Organization Information:

23andMe, Inc.
899 West Evelyn Avenue
Mountain View, California- 94041
Phone: 650-938-6300
Fax: 650-251-4148
www.23andme.com

Organization Contact:

Contact Office: 23andMe, Inc., 899 W. Evelyn Avenue, Mountain View, CA 94041
Name: Kathy L. Hibbs , Chief Legal & Regulatory Officer
Phone: 650-938-6300
Fax: 650-251-4148
Email: privacy@23andme.com

Corporate Officer:

Corporate Officer: Kathy L. Hibbs , Chief Legal & Regulatory Officer
Phone: 650-938-6300
Fax: 650-251-4148
Email: privacy@23andme.com

Safe Harbor Information:



Original Certification: 11/18/2014
U.S.-Swiss Certified Through 11/18/2016

Personal Information Received from the EU/EEA and/or Switzerland:
Background of 23andMe: 23andMe is a personal genomics company providing the 23andMe Personal Genome Service (“PGS”) testing kit & related services since Nov. 2007. PGS is a direct-to-consumer personal genomic testing service offered via the 23andme website, where consumers can order a PGS testing kit to get access to a non-invasive genetic information service that combines qualitative genotyping data for an individual with descriptive information derived from genetic research studies. PGS is intended to detect genetic variations using a genotyping array & genomic DNA from saliva collected using the PGS testing kit. The results of the PGS test provide information about a person’s inherited genetic mutations and/or variants, & provide individuals with the opportunity to explore genetic genealogy & ancestry. Customers who purchased & registered its PGS testing kit before November 2013, new customers based in Canada (acquiring PGS kits via 23andme.ca only), & new customers based in United Kingdom or Ireland (acquiring PGS kits via 23andme.co.uk only) also receive information regarding genetic variants associated with health & non-health related traits through personalized reports that provide information about an individual’s genetic data in the context of publicly available studies from the scientific literature. Customers may also download their raw genetic data. 1. How 23andMe Collects User Information: 23andMe collects the following information from its consumers (whether based on the United States, EU or Switzerland or other geographies) as part of providing its products & services: (i) Information directly provided by a customer to, or collected by, 23andMe, as a result of such user becoming a 23andMe customer: a. Information required for opening an account & registering a PGS DNA Kit (i.e., name, billing & shipping address, payment information); b. Self-reported user information (i.e., personal traits, ethnicity, etc.); c. Content created, provided, posted or uploaded by a user to 23andMe.com (23andMe’s website, blogs & community forum); d. User’s IP address & cookies (depending on user’s cookie settings) collected as a result of users’ use of social media features & widgets; e. Information provided when referring a person to 23andMe by providing such referred person’s email address, direct referral to 23andMe or third-party services such as Facebook/Twitter; and f. Information provided for customer service inquiries. (ii) Information related to 23andMe’s genetic testing services: customers’ saliva samples, bio-banking & genetic information. To use 23andMe’s genetic testing services, customers must open an online account, register its specific PGS testing kit & ship a saliva sample to 23andMe’s third-party CLIA certified laboratory. Once received, each saliva sample is identified by its unique barcode (as opposed to using personal names or addresses), along with the associated gender & date of birth. The barcode label identifies individuals to 23andMe but not to 23andMe’s third-party laboratory. Unless a customer chooses to store a DNA sample with 23andMe (called “bio-banking”), each saliva sample & DNA are destroyed after the laboratory completes its work, unless the laboratory’s legal & regulatory requirements require it to maintain physical samples. 23andMe generates genetic information when it analyzes & processes a customer’s saliva sample, or when a customer agrees to contribute or access his/her genetic information through the 23andMe’s services. This genetic information may be used for other purposes, as outlined in Section 2 below. (iii) Information collected through tracking technology. 23andMe uses tracking technology to collect user information such as user profile ID, IP addresses, browser types & Internet service providers. 23andMe’s third-party partners use cookies & similar technologies to recognize users to customize/enhance user experience, provide security, analyze usage of 23andMe’s Services, gather demographic information about 23andMe’s user base, to market services & programs to users & to target advertising. Neither 23andMe, nor its third-party partners, utilize a user’s sensitive information such as genetic information & self-reported user information for targeting advertising. 2. How 23andMe Uses & Shares User Information: 23andMe will use & share customer’s personal information with third parties only as follows: (i) 23andMe will use information outlined above to: a. Operate, provide, analyze & improve 23andMe’s services; b. Open a user account & enable purchases, process payments & communicate with the user; c. Host 23andMe’s website, run mobile application(s), authenticate a user’s visit & provide personalized content & track usage of services; d. Offer new products or services to a user via email or promotions; e. Implement online marketing campaigns & targeted advertising; f. Conduct surveys or polls & obtain testimonials; g. Process & deliver genetic testing results to a user; and h. Perform research & development activities. (ii) 23andMe will share User information with general service providers such as third-party laboratories & contractors to process & analyze a user’s saliva sample for the purposes of generating such user’s genetic information. When a user purchases a PGS testing kit, he/she is instructed to send a saliva sample to our third-party laboratory labeled with a unique barcode label. The unique barcode identifies the user to 23andMe but not to the laboratory. 23andMe is also required to provide to the laboratory, a user’s sex/gender & date of birth or age pursuant to clinical laboratory requirements such as the Clinical Laboratory Improvement Amendments (CLIA). No other registration information is required or provided to the laboratory. The receiving personnel at the laboratory will remove & discard a user’s “sender information” from the packaging before testing personnel receive the samples for processing. Receiving personnel do not perform testing, & testing personnel handle saliva samples that are labeled only with the unique barcode. Unless a user chooses to store a sample, DNA & saliva samples are destroyed after the laboratory completes its work, provided that laboratory legal & regulatory requirements no longer require the actual samples to be maintained. The laboratory securely sends the resulting genetic information to 23andMe along with the corresponding unique barcode. Genetic information is stored securely on 23andMe’s servers; the laboratory also stores a user’s genetic information, but again, labeled only with the barcode. (iii) 23andMe will share user information with “targeted advertising” service providers to collect web behavior information on 23andMe’s service to aid in delivering targeted online ads to a user. The third-party uses cookies & similar technologies to compile information about a user’s browser or device usage patterns & visits on 23andMe’s services & on other websites, which also aids in personalizing ads to match a user’s interests & to measure the effectiveness of ad campaigns. We do not share registration information, genetic information or self-reported information with these third-party advertising partners. (iv) 23andMe may also share aggregate information with third-parties. A user’s registration information (e.g., name & contact information) will not be shared & it will be aggregated with information of others so that a user cannot be reasonably identified. (v) 23andMe may share some or all of user information with other companies under common ownership or control of 23andMe, which may include 23andMe’s subsidiaries, corporate parent or any other subsidiaries owned by the corporate parent. (vi) 23andMe conducts research & works with public, private & government partnership to develop research & genetic understanding. User information will only be shared if a user consents to such research & works.
Privacy Policy Effective: 10/14/2015
Location: https:/ www.23andme.com/about/privacy/

Regulated By: Federal Trade Commission

Privacy Programs:
TRUSTe

Verification: Third-Party TRUSTe

Dispute Resolution:
TRUSTe

Personal Data Covered: On-line data, offline data, manually processed data
Organization Human Resource Data Covered: No
Agrees to Cooperate and Comply with the EU and/or Swiss Data Protection Authorities: Yes

Relevant Countries from which Personal Information is Received:
Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom

Industry Sectors:
General Services - (GSV)
General Consumer Goods - (GCG)