PRIVACY POLICY STATEMENT
PRIVACY POLICY STATEMENT INTRODUCTION
Please read this privacy policy (the "Privacy Policy") to learn more about how BodySync, Inc. ("BodySync," "NutriSync", "we," or "us") treats personally identifiable information that you provide to us. If you have comments, suggestions, questions, or concerns about our Privacy Policy, please contact us at
NutriSyncSupport@BodySync.com.
What This Privacy Policy Covers.
This policy covers our treatment of personally identifiable information that we obtain from you. Personally identifiable information also includes health information that you disclose to us and information generated from tests that we conduct for you, sometimes referred to as Personal Health Information or PHI. We regard personally identifiable information as information that someone can use to identify or contact you in person, such as real name, telephone number, email address, physical mailing address, financial account information, genetic information, and certain medical information you voluntarily provide to us such as your birth date, gender, and personal and family disease history.
What This Privacy Policy Does Not Cover.
This policy does not cover the privacy practices of third parties that we do not own or control, such as our partners and advertisers, however we require them contractually to treat your information as we would. In addition, we may provide links to other services and on occasion to other sites that may interest you. All of these sites operate independently and they have their own privacy or security practices. We have no control over, do not review, and cannot be responsible for these outside websites or their content. Accordingly, we encourage you to review their policies before submitting any personal information to them.
HOW INFORMATION IS COLLECTED
1. Information You Provide.
Required Registration Information.
When you register as a client, we collect your full name, email address, and the username and encrypt the password that you have created.
Email Information.
In addition to providing the foregoing information to us, we require a valid email address from you as we will use email as our preferred method of contact with you. We may retain the content of your email messages together with your email address and our responses as part of your record. We provide the same protections for these electronic communications that we employ in the maintenance of information received by mail and telephone. It will remain safeguarded and not be shared with any outside services or companies, except as necessary to provide the services that you have requested.
Access to Your Personal Information.
In general, we make it easy for you to view the personally identifiable information that we have collected from you in your survey, where you can add, edit, or delete it as you see fit.
2. Information We Track.
Similar to other commercial web sites, our Website utilizes a standard technology called cookies and web server logs to collect information about how our Website is used. Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our Website, and the websites visited just before and just after our Website. This information is collected on an aggregate basis. None of this information is associated with you as an individual.
Cookies are stored on computers to increase the security of your personal information and make it easier for you to navigate a website. Session cookies are automatically deleted when you close your web browser, while other cookies, called persistent cookies, remain on your computer for long periods of time. To remove persistent cookies from your computer, follow the instructions in the help menu of your web browser. If your internet settings block cookies altogether, you will not be able to log into an account on the website.
If you have more than one person using your computer, your personal information may be available to all users, depending on the nature of how the cookies are stored on your computer. To avoid such crosstalk, removed cookies after each session where personally identifiable information has been accessed.
INFORMATION WE DO NOT COLLECT
HOW PERSONALLY IDENTIFIABLE INFORMATION IS USED, CONTROLLED, AND SECURED
1. Use of Your Personally Identifiable Information That You Provide To Us.
We may use your personally identifiable information for the following purposes:
• To notify you about the status of test results.
• To generate and send you requested test results.
• To communicate with you and to send you information by email, mail, or other means about our products and new service we think you will find valuable.
• To notify you about important changes to our Website.
2. Use of Information We Collect From Cookies.
We may use the information we collect from cookies for the following purposes:
• To analyze trends and statistics about the use of our Website
• To design our Website in the most user-friendly manner so that we can enhance
your experience
• To help us improve our Website, and better serve our existing and potential clients.
3. Control of Your Personally Identifiable Information.
Except as otherwise described in this Privacy Policy, personally identifiable information you provide to us will not be shared outside of BodySync and its controlled subsidiaries and affiliates without your permission.
4. Security of Personally Identifiable Information.
To prevent unauthorized access to personally identifiable information, we have put
into practice a number of procedures set forth below:
• User access is protected using personally assigned usernames and passwords.
• DNA samples are assigned a unique, anonymous DNA security code to track the Genetic Information independent of the user information.
• User information is always stored separately from Genetic Information so that Genetic Information remains anonymous.
• This Website is encrypted to secure personally identifiable information. All information
and genetic assessment results will be stored in an encrypted, anonymous, database,
served on a dedicated, HIPAA-hardened server, housed in a world-class data center.
• Our network is secured using server firewalls. In addition, the Website will use
firewalls to protect information from unauthorized access, disclosure, alteration,
and/or destruction. This highly secure server configuration includes: regular patches
and updates; Virus, Worm, Trojan & Malware protection; blocking and logging of unauthorized
access attempts; dedicated firewall support with enhanced security rules for secured
SSH & Remote Desktop connection.
• Archives containing personally identifiable information are securely stored on
the database server, which will be securely stored behind the firewall.
• Employee and third party consultant access to personally identifiable information is limited to their needs related to provision of Services. Employees and third party consultants may only access this information using the appropriate credentials. All activities in accessing your information are tracked and subject to audit.
All employees and third party consultants with access to personally identifiable
information are trained appropriately and are required to sign a confidentiality
agreement that aligns with this Privacy Policy.
Please note that email correspondence that you may send to us may not be secure
unless we advise you that security measures will be in place prior to your transmitting
the information.
HOW INFORMATION IS SHARED AND DISCLOSED
1. With Third Parties.
We may provide anonymous, aggregate information about our clients, sales, Website
traffic patterns and related information to our affiliates, partners or reputable
third parties, but this information will not include personally identifiable information.
2. Linked Services.
In some cases, we may allow you to access or link to other products or services
through our Website. In all of these cases, our partners may choose to collect your
personal information as they deem appropriate. We are not responsible for or in
control of how our partners collect, use, or disclose your information obtained
through these linked services. We encourage you to be aware when you are using these
partner services and, for your best online experience, we encourage you to review
their policies before submitting any personal information to them.
3. As Necessary In Certain Legal Circumstances.
We reserve the right to disclose your personally identifiable information as required
by law and when we believe that disclosure is necessary to protect the rights, property
or safety of BodySync or others, respond to claims and/or to comply with a judicial
proceeding, court order, or legal process served on us.
TEST RESULTS
Client/patient samples are processed in our CLIA-certified laboratory with the utmost
standards of quality assurance and according to government regulations.
Results will be provided electronically via a secure, password protected Website
or emailed to you upon your request. No one outside our laboratory will have access
to your results unless directed to do so by you in writing. This includes your family
members.
To further protect your privacy, we will destroy samples after completing your requested
test and never longer than 60 days.
COMMUNICATION
We will contact clients electronically using the industry standard of privacy. Information
will not be communicated to any other individual unless the client directs us to
do so in writing or it is required by law.
ACCOUNT TERMINATION
If a client decides to terminate his or her account with BodySync, we will delete
the client's user account, access and personally identifiable information from our
system. However, we are required by law to archive and retain copies of the test
report for three years.
FEDERAL LAWS PROTECTING YOU
Some people worry that once they know a genetic fact about themselves, they could
be forced to share that information with an insurer or employer. The United States
instituted a law on May 21, 2008 called the Genetic Information Nondiscrimination
Act (GINA), which protects Americans against unfair treatment from employers and
insurers on the basis of genetic information. As a result, you are not required
to disclose genetic information to an employer or insurer, nor can they legally
discriminate against you.
STATE LAWS PROTECTING YOU
There are also state laws that prevent insurers, employers and others from using
genetic test results for discriminatory purposes. You may have additional protection
under these laws, depending on where you are located.
NOTICE TO CALIFORNIA RESIDENTS
California Civil Code Section 1798.83 permits clients who are California residents
and who have provided BodySync with "personal information" (as that term
is defined in Section 1798.83) to request certain information about the disclosure
of that information to third parties for their direct marketing purposes. If you
are a California resident with questions regarding this, please contact BodySync
at NutriSyncSupport@BodySync.com
or at BodySync, 12635 E. Montview Blvd., Suite #224, Aurora, CO, 80045, U.S.A.
FOR OUR CANADIAN CUSTOMERS
Canadian citizens, except under circumstances defined by law, are entitled to access
their own Personal Information collected by BodySync by writing to: 12635 E. Montview
Blvd., Suite #224, Aurora, CO, 80045, U.S.A. If you believe that the personally
identifiable information about you that we have collected is incomplete or inaccurate,
we will correct the information upon verification of the omission or error and of the
identity of the person requesting the change. If you wish additional information about
our personal identifiable management, to access, correct or have us investigate any
matters in relation to your personally identifiable information, please contact us at
the address provided above.
NOTICE TO VISITORS OUTSIDE OF THE UNITED STATES
You should be aware that the United States and other countries have not harmonized
their privacy regulations. Because BodySync and its servers are located in the United
States, we have written our Privacy Policy to satisfy United States regulations.
By registering as a client, you expressly agree to the transfer into and out of
the United States and the use of your personally identifiable information as necessary
to provide the services that you request. You also agree to the level of privacy
protection set out in this Privacy Policy.
LINKED WEBSITES
Our Website contains links to third-party websites operated by other organizations.
We are not responsible for their privacy practices and we encourage our clients
to read the privacy policies of each website that collects personally identifiable
information. We will not disclose our clients' personal information to these organizations.
BUSINESS TRANSITION
In the event that BodySync undergoes a business transition such as a merger or an
acquisition by another company, or if any personally identifiable information is
transferred to another company, we will require the successor to comply with the
terms of this Privacy Policy.
CHANGES TO THIS PRIVACY POLICY
This Privacy Policy is subject to occasional revision, and changes will be posted
on our Website. If we make any substantial changes in the way we use or disclose
your personally identifiable information, we will notify you at the email address
listed in your client profile. If you object to any such changes, you may request
that we delete your client account.