Privacy is in our DNA.
Everyone deserves a safe and private place to explore and understand their genetics. At Diploide, we give you the control of deciding what information you want to learn and what information you want to share.
Five principles with which we ensure
your genetic privacy
Diploide gives you control over your genetic information. We want you to decide how your information is used and with whom it is shared.
You decide how your information is stored, used and shared.
There are several important decisions you can make:
Whether or not to store your saliva sample.
If you want your account to be visible to other members of Diploide.
If you want to participate in our research sharing your genetic information.
Your decisions about how your information is stored, used and shared can be changed at any time. Contact us at firstname.lastname@example.org to fill out the forms corresponding to your genetic privacy choice.
Privacy by design
Types of information we collect
We collect your personal information when you register and use the site, such as your name, credit card, email address and web behavior information (such as your IP address). Through the saliva sample and the answers of the survey that it provides us, we collect genetic, phenotypic and family information.
How we store your information
Your personal and registration information is stored separately from any genetic information to reduce the likelihood that you can be identified. Your personal information is assigned a random customer identification number for identification and customer service. Your genetic information is only identified using a bar code system.
How we keep the details of your research private
If you provide answers to our online surveys and enroll in our research program, your genetic information is removed from the personally identifiable information and transferred to our research environment where it is stored with the response data from your survey and you will be Assigns a randomized research identification number.
We take care of designing our product keeping in mind the privacy. And we believe it is important that you understand how we handle your information. Below is a general description of the information we collect, how it is used and when it is disclosed.
Share with third parties
We will not sell, lease or rent your information individually to third parties or to third parties for research purposes without your explicit consent. However, we use and share aggregate information with third parties to conduct business development, initiate research, send marketing emails and improve our services.
The aggregate information has been removed from your personal data (for example, your name and contact information) and has been added with the information of others so that you can not be identified as a person.
We care very much about protecting the information of children and others who do not have the legal capacity to make decisions for themselves. In the case of children, a parent or guardian may collect a saliva sample, create an account and provide information related to their child. The parent or guardian assumes all responsibility for ensuring that the information he or she provides to 23andMe about their child remains secure and that the information presented is accurate.
When a client has lost capacity or died, we will only give your account information to people who are legally authorized to make decisions on your behalf, such as an executor, a personal representative or a beneficiary of a deceased's estate. The person requesting the information must complete an authorization form and provide evidence and legal documentation that they are allowed to act on the person's behalf before we provide any information.
We work very hard to protect your information from unauthorized access by the police. However, under certain circumstances, your information may be subject to disclosure in accordance with a subpoena, warrant or order of another government, or in coordination with regulatory authorities. If a situation of this kind arises, we must comply with valid governmental requests and notify affected people unless the legal request prevents us from doing so.
We have long supported legislative efforts aimed at preventing genetic discrimination and safeguarding people's genetic privacy.
Specifically, in the USA. UU We actively participate in the development of the Genetic Information Non-Discrimination Act (GINA) enacted in 2008. The GINA is a federal legislation that protects Americans against discrimination in health insurance and employment decisions based on genetic information . GINA does not cover life or disability insurance providers.
In addition, we have supported the California Genetic Information Nondiscrimination Act (Senate Bill No. 559), which was enacted in 2011.
Diploide believes that genetic information, as well as the systems established to protect it, deserve the highest level of security.
Diploide uses software, hardware and physical security measures to protect the computers where customer data is stored. We use robust authentication methods to access our systems. Personal information and genetic data are stored in physically separate computer environments, which is in line with industry security standards.
It is important to keep in mind that Diploide can not protect your information if you share it with others. In addition, despite the use of the most current technical and industry guidelines for the protection of your information, it is never possible to fully guarantee against security breaches.
Security by Design. Diploide produces secure applications by design, following principles such as confidentiality, integrity and availability. Diploide incorporates explicit security reviews in the life cycle of software development, quality assurance tests and operational implementation. Diploide's security controls are audited regularly by an external auditor.
Separation of environments. Diploide guarantees that the processing, production and research environments are separated and access is restricted.
Availability and resilience. The application components of Diploide are implemented in a highly redundant configuration, in geographically distributed data centers to minimize any interruption. This guarantees a high availability of Diploide services and avoids the loss of data of our clients' information.
Access controls. At Diploide, all access is limited to authorized personnel, depending on the role and roles of the work. Diploid access controls include multi-factor authentication, single sign-on, and a strict authorization policy with minimal privileges by default. Diploide also uses advanced protocols and industry standards for the authorization of compatible internal platforms and third-party applications. In addition, access to genetic and account information is applied through different policies and encryption keys. That means that your genetic information requires additional privileges to access.
Diploid encryption uses industry standard security measures to encrypt confidential personal data in the rest. Diploide also uses HTTPS by default to encrypt all data in transit.
Monitoring and registration. Diploide uses last generation intrusion prevention and detection measures to stop any possible attack on its networks. The monitoring and registration used in Diploide provides real-time monitoring, correlation and analysis of records and alerts in practically any implemented system.
Management of vulnerability. Diploide has integrated the continuous scanning of vulnerabilities in its compilation channel. In addition, external security experts perform periodic penetration tests. Diploide has also established a program for users to report security-related problems associated with our web application. If you want to report a problem, click here.
Incident management Diploide maintains a formal incident management program designed to guarantee the safe and continuous delivery of its Services. We implemented our incident management program, using industry best practices, including guidance from the National Institute of Standards and Technology (NIST). Incident response plans are regularly tested to ensure that our teams are adequately prepared to handle any type of incident, quickly and efficiently.
Awareness and safety training. Diploide requires all of our employees to complete security and privacy training annually.
Participation in research
Diploide offers customers the opportunity to participate in a new way of doing research (at home and online). Participating in our research is completely voluntary. Clients may choose not to consent to investigate, and choosing not to participate will not affect their Diploide experience.
If you choose to consent to participate in an investigation, your data will be used to help boost the work done by Diploide scientists or by third-party researchers working with Diploide. Consent allows our researchers, or approved external investigators, to use unidentified information from a client for a variety of studies.
You can participate in the research in several ways, by:
access the general research program, allowing researchers to use their information at the individual level, or
join one of our communities (such as lupus, Parkinson's disease and irritable bowel disease (IBD).
You will be presented with these options during or after the kit registration. You can choose to participate or not participate in our research at any time. If you choose not to participate, we will stop using your information for research within 30 days.