‍Registration Information: information you provide about yourself when registering for and/or purchasing our Services (e.g. name, email, address, password, and payment information).
‍
‍Genetic Information: information regarding certain features of your genotype (the As, Ts, Cs, and Gs at particular locations in your genome), generated through processing of your saliva sample collected using one or more cheek swabs by Codex or by its contractors, successors, and assignees; or otherwise processed by and/or contributed to Codex.
‍
‍Self-Reported Information: information you provide directly to us, including your disease conditions, other health-related information, personal traits, ethnicity, family history, and other information that you enter into surveys, forms, or features while signed in to your Codex account.
‍
‍Sensitive Information: information about your health, Genetic Information, and certain Self-Reported Information such as racial and ethnic origin, sexual orientation, and political affiliation.
‍
‍User Content: all information, data, text, software, music, audio, photographs, graphics, video, messages, or other materials other than Genetic Information and Self-Reported Information-generated by users of Codex Services and transmitted, whether publicly or privately, to or through Codex.
‍
‍Web-Behavior Information: information on how you use Codex Services collected through log files, cookies, web beacons, and similar technologies, (e.g., browser type, domains, page views).

Registration Information. When you purchase our Services or create a Codex account and register your kit, we collect Personal Information, such as your name, date of birth, billing and shipping address, payment information (e.g., credit card) and contact information (e.g. email, phone number and license number).
‍
Self-Reported Information. You have the option to provide us with additional information about yourself through surveys, forms, features and applications. For example, you may provide us with information about your personal traits (e.g., eye color, height), ethnicity, disease conditions (e.g. Type 2 Diabetes), other health-related information (e.g. pulse rate, cholesterol levels, visual acuity), and family history information (e.g. information similar to the foregoing about your family members). Before you disclose information about a family member, you should make sure you have permission from the family member to do so.
‍
‍Social media features and widgets. Our Services include Social Media Features, such as the Facebook "Like" or "Share" button and widgets ("Features"). These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. They may also allow third-party social media services to provide us information about you, including your name, email address, and other contact information. The information we receive is dependent upon your privacy settings with the social network. Features are either hosted by a third-party or hosted directly on our site. Your interactions with these Features are governed by the privacy statements of the third party companies providing them. You should always review and, if necessary, adjust your privacy settings on third party websites and services before linking or connecting them to our website or Service.
‍
Third party services (e.g., social media). If you use a third party site, such as Facebook or Twitter, in connection with our Services to communicate with another person (e.g., to make or post referrals or to request that we communicate with another person), then in addition to that person's name and contact information, we may also collect other information (e.g., your profile picture, network, gender, username, user ID, age range, language, country, friends lists or followers) depending on your privacy settings on the third party site. We do not control the third party site's information practices, so please review the third party’s privacy statement and your settings on the third party’s site carefully.
‍
‍Referral information and sharing. When you refer a person to Codex or choose to share your Codex results with another person, we will ask for that person's email address. We will use their email address solely, as applicable, to make the referral or to communicate your sharing request to them, and we will let your contact know that you requested the communication. By participating in a referral program or by choosing to share information with another person, you confirm that the person has given you consent for Codex to communicate (e.g., via email) with him or her. The person you referred may contact us at privacy@codexgenetics.com to request that we remove this information from our database.
‍Gifts. If you provide us with Personal Information about others, or if others give us your information, for the purpose of ordering the Service as a gift, we will only use that information for the specific reason for which it was provided to us. Once a gift recipient registers for his or her Services and agrees to our Privacy Statement, our Terms of Service, and if applicable, certain Consent Documents, his or her Personal Information will be used in manners consistent with this Privacy Statement, and will not be shared with the purchaser, unless they independently choose to share their own Personal Information through the Services with the purchaser.
‍
‍Customer service. When you contact Customer Support or correspond with us about our Service, we collect information to: track and respond to your inquiry; investigate any breach of our Terms of Service, Privacy Statement or applicable laws or regulations; and analyze and improve our Services.

‍

Saliva sample. To use our genetic testing services, you must purchase, or receive as a gift, a Codex testing kit, create an online account and register your kit, and ship your saliva sample to our owned or third-party processing facility. The facility will process your DNA from your saliva sample for analysis. Your saliva sample and DNA are destroyed as part of providing the genetic testing services, and are discarded after the facility completes its work, subject to the facility’s legal and regulatory requirements.
Genetic Information. Your Genetic Information is generated when we analyze and process your saliva sample, or when you otherwise contribute or access your Genetic Information through our Services. Genetic Information includes the Codex results reported to you as part of our Services, and may be used for other purposes, as outlined in Section 3 below.

1. help us recognize you when you use our Services;
2 customize and improve your experience;
3. provide security;
4. analyze usage of our Services (such as to analyze your interactions with the results, reports, and other features of the Service);
5. gather demographic information about our user base;
6. offer our Services to you;
7. monitor the success of marketing programs; and
8serve targeted advertising on our site and on other sites around the Internet.If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.

1. To provide you with Services and analyze and improve our Services
We use the information described above in Section 2 to operate, provide, analyze and improve our Services. These activities may include, among other things, using your information in a manner consistent with this Privacy Statement to:

1. open your account, enable purchases and process payments, communicate with you, and implement your requests (e.g., referrals);
2. enable and enhance your use of our website and mobile application(s), including authenticating your visits, providing personalized content and information, and tracking your usage of our Services;
3. contact you about your account, and any relevant information about our Services (e.g. policy changes, security updates or issues, etc.);
4. enforce our Terms of Service and other agreements;
5. monitor, detect, investigate and prevent prohibited or illegal behaviors on our Services, to combat spam and other security risks; and
6. perform research & development activities, which may include, for example, conducting data analysis and research in order to develop new or improve existing products and services, and performing quality control activities.

2. To process, analyze and deliver your genetic testing results
As described above, to receive test results, you must create a Codex account, register your kit, and submit your saliva sample to our or our contracted processing facility, which processes and analyzes your sample to provide us with raw Genetic Information. Once we receive your raw Genetic Information from the facility, we further analyze it to provide you with our result reports. Codex continuously works to improve our Services based on our research and product development, and genetic associations identified in scientific literature. If you are eligible to receive additional reports or updates in the future, you may be notified of or may directly access these updates.

3. To allow you to share your Personal Information with others
Codex gives you the ability to share information, including Personal Information, through the Services. You have the option to share directly with individuals with Codex accounts through (i) our Forums and (ii) other sharing features and tools. You may also have the ability to share information directly with individuals who have not participated in our Service via a unique, shareable URL or through a social media platform (such information is "User Content"). Some sharing features, including receiving sharing invitations, may require that you opt-out, however you will always be required to take a positive action, such as opting in, to share sensitive data.

4. To allow you to share your Personal Information for Codex Research purposes
By consenting to use the Services, you consent to the use of your de-identified Personal Information for Codex Research purposes. You have the choice to complete an Individual Data Sharing Consent Document, in which case your identifiable Personal Information may be used in Codex Research in accordance with the terms of the Individual Data Sharing Consent Document. “Codex Research” means scientific research that Codex performs with the intent to publish and to test, improve and develop products and services.Codex Research may be sponsored by, conducted on behalf of, or in collaboration with third parties, such as non-profit foundations, academic institutions or pharmaceutical companies. Codex Research may study a specific group or population, identify potential areas or targets for product development, conduct or support the development of drugs, diagnostics or devices to diagnose, predict or treat medical or other health conditions, work with public, private and/or non-profit entities on genetic research initiatives, or otherwise create, commercialize, and apply this new knowledge to improve health care. Codex Research uses Aggregate and/or Individual-level Genetic Information and Self-Reported Information as specified in the appropriate Consent Document(s), as explained in greater detail below.By consenting to use the Services, you agree that your De-identified Genetic and Self-Reported Information may be used for Codex Research, including by sharing it with select third-party research collaborators for Codex Research purposes:

i. Your Genetic Information and/or Self-Reported Information may be used for research purposes, but it will be de-identified and will not be linked to your Registration Information.
ii. Codex may use individual-level Genetic Information and Self-Reported Information internally at Codex for research purposes.
iii Codex may share summary statistics, which do not identify any particular individual or contain individual-level information, with our qualified research collaborators.

Withdrawing your Consent. You may withdraw your consent to the use of your identifiable Personal Information for Codex Research at any time by contacting privacy@codexgenetics.com. It may take up to 30 days to withdraw your information after you withdraw your consent. Any research involving your data that has already been performed or published prior to your withdrawal from Codex Research will not be reversed, undone, or withdrawn. You may also discontinue your participation in Codex Research by deleting your Codex account (as described in section 5.4).

What happens if you do NOT consent to the use of your identifiable Personal Information for Codex Research? If you choose not to complete an Individual Data Sharing Consent Document or any additional agreement with Codex, your identifiable Personal Information will not be used for Codex Research other than for internal Codex purposes as described in this document. However, your de-identified Genetic Information and Self-Reported Information may still be used by us and shared with our third party service providers to as outlined in this Privacy Statement.

5. To recruit you for external research
We want to ensure interested participants are aware of additional opportunities to contribute to interesting, novel scientific research conducted by academic institutions, healthcare organizations, pharmaceutical companies, and other groups. From time to time we may inform you of third party research opportunities for which you may be eligible. However, we will not share Individual-level Genetic Information or Self-Reported Information with any third party without your consent. If you do not wish to receive these notifications, you can manage them by editing your preferences in your Account Settings.

6. To provide customer support
When you contact Customer Support, we may use or request Personal Information, including Sensitive Information, as necessary to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints. In some instances, we may be required to process one customer’s Personal Information to resolve another customer’s dispute or request. For example, if a customer reports behavior that violates our Terms of Service, we will separately process both customers’ Personal Information and respond separately to each individual as appropriate. We will not share your Personal Information with another customer without your consent.

7. To provide you with marketing communications
By creating a Codex account, you are agreeing that we may send you product and promotional emails or notifications about our Services, and offers on new products, services, promotions or contests. You can unsubscribe from receiving these marketing communications at any time. To unsubscribe, click the email footer “unsubscribe” link or go to the “Preferences” section of your Account Settings to edit your email notification preferences. You may not opt-out of receiving non-promotional messages regarding your account, such as technical notices, purchase confirmations, or Service-related emails.

Order fulfillment and shipping. Our payment processor processes certain Registration Information, such as your billing address and credit card information, as necessary to enable you to purchase a Codex kit from the Codex online store. Our distribution centers ship your kit(s) to you, and in some cases help return your kit safely to our third party facility so your sample can be processed.

Genetic Testing. To use our genetic testing services, you must purchase, or receive as a gift, a Codex testing kit, and ship your saliva sample to our or our designated third party processing facility. Once delivered, receiving personnel at the facility remove and discard kit packaging, which in some cases may contain "sender information" (e.g., name, address), before testing personnel receive the samples for processing. Receiving personnel do not perform testing, and testing personnel handle biological samples that are only identified by a unique barcode. When the facility has completed their analysis, they securely send the resulting Genetic Information to us identified by your unique barcode.

our saliva sample and DNA are safely discarded after the facility completes its work, subject to the facility's legal and regulatory requirements. As detailed further in Section 5.4. (Account Deletion) the facility will retain certain information as necessary to comply with applicable regulatory and legal obligations.

Customer Support. Our Customer Support team uses a number of tools to help organize and manage the requests we receive. These tools help to ensure we provide timely, high quality support.

Cloud storage, IT, and Security. Our cloud storage providers provide secure storage for information in Codex databases, ensure that our infrastructure can support continued use of our Services by Codex customers, and protect data in the event of a natural disaster or other disruption to the Service. Our IT and security providers assist with intrusion detection and prevention measures to stop any potential attacks against our networks. We have these third party experts perform regular penetration tests and periodically audit Codex’s security controls.

Marketing and analytics. When you use our Services, including our website or mobile app(s), our third party service providers may collect Web-Behavior Information about your visit, such as the links you clicked on, the duration of your visit, and the URLs you visited. This information can help us improve site navigability and assess our Marketing campaigns. Per applicable data protection regulations, our EU, UK, and International websites present visitors with a cookie opt in to allow the processing described above via Functionality and Advertising Cookies.

Information previously included in Codex Research. As stated in any applicable Consent Document, Genetic Information and/or Self-Reported Information that you have previously provided and for which you have given consent to use in Codex Research cannot be removed from completed studies that use that information. It may take up to 30 days to withdraw your information after your account is closed.

Legal Retention Requirements. Codex and our third party processing facility, if applicable, will retain your Genetic Information, date of birth, and sex as required for compliance with applicable legal obligations. Codex will also retain limited information related to your account and data deletion request, including but not limited to, your email address, account deletion request identifier, and record of legal agreements for a limited period of time as required by contractual obligations, and/or as necessary for the establishment, exercise or defense of legal claims and for audit and compliance purposes.

Codex produces secure applications by design. Codex incorporates explicit security reviews in the software development lifecycle, quality assurance testing and operational deployment.
‍
‍De-identification/Pseudonymization. Registration Information is stripped from Sensitive Information, including Genetic and Self-Reported Information. This data is then assigned a randomly generated ID so an individual cannot reasonably be identified.

‍Encryption. Codex uses industry standard security measures to encrypt Sensitive Information both at rest and in transit.

‍Limiting access to essential personnel. We limit access to Personal Information to authorized personnel, based on job function and role. Codex access controls include multi-factor authentication, single sign-on, and strict least-privileged authorization policy.

‍Detecting threats and managing vulnerabilities. Codex uses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our processes and regularly engage third party security experts to conduct penetration tests.

‍Managing third party service providers. Codex requires service providers to implement and maintain accepted industry standard administrative, physical and technical safeguards to protect Personal Information.

‍Your Responsibility. Please recognize that protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party and should immediately notify Codex of any unauthorized use of your password. Codex cannot secure Personal Information that you release on your own or that you request us to release.