Privacy Policy

Last Updated: January 20, 2022 


Physicians Exclusive LLC (Microbiome Labs) (“MBL”we,” “us,” or our”) provides personalized science to help you make informed lifestyle decisions. As an integral part of this work, we respect your privacy and are committed to protecting it through compliance with this privacy policy (“Privacy Policy”), which describes our practices for collecting, using, maintaining, protecting, and disclosing your information. This Privacy Policy applies to the information we may collect from you or that you may provide when you access or use our website (“Site”), products (“Products”), or related services (“Services”) (the Site, Products, and Services are collectively referred to as “Platform”). 

Please read this Privacy Policy carefully to understand our practices regarding our treatment of your information. If you do not agree with our practices, do not use our Platform. By accessing or using our Platform, you accept and consent to the practices described in this Privacy Policy and our Terms of Use. This Privacy Policy may change from time to time (see “Changes to Our Privacy Policy,” below), so please check the Privacy Policy periodically for updates. 

Table of Contents

How We Collect Information 

This Privacy Policy applies to information we collect: 

  • On or when you use our Platform. 
  • In email, text, and other electronic messages between you and the Platform. 
  • When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this Privacy Policy. 

It does not apply to information collected by: 

  • Us offline or through any other means, including on any other website operated by MBL or any third party; or  
  • Any third party, including through any application or content (including advertising) that may link to or be accessible from or through the Platform. 

Information We Collect 

We collect several types of information from and about users of our Platform, including information: 

  • By which you may be personally identified, such as name, postal address, email address, telephone number, and/or identity verification (“personal information”); 
  • That is about you but individually does not identify you; and/or 
  • About your internet connection, the equipment you use to access our Platform, and usage details. 

We collect this information: 

  • Directly from you when you provide it to us or, with your consent, from your preferred practitioner when they use the Platform. 
  • Automatically as you navigate through the Platform. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies, if you have provided your consent to such cookies as further described below under “Information We Collect Through Automatic Data Collection Technologies”. 
  • From third parties, for example, our business partners. 

Information You Provide to Us   

The information we collect on or through our Platform may include: 

  • Information that you provide by filling in forms on our Platform.  
  • Records and copies of your correspondence (including email addresses), if you contact us. 
  • Details of transactions you carry out through our Platform and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Platform. 
  • Your search queries on our Platform. 
  • Your responses to questionnaires that we ask you to complete for research purposes. 

Information We Collect Through Automatic Data Collection Technologies 

As you navigate through and interact with our Platform, we may, in accordance with your consent, use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including: 

  • Details of your visits to our Platform and other communication data and the resources that you access and use on our Platform. 
  • Information about your computer and internet connection, including your IP address, operating system, and browser type. 

The technologies we use for this automatic data collection may include: 

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Platform. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Platform.  
  • Web Beacons. Pages of our Site and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count individuals who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).  

How We Use Your Information 

We use information that we collect about you or that you provide to us, including any personal information: 

  • To present our Platform and its contents to you. 
  • To provide you with information, Products, or Services that you request from us. 
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection. 
  • To notify you about changes to our Platform, including any Products or Services we offer or provide though it. 
  • In any other way we may describe when you provide the information. 
  • To fulfill any other purpose for which you provide it. 
  • For any other purpose with your consent. 

Disclosure of Your Information 

We may disclose personal information that we collect, or you provide as described in this Privacy Policy: 

  • To our parent, subsidiaries, and affiliates. 
  • To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them. 
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of MBL’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by MBL about our Platform users is among the assets transferred. 
  • To fulfill the purpose for which you provide it.  
  • For any other purpose disclosed by us when you provide the information. 
  • With your consent. 

We may also disclose your personal information: 

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request, but only as legally required. 
  • To enforce or apply our Terms of Use and other agreements, including for billing and collection purposes. 
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our customers, our company, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. 

Choices About How We Use and Disclose Your Information 

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:  

  • Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of our Site may then be inaccessible or not function properly.   

We do not control third party collection or use of your information to serve interest-based advertising. However, third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website. 

Deidentified-and-Aggregated Information 

Deidentified-and-aggregated information is not personal information. We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. We may also use de-identified and aggregated information when you agree to participate in our research (see “Research” below). 


You may participate in our research through your consent when providing us with your BiomeFx kit or otherwise through the Platform. Participation in our research is entirely optional. We do not use your personal information for research unless you choose to specifically participate in research. If you consent to our research, we may: 

  • Use your personal information, which may be deidentified-and-aggregated information, for research. 
  • Share the results of your test and related information (including demographic information, responses to the medical history and lifestyle questionnaire, etc.) with our researchers and affiliated entities. 

You may withdraw your consent from our research at any time by contacting us as set forth at the end of this Privacy Policy. 

Accessing and Correcting Your Information 

You may contact us as set forth at the end of this Privacy Policy to request access to, correct, or delete any personal information that you have provided to us. We may not accommodate a request to delete information if we believe it would violate any law or legal retention requirement or your information has already been deidentified. 

Your country/region or state-specific Rights 

Specific regions, states and/or countries may have privacy /data protection laws, which provide their residents with additional rights regarding our use of their personal information.  

See below for  

  • US State specific privacy laws 
  • European privacy laws/laws on data protection 

US state specific privacy laws: 

Residents of California: 

To learn more about California residents’ privacy rights, visit our Privacy Policy for California Residents. California’s “Shine the Light” law (California Civil Code § 1798.83) permits users of our Platform who are California residents to request certain information regarding our disclosure of their personal information to third parties for their direct marketing purposes. To make such a request, please contact us as set forth at the end of this Privacy Policy. 

Residents in other states: 

Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to: 

  • Confirm whether we process their personal information. 
  • Access and delete certain personal information. 
  • Data portability. 
  • Opt-out of personal data processing for targeted advertising and sales. 

Colorado, Connecticut, and Virginia also provide their state residents with rights to: 

  • Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose. 
  • Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.  

To exercise any of these rights and/or to appeal a decision regarding a consumer rights request, please contact us as set forth at the end of this Privacy Policy 

Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may contact us as set forth at the end of this Privacy Policy. However, please know we do not currently sell data triggering the statute’s opt-out requirements. 

European privacy laws/laws on data protection 

This section applies to residents of the European Economic Area (European Union, Iceland, Liechtenstein and Norway), United Kingdom and Switzerland, which are hereinafter referred to as “European countries”, when MBL markets our products and services in European Countries.  

The EU General Data Protection Regulation no. 679/2016 (“GDPR”) is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. Similar legislation applies in other European Countries outside EU. 

We are committed to comply with GDPR and to fulfil the rights of any resident of European Countries purchasing MBL Products and Services. We have implemented appropriate technical and organizational measures to ensure the safety of the personal information we process about you, both in transfer and at rest. 

MBL is “controller” in the meaning of GDPR, meaning the overall responsible for the processing of your personal data as described in this policy, when marketing products and services in Europe.  

MBL is a US-based company. When you obtain MBL Products and Services from one of our business partners in EU or UK, you will be directed to this website registration and payment. This registration is required in order for us to appropriately link your sample and the results of the analyses to you.  

The analysis of your test will be performed in the United States or Canada. Our EU and UK business partners will ensure the shipment of your sample for analyses with us and our external lab partner.  

We will send the results of the analyses to the e-mail address you provide when you register. 

Purpose and legal basis: 

The purpose and extent of the processing of your personal data and the legal basis for such processing as defined by GDPR is listed below: 

We process your personal data:  

  • for the purpose of presenting our Platform and its contents to you based on our legitimate interest in marketing, cf. GDPR article 6, 1 (f). 
  • for the purpose of communication about and marketing of our Products and Services and to provide other information or material, as per your request, in accordance with your consent, cf. GDPR art. 6, 1 (a). 
  • for the purpose of carrying out our obligations according to contracts we enter into with you or to take steps at your request prior to entering into a contract with you, including for billing and collection, cf. GDPR article 6, 1 (b). 
  • for the purpose of compliance with applicable legislation relating to the sale of products and services, accounting, bookkeeping or similar, cf. GDPR, art. 6, 1 (c).  
  • for other purposes as specifically notified to you at the point of collection of your personal data.  

Retention of your personal information  

In general, we will retain your personal information for as long as it is relevant to fulfil the purpose for which it has been registered. In considering how long we keep your personal information, we will consider its relevance to our business and to legal and regulatory obligations relating to documentation and archiving, which apply to us. 

Your personal information contained in the analysis and report generated as part of your use of BiomeFX products and services will be stored for a period of 12 months. At the end of the 12 months period, your data be anonymized and only be used in a de-identified format for research, analysis and statistical purposes, including with the purpose of improving future product development.  

For the purpose of bookkeeping, accounting and tax, we keep records of our delivery of a report to you and your consents, as described above, at least for a period of 6 years.   

Sharing your Personal information 

We will treat your personal data as confidential and ensure that it is protected with technical and organizational security measures.  

Your personal information will be transferred to external suppliers, including IT service providers that are assisting us in the provision of services to you.  

Otherwise, we will only share your personal information if required by law or court order.  

Data Transfers 

MBL is a company located in the United States and your personal data will be processed in the United States, when you register and make purchases on our U.S. website. Any sample you submit for analysis as part of your use of the MBL Products and Services, will also be sent to the United States for our analysis.  

MBL ensures that third parties to who your personal data is transferred, apply appropriate technical and organizational measures to keep your personal data safe. Just like we do.  

Data Protection Rights 

If we process personal data about you, you have certain data protection rights:  

  • You have the right to request access to and rectification or erasure of your personal data. 
  • You also have the right to object to the processing of your personal data and to have the processing of your personal data restricted.
  • If processing of your personal information is based on your consent, you have the right to withdraw your consent at any time, by contacting the e-mail address mentioned below. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent. 
  • You are entitled to receive personal data which you have provided to us in a structured, commonly used and machine-readable format (data portability).
  • You can always lodge a complaint with the relevant supervisory authority. For EU, you can find the relevant authority here Our Members | European Data Protection Board ( For UK, the relevant authority is The Information Commissioner’s Office, ICO Information Commissioner’s Office (ICO)

There may be conditions or limitations on these rights. Accordingly, there is no certainty that you will be entitled to for example data erasure at the time when you request it or data portability in the specific situation; it will depend on the circumstances of the processing. 

You can take steps to exercise your rights by contacting us as set forth at the end of this Privacy Policy. 

Data Security 

We have implemented technical and organizational measures designed to secure your personal information from loss and unauthorized access, use, alteration, and disclosure. We maintain reasonable administrative, technical, and physical controls in order to protect the confidentiality, integrity, and availability of your personal information. We use appropriate encryption technologies where it would be reasonable to do so. 

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Platform. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our Platform. 

Children Under the Age of 18 

Our Platform is not intended for children under 18 years of age. No one under age 18 may provide any personal information to or on our Platform. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on our Platform or through any of its features. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. 

Changes to Our Privacy Policy 

It is our policy to post any changes we make to our Privacy Policy on this page. If we make material changes to how we treat individuals’ personal information, we will notify you by email to the primary email address you have provided us. You are responsible for ensuring we have an up-to-date active and deliverable email address for you. The date the Privacy Policy was last updated is identified at the top of this page. Your continued use of our Platform following the posting of changes constitutes your acceptance of such changes. 

Contact Information 

To ask questions or provide comments regarding this Privacy Policy or our privacy practices in general, please contact us at:  

Microbiome Labs

1332 Waukegan Rd, Glenview, IL 60025
[email protected]