We/Us/Our means 24DNA
You/Your/Yourself means the User of the Website.
Welcome to the website of 24DNA. The website is operated by 24DNA whereby it provides information in relation to the range of DNA testing services (the “Services”) that are offered by the company.
(i) the signing up to our Services,
(ii) text and electronic messages between you and 24DNA and
(iii) any other means of communications used.
What kind of information we collect about you
We collect several types of information about visitors to our website and/or users of our Services. This information may be gathered automatically when you browse through our Websites or else directly from you when you choose to sign up for our Services. Indeed:
(a) We will collect and process your personal data when you either register for a Service or else when you submit your feedback, even through other means of communication. The information we shall ask for shall depend upon the activity and the use thereof of the Services (e.g. paying for the Service). If you do not provide the data which would be needed for a particular activity, then you will not be able to engage and use that activity.
We also collect your Internet Protocol (“IP”) address. We use your IP address to diagnose problems with our servers and/or software, to administer our Services, and to gather demographic information.
(c) When you contact us for customer support we may collect additional information to resolve your issues.
(d) Our website and Service are not targeted at children or those under the age of 16. Therefore any individual under this age is not allowed to use our website or any of our services.
How we use your information
- To communicate with you about the Service you would have ordered. For example, if you contact us via email we will use the data to address your questions or troubleshoot any issues.
- 24DNA and its subsidiaries may also use your Personal Data and other personal non-identifiable information collected to help us to better understand our users and to improve the Services.
- In other ways described in the said Policy or to which you have consented or otherwise requested.
- In order to establish, exercise or defend any legal action.
- For the protection of our legitimate interests and the proper conduct of our business.
- As may be allowed or required by or under any law.
Further to the above, kindly note that data collected is not used for any e-mail, mail shots, newsletters or mass mailing marketing purposes. However, should we decide to use data for the said purpose, this would only occur after obtaining the required consent from you.
Disclosure and Transfer of Information
Data can be disclosed or shared with our employees in order to provide you with the Service signed up for. Data shall not be disclosed to unauthorised personnel.
Through the use of our Services as well as through the direct or indirect collection of personal data, you are hereby acknowledging an accepting that GCC may be required to share your personal data with third parties, whether the latter are directly or indirectly related to GCC, in order to provide the Service required by you. The data will only be shared in ways set forth below.
This transfer may include, but is not limited to:
(a) Service providers: We provide and support some of our Services through contractual arrangements with service providers and other third parties. We and our service providers use a technology called ‘cookies’ which is a piece of software that enables us to collect data about how the website and services are being used and to manage them more efficiently as well as data is collected to deliver Services. For example, we may share your information with our Third Party Agents (TPAs), virtual offices or the testing laboratories so as to provide you with the Service. The company is represented in some countries by authorized TPAs who may require your data in order to provide you with the Service. The laboratories we work with may also have access to your data to provide the Service. This data is then stored or disposed according to laboratory’s standard operating policies.
(b) Cross-border: Due to the company’s international operations, we may transmit client data across borders to other countries to our affiliates, subsidiaries, service providers and authorised TPAs as necessary to provide the Service.
(c) Legal Requirements: If required to do so by law or in good faith belief this action is necessary we may have to disclose your Personal Data to (i) comply with a legal obligation, (ii) protect and defend the rights or property of GTL, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.
(d) Business Continuity: Should 24DNA enter into the sale of all or part of its assets, we reserve the right to include your data, including personal data, among the assets transferred to the acquiring or surviving company.
It is worth highlighting that data sent via the internet can be transmitted across international borders even when the sender and the received of the data are located in the same country. Thus, your data can be transmitted through a country that has a lower level of data protection than that existing in your country of residence.
Updating or Correcting your Personal Data/ Rights of the Data Subject
As a data subject, you are entitled to certain rights. Indeed, it is your right to be able to oversee the use of your personal data we have about you, including the ability to:
- Amend or Rectify Data: You can contact us to edit your personal data especially if it is inaccurate. Under certain circumstances we may request proof to back up this request.
- Delete Data: You have the right to request that we delete all or some of your personal data particularly if it is no longer required to provide the Service to you or the Service has been concluded. There are however certain restrictions where this may not apply such as for example in the event of a test performed under Legal/Chain of Custody conditions.
- Right to Access and/or Take Your Data: You have the right to request a copy of your personal data on file in a machine readable format.
We will process any request by you to amend, delete or modify your information within 30 days from your request.
All requests made will be considered in light of the nature of the Service and commitments we have entered into, our obligations to store data and any applicable laws.
You can request modifications, deletion, or information about your personal data by sending a data request via email to firstname.lastname@example.org or writing to us at any of our local offices or branches worldwide.
Lawful Bases for Processing
In order for data to be processed, certain data protection principles need to be adhered to. Once of the said principles, is indeed the lawfulness behind the processing itself. There are various lawful grounds to process data. Indeed, one of the grounds is consent. Data can be processed for the performance of a contact to which the data subject is a party. We would only process data if such processing is based on a lawful ground.
Where the basis for processing is consent, explicit consent will be requested from the participants. Where the basis is contract, then you will be asked to agree to the terms of the contract and provide all the necessary personal data to allow us to provide the Service and fulfil our contractual obligations.
Where the basis for processing your personal data is legitimate interests, whether ours or that of third parties, this will only be undertaken on the basis that such interests are not overridden by the data subject interests or fundamental rights and freedoms. Examples of legitimate interests include complying with local legislation and in the face of possible threats to us or yourself (e.g. bank fraud, chargebacks etc.)
If processing of data is based on consent, it is your right to withdraw your consent at any time after it was given. You can contact us via email at email@example.com to find out more about your right to withdraw consent or object.
Information obtained as Data Processors
We have taken all necessary precautions to ensure that we protect your data to the best of our abilities. Indeed, we have implemented security policies, rules as well as technical measures to protect your personal data. Nonetheless, the Internet is not a secure medium and thus data sent through the Internet can be subject to unauthorised acts by third parties which we shall not be held liable of. Thus, we shall not accept any responsibility or liability for the security of your data while the latter is in transit through the Internet.
Should we believe that any of your personal data in our control has been compromised we will inform you via the contact details provided by yourself and primarily using your email address if it has been provided.
We currently do not share personal data with third parties for any mass email or mail marketing purposes. In the event we decide to share this information this would only happen once we have obtained your permission beforehand.
For more information about remarketing lists in Google Analytics please visit the following site –https://support.google.com/analytics/answer/2611268.
If you would like to opt-out of Google Analytics for display advertising you may do so by using the Ads Preferences Manager.
There is also a Google Analytics opt-out browser add-on that you can download at https://tools.google.com/dlpage/gaoptout/. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
If you do not agree with the usage of Google Analytics, kindly opt out as per the above mentioned options.
We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).
The payment processors we work with are:
How do you contact us with questions?
If contacting us does not resolve your complaint you have more options. Residents in Designated Countries may also have the right to contact our Data Protection Officer at firstname.lastname@example.org.
Residents in Designated Countries may have additional rights under their laws and should refer to their local data protection organisation for guidance.
Registered corporate address: