Last updated: April 29, 2020
PERSONAL INFORMATION THAT WE COLLECT:
In connection with our business, we collect and process the following categories of Personal Information of individuals:
- contact information, including name, physical address, and email address.
- other individual identifiers, including date of birth and sex.
- payment information, such as credit card type and number and bank account number. However, please note that we and our employees will not have access to credit card data. A third party payment processor will be collecting and processing credit card payment.
- purchasing history: information regarding products and services you have acquired from us.
- public IP addresses from your electronic device(s).
- information relating to your use of our website(s).
- Serological antibody positive and negative test results.
- regulatory information (to satisfy regulatory obligations such as tax and other reporting obligations).
HOW WE COLLECT YOUR DATA:
General. We collect Personal Information (including PHI) when:
- you (or your parent or guardian or authorized family member) registers an account with us and fills out the requested information,
- you visit our website or run a search query on our website,
- you use our services,
- you participate in a survey or a feature of our website that requests or requires Personal Information,
- you otherwise transact business with or correspond or communicate with us.
We also generate Protected Health Information when we perform serological antibody testing on samples provided to us by our customers.
We also collect Personal Information in the following ways:
Data obtained for marketing purposes. We obtain Personal Information from third parties, including customer referrals and employers, that we use to reach out to inform potential customers and others of the services offered by our organization. The Personal Information collected generally includes the email address of a potential customer or other and may also include their name and phone number. We also use the contact information provided to us by our customers to communicate information about our products and services, which may include marketing our products and services.
Cookies and Other Tracking Technologies: We use tracking technologies such as cookies to collect information from your web browser through our servers or filtering systems when you visit our website(s).
You can change your web browser settings at any time to stop accepting cookies or to prompt you before accepting a cookie from the sites you visit. If you do not accept cookies, however, our website may not function properly for you, and you may not be able to use some sections or functions of our websites.
To learn more about cookies and how to manage and delete them, visit http://www.allaboutcookies.org.
We may also use other web-based user tracking technologies, such as clear GIFs, Flash cookies, pixel tags, or web beacons.
Information collected may include but is not limited to your browser type, your operating system, your language preference, any referring web page you were visiting before you came to our site, the date and time of each visitor request, and information you search for on our sites. We can also track the path of page visits on a website and monitor aggregate usage and web traffic routing on our sites.
Information from Third Party Platforms. If you access our website or communicate with us using your account or account credentials from a third-party owned or operated platform/service (e.g., Amazon, Apple, AWS, Facebook, Google, Shopify, Twitter, etc.), post content from our website to a social network, or use various social media features (e.g.,“Like” button), we may process certain information from the third parties, such as your username, “likes”, location, birthday, comments and reviews, preferences, network reach and influence, and any other information you provided to the third parties in connection with your account. Depending on your account and privacy settings, we may also be able to see information that you post when using these third parties whether or not you are an active customer. We may also collect Personal Information about you from our third party service providers who provide us with e-commerce and/or technical services related to the website. The information you post or provide to third parties, as well as the controls surrounding these disclosures are governed by the policies of these third parties.
Personal Information of children and minors. We collect and process Personal Information of children under age 13 only where the parent or guardian of the child provides that information. We collect and process Personal Information of adolescents (minors ages 13-17) when (i) the adolescents themselves provide us with their own Personal Information, or (ii) a parent or guardian provides the adolescent’s Personal Information to us. VidaCheck must share children’s Personal Information with Quansys in order to perform lab testing services, but parents and guardians may prohibit us from disclosing children’s Personal Information to other third parties.
Special categories of data. We do not actively collect or otherwise process data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, data relating to criminal offenses, biometric data for the purpose of uniquely identifying a natural person, or data concerning a natural person’s sex life or sexual orientation.
HOW WE USE YOUR DATA:
These purposes include:
- Purposes related to our serological antibody testing services. These purposes include managing customer accounts, performing serological antibody tests, communicating test results to customers, providing customer service and replacement products, monitoring systems, and providing data security. We also use Personal Information to communicate with our customers to inform them of other information that may be helpful or informative.
- Our other business purposes, including addressing customer questions and service issues; processing sales leads, invoices and payments; planning and conducting marketing activities, tradeshows, trials, consultations, seminars, webinars, and demonstrations; responding to inquiries; conducting web analytics, security monitoring, and business operations and administration; and addressing tax and other regulatory requirements.
- For the Protection of VidaCheck, Quansys and Others. If we, in good faith, determine that you have used our service, product or website for any unlawful or improper reason, including to menace, threaten, harass, intimidate or otherwise deceptively pose as another person, or in any other way that is a violation of law, or have made an attempt to do so, you have no expectation of privacy, and we may use and disclose any and all information for the protection of VidaCheck, Quansys and others.
- Pursuant to Law, Rule or Regulation. If required or permitted to do so by law or if, in good faith, we believe that such action is necessary to: (1) comply with laws and regulations or with legal processes; (2) protect and defend our rights and property or prevent fraud; (3) protect us against abuse, misuse or unauthorized use of our products or services; (4) protect the personal safety or property of our personnel, users of our website or the public; and/or (5) comply with tax reporting requirements, then we may use and disclose any and all information as needed. The servers that serve our website automatically identify a computer by its IP address.
- Aggregated and de-identified data. We may anonymize data to create statistical data or system usage data, by removing all personal identifiers and/or aggregating your Personal Information with other’s data so that it is not identifiable as to any particular person. Such de-identified data may be retained and used by us to improve our products and services and for other proper purposes, including providing aggregated and de-identified data to public health officials, scientific entities, or other third parties, provided that such disclosure and use is permitted by applicable laws.
Legal basis. We base our processing of Personal Information on the need to perform our obligations to provide medical testing services and results to our customers and our legitimate activities as a provider of such services. We also process Personal Information to comply with applicable law and to exercise our legal rights. We may also use your Personal Information for internal purposes, including auditing, data analysis, system troubleshooting, and research. In these cases, we base our processing on legitimate interests in performing the activities of the organization.
HOW WE SHARE OR DISCLOSE YOUR DATA:
No sale of Personal Information. We never sell or rent Personal Information to third parties.
Disclosures of Personal Information. We may disclose or share your Personal Information with other parties in the following circumstances:
- Lab testing services. Medical testing services are provided by Quansys. VidaCheck discloses Personal Information and medical specimens provided by its customers to Quansys for the performance of such testing services, and Quansys shares the results of such analysis and testing with VidaCheck to deliver to customers. Some employees who have access to Personal Information may be personnel of both VidaCheck and Quansys.
- Third-party service providers. We use other third-party service providers (or subprocessors) to process Personal Information to facilitate your use of our products and services and in the operation of our business. This includes providing Personal Information to third parties for their processing in performing functions on our behalf, particularly the functions listed above in the “HOW WE USE YOUR DATA” section. These functions include processing payments, providing database services, performing security services, analyzing data, performing surveys, administering our website(s), and/or providing technical support services. These third party providers will be contractually and/or legally required to protect Personal Information from additional processing (including for marketing purposes) and transfer in accordance with applicable laws. Under certain data protection laws, we may be liable if a third party subprocessor that we have engaged to process Personal Information fails to fulfill its data protection obligations.
- Compliance with law and protecting our legal rights. We may disclose your Personal Information to regulatory bodies if we have a good-faith belief that doing so is required under applicable laws or regulations. This may include submitting Personal Information required by tax or other governmental authorities, or lawfully requested by governmental agencies, including law enforcement and judicial authorities. We may also disclose your Personal Information in order to exercise or defend our legal rights; to take precautions against liability; to protect the rights, property, or safety of our companies or any individual or third party; to maintain and protect the security and integrity of our information system; to protect ourselves against fraudulent, abusive, or unlawful acts; or to investigate and defend ourselves against third-party claims or allegations.
- Corporate Transactions. If a third party acquires all or substantially all of the assets of, or ownership interests in, VidaCheck and/or Quansys, whether by merger, acquisition, reorganization or otherwise, we may transfer our databases and records, including all Personal Information contained therein, to the acquiring entity.
- Aggregated and de-identified data. We reserve the right to aggregate and de-identify the results from our medical testing of specimens (both positive and negative test results) and to provide such aggregated, de-identified data and statistics to third parties for scientific studies and research (for example, the extent of geographical spread of COVID-19) or for other legal purposes.
STORAGE OF PERSONAL INFORMATION:
We store all information in state of the art physical storage facilities and cloud storage. In doing so, we use appropriate physical, organizational and technological measures to protect the Personal Information you provide to us against loss or theft, and unauthorized access, disclosure, copying, use, or modification. This includes limiting access on a “need-to-know” basis. Where third parties (such as AWS) are used to host our products, we use third parties who meet required privacy and security standards.
However, no electronic data transmission can be guaranteed to be secure from access by unintended recipients and we will not be responsible for any breach of security unless this breach is due to our negligence or wrongdoing. Although we are committed to employing reasonable technology in order to protect the security of our website, even with the best technology, no website is 100% secure. In transacting business with us through our website, you assume the risk inherent in transacting business online.
To offer our website, products and services to you, we rely on plugins and services from third parties such as internet service providers, email service providers and plugins, calendar plugins, Customer Relationship Management (CRM) systems, credit card processors, and third party data storage. To the extent these providers have access to your Personal Information, we will require that they are legally or contractually committed to comply with applicable privacy laws, In the case of credit card processors, we require that they be PCI DSS-compliant. However, we cannot guarantee with certainty that the computer systems and storage systems whereon these services are offered will not be accessed by unauthorized parties. This is a risk inherent in providing any information or, or conducting any business, online. In transacting business with us through our website, you assume the risk inherent in transacting business online.
PERSONAL INFORMATION SECURITY:
We use technical and organizational measures to protect the Personal Information that we store, transmit, or otherwise process, against accidental or unlawful destruction or disclosure, loss, alteration, or unauthorized access. Our security controls and risk management program and processes are designed to implement appropriate technological and organizational measures to ensure a level of security appropriate to the risks. We regularly consider appropriate new security technology and methods. Security measures implemented include:
- Passwords used for account registration require minimum password strength attributes;
- Role-based security is applied to system access;
- Data encryption is used where appropriate;
- Industry-standard security measures are used to protect the security of Subscriber data while traversing public networks;
- Regular maintenance is performed on systems;
- Payment card information, such as account numbers, is processed via a third-party vendor that specializes in payment processing and has committed to PCI DSS compliance;
- All of our employees are contractually obligated to maintain the confidentiality of Personal Information accessible through their employment; and
- All of our employees are required to attend security and privacy training.
RETENTION OF PERSONAL INFORMATION:
We process Personal Information for a reasonable period of time to fulfill the processing purposes mentioned above. Personal Information is then archived for time periods as required or necessitated by law or legal considerations. We reserve the right to delete a customer’s data, including Personal Information provided by that customer, from our system after 12 months from the date of completion of services for the applicable customer. We will also delete Personal Information in response to an individual’s request, as set forth in the “YOUR RIGHTS RELATING TO YOUR DATA” section below.
We reserve the right to retain usage data relating to our products and services, as well as data that has been anonymized and/or aggregated, to the extent permitted by applicable laws. With respect to any Personal Information collected by us for marketing or for our own internal purposes, we will retain that data for a reasonable time in order to fulfill those purposes.
We regularly review our retention policy to ensure compliance with our obligations under data protection laws and other regulatory requirements. We regularly audit our databases and archived information to ensure that Personal Information is only stored and archived in alignment with our retention policy.
YOUR RIGHTS RELATING TO YOUR DATA:
Individuals are also entitled to request to review their protected health information (PHI) that is in our system or possession. Please see our Notice of Privacy Practices for additional information regarding your rights relating to PHI.
Parents and legal guardians are entitled to request access to their child’s Personal Information and PHI to review that information and/or have the information deleted. Parents and guardians will also be given the opportunity to prevent further use or online collection of a child’s Personal Information.
Unsubscribing to marketing communications. If we are sending you email communications of a marketing nature, an ‘unsubscribe’ option is provided in the footer of every email. You may also contact us directly to unsubscribe to marketing emails or other marketing communications, at the contact information set forth in the “OUR CONTACT INFORMATION” section below. If you have agreed to receive marketing communications, you may always opt out at a later date.
Your California privacy rights. As it relates to California’s Shine the Light law, Section 1798.83 of the California Civil Code, we do not share Personal Information with any third parties for the purpose of direct marketing by such third parties. We are not at this time subject to the California Consumer Privacy Act (CCPA). If you are a California resident and have any questions or requests regarding our use of your Personal Information, please contact us.
Your Canadian privacy rights. This section applies to Canada residents only.
Your Personal Information will be transferred outside of Canada for processing. we and our service providers also store Personal Information on servers located in other jurisdictions, including the United States. Please note that privacy laws in such jurisdictions differ from Canadian privacy laws (e.g., PIPEDA) and that in some jurisdictions your Personal Information may be accessed by law enforcement authorities or the courts in such jurisdictions. If you wish to:
- find out if we have your Personal Information and how we have used it,
- access your Personal Information that is in our possession,
- request that your Personal Information be corrected or deleted from our database, or
- obtain a list of any other organizations to which your Personal Information has been disclosed,
you may contact our privacy officer at the contact information set forth below. We will respond to your request relating to your Personal Information within 30 days. We may be unable to remove information to the extent that it is permitted or required to be retained by applicable law or document retention and data backup policies, or if removal is not practicable due to technological reasons. Please note that removal of your Personal Information may prevent or hinder us from providing further services and information to you.
If you request an accounting, we may require you to provide sufficient information to permit us to provide you with an account of the existence, use, and disclosure of Personal Information in our possession. The information provided shall only be used for this purpose.
PRIVACY POLICIES OF OTHER WEBSITES:
OUR CONTACT INFORMATION:
Attn: Privacy Officer
Address: 365 N 600 W, Logan UT, 84321
If you wish to report a complaint or if you feel that we have not addressed your concerns in a satisfactory manner, you may also contact your state or local data protection authority