DNArails Co. Ltd., as a Data Processor or Subprocessor, is responsible for the processing of your personal information and the uploaded sample on this Website and Genetic Information System (the “Service”). In this statement, “DNArails”, “we”, or “us” refers to such DNArails Co. Ltd.
This notice discloses the privacy practices for www.dnarails.com and genisys.dnarails.com/apps/. It is served by: DNArails Co. Ltd which is headquartered at Rm. 322, 3F., Building E. No.19-11, Sanchong Rd., Nangang Dist., Taipei City 115, Taiwan.
We will keep the personal information and sample data you provide, so you can access and practice the Service. We may contact your through the email or LINE account to send the notification about your analysis and our commercial information. We collect the cookies and other data generated via technology to make sure you have the best user experience. We keep our data on our cloud server providers, including AWS and Alibaba Cloud. You might stop receiving the notification anytime. We will not sell your information to other companies. We follow the laws of all the countries where we operate. If you need more information, see the sections below.
- The Information We Might Collect from You
The purposes in collecting information from you are allowing us to offer you the Services, including data management, analysis and report generating, and improve your user experiences.
2.1 User Account Information / Personally Identifiable Information (the “Personal Data”)
When you register for our Service, we will ask you for personally-identifiable information including, but not limited to your username, first and last name, e-mail, password, phone number, mailing address, company name, and title. If you contact us via phone, email, or the application form, we will collect your name, phone number, email, title, and company name, as well as the asking content or attachments included.
2.2 Genomic / Patient Information that You Voluntarily Provider (the “Sample Data”)
We will collect and store the genomics sequence data and the related patient information that you submit to our Service. You need to take full responsibility for obtaining the permission to get these data and information from the sample donor.
2.3 Information Collected via Technology
To improve you user experiences, our server (which may be hosted by third-party) will collect the information including browser type, operating system, Internet Protocol (IP) address, domain name, and/or a date/time stamp when your visit our website or apply for the Service.
The receipt information of the Service and the information provided in signed contract are not covered by this statement.
- Security of Your Information
The Service and the upload process use the Secure Socket Layer (SSL) encryption to protect your Personal Data and Sample Data. However, there has no data transmission way or data storage system can be fully secure, we cannot guarantee the security of information transmit between you and our Service.
The Sample Data you voluntarily provide will be limited to access based on the privileges for user, group, and local group accounts you set. It is your responsibility to protect the confidentiality of your passwords, account information, and any other access features associated with your access or use of the Service. If at any time you believe that your interaction with the Service is no longer secure, please inform us immediately.
- How Your Information May be Used
We may use your information according to the following purposes:
- To improve our Service, including any analysis service, in-house algorithms and products.
․ To improve the user experiences.
․ For marketing activities.
․ To communicate with you or give the technical support. (We will ask for the permission to access your Sample Data before we give you the technical support.)
․ To authorized advanced analysis.
We will not sell or provide your data to third parties without your permission.
Who May Share Your Information?
5.1 Data Process and Storage
The Service we provide and the information we collect is all operate and store on the cloud servers operated by us or third-parties, including AWS and Alibaba Cloud. All servers are protected with sufficient technical, physical and administrative security measures, including without limitation the encryption of all stored sequenced data using encryption algorithms. Further, we will make sure the third-parties we used are all following up the privacy regulation based on the region they operated.
5.2 Service Providers
To provide the Service in different countries, we may rely on third-party service providers or contractors to operate the selling activities or technical support. Under this premise, the contracted service providers may do the operations including, but not limited, maintenance of our customer databases, newsletters on our behalf, Sample data analysis, analysis result check for technical supporting and payment processing.
5.3 Compliance with Laws and Law Enforcement
DNArails cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose Personal Data and other user information when we, in our sole discretion, have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may (either intentionally or unintentionally) be causing injury to or interference with our rights or property, users of our Site, or anyone else who could be harmed by such activities. We may also disclose user information when we believe, in our sole discretion, that such disclosure is required by applicable law. We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
In addition to provide our Service, we may transfer the Sample Data to the third-party services we contract with and we might transfer the Personal Data if it is necessary. We can also transfer all data we collect to the third-party in the event of any corporate reorganization, merger, sale, joint venture, assignment, transfers, or other disposition of all or any portion of DNArails’ business, assets, or stock.
Any transfers the data outsides of the collected region acting by DNArails, including transfers to DNArails affiliates or third-party service providers, will only be transferred if a legal basis for such transfer exists. However, it is your responsibility to follow up the regulation about the Sample Data transfer based on the region you collect your sample.
Changing or deleting your Information
You may access, review, update, correct or delete the Personal Data via the “Edit Profile” function embed in our system. If you would like us to delete your account in our system, please contact us at email@example.com with a request that we delete your Personal Data from our database and your account may become deactivated. We will use commercially reasonable efforts to honor your request. We may retain an archived copy of your records as required by law or for legitimate business purposes.
The Services are not directed towards users under the age of 16 and we do not knowingly collect personal information from minors under the age of 16. If you become aware that a user under the age of 16 has used the Service, please contact us at firstname.lastname@example.org. If we become aware that a child under 16 has provided us with Personal Data, DNArails will take the necessary steps to remove it. However, the Sample Data is not covered here.
9.1 Personal Information Protection Act (for consumers located in Taiwan)
DNArails is a Taiwan based company and therefore we must abide the laws and regulations of the ROC, which is called Personal Information Protection Act. By providing Personal Data, Sample Data and other information to Service, you understand and consent us to the collection, use, processing and transfer of such information.
9.2 General Data Protection Regulation, GDPR
DNArails is compliant with the GDPR regulation as it becomes effective starting 25-May-2018. In the language of GDPR, DNArails positions remains a Data Processor or a subprocessor of its clients, whom are either Data Controllers or Data Processors. As such, DNArails is not liable for the provisions of GDPR that pertain to the Data Controllers, unless DNArails move our business into the capacity of a Data Controller.
DNArails’ obligations, are indicated in the document entitled GDPR Addendum, which including, but not limited to the following:
9.2.1 DNArails shall only process the data on instructions from the Data Controller, and inform them if it believes said instruction infringes on the GDPR. In other words, a data processor may not opportunistically use or mine personal data it is entrusted with for purposes not outlined by the data controller.
9.2.2 DNArails shall obtain written permission from the controller before engaging a subcontractor and assume full liability for failures of subcontractors to meet the GDPR.
9.2.3 Upon request from the controller, DNArails shall delete or return all personal data at the end of service contract.
9.2.4 DNArails shall enable and contribute to compliance audits conducted by the controller or a representative of the controller.
9.2.5 DNArails shall take reasonable steps to secure data, such as encryption and pseudonymization, stability and uptime, backup and disaster recovery, and regular security testing/
9.2.6 DNArails shall Notify data controllers without undue delay upon learning of data breaches.
9.2.7 DNArails shall restrict personal data transfer to a third country only if legal safeguards are obtained.