In email, text, and other electronic messages between you and the Platform.
It does not apply to information collected by:
- Us offline or through any other means, including on any other website operated by MBL or any third party; or
- Any third party, including through any application or content (including advertising) that may link to or be accessible from or through the Platform.
Information We Collect
We collect several types of information from and about users of our Platform, including information:
- By which you may be personally identified, such as name, postal address, email address, telephone number, and/or identity verification (“personal information”);
- That is about you but individually does not identify you; and/or
- About your internet connection, the equipment you use to access our Platform, and usage details.
We collect this information:
- Directly from you when you provide it to us or, with your consent, from your preferred practitioner when they use the Platform.
- Automatically as you navigate through the Platform. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies, if you have provided your consent to such cookies as further described below under “Information We Collect Through Automatic Data Collection Technologies”.
- From third parties, for example, our business partners.
Information You Provide to Us
The information we collect on or through our Platform may include:
- Information that you provide by filling in forms on our Platform.
- Records and copies of your correspondence (including email addresses), if you contact us.
- Details of transactions you carry out through our Platform and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Platform.
- Your search queries on our Platform.
- Your responses to questionnaires that we ask you to complete for research purposes.
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Platform, we may, in accordance with your consent, use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to our Platform and other communication data and the resources that you access and use on our Platform.
- Information about your computer and internet connection, including your IP address, operating system, and browser type.
The technologies we use for this automatic data collection may include:
- Web Beacons. Pages of our Site and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count individuals who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information:
- To present our Platform and its contents to you.
- To provide you with information, Products, or Services that you request from us.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- To notify you about changes to our Platform, including any Products or Services we offer or provide though it.
- In any other way we may describe when you provide the information.
- To fulfill any other purpose for which you provide it.
- For any other purpose with your consent.
Disclosure of Your Information
- To our parent, subsidiaries, and affiliates.
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of MBL’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by MBL about our Platform users is among the assets transferred.
- To fulfill the purpose for which you provide it.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
We may also disclose your personal information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request, but only as legally required.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our customers, our company, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
We do not control third party collection or use of your information to serve interest-based advertising. However, third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website.
Deidentified-and-aggregated information is not personal information. We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. We may also use de-identified and aggregated information when you agree to participate in our research (see “Research” below).
You may participate in our research through your consent when providing us with your BiomeFx kit or otherwise through the Platform. Participation in our research is entirely optional. We do not use your personal information for research unless you choose to specifically participate in research. If you consent to our research, we may:
- Use your personal information, which may be deidentified-and-aggregated information, for research.
- Share the results of your test and related information (including demographic information, responses to the medical history and lifestyle questionnaire, etc.) with our researchers and affiliated entities.
Accessing and Correcting Your Information
Your country/region or state-specific Rights
Specific regions, states and/or countries may have privacy /data protection laws, which provide their residents with additional rights regarding our use of their personal information.
See below for
- US State specific privacy laws
- European privacy laws/laws on data protection
US state specific privacy laws:
Residents of California:
Residents in other states:
Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:
- Confirm whether we process their personal information.
- Access and delete certain personal information.
- Data portability.
- Opt-out of personal data processing for targeted advertising and sales.
Colorado, Connecticut, and Virginia also provide their state residents with rights to:
- Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose.
- Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
European privacy laws/laws on data protection
This section applies to residents of the European Economic Area (European Union, Iceland, Liechtenstein and Norway), United Kingdom and Switzerland, which are hereinafter referred to as “European countries”, when MBL markets our products and services in European Countries.
The EU General Data Protection Regulation no. 679/2016 (“GDPR”) is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. Similar legislation applies in other European Countries outside EU.
We are committed to comply with GDPR and to fulfil the rights of any resident of European Countries purchasing MBL Products and Services. We have implemented appropriate technical and organizational measures to ensure the safety of the personal information we process about you, both in transfer and at rest.
MBL is “controller” in the meaning of GDPR, meaning the overall responsible for the processing of your personal data as described in this policy, when marketing products and services in Europe.
MBL is a US-based company. When you obtain MBL Products and Services from one of our business partners in EU or UK, you will be directed to this website registration and payment. This registration is required in order for us to appropriately link your sample and the results of the analyses to you.
The analysis of your test will be performed in the United States or Canada. Our EU and UK business partners will ensure the shipment of your sample for analyses with us and our external lab partner.
We will send the results of the analyses to the e-mail address you provide when you register.
Purpose and legal basis:
The purpose and extent of the processing of your personal data and the legal basis for such processing as defined by GDPR is listed below:
We process your personal data:
- for the purpose of presenting our Platform and its contents to you based on our legitimate interest in marketing, cf. GDPR article 6, 1 (f).
- for the purpose of communication about and marketing of our Products and Services and to provide other information or material, as per your request, in accordance with your consent, cf. GDPR art. 6, 1 (a).
- for the purpose of carrying out our obligations according to contracts we enter into with you or to take steps at your request prior to entering into a contract with you, including for billing and collection, cf. GDPR article 6, 1 (b).
- for the purpose of compliance with applicable legislation relating to the sale of products and services, accounting, bookkeeping or similar, cf. GDPR, art. 6, 1 (c).
- for other purposes as specifically notified to you at the point of collection of your personal data.
Retention of your personal information
In general, we will retain your personal information for as long as it is relevant to fulfil the purpose for which it has been registered. In considering how long we keep your personal information, we will consider its relevance to our business and to legal and regulatory obligations relating to documentation and archiving, which apply to us.
Your personal information contained in the analysis and report generated as part of your use of BiomeFX products and services will be stored for a period of 12 months. At the end of the 12 months period, your data be anonymized and only be used in a de-identified format for research, analysis and statistical purposes, including with the purpose of improving future product development.
For the purpose of bookkeeping, accounting and tax, we keep records of our delivery of a report to you and your consents, as described above, at least for a period of 6 years.
Sharing your Personal information
We will treat your personal data as confidential and ensure that it is protected with technical and organizational security measures.
Your personal information will be transferred to external suppliers, including IT service providers that are assisting us in the provision of services to you.
Otherwise, we will only share your personal information if required by law or court order.
MBL is a company located in the United States and your personal data will be processed in the United States, when you register and make purchases on our U.S. website. Any sample you submit for analysis as part of your use of the MBL Products and Services, will also be sent to the United States for our analysis.
MBL ensures that third parties to who your personal data is transferred, apply appropriate technical and organizational measures to keep your personal data safe. Just like we do.
Data Protection Rights
If we process personal data about you, you have certain data protection rights:
- You have the right to request access to and rectification or erasure of your personal data.
- You also have the right to object to the processing of your personal data and to have the processing of your personal data restricted.
- If processing of your personal information is based on your consent, you have the right to withdraw your consent at any time, by contacting the e-mail address mentioned below. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent.
- You are entitled to receive personal data which you have provided to us in a structured, commonly used and machine-readable format (data portability).
- You can always lodge a complaint with the relevant supervisory authority. For EU, you can find the relevant authority here Our Members | European Data Protection Board (europa.eu). For UK, the relevant authority is The Information Commissioner’s Office, ICO Information Commissioner’s Office (ICO).
There may be conditions or limitations on these rights. Accordingly, there is no certainty that you will be entitled to for example data erasure at the time when you request it or data portability in the specific situation; it will depend on the circumstances of the processing.
We have implemented technical and organizational measures designed to secure your personal information from loss and unauthorized access, use, alteration, and disclosure. We maintain reasonable administrative, technical, and physical controls in order to protect the confidentiality, integrity, and availability of your personal information. We use appropriate encryption technologies where it would be reasonable to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Platform. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our Platform.
Children Under the Age of 18
Our Platform is not intended for children under 18 years of age. No one under age 18 may provide any personal information to or on our Platform. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on our Platform or through any of its features. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information.