These "privacy highlights" provide an overview of some core components of our data handling practices. Please be sure to read our full privacy statement.
- We use information in general (i) to provide, analyze and improve our Services, (ii) as we reasonably believe is permitted by laws and regulations, including for marketing and advertising purposes, (iii) to protect the security and safety of our company, employees, and customers as we reasonably believe is permitted by laws and regulations, (iv) to comply with laws and regulations we are subject to, and (v) when you consent, for research purposes, the results of which could be used to develop therapeutics.
By agreeing to our Privacy Statement and Terms of Service, you consent to sensitive information, such as information about your health, Genetic Information, and Self-Reported Information such as racial and ethnic origin and sexual orientation (where you provide it) being used by us to:
- analyze and provide you with our Services;
- analyze and provide you with information about your ancestry;
- determine whether you would be suitable to take part in surveys, polls or questionnaires that we are conducting; and
- monitor and improve existing products or services that we offer or to develop new products and services
We will not use your sensitive information without your consent unless: (i) the information has been anonymized or aggregated so that you cannot reasonably be identified as an individual; or (ii) a legal obligation requires us to use it in some way e.g. a court order requires us to disclose the information.CONSENT TO THE TRANSFER OF YOUR PERSONAL INFORMATION
- By agreeing to our Privacy Statement and Terms of Service, you consent to the storing and processing of your personal information, including sensitive information, in the USA and countries outside of the country you live in. We use a range of measures to safeguard information but these countries may have laws that are different from those of your country of residence. You also consent to your personal information, including sensitive information, being transferred in the event of a business transition such as a merger, acquisition by another company, or other transaction or proceeding. In such a case, your information would be used as set out in any pre-existing Privacy Statement.
- We will not sell, lease, or rent your individual-level information (i.e., information about a single individual's genotypes, diseases or other traits/characteristics) to any third-party or to a third-party for research purposes without your explicit consent.
- We give you the ability to share information with other individuals through features like DNA Relatives. You will always need to take a positive action to share your information, for example, DNA Relatives is subject to an opt-in requirement before we share your information with potential relative matches.
- You may independently decide to disclose your information to friends and/or family members, doctors, health care professionals, or other individuals outside our Services, including through third-party services such as social networks and third-party apps that connect to our website and mobile apps through our application programming interface ("API"); always review the privacy policies of third-party apps and services before sharing your information.
- We may share anonymized and aggregate information with third-parties; anonymized and aggregate information is any information that has been stripped of your name and contact information and aggregated with information of others or anonymized so that you cannot reasonably be identified as an individual.
- We will use your genetic information and/or self-reported information and share it with third-parties for scientific research purposes only if you sign the appropriate Consent Document. Note that we will disclose your individual-level information only if we obtain additional explicit consent from you.
- There may be some consequences of using 23andMe Services that you haven't thought of, you should read our guide of the surprising things you may find out from using the service before submitting your saliva sample and personal information.
- If you have any questions about our privacy practices, please email us at email@example.com or send a letter to the address provided at the bottom of our full privacy statement.
Full Privacy Statement
This privacy statement applies to all websites owned and operated by 23andMe, Inc ("23andMe"), including www.23andme.com. Our Privacy Statement is designed to help you better understand how we collect, use, store, process, and transfer your information when operating our website, mobile apps, products, software and other services (collectively "Service" or "Services").Contents
- Key Definitions
- What information we collect
- How we use and share information
- Your choices
- Important Information
- Contact information
- Aggregate Information: information that has been combined with that of other users and analyzed or evaluated as a whole, such that no specific individual may be reasonably identified.
- Anonymized Information: information that has been stripped of your Registration Information (e.g., your name and contact information) and other identifying data such that you cannot reasonably be identified as an individual.
- Individual-level Information: information about a single individual's genotypes, diseases or other traits/characteristics, but which is not necessarily tied to Registration Information.
information that can be used to identify you, either alone or in combination
with other information. 23andMe collects and stores the following types of
- Registration Information: information you provide about yourself when registering for and/or purchasing our Services (e.g. name, email, address, user ID and password, and payment information).
- Genetic Information: information regarding your genotype (e.g. the As, Ts, Cs, and Gs at particular locations in your genome), generated through processing of your saliva by 23andMe or by its contractors, successors, or assignees; or otherwise processed by and/or contributed to 23andMe.
- Self-Reported Information: all information about yourself, including your disease conditions, other health-related information, personal traits, ethnicity, family history, and other information that you enter into surveys, forms, or features while signed in to your 23andMe account.
- Sensitive Information: information about your health, Genetic Information, and certain Self-Reported Information such as racial and ethnic origin and sexual orientation.
- User Content: all information, data, text, software, music, audio, photographs, graphics, video, messages, or other materials - other than Genetic Information and Self-Reported Information-generated by users of 23andMe Services and transmitted, whether publicly or privately, to or through 23andMe.
- Web Behavior Information: information on how you use the 23andMe website (e.g. browser type, domains, page views) collected through log files, cookies, and web beacon technology.
- Service or Services: 23andMe's products, software, services, and website (including but not limited to text, graphics, images, and other material and information) as accessed from time to time by the user, regardless if the use is in connection with an account or not.
The following are our core privacy principles:
- We collect and handle information (i) to provide, analyze and improve our Services, (ii) as we reasonably believe is permitted by laws and regulations, including for marketing and advertising purposes, (iii) to protect the security and safety of our company, employees, customers, as we reasonably believe is permitted by laws and regulations, (iv) to comply with laws and regulations we are subject to, and (v) when you consent, for research purposes, the results of which could be used to develop therapeutics.
- We will not sell, lease, or rent your individual-level information (i.e., information about a single individual's genotypes, diseases or other traits/characteristics) to any third-party or to a third-party for research purposes without your explicit consent.
- We understand and respect the sensitive nature of the information you may provide to us, including information about your genetic characteristics, disease conditions, racial and ethnic origin, etc. To that end, we strive to be transparent in our collection, use and disclosure of this information and to ask for your explicit consent to share such sensitive information with third-parties. Please see below to learn more about our sharing and consent practices.
- We are committed to providing a secure and safe environment for our Services.
Please review this Privacy Statement and our Terms of Service. By using our Services, you agree to all of the policies and procedures described in the foregoing documents. 23andMe, Inc. is headquartered at 899 West Evelyn Avenue, Mountain View, CA 94041and is referred to herein as 23andMe (or "we," "us," "our") and includes all of our commonly owned companies.
- When you register an account with us or purchase our Services, we collect personal information, such as your name, date of birth, billing and shipping address, payment information (e.g., credit card) and contact information such as your email and phone number and license number.
- You have the option to provide us with additional information about yourself through surveys, forms, features or applications. For example, you may provide us with information about your personal traits (e.g., eye color, height), ethnicity, disease conditions (e.g. Type 2 Diabetes), other health-related information (e.g. pulse rate, cholesterol levels, visual acuity), and family history information (e.g. information similar to the foregoing about your family members). Where you are disclosing information about a family member, you should make sure that you have permission from the family member to do so.
- User Content. Some of our Services allow you to create and post or upload content, such as data, text, software, music, audio, photographs, graphics, video, messages, or other materials that you create or provide to us through either a public or private transmission ("User Content"). For example, User Content includes any post or message you place on 23andMe's community forums.
- Blogs. Our website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request that we remove or anonymize your personal information from our blog or community forum, contact us at firstname.lastname@example.org. Please note that whenever you post something publicly, it may sometimes be impossible to remove the information, for example, if someone has taken a screenshot of your posting. Please exercise caution before choosing to share personal information publicly on our blogs, community forums or in any other posting. Note also that you may be required to register with a third-party application to post a comment. To learn how the third-party application uses your information, please review their privacy statement.
- Social Media Features and Widgets. Our website includes Social Media Features, such as the Facebook Like or Share button and Widgets, and the LinkedIn Open ID application ("Features"). These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. They may also allow third-party social media services to provide us information about you, including your name, email address, and other contact information. For example, if you use LinkedIn to sign in to our career portal, LinkedIn may import personal information from your LinkedIn profile in order to populate your job application. The data we receive is dependent upon your privacy settings with the social network. Features are either hosted by a third-party or hosted directly on our site. Your interactions with these Features are governed by the privacy statement of the company providing it. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our website or Service.
- Referral Information and Sharing. When you refer a person to 23andMe or choose to share results information with another person, we will ask for that person's email address. We will use the email address solely, as applicable, to make the referral or to share your results information, and we will let your contact know that you requested the communication. By participating in a referral program or by choosing to share information with another person, you confirm that the person has given you consent for 23andMe to communicate (e.g., via email) with him or her. The person you referred may contact us at email@example.com to request that we remove this information from our database. For more information on our referral program, see here.
- Address books. If you choose to use your computer's or mobile device's address book in connection with our Services to make referrals or to request that we communicate with another person, we may collect the names and contact information of those persons for these purposes only.
- Third-party services (e.g., social media). If you use a third-party site, such as Facebook or Twitter, in connection with our Services to communicate with another person (e.g., to make or post referrals or to request that we communicate with another person), then in addition to that person's name and contact information, we may also collect other information (e.g., your profile picture, network, gender, username, user ID, age range, language, country, friends lists or followers) depending on your privacy settings on the third-party site. We do not control third-party site's information practices, so please review their privacy policies and your settings on those sites carefully.
- Gifts. If you provide us personal information about others, or if others give us your information for purposes of ordering the Service as a gift, we will only use that information for the specific reason for which it was provided to us. Once a gift recipient registers for his or her Services and agrees to our Privacy Statement, our Terms of Service, and if applicable, Consent Document, his or her information will be used consistent with this Privacy Statement and those agreements, and we will not share any of the gift recipient's personal information with the user who purchased the gift.
- Customer service. When you contact our Customer Care center or correspond with us about our Service, we collect information to: track and respond to your inquiry; investigate any breach of our Terms of Service, Privacy Statement or applicable laws or regulations; and analyze and improve our Services.
- Saliva sample and bio-banking. To use our genetic testing services, you must purchase, or receive as a gift, a 23andMe Personal Genome Service® testing kit, register an online account, and ship your saliva sample to our third-party laboratory. Once received, your saliva sample will be identified by its unique barcode, along with your gender and your date of birth. The barcode label identifies you to us but not to our third-party laboratory. Unless you choose to store your sample with 23andMe (called consent to "bio-banking", which can be found here and changed in your settings), your saliva samples and DNA are destroyed after the laboratory completes its work, unless the laboratory's legal and regulatory requirements require it to maintain physical samples.
- Genetic Information refers to features of your DNA that distinguish you from other people (e.g. the As, Ts, Cs, and Gs at particular locations in your genome) and is generated when we analyze and process your saliva sample, or when you otherwise contribute or access your Genetic Information through our Services. Genetic Information includes the 23andMe Results information reported to you as part of our Services, and may be used for other purposes, as outlined in Section 4 below.
As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information we collect about you, such as your user profile ID or order number. We do this to improve services we offer you, and to improve marketing, analytics, and site functionality.
When you access our Service by or through a mobile device, we may receive or collect and store a unique identification numbers associated with your device or our mobile application (including, for example, a UDID, Unique ID for Advertisers ("IDFA"), Google Ad ID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number, and, depending on your mobile device settings, your geographical location data, including GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device.
Third-parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use Flash Cookies (Local Shared Objects) to collect and store information. To learn how to manage privacy and storage settings for Flash cookies click here.
Google Analytics. Google Analytics is used to perform many of the tasks listed above. We use the User-ID feature of Google Analytics to combine behavioral information across devices and sessions (including authenticated and unauthenticated sessions). We have enabled the following Google Analytics Advertising features: Remarketing, Google Display Network Impression Reporting, Google Analytics Demographics and Interest Reporting, and DoubleClick Campaign Manager integration. We do not merge information collected through any Google advertising product with individual-level information collected elsewhere by our service. Learn more about how Google collects and uses data here. To opt out of Google Analytics Advertising Features please use Google Ad Settings or the links provided in section 2.b.c.ii ("Targeted advertising" service providers). To opt out of Google Analytics entirely please use this link.
(e.g. from cookies and similar technologies)
We are always working to enhance our Services with new products, applications and features that may result in the collection of new and different types of information. We will update our privacy statement, as needed.
23andMe will use and share your personal information with third-parties only in the ways that are described in this privacy statement.
We use the information described above in Section 3 to operate, provide, analyze and improve our Services. These activities may include, among other things, using your information in a manner consistent with other commitments in this privacy statement, to:
- open your account, enable purchases and process payments, communicate with you, and implement your requests (e.g., referrals);
- host our website, run our mobile application(s), authenticate your visits, provide custom, personalized content and information, and track your usage of our Services;
- conduct analytics to improve and enhance our Services;
- offer new products or services to you, including through emails, promotions or contests;
- implement online marketing campaigns and targeted advertising, including by utilizing third-party ads (subject to your cookie settings and preferences), and to measure the effectiveness of our marketing and targeted advertising;
- conduct surveys or polls, and obtain testimonials;
- process and deliver your genetic testing results;
- perform research & development activities, which may include, for example, conducting data analysis and research in order to develop new or improve existing products and services, and performing quality control activities.
You may be able to opt-in, opt-out or otherwise adjust your preferences of having your information used for certain of these activities. Please see below to learn more.
We use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.
You have the choice to participate in 23andMe Research by providing your consent. "23andMe Research" refers to research aimed at publication in peer-reviewed journals and other research funded by the federal government (such as the National Institutes of Health - NIH) conducted by 23andMe. 23andMe Research may be sponsored by, conducted on behalf of, or in collaboration with third-parties, such as non-profit foundations, academic institutions or pharmaceutical companies. 23andMe Research may study a specific group or population, identify potential areas or targets for therapeutics development, conduct or support the development of drugs, diagnostics or devices to diagnose, predict or treat medical or other health conditions, work with public, private and/or non-profit entities on genetic research initiatives, or otherwise create, commercialize, and apply this new knowledge to improve health care. 23andMe Research uses your aggregate or individual-level Genetic Information and Self-Reported Information as specified in the Consent Document.
Consent process for research.
Your Genetic and Self-Reported Information may be used for 23andMe
Research only if you have consented to this use by completing a
Consent Document. If you have completed a Consent Document:
- 23andMe may use individual-level Genetic Information and Self-Reported Information internally at 23andMe for Research purposes. If you have completed the Individual Level Data Sharing Consent, 23andMe and select third party research partners may use individual-level Genetic Information and Self-Reported Information for Research purposes.
- When your Genetic Information and/or Self-Reported Information is being used for research purposes, it will not be linked to your Registration Information.
Withdrawing your Consent.
You may withdraw your consent to participate in Research at any time by changing your consent status within your 23andMe Account Settings. If you experience difficulties changing your consent status, contact the Human Protections Administrator at hpa@23andMe.com. 23andMe will not include your Genetic Information or Self-Reported Information in new research occurring after 30 days from the receipt of your request. Any research involving your data that has already been performed or published prior to our receipt of your request will not be reversed, undone, or withdrawn. You may also discontinue your participation in research by closing your Personal Genome Service account. If you withdraw your consent for research your Genetic Information and Self-Reported Information may still be used by us and shared with our third-party service providers to provide and improve our Services (as described in Section 4.a), and shared as Aggregate Information that does not identify you as an individual (as described in Section 4.d).
What happens if you do NOT consent to 23andMe Research?
If you do not complete a Consent Document or any additional consent agreement with 23andMe, your information will not be used for 23andMe Research. However, your Genetic Information and Self-Reported Information may still be used by us and shared with our third-party service providers to provide and improve our Services (as described in Section 4.a), and shared as Aggregate or Anonymous Information that does not reasonably identify you as an individual (as described in Section 4.d).
- Consent process for research. Your Genetic and Self-Reported Information may be used for 23andMe Research only if you have consented to this use by completing a Consent Document. If you have completed a Consent Document:
Academic institutions, healthcare organizations, and other groups are always conducting interesting new research projects. We want to make you aware of these opportunities. While we do not share individual-level Genetic Information or Self-Reported Information with third-parties without your consent, from time to time we may inform you of third-party research opportunities for which you may be eligible. For example, if a university tells us about a new cancer research project, we may send an email to 23andMe members who potentially fit the relevant eligibility criteria based on their Self-Reported Information to make them aware of the research project and provide a link to participate with the research organization conducting the study. If you do not wish to receive these alerts, you can manage them in your settings.
General service providers. We share the information
described above in Section 3 with our service providers, as necessary
to provide their services to us. Service providers are third-parties
(other companies or individuals) that help us to provide, analyze
and improve our Services. For example, we work with third-party
laboratories and contractors to process and analyze your saliva
sample for purposes of generating your
NOTE: Our service providers act on 23andMe's behalf. While we implement procedures and contractual terms to protect the confidentiality and security of your information, we cannot guarantee the confidentiality and security of your information due to the inherent risks associated with storing and transmitting data electronically.
When you purchase a testing kit from 23andMe, you are instructed to send a saliva sample to our third-party laboratory with a unique barcode label. The unique barcode identifies you to us but not to the laboratory. We are also required to provide to the laboratory, your sex and date of birth or age pursuant to clinical laboratory requirements such as the Clinical Laboratory Improvement Amendments (CLIA). No other Registration Information (such as your name, address, email, phone number or other contact information) is required or provided to the laboratory. The receiving personnel at the laboratory will remove and discard your "sender information" from the packaging (e.g., name, address) before testing personnel receive the samples for processing. Receiving personnel do not perform testing, and testing personnel handle saliva samples that are labeled only with the unique barcode. Unless you choose to store your sample, DNA and saliva samples are destroyed after the laboratory completes its work, provided that laboratory legal and regulatory requirements no longer require the actual samples to be maintained. A de-identified copy of genotyping data will be kept in accordance with CLIA. The laboratory securely sends the resulting Genetic Information to us along with your unique barcode. Genetic Information is stored securely on our servers; the laboratory also stores your Genetic Information, but again, labeled only with the barcode.
If you wish to not have this information used for the purpose of serving you targeted ads, you may be able to opt-out of many advertising networks by visiting here and here (if you are located in Canada, click here; or if you are located in the European Union click here). Please note this does not mean that you have opted-out of being served advertising. You will continue to receive generic ads.
We permit third-party advertising networks and providers to collect
Web Behavior Information on our Service to help us to deliver targeted
location data, and clear gifs) to compile information about your
browser's or device's visits and usage patterns on our Services and
on other websites over time, which helps to better personalize ads
to match your interests, and to measure the effectiveness of ad
Aggregate information. We may share aggregate
information with third-parties, which is any information that has
been stripped of your
Registration Information (e.g., your name and contact information)
and aggregated with information of others so that you cannot reasonably
be identified as an individual ("Aggregate Information"). This
Aggregate Information is different from "individual-level" information.
Self-Reported Information consists of data about a single
individual's genotypes, diseases or other traits/characteristics
information. For example, Aggregate Information may include a
statement that "30% of our female users share a particular genetic
trait," without providing any data or testing results specific to
any individual user. We may provide such Aggregate Information in
commercial arrangements with our business partners. In contrast,
individual-level Genetic Information could reveal whether a specific
user has a particular genetic trait, or all of the Genetic Information
about that user. 23andMe will ask for your consent to share
individual-level Genetic Information or Self-Reported Information
with any third-party, other than our service providers as necessary
for us to provide the Services to you.
- Information we share with commonly owned entities. We may share some or all of your information with other companies under common ownership or control of 23andMe, which may include our subsidiaries, our corporate parent, or any other subsidiaries owned by our corporate parent in order to provide you better service and improve user experience. We may provide additional notice and ask for your consent if we wish to share your information with our commonly owned entities in a materially different way than discussed in this Privacy Statement.
- General service providers. We share the information described above in Section 3 with our service providers, as necessary to provide their services to us. Service providers are third-parties (other companies or individuals) that help us to provide, analyze and improve our Services. For example, we work with third-party laboratories and contractors to process and analyze your saliva sample for purposes of generating your Genetic Information.
Under certain circumstances your information may be subject to disclosure pursuant to judicial or other government subpoenas, warrants, or orders, or in coordination with regulatory authorities, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 23andMe will preserve and disclose any and all information to law enforcement agencies or others if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (a) comply with legal or regulatory process (such as a judicial proceeding, court order, or government inquiry) or obligations that 23andMe may owe pursuant to ethical and other professional rules, laws, and regulations; (b) enforce the 23andMe Terms of Service and other policies; (c) respond to claims that any content violates the rights of third-parties; or (d) protect the rights, property, or personal safety of 23andMe, its employees, its users, its clients, and the public.
NOTE: If you are participating in 23andMe Research, 23andMe will withhold disclosure of your personal information involved in such research in response to judicial or other government subpoenas, warrants or orders in accordance with any applicable Certificate of Confidentiality that 23andMe has obtained from the National Institutes of Health (NIH). There are limits to what the Certificate of Confidentiality covers so please visit the Certificates of Confidentiality Kiosk ( http://grants.nih.gov/grants/policy/coc/index.htm).
If your Registration Information changes, you may access, correct or update most of it from your Account Settings page. You may also modify and delete certain of your information, or update your consent status and biobanking options. You may be able to correct or reset Self-Reported Information entered into a survey, form, or feature from your account on the surveys page. Please note that you may not be able to delete User Content that has been shared with others through the Service and that you may not be able to delete information that has been shared with third-parties, though we can work with you to prohibit your data from being shared with third-parties in the future. We will respond to your request to access within 30 days.
Upon request 23andMe will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at privacy@23andMe.com.
By registering for an account, you are agreeing that we may send you promotional emails about our Services. You can opt-out of receiving certain messages or notifications from us by visiting your Account page (go to Account, Settings, Notifications) or by contacting our Privacy Administrator at privacy@23andMe.com. You can also click the "unsubscribe" button at the bottom of promotional email communications. Please note that you may not opt-out of receiving non-promotional messages regarding your account, such as technical notices, purchase confirmations, or Service-related emails.
23andMe gives you the ability to share information with other individuals who have 23andMe accounts through (i) our community forums, (ii) relative finding features (e.g., "DNA Relatives"), and (iii) other sharing features (such information is "User Content"). Please refer to your settings. You may be required to opt-in to some of this sharing, but some features require an opt-out. For example, we provide the ability to opt-in to our ancestry DNA Relatives Database where your information will be shared with potential relative matches. Alternatively, if you were participating in the DNA Relatives Database you may opt-out or change the visibility of your profile data by visiting your Settings. Also, please note that certain types of your User Content may be viewable by other 23andMe users and once posted, you may not be able to delete or modify such content.
You may decide to disclose your personal information to friends and/or family members, doctors or other health care professionals, and/or other individuals outside of our Services, including through third-party services such as social networks and third-party apps that connect to our website and mobile apps through our application programming interface ("API"). These third-parties may use your personal information differently than we do under this Privacy Statement. Please make such choices carefully and review the privacy policies of all other third-parties involved in the transaction. For example, if you have enabled a 23andMe sharing feature with another person who downloads a third-party app that uses our API, your information may also be obtained by that third-party app developer and, potentially, by other users of that third-party app.
In general, personal information, once shared or disclosed, can be difficult to contain or retrieve. 23andMe will have no responsibility or liability for any consequences that may result because you have released or shared personal information with others. Likewise, if you are reading this because you have access to the personal information of a 23andMe customer through a multi-profile account, we urge you to recognize your responsibility to protect the privacy of each person within that account. It is incumbent upon all users to share personal information and account access only with people they know and trust. Users with multi-profile accounts (e.g., where family member accounts are linked) should use caution in setting profile-level privacy settings.
If you no longer wish to participate in our Services or no longer wish to have your personal information be used, you may close your account by sending a request to Customer Care. When closing an account, we remove all Genetic Information within your account (or profile) within thirty (30) days of our receipt of your request. As stated in any applicable Consent Document, however, Genetic Information and/or Self-Reported Information that you have previously provided and for which you have given consent to use in 23andMe Research cannot be removed from ongoing or completed studies that use the information. Our contracted genotyping laboratory may also retain your Genetic Information as required by local law and we may retain backup copies for a limited period of time pursuant to our data protection policies. In addition, we retain limited Registration Information related to your order history (e.g., name, contact, and transaction data) as long as your account is active or as needed to provide you services, as well as for accounting, audit and compliance purposes.
23andMe is responsible for the processing of personal data it receives, under the Privacy Shield Frameworks, and subsequently transfers to a third party acting as an agent on its behalf. 23andMe complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, 23andMe is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, 23andMe may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-US and Swiss-US Privacy Shield Principles, 23andMe commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this Privacy Statement should first contact 23andMe’s Privacy Administrator at:
899 West Evelyn Avenue
Mountain View, CA 94041
23andMe has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
Finally, as a last resort and under limited circumstances, EU and Swiss individuals with residual privacy complaints may invoke a binding arbitration option before the Privacy Shield Panel.
23andMe takes seriously the trust you place in us. To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of information, 23andMe uses a range of physical, technical, and administrative measures to safeguard your Personal Information. In particular, all connections to and from our website and mobile application are encrypted using Secure Socket Layer (SSL) technology.
Please recognize that protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access our Services. You should not disclose your authentication information to any third-party and should immediately notify 23andMe of any unauthorized use of your password. 23andMe cannot secure Personal Information that you release on your own or that you request us to release.
Your information collected through the Service may be stored and processed in the United States or any other country in which 23andMe or its subsidiaries, affiliates or service providers maintain facilities and, therefore, your information may be subject to the laws of those other jurisdictions which may be different from the laws of your country of residence.
In the event that 23andMe goes through a business transition such as a merger, acquisition by another company, or sale of all or a portion of its assets, your information will likely be among the assets transferred. In such a case, your information would remain subject to the promises made in any pre-existing Privacy Statement.
23andMe provides links to third-party websites operated by organizations not affiliated with 23andMe. 23andMe does not disclose your information to organizations operating such linked third-party websites. 23andMe does not review or endorse, and is not responsible for, the privacy practices of these organizations. We encourage you to read the privacy statements of each and every website that you visit. This Privacy Statement applies solely to information collected by 23andMe.
23andMe is committed to protecting the privacy of children as well as adults. Neither 23andMe nor any of its Services are designed for, intended to attract, or directed toward children under the age of 13. A parent or guardian, however, may collect a saliva sample from, create an account for, and provide information related to, his or her child. The parent or guardian assumes full responsibility for ensuring that the information that he/she provides to 23andMe about his or her child is kept secure and that the information submitted is accurate.
Whenever this Privacy Statement is changed in a material way, a notice will be posted as part of this Privacy Statement and on our customers' account login pages for 30 days. After 30 days the changes will become effective. In addition, all customers will receive an email with notification of the changes prior to the change becoming effective.
If you have questions about this Privacy Statement, please email 23andMe's
Privacy Administrator at firstname.lastname@example.org,
or send a letter to:
899 West Evelyn Avenue
Mountain View, CA 94041
*This Privacy Statement was last updated on September 29, 2016.