Alumia – Privacy Notice
Effective Date: May 20, 2021
Alumia Nutrition, Inc. (“Alumia”,” we”, “our”, or “us”) respects your privacy and are committed to protecting it through our compliance with this Privacy Notice (“Notice”).
This Notice describes our practices for collecting, using, maintaining, protecting, and disclosing your information through https://www.alumia.com (our “Website”), and related applications and platforms (collectively with the Website, the “Service” or “Services”).
A core element of our mission is our commitment to protect your personal information and to be transparent about the data we collect about you, how it is used, and with whom it is shared.
Please read this Notice carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our terms, your choice is not to use our Services. By accessing this Website or using our Services, you agree to this Privacy Notice. This Notice may change from time to time (see Changes to Our Privacy Notice). Your continued access to our Website or use of our Services after we make changes are deemed to be acceptance of those changes, so please check the Last Modified Date at the top of this Notice to ensure that you are viewing the current version of this Notice.
The Website and Services are intended for users that are at least eighteen (18) years old. By accessing or using the Services, you represent and warrant that you are at least eighteen (18) years old and that you possess the legal right and ability to enter into this Terms of Service and to use the Services in accordance with these Terms. If you are not at least eighteen (18) years old, you must not use the Services.
INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
We collect several types of information from you and about users of our Services, such as basic contact information when you sign up for an Account as well as your Genetic Information when you use our Services. Other types of information we collect is information related to how you use our Website, which helps us analyze and improve our Services.
Information You Provide to Us or Received by Us on Your Behalf
The categories of information we collect are:
Personal Information: In the course of registering an Account on our Website, filling out a contact form, and using our Services, we may require or otherwise collect information that identifies you as a specific individual and can be used to contact or identify you (“Personal Information”). Personal Information we collect may be further categorized as the following:
a) Registration Information: We collect registration information to process your saliva sample at our CLIA-certified laboratory and provide you with an Account on our Website. Registration information we collect may include your name, email address, phone number, shipping address, date of birth, and gender.
b) Genetic Information: As a part of using our Services, we collect information related to your genetics. This includes your saliva sample and information about your genotypes for specific genetic markers when we process a saliva sample that you have sent. Genetic Information is stored in a de-identified manner using an anonymized barcode system whereby your saliva sample and Genetic Information can only be identified using a unique barcode that is stored separately from any personally identifiable information such as your name or email address.
c) Lifestyle Information: If you choose to respond to a survey or Lifestyle Questionnaire, you may provide us with self-reported information related to your age, height, weight, dietary restrictions, ingredient allergies, exercise habits, and other lifestyle choices and goals. Any self-reported Lifestyle Information will enable Alumia to generate, bolster, or refine your selection of recommended Alumia Vitamins.
d) Inferences and Derived Data: We may use statistical techniques to infer additional insights based on Genetic Information generated directly through the processing of your saliva sample. This includes information, data, assumptions, or conclusions that are derived directly or indirectly from another source of Personal Information.
Non-Identifying Information: We also may collect non-identifying or non-personal information, such as zip codes, demographic data, time zone, publicly available data, and general information regarding your use of the Service (“Non-Identifying Information”).
Payment Information: We also collect your payment information, such as credit card, billing address, and other financial information necessary to purchase a Kit, Subscription, or otherwise use our Services. We do not retain Payment Information. Rather, we use third-party payment processors (“Authorized Third-Party Payment Processors”) to process payments made to us. By submitting your Payment Information, you consent to our providing your Payment Information to those Authorized Third-Party Payment Processors as reasonably necessary to support and process your transactions.
User Contributions: You may have the ability to interact with parts of our Website, such as the ability to provide public ratings or testimonials. Your feedback may be published or displayed on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, “User Contributions“). Your User Contributions are posted on and transmitted to others at your own risk. Although you may set certain privacy settings for such information by logging into your Account profile, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed or accessed by unauthorized persons. Use precaution when posting any personal information online. Please review our Terms of Service for more information about our user guidelines.
When you provide us with information in connection with a particular activity or otherwise sign up for or order our products and Services or provide your contact information to us, including your email address or telephone number in connection with that activity, product, or service, you agree that such action constitutes a purchase or inquiry establishing a business relationship with us. You expressly consent to receiving communications from Alumia through the information you provided to us. For more information on how to access and control your communication preferences, please see YOUR RIGHTS AND CHOICES REGARDING YOUR INFORMATION below.
Information Collected Automatically
As you navigate through and interact with our Website, we and our third-party service providers, including analytics and third-party content providers, may automatically collect certain information from you whenever you access or interact with the Service.
Usage Information: Details of your visits to our Website, including which links you clicked on, content response times, logs, and other similar communication data and statistics about your interactions.
Device Information: Information about your computer and internet connection, including your Internet Protocol address, operating system, and browser type.
We may combine this automatically collected log information with other information we collect about you. We do this to improve Services we offer you, analytics, and site functionality.
Cookies and Other Automatic Data Collection Technologies
Web Beacons: We and our operational partners, affiliates, analytics, and service providers may also employ software technology known as “web beacons” and/or “tracking tags” to help us keep track of what content on our Service is effective and to serve relevant advertising to you. Web beacons are small graphics with a unique identifier that may be invisible to you, and which are used to track the online activity of Internet users. Web beacons are embedded in the web pages you review or email messages you receive. Web beacons or similar technologies may be used for a number of purposes, including, without limitation, to count visitors to our Service, to monitor how Alumia Users navigate the Service, to count how many emails that were sent were actually opened, or to count how many particular articles or links were actually viewed.
Embedded Scripts: We and our operational partners, affiliates, analytics, and service providers may also employ software technology known as an Embedded Script. An Embedded Script is programming code that is designed to collect information about your interactions with the Service, such as the links you click on. The code is temporarily downloaded onto your computer or other device and is deactivated or deleted when you disconnect from the Service.
Information Received from Third Parties
We also may receive information about you from third parties. For example, we and our partners, affiliates, and service providers may use a variety of other technologies (such as tags) that collect statistical data relating to your Website activity for security and fraud detection purposes.
When you connect with us through a third-party platform we may, depending on your privacy settings, receive some information from your third-party account, and what we collect depends on your privacy settings with that service.
You may register to join the Service directly via the Service or by logging into your Account with a third-party service (“TPS”) via our Service (e.g., Google, Facebook, and other third-party services that let you sign in using your existing credentials with those services). If you choose to register via a TPS or to later link your Account with the Service to your account with a TPS, we will use the Personal Information you have provided to the TPS (such as your name, email address, and other information you make available via the TPS) to create your Account. Note that the information we collect from and through a TPS may depend on the privacy settings you have set with the TPS and the permissions you grant to us in connection with linking your Account with the Service to your account with a TPS. Other than what we may share with the TPS as described below, the Personal Information a TPS has about you is obtained by the TPS independent of our Service, and Alumia is not responsible for it.
Do Not Track Signal
Do Not Track (DNT) is a privacy preference that users can set in some web browsers, allowing users to opt-out of tracking by websites and online services. We do not honor browser requests not to be tracked online but you can opt-out of receiving cookies by adjusting your browser preferences and visiting the Network Advertising Initiative and Digital Advertising Alliance websites.
HOW WE USE YOUR INFORMATION
We use information that we collect about you or that you provide to us, including any personal information:
a) To provide you with an Account.
b) To process, analyze, and deliver your Genetic Information and Genetic Report.
c) To deliver, provide, and process payment for a product or Service you have requested.
d) To improve our Services.
e) To determine your recommendations of Alumia Vitamins based on your Genetic Information and Lifestyle Information.
f) To tailor content we display to you and offers we may present to you, both on the Service and elsewhere online.
g) To communicate and promote to you products, services, offers, and events offered by Alumia.
h) To investigate fraud and to enforce our Terms of Service.
i) To stop any activity we may consider to be, or to pose a risk of being, illegal, fraudulent, unethical or a legally actionable activity.
j) For the purposes disclosed at the time you provide your information, and
k) As otherwise permitted with your consent.
HOW WE DISCLOSE AND SHARE YOUR INFORMATION
We only disclose and share Personal Information with our third-party service providers to help provide you with the Service. Genetic Information is stored in a de-identified manner using an anonymized barcode system whereby your saliva sample and Genetic Information can only be identified using a unique barcode that is stored separately from any personally identifiable information such as your name or email address. We do not share Genetic Information with any third parties other than our CLIA-certified laboratory partner to process your saliva sample. Specifically, we share Personal Information:
With your consent: You may submit Personal Information to us through a form on the Website, and consent to receive communication from us or our business affiliates and non-affiliates based on the information in the form.
With our service providers:
a) Our Laboratory Partner: We partner with LabCorp, a CLIA-certified and CAP-accredited laboratory. Lab personnel are responsible for receiving and processing the saliva sample containing your Genetic Information. Your saliva sample is designated a unique barcode. Lab personnel who analyze a sample will only see the barcode and are not able to identify an individual from the barcode. Once analyzed, the lab sends the Genetic Information to Alumia, where we then match the barcode to an individual and send the results.
b) We employ third-party companies and individuals to provide Services on our behalf, to perform Service-related operations (e.g., without limitation, fulfillment and shipping, maintenance services, database management, web analytics, payment processing, fraud detection, and improvement of Alumia’s features) or to assist us in analyzing how our Service is used. These third parties may have access to your Personal Information in order to perform these tasks on our behalf.
For corporate transactions: Alumia may share information, including Personal Information, with any current or future subsidiaries or affiliates, primarily for business and operational purposes. We may sell, transfer, or otherwise share some or all of our assets, including your Personal Information, in connection with a merger, acquisition, reorganization, or sale of assets (including, in each case, as part of the due-diligence process with any potential acquiring entity) or in the event of bankruptcy.
When required by law: Alumia will share information with government agencies as required by law in response to lawful requests by public authorities, including to meet national security or law enforcement requirements and, including without limitation, in connection with reporting earnings. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose information about you to the government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), or, at the request of governmental authorities or other third parties conducting an investigation where we determine in our sole discretion the disclosure is necessary to (a) protect the property and rights of Alumia or a third party, (b) protect the safety of the public or any person, or (c) prevent or stop activity we may consider to be, or pose a risk of being, illegal, fraudulent, unethical or legally actionable activity.
With Your Consent
You may submit Personal Information to us through a form on the Website, and consent to receive communication from us or our business affiliates and non-affiliates based on the information in the form.
YOUR RIGHTS AND CHOICES REGARDING YOUR INFORMATION
You have several ways to exercise control over your information:
Access: You may access your Personal Information processed by Alumia, including a downloadable version of your Genetic Report, via your Account settings.
Revoke Consent/Deletion: As described in DATA RETENTION, your saliva sample is destroyed after laboratory analysis. You may revoke your consent for us to process your Genetic Information by requesting deletion of your Genetic Information records, including your Genetic Report, on our Service. You may request deletion of your Genetic Information by navigating through the applicable Account settings or by notifying us at firstname.lastname@example.org of your request. Any deletions subject to this section apply only to your Genetic Information and not to any other Personal Information of yours contained within the Service.
We may combine this automatically collected log information with other information we collect about you. We do this to improve Services we offer you, analytics, and site functionality.
Account Settings: Registered Alumia users may update their choices regarding subscription settings and the types of communications you receive from us through your online Account settings.
Email: You may opt out of receiving marketing emails from us by following the opt-out instructions provided in those emails. Please note that we reserve the right to send you certain communications relating to your Account or use of the Service (for example, administrative and service announcements) via email and other means and these transactional Account messages may be unaffected if you opt-out from receiving marketing communications.
Text Message: You may opt-out of receiving text messages from us by texting “STOP” in reply to any text message received from us.
Account: If you no longer wish to participate in our Services, or no longer wish to have your Personal Information be processed, you may delete your Account by navigating through the applicable Account settings or by notifying us at email@example.com of your request. When your Account is deleted, all associated Personal Information is deleted and any stored samples are discarded, subject to the limitations described in DATA RETENTION. Please note that once your Account is deleted this process cannot be canceled, undone, withdrawn, or reversed.
We do not sell your Personal Information to third parties. If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional privacy rights with respect to our collection, use, and disclosure of your Personal Information. Please see our California Privacy Notice to learn more.
Nevada residents may direct a business that operates an internet website not to sell certain Personal Information a business has collected or will collect about you. Alumia does not sell your Personal Information pursuant to Nevada law.
Our Services are hosted and offered in the United States of America (US) and are subject to US federal, state, and local law. If you are accessing the Services from another country, please be advised that you may be transferring your Personal Information to us in the US, and you consent to that transfer, processing, and storage of your Personal Information in accordance with this Privacy Notice. You also agree to abide by the applicable laws of applicable US federal, state, and local laws concerning your use of the Services and your agreements with us. Any persons accessing our Services from any jurisdiction with laws or regulations governing the use of the Internet, including the collection, use, or disclosure of Personal Information, different from those of the jurisdictions mentioned above may only use the Services in a manner lawful in their jurisdiction. If your use of the Services would be unlawful in your jurisdiction, you may not use our Services.
We use physical, technical, and organizational measures designed to protect your information against unauthorized access, theft, and loss. We restrict access to your Personal Information to those employees who need to know that information to service your Account or perform their job functions. Our information security management system adheres to industry standards and uses state-of-the-art security features powered by Amazon Web Hosting.
Although we take precautions intended to help protect the information that we process, no system or electronic data transmission is completely secure. Any transmission of your personal data is at your own risk and we expect that you will use appropriate security measures to protect your Personal Information.
You are responsible for maintaining the security of your Account and the information in your Account. We may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security. You understand and agree that we may deliver electronic notifications about breaches of security to the email address on record on your Account.
Our standard procedure is to destroy your physical saliva sample and DNA after laboratory analysis, subject to legal and regulatory requirements, such as the federal Clinical Laboratory Improvement Amendments of 1988 (CLIA), California Business and Professions Code Section 1265, and College of American Pathologists (CAP) accreditation requirements.
We will retain a digital version of your Genetic Information, including your Genetic Report, within our system until you delete your Account. Upon Account deletion/closure, all of your Genetic Information and Personal Information will be deleted from our system.
Other Personal Information
Unless you request that we delete certain information (see YOUR RIGHTS AND CHOICES REGARDING YOUR INFORMATION), we will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law.
The criteria used to determine our retention periods include:
a) The length of time we have an ongoing relationship with you and provide services to you (for example, for as long as you have an Account with us or keep using the Website);
b) Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them).
c) Whether retention is advisable; and considering our legal position (such as, for statutes of limitations, litigation, or regulatory investigations).
LINKS TO OTHER SITES
Our Website may include links to third-party websites and services that are not operated by us. When you click these links, you will be directed away from our Services. A link to a third-party website or service does not mean that we endorse it or the quality or accuracy of information presented on it. If you decide to visit a third-party website or service, you are subject to its privacy practices and policies, not ours. This Privacy Notice does not apply to any personal information that you provide to these other websites and services.
CHANGES TO THIS NOTICE
Alumia may update this Privacy Notice at any time and any changes will be effective upon posting. In the event that there are material changes to the way we treat your Personal Information, we will post a notice on our website and update the Effective Date at the top of this Notice upon becoming effective. We may also notify you by email, at our discretion.
HOW TO CONTACT ALUMIA
If you have any questions about this Privacy Notice, please contact our team at firstname.lastname@example.org.