Effective Date: Aug 4, 2022
Viome Life Sciences, Inc. is an AI-driven, personalized therapeutics platform that digitize, decode, and decipher human biology for the prevention and early detection of chronic diseases, and application that empowers people with data and technology based on the functional analysis of microbial, mitochondrial, and human gene expression. Our Services include access to the Viome public website, mobile application, Viome Precision Supplements™ family (“Precision Supplements”) and Viome Precision Probiotics +Prebiotics™ family (“Precision Probiotics + Prebiotics”) of subscription services (“Subscription Service”), and personal “omics” testing services (e.g., microbiome, genetic, transcriptome, etc.) that include Viome Discovery tests (“Viome Discovery Tests”), including the collection and analysis of your stool, blood, saliva, or other biological samples.
The biological samples we collect include stool, blood, saliva, cheek swab, skin swab, and other (“Samples”), using sample collection kits (“Kits”) provided by Viome. Customers will collect the Samples using the Kits and ship them to Viome for testing and analysis. Data obtained from testing the Samples are subjected to a process of scientific testing to produce sample data (“Sample Data”) used for producing test data (“Test Data”) that will be stored and used with customer-provided information (in response to our questionnaires and other self-reported information) and Viome proprietary technology that use analytics and Artificial Intelligence to generate test results (“Test Results”). Based on our analysis of Test Results of Viome wellness line of products (“Wellness Tests”) and customer-provided data, using Viome technology, Viome makes personalized diet, supplements, probiotics+prebiotics, and lifestyle recommendations and offer Supplements and Probiotics+Prebiotics Subscription Service (“Subscriptions”) to individuals via, Viome website located at www.viome.com and mobile applications. Based on our analysis of Samples associated with Viome Discovery line of Services and customer-provided data, using Viome technology, Viome detect molecular features that are associated with certain diseases including cancer and deliver associated Test Results using its web platform.
Viome takes privacy very seriously. We are committed to protecting the privacy and security of “Personal Information” which could be used to identify our customers, either alone or in combination with other information. By accessing or using the Service (as defined above), customers allow us to collect, store, and use their Personal Information that enables us to provide services associated with wellness such as personalized Supplements and Probiotics+Prebiotics recommendations and services associated with Viome Discovery line of Services. Viome recognizes and understands the importance of privacy and respects our customers’ desire to store and access Personal Information in a private and secure manner.
What Information We Collect
When you subscribe to or use our Services, Viome collects and uses several types of information as identified below. These include information you provide directly to us, your clinical and test data, medical information and history, information our customers provide in response to our questionnaires, self-reported information, data we retain in order to improve our data analytics methods and artificial intelligence engine and our Service, data we retain for provisioning our Service and securing payments for same, information we collected through tracking technology, web analytics, and other types of information we receive about you from third party sources.
We may collect “Personal Information” about you that amounts to any factual or subjective information whether recorded or not about an identifiable individual.
“Personally, Identifiable Information” or “PII” is information about an individual when used alone or with other relevant data that can identify an individual (e.g., first and last name, birthdate, home address, social security number, bank account number, credit card number, passport number, Health insurance ID number, etc.).
“Personal Data” is any information relating to a natural person, when that person can be identified, directly or indirectly, in particular by reference to an identification number (e.g. social security number or credit card number) or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity (e.g. last name and first name, date of birth, biometrics data, fingerprints, or DNA).
“Sensitive Information” or “Sensitive Data” is a category of Personal Information or Personal Data of an individual relating to confidential medical facts, medical history, records, racial or ethnic origins, political or religious beliefs, or sexuality.
“Self-Reported Information” is all information you provide us about yourself, including input and answers to surveys, forms, questionnaires, email, features on our website and software applications, while participating in Research Studies and Study Participations, engaging with our customer service (“Customer Service”) or while using the Service (e.g., information about your personal traits (e.g., eye color, height), ethnicity, disease conditions (e.g., Type 2 Diabetes), physical health-related information (e.g., pulse rate, cholesterol levels, visual acuity, medicine you currently take, habits such as smoking), diet related information (e.g., vegetarian, vegan, allergies, etc.), mental health related information (e.g. emotional conditions such as fear or anxiety), your disease conditions, medical history, and family history (e.g., information similar to the foregoing about your family members).
“Protected Health Information” or “PHI” is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual that also includes such information as any part of a medical record or payment history.
“Registration Information” is collected when you subscribe to or register for our Service. This information includes, but is not limited to Personal Information such as your name, date of birth, password, payment information (such as credit card information of which, Viome stores only the 4 last digits and the expiration date unless your Services include a Subscription Service that involves monthly recurring charges), medical history of you or your family, billing and shipping addresses, and contact information such as email address and telephone number that you provided to create your Viome account (“Viome Account” or “Account”) used for the Service. Viome uses Registration Information to authenticate your access to Viome Account, websites and mobile applications for purposes that include but not limited to the following: use the Service, obtain physician authorization (“Physician Authorization”) for test requests made by customers seeking Viome Discovery line of Services and for facilitating Pre-Test and Post-Test Consultations service through our clinical oversight and support partner, enable you to purchase or access add-ons and new features related to the Service, charge recurring fees for Subscription Services, deliver personalized reports, send Research Studies or Study Participation Consent Forms and questionnaires, marketing and communications, and certain other purposes.
“Biological Samples” are the self-collected stool, blood, and other fluid samples such as saliva, cheek swab, skin swab, or urine, that you collect using Sample collection kits (“Kits”) and used for microbiome, genotype, phenotype, and gene expression testing and analysis performed by Viome.
“Sample Data” is molecular data created from the Samples you provide to Viome for testing and analysis. Sample Data analysis includes, but is not limited to, primary sequencing and other types of analysis including RNA and DNA, microbiome analysis, microbial gene expression analysis, human gene expression, and personal genotype.
“Medical Information” is information in your medical records or with your healthcare provider that you give Viome permission to access. Viome will access your Medical Information or contact your healthcare provider only with your written consent by acceptance of a Consent Form or by other means used at the time of obtaining consent such as Physician Authorization.
“User Content” is information that you create or content that you post or upload on our website, social media, or public forums that relate to us, such as blogs, data, text, software, documents, audio, photographs, graphics, video, messages, discussions, emails, or other materials that you create or provide to us through public or private transmissions.
“Test Data” is information we extract from Sample Data for use in our testing services that produce data and test results that help us provide you with accurate and personalized recommendations and Services.
“De-identified Information” or “De-identified Data” as used here is Samples and other forms of data after removing personal identifiers from them immediately upon receipt, and assigning a unique code for each Sample or data, and performing all downstream testing, research, and data analyses relevant to Samples or data only using that unique code. De-identification is a well-established privacy practice followed in our industry whereby information likely to be identified with you will be scrubbed from the Sample Data, Test Data, internal records, or other forms of data before using the data for provisioning the Service. De-identification prevents Viome from storing your personally identifying information together with your Samples, Test Data or other data in any database or records or release them externally in any way (even accidentally). Your Samples and Test Data are used with your Personal Information only to the extent necessary and for the purpose of delivering the Service to you and communicating directly with you when necessary. For all other purposes, including for Research and Research Studies, analysis, and improving our Artificial Engine, except when you have specifically consented to, we use the De-identified Data.
“Aggregate Information” or “Aggregate Data” means high-level information or data collected from a group of individual Samples or other data combined with similar data of the others and compiled into data collections or summaries such that when evaluated as a whole, that no specific individual may be reasonably identified. Aggregate Data is often used for data analysis and sometimes for Research.
“Individual-level Data” means information or data about a single individual's Sample or other types of data provided by the individuals themselves or collected from other sources.
“Web Information” is information on how you use Viome website (e.g., browser type, domains, page views, etc.) or other online media owned by Viome, and are collected through log files, cookies, and web beacon technologies.
Viome and its third-party service providers from whom it receives your information may use “cookies” and similar tracking technologies (such as web beacons, tags, scripts and device identifiers used for automatic collection of information), for a variety of purposes. Cookies are small data files that are stored on a user’s hard drive at the request of a website to enable the website to recognize and retain certain user information such as customer preferences and history.
Cookies help us recognize when and how you use our Services, customize and improve your experience, provide security, analyze our interactions with our Services and its features, gather demographic information about our user base, make special offers of our Service, monitor the success of marketing programs; and for targeted advertising on our website and on other websites on the Internet.
The information reports we receive from third party service providers can be in de-identified, individual-level, or at aggregate-level, and we may also use these reports to improve our data analytics methods. If we combine cookies with, or link them to, any of the Personal Information, Viome will treat this information as Personal Information.
Like many websites, we use Google Analytics for web behavior monitoring, a service that provides information about how many users visit our website and online resources, when they visit, and how they navigate our website. We also may use other Google Analytics tools, such as Demographics and Interest Reporting, which enable us to learn more about the characteristics and interests of the users who visit our website, and Remarketing with Google Analytics, which enables us to provide relevant advertising on different websites and online services.
Some features of our Service may include functionality enabling you to post user content, whether publicly posted or privately transmitted, such as profiles, posts, emails, feedback, experiences, suggestions, notes, messages, photos, and videos (“User Content”) that may be made available to Viome and other users of the Service.
You should be aware that any User Content you provide or post in public media may be read, collected, and used by others who access them, and we have no control over these media. Please exercise caution before and when you choose to share personal information on our blogs, forums or in any other public media.
By sending User Content, you grant Viome a perpetual, irrevocable, worldwide, royalty-free, freely transferable and sub-licensable, non-exclusive right to use, reproduce, modify, transmit, translate, publish, publicly perform, display, distribute, commercialize, share with third parties, transmit or distribute over public network and media, and create derivative works of such User Content for purposes specified in Viome Terms of Service and for delivering the Service to you and other users of the Service.
For the purpose of Physician Authorization and covered services associated with Viome Discovery Tests such as Pre and Post Consultations provided by Viome’s physician oversight and support service partner and their contractually affiliated partners including physician networks (collectively, “Oversight Partner”), we collect additional information pertaining to your medical history, personal habits such as smoking or using tobacco, or specific symptoms associated with certain diseases for the purpose of evaluation and Physician Authorization for Viome Discovery Tests as well as for associated services provided by Viome’s Oversight Partner in connection with Viome Discovery line of Services.
Other Types of Information
From time to time, we may collect other types of information automatically about your use of our Service through the log files. Such information may include your device’s Internet Protocol (IP) address, operating system, browser type, and your device ID. Viome uses this information for purposes such as analyzing trends, administering the Service, improving customer service, diagnosing problems with our servers, monitoring the security of our systems, tracking user movement, and gathering broad demographic information for aggregate use.
Information on our Services
To use our Services, you must first purchase, request authorization for certain tests (“Test Request”), receive from a third party (e.g., as a gift), or from us directly or through an authorized channel partner, a Kit or a Subscription Service, and then create an online Account, register your Kit or Subscription Service, and submit your Sample directly to our laboratory for testing within the timeframe specified in our Sample Submission Policy.
Currently, all testing Services are performed at Viome’s highly automated, CLIA-certified laboratory that complies with federal regulatory standards applicable to testing performed on humans governed by The Clinical Laboratory Improvement Amendments of 1988 (“CLIA”). Depending on our needs we may use certified and licensed third-party service facilities in the future for testing and Sample collection services.
Our laboratory will use your Samples associated with Wellness Services for testing, analysis and generation of Sample Data that will be used to generate Test Data. Test Data is used with Self-Reported Data in conjunction with our data analysis methods and artificial intelligence engine that we use for generating the Test Results that we use in order to provide personalized diet, lifestyle, supplements, probiotics+prebiotics recommendations, and providing you with Viome Supplements and Probiotics+Prebiotics Subscription Services. Our laboratory will use your Samples and Medical History associated with Discovery Services for Physician Authorization for test requests, testing, analysis, counseling, consultation, and generation of Sample Data that will be used to generate Test Data. Test Data is used with Medical History in conjunction with our data analysis methods and artificial intelligence engine that we use for detecting molecular features that are associated with certain diseases including cancer and deliver associated Test Results through our web platform.
How We Use your Information
a) Provide you with the Services
We use your information for activities necessary for provisioning the Service that include testing and analysis of data, Physician Authorizations, Oversight Partner services, generate and deliver Test Results and recommendations, customize your Supplements and Probiotics+Prebiotics, and improve our Services. These activities may include but not limited to: i) open and maintain your Viome Account; ii) enable purchase of our Service (e.g., process payments and make personalized supplements, probiotics+prebiotics); iii) communicate with you (e.g., informing you of policy changes, security updates or issues, delivery of Test Results (directly or through our Oversight Partner), Pre and Post-Test Consultations with our Oversight Partner, etc.); iv) implement your requests (e.g. requests to Customer Service); v) facilitate use of our website and mobile applications (including authenticating your visits, providing personalized content, and tracking your use of our Services); vi) facilitate the covered services of our Oversight Partner; vii) enforce our Terms and other agreements such as monitor, detect, investigate and prevent prohibited or illegal activities, spam and other security risks, performing quality control; vii) perform Research Studies and Research & development activities (which may include, for example, Research conducted by the Viome Research Institute); viii) conducting data analysis to improve existing Services or develop new Services; and ix) improving our data analytics and artificial intelligence engine that help us provide more precise and accurately personalized recommendations, and infer data that help us make customized Supplements and Probiotics+Prebiotics for you.
We may also use your information to fix bugs or issues, analyze use of our website, charge recurring Subscription Fees, to improve or optimize the customer experience and Customer Service, or assess the efficacy of our marketing campaigns.
b) Provide Oversight Partner Services
If you purchased or made a Test Request for Viome Discovery Services (e.g., CancerDetect™ Test), we also use and disclose your Personal Information to obtain Physician Authorization for your Test Request, delivering or communicating your Test Results, and provide you with certain covered services associated with such Test Request such as Pre/Post Test Physicians or Clinicians Consultations through our Oversight Partner (“Partner Services”), and for activities necessary for provisioning the Service directly or through the Oversight Partner. The Physician Authorization and Partner Services are covered by an existing contractual arrangement, and these Partner Services are fully paid for by Viome under the terms of such contractual arrangements between Viome and Oversight Partner.
The consent as expressed by making a Test Request for Viome Discovery Tests (e.g., CancerDetect), acceptance of applicable terms in the process, or using our Service, you consent to share and disclose your Personal Information (including medical history and other sensitive data) with Viome Oversight Partner for evaluating your Test Request for Physician Authorizations as well as for providing the Partner Services by our Oversight Partner.
c) For Research and Research Studies
When you use our Services, Viome may use your Personal Information, and other data at individual-level or otherwise (in de-identified, pseudonymized, or aggregate forms) for ongoing research conducted by Viome and Viome Research Institute (“VRI”) that help us better understand the connections among microbiome, gene expression, and your health and wellness at individual as well as at population scale (“Research”). The information we use in Research is often summarized, aggregated, or combined across a group of subjects to minimize the chance of identification. In the event we require use of individual-level Personally Identifiable Information in Research or for other purposes, we will reach out to you for obtaining specific consents applicable to such other use.
With your consent as expressed by acceptance of the Participant Information and Consent Form presented to you at Registration, Test Request, or while using the Service (“Consent Form”), Viome may use your Individual-level Personally Identifiable Information in Viome lead clinical studies and scientific research activities identified by Viome study protocols that support a specific diagnosis of a disease, development of a treatment, or predict certain health conditions (“Research Study” or “Research Studies”). Participation in Research Studies is voluntary.
Research and Research Studies are important aspects of our Service. The primary aim of VRI is to improve our Service using the data we gather from our Research. We invite you to take part in these Research and Research Studies that may help improve our Services and also help generate breakthrough discoveries in the fields of microbiota and gene expression leading to pushing the boundaries in human health. We strongly believe that the insights we gain through Research and Research Studies may benefit the general population as a whole, and indirectly you or your family as well sometime in the future.
The Research activities may include but not limited to conducting data analysis to develop new or improve existing Services, perform quality control, and identifying potential areas or targets for specific diet or lifestyle recommendations. Research Studies may encompass population-scale studies, development of a specific diagnosis or treatment, predict certain health conditions, or develop scientific knowhow, discoveries, and intellectual property assets to improve healthcare for the population as a whole. They may also include publishing study results in peer reviewed scientific journals publications and commercialization activities.
Research Studies may also entail, use of your Personal Information (including Medical Information), for selecting candidates suitable for a particular research study for identifying the correlations between dietary and lifestyle inputs and illness or wellness at molecular levels. As a result, we may reach out to you from time to time with requests for additional information about you, your diet, lifestyle or certain conditions by way of surveys and questionnaires as well as additional consents as necessary. When we do, you have the opportunity to choose which surveys to take, which questions to answer and grant us or decline your specific consent for these Research Studies. By choosing to answer, you are granting us the consent for Research Studies.
For individuals located in the European Union (“EU”): Our legal basis for processing your Sensitive Data for the purposes described above is based on your consent. Please read below on Data Privacy for EU Residents Under GDPR for further details.
d) For Study Participations
From time to time, Viome may engage in certain study specific research in collaboration with third parties such as non-profit foundations, academic institutions, healthcare organizations, or commercial research partners with the intent to study about a specific disease condition or a segment of the population (“Study Participations”). Study Participations are governed by specific regulations and require approval by an independent review board and your informed consent by way of acceptance of a study specific optional informed Consent Form that contains specific details on the study, collaborator, and the type of information we collect and share. If we identify you as a potential participant in a Study Participation, you will be presented with the Consent Form for acceptance that grants us your informed consent for Study Participations.
Some of these Study Participations are aimed at publication in peer-reviewed journals and other research publications. Study Participations are completely optional and voluntary for participants, and if you wish, you can choose to decline to accept the Consent Forms or choose not to respond.
When you have consented to Study Participations by way of accepting a study specific informed Consent Form, we may store and use your Sample Data and other Personal Information for current and future Study Participations. In addition, based on your Personal Information, if you were a potential fit for other Study Participations, we may contact you at any time of Service via email, website, or mobile application, with a notification for specific Study Participation and acceptance of a study specific Consent Form. You may choose to accept, decline, or chose not to respond to these invitations and Consent Forms. In the event you have not accepted a Consent Form or an invitation for Study Participation, you may still choose to join Study Participations in the future. Similarly, if you have accepted an invitation and a Consent Form and you do not wish Study Participations, you may decline to participate by withdrawing your consent.
For example, if a university or a collaborator tells us about a new research project on irritable bowel syndrome, we may send you the study specific details and a Consent Form to make you aware of the Study Participation. Viome scientists may run, in collaboration with a university, an extensive clinical study program focused on developing science-based personalized nutrition algorithms towards treatment, prevention, and reversal of a chronic disease like diabetes.
In the event if you do not wish to receive the Study Participation notifications, you can send a request to our Studies Team using the details below:
Send in a request with the subject line Assistance with “Study Notifications” using firstname.lastname@example.org
Viome Life Sciences Inc.
Viome Studies Team (Study Notifications)
205 108th Ave NE, STE 150
Bellevue, WA 98004
e) Improve Service, Analysis Methods, and Artificial Intelligence Engine
We are constantly working on improving our Service and enhancing the capacity and accuracy of our data analysis methods and artificial intelligence engine we use for the purpose of delivering more accurate and personalized recommendations to you.
We may use your Sample Data, Test Results, and Self-Reported Information in de-identified, pseudonymized, anonymized, or aggregate forms (after carefully removing the identifiers that easily identify who you are), together with similar data of others, for the purpose of improving Viome’s data analysis methods. Our artificial intelligence engine runs multiple analyses of aggregated de-identified data across our massive database of information, carefully selected high-quality scientific literature, expert knowledge from our team of scientists, and customer feedback to discover what foods, supplements, probiotics+prebiotics are ideal for you and your gut microbiome to experience optimal health. It is through our artificial intelligence engine that we are able to provide better and more accurate personalized Services to you.
f) Provide Customer Service and Support
When you contact Viome customer service (“Customer Service”), we may use or request additional Personal Information, as necessary to verify your identity, answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints. In certain instances, we may require using one customer’s Personal Information to resolve another customer’s request. For example, if a customer reports behavior of another customer that violates our Terms of Service, we will separately process both customers’ Personal Information and respond separately to each customer as appropriate. We will not share your Personal Information with another customer or any third party without your specific consent.
g) Surveys and Testimonials
h) Marketing and communications
By creating a Viome Account and using our Service, you agree to receiving Service-related email with information such as new features, add-ons, promotions, contests and other notifications about our Services. You can unsubscribe from receiving these marketing communications at any time. To unsubscribe, click the email footer “unsubscribe” link or send a request to our Customer Service using the details provided above. You may not opt-out of receiving non-promotional messages regarding your Account, such as technical notices, purchase confirmations, important Viome policies and deadlines applicable to use of Kits and Sample submissions or Service-related emails.
We may also use the Personal Information you submit to us to personalize your user experience and to allow us to recommend or deliver the type of content, new features, or Service offering in which you are most interested. We may also use your Personal Information to compile usage statistics and other data regarding use of our Services and for other types of marketing and communication purposes, without asking for and receiving your explicit consent (e.g., targeted advertising that uses third party advertising networks and providers who help us deliver targeted online advertisements or measure the effectiveness of ad campaigns). We and our third-party service providers will not use your Sensitive Information for marketing and communication purposes.
You may withdraw your consent as expressed by acceptance of a Consent Form for Research Studies or Study Participations, at any time by sending a request to our Studies Team to change your Consent Form status as stated below:
Send in a request titled “Consent Withdrawal” using email@example.com
Viome Life Sciences Inc.
Viome Studies Team (Consent Withdrawal)
205 108th Ave NE, STE 150
Bellevue, WA 98004
Pursuant to your request, we will not include your Individual-level Personal Information in Research Studies or Study Participations that start more than forty-five (45) days after the date of receipt of your consent withdrawal. Any Research Studies or Study Participations that used your Individual-level Personally Identifiable data that have already been performed or published prior to your withdrawal for which you have given consent to cannot and will not be reversed, undone, or withdrawn.
What happens if you do NOT sign a Consent Form?
If you choose not to accept the Consent Form or grant a study specific Consent to us, your Individual-level Personal Information will not be used for Research Studies or shared with collaborators or third parties or used for Study Participations. However, you may still have an opportunity to participate if we identify you as a potential candidate for and extend you an invitation to participate in a Research Study or a Study Participation. You may or may not accept the invitation and study specific Consent Form or you may decide not to respond.
How We Disclose Your Information
In general, Viome will not disclose individual-level Personal Information (including Self-Reported Information and Medical Information) to third parties, except under the following circumstances:
a) With Express Written Permission
Viome may disclose your Personal Information to third parties in accordance with our Terms of Service or where you have otherwise provided express written consent for sharing (e.g. by way of accepting a Consent Form).
b) Facilitate Business Operations
c) As Required by Law
Under certain circumstances, Personal Information may be subject to disclosures pursuant to judicial or other government subpoenas, warrants, or orders, or in coordination with regulatory authorities. You acknowledge and agree that Viome is free to preserve and disclose any and all Personal Information to law enforcement agencies or others regulatory agencies that oversee manufacturing and logistics service, if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (i) comply with legal or regulatory process (such as a judicial proceeding, court order, or government inquiry); (ii) obligations that Viome may owe pursuant to ethical, regulatory (such as Food and Drug Administration), and other professional rules, laws, and regulations; (iii) enforce Terms of Service; (iv) respond to claims that any content violates the rights of third parties; or (v) protect the rights, property, or personal safety of Viome, its employees, its customers (including you), and the public. In the event Viome is required by law to disclose Personal Information, Viome will notify you through the contact information provided to Viome in advance, unless doing so would violate the law or a court order.
d) Sharing with Third Parties
We may share your individual-level Personal Information, without explicit consent, to the extent necessary, with third parties: i) in order to perform business operations that help deliver the Services to you (e.g., Sample collection services, laboratory service, inventory controllers that ship Kits, Precision Supplements and Precision Probiotics+Prebiotics manufacturers, logistics operators, IT service providers, customer service optimizers, etc.); ii) in order to provide Partner Services provided to you by our Oversight Partner; and iii) for marketing and communication purposes.
We may also share Personal Information de-identified, pseudonymized, or aggregate forms (without your personal details or aggregated with the information of others so that you cannot reasonably be identified as an individual) for: i) Research and Research Studies; ii) strategic initiatives with Research partners; and iii) for other purposes, to the extent necessary, and as permitted by law.
e) Lost Capacity
When a customer has lost capacity or passed away, we will only give their Account information to individuals who are legally authorized to make decisions on their behalf, such as an executor, a personal representative, or a beneficiary of a deceased's estate. The person requesting the information must complete an authorization form and provide evidence and legal documentation indicating they are allowed to act on behalf of the individual before we will provide any information.
f) Business Transitions
g) Commonly owned entities
Information Security Measures
Viome uses a number of physical, technical, and administrative measures to keep your Personal Information safe and secure. By employing these safeguards, we aim to prevent unauthorized access, minimize accidental disclosure, maintain data accuracy and integrity, and ensure appropriate use of the information in accordance with current technological and industry standards. In particular, all connections to Viome websites, software, and mobile applications are encrypted using Secure Socket Layer (“SSL”) technology.
You acknowledge and agree that protecting Personal Information is a responsibility shared between you and Viome. In this regard, we ask all users of our Service to be responsible for keeping their login IDs, passwords, and other authentication information used to access the Service in a secure manner and maintain strict confidentiality. You should not share Account and authentication information with any third parties and should inform Viome immediately of any prohibited use of your Account or authentication information. Viome cannot secure and assumes no liability for Personal Information that is released by our customers to third parties, such as physicians, insurance companies, or healthcare service providers.
Viome implements several physical and technical security measures to ensure confidentiality, integrity, security, and availability of Viome and customer data by employing industry standard safeguards such as de-identification, pseudonymization, encryption, and data segmentation. Your Sample Data and other Personal Information you provided to us are stored after labeling them with an assigned code without your name or other Personal Information that can easily identify your Sample with you.
To ensure the on-going confidentiality, integrity, and security of your data, Viome conducts periodic risk assessments of its electronically protected health information systems (“ePHI”) which we use to store your Personal Data. We de-identify customers' PII from PHI and use multiple layers of industry standard security measures applicable to encryption and access protection for Sensitive Data, based on job function and role. Viome access controls include multi-factor authentication, single sign-on, and strict least-privileged authorization policies.
Viome keeps all customer Personal Data and information on secure cloud servers. Only a small group of qualified personnel within Viome can access the information that can be used to identify you. These are personnel who need that information in order to provide, complete, testing, analysis, and reporting related to the Services. The Personal Information that matches the assigned codes will be kept in a secure, access controlled, and protected database at Viome. Only a small group of essential personnel will have access to this secure and protected database.
We will not include any Personal Information that would make it possible to identify you in any Research, studies or publications. All Viome employees, consultants, and others who might have access to your Personal Information must sign confidentiality and non-disclosure agreements that mandate them to keep customer Personal Information confidential. Your Personal Information may be shared with your health care service provider only with your written permission. Your Samples and their specimens and their remnants, after testing and analysis, will be stored securely with de-identified alphanumeric IDs (with no Personal Information that can identify you).
Viome is committed to protecting the privacy of children and abiding by the provisions of the Children’s Online Privacy Protection Act (“COPPA”). The Service is not directed, designed, or intended to attract children under the age of 13.
In rare instances, a parent or legal guardian of a child, however, may specifically request or consent his/her child to Study Participation, and may assist the child with providing assent to Study Participation, if the child is old enough to do so. In such cases, the parent or guardian may create an Account for, assist and be responsible with collection of the Clinical Sample, and provide Self-Reported Information on behalf of his or her child. If you are the parent or guardian of a child, you assume full responsibility for ensuring that the information you provide to Viome about your child is: i) accurate; ii) you have the legal right to provide your child’s information to Viome, and iii) that the child’s information is kept confidential and secure.
In the event Viome is notified or becomes aware that the Service has been used by a child under the age of 13 to store information of that child without parental consent, Viome shall be and is authorized to delete, in its entirety, with no notice to you, any of the information stored by that child or by you on that child’s behalf. Viome also reserves the right to revoke any license to use the Service, which is being used or has been used by a child under the age of 13.
Further, Viome Services are not designed for, intended to attract, or directed toward children under the age of 18 or below the legal age of majority to form a binding contract in your country of residence, whichever is greater. A parent or a legal guardian, however, may collect Samples using Kits, and create an Account for, and provide Registration information for his or her child who is under the age of majority. On these occasions, the parent or guardian assumes full responsibility for following the Sample collection instructions and ensuring that the information that he or she provides to Viome about his or her child is kept secure, and that the information submitted is accurate.
Some features associated with the Services and Study Participations are not offered to children or minors, even with parental/guardian consent. In such cases, Viome will restrict Registration for these Service or Study Participations for anyone below the age of 18.
Retention of Personal Information
Unless you close your Account that results in deletion of your Personal Information in the Account as described in the Account Closure process as specified below, Viome will store your Personal Information as long as your Account is open.
Correction of Personal Information
Your Personal Information and Registration Information, if incorrect, can be corrected, changed, or updated by sending a request to our Customer Service using the information stated below:
Visit https://support.viome.com and request “Correction of Personal Information”
Submit by mail:
Viome Customer Service (Correction of Personal Information)
Viome Life Sciences Inc.
205 108th Ave NE, STE 150,
Bellevue, WA 98004
If you no longer wish to use the Service or have your Personal Information processed by us in order to provide you the Service, you may close your Account by sending our Customer Service a request using the information specified below.
Visit https://support.viome.com and request Account Closure.
Once we receive your request, we will send an email to the email address linked to your Account detailing our Account Closure Policy and requesting that you confirm your closure request. Once you confirm your request to close your Account, your Account will no longer be accessible. When your request is processed, it cannot be cancelled, undone, withdrawn, or reversed. When closing an Account, Viome removes or deletes Personal Information associated with that Account, subject to certain limitations stated below:
To the extent necessary and permitted by law, Viome may still retain:
request, and transaction data) for accounting, audit, and compliance purposes;
ii) Limited Personal Information for compliance with legal retention requirements (e.g., CLIA requirements);
iii) Limited Personal Information to fulfill contractual obligations, exercise or defend legal claims;
iv) Limited Personal Information to fulfill audit and compliance processes;
v) Information already used for Research and Study Participants; and
vi) Limited information in de-identified, pseudonymized, or aggregate forms used in Research, data analysis and artificial intelligence.
Retention of Personal Information
Unless you close your Account and delete your Personal Information in the Account as described under Account Closure as specified above, Viome will store your Personal Information as long as your Account is open.
Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), California residents are afforded certain additional rights regarding use of your Personal Information. However, depending on your data choices, certain services may be limited or unavailable. If you are a California Resident, to learn more about your California Residents’ privacy rights under CCPA and to obtain a copy of our CCPA Notice for California Residents, please contact our Customer Service by sending a request using the information specified below.
Visit https://support.viome.com/ and request Assistance with CCPA Notice Rights.
Submit by mail:
Viome Life Sciences Inc.
Viome Customer Service (CCPA Notice Rights)
205 108th Ave NE, STE 150
Bellevue, WA 98004
Call our Customer Service at 1.855.958.4663
California Do-Not-Track Disclosures
Viome does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track ("DNT") signals. Third parties that have content embedded on Viome’s websites or mobile applications (e.g., social features) may set cookies on a user’s browser and obtain information about the web browser visiting a specific Viome website from a certain IP address. Third parties cannot collect any other Personal Information from Viome’s websites, software, or mobile applications unless you provide it to them directly.
Pursuant to Nevada Privacy Law (“NPL”), Nevada residents may direct a business that operates an internet website not to sell certain Personal Information about you.
Viome does not sell your Personal Information to third parties. If you are a Nevada resident, for more information about your rights under NPL or how we handle and share your Personal Information, contact our Customer Service by sending a request using the information specified below:
Visit https://support.viome.com and request Assistance with NPL Rights.
Call our Customer Service at 1.855.958.4663
Data Privacy for Residents of Designated Countries
This section applies only to the Personal Information of the residents of the European Economic Area (“EEA”), United Kingdom, or Switzerland (collectively, the “Designated Countries”). When we transfer, store, and process the Personal Information of the residents of the Designated Countries, we implement appropriate safeguards applicable to transfer of such Personal Information to and from the Designated Countries in accordance with the terms specified below:
When we transfer, store, or process your Personal Information to U.S. or other countries outside of where you reside, we rely on various legal bases to lawfully transfer such Personal Information around the world, including the European Union Commission approved model contractual clauses (“lawful data transfer mechanisms”).
In addition to such lawful data transfer mechanisms, Viome continues to participate in, remains committed to applying, and has certified its compliance with EU-US Privacy Shield Framework (“Privacy Shield Framework”) and its Privacy Shield Principles as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information from EU to the United States.
Our Relationship with You
We are the “controller” with respect to your Personal Information because we determine the means and purposes of processing your information when you use our Services.
Legal bases for processing Personal Information from the EU
We may contact you by electronic means for marketing communications with information about our Services that are similar or related to our Services with you. If you do not want us to use your Personal Information in this way, please contact us at Privacy@viome.com to withdraw your consent at any time. The withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
Transfer to a Third Party
Data Privacy for EU Residents Under GDPR
This Section outlines our policies and commitment to GDPR applicable ONLY to information from and of the residents of the European Union (“EU”). Except where a term is specifically defined herein, the terms used in this Section will have the meaning provided under in the GDPR.
Viome is committed to General Data Protection Regulation (“GDPR”) compliance through our robust data privacy and security protections. Under the GDPR, organizations that collect and store Personal Information must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with processing Personal Information. Viome uses industry-leading organizational and technical measures to keep your Personal Information secure.
In exercising rights under GDPR, applicable only to EU residents, as a precondition for processing your requests, we require proof of your identity and EU resident status both.
Note: GDPR and Data Privacy policies outlined below do not extend or apply to residents of non-EU countries or residents of the United States.
a) When Viome acts as Controller
b) When Viome acts as a Processor
c) Right to Withdraw Consent
To the extent Viome has requested and you provided your consent for processing of your Personal Data, or accepted a Consent Form, you can withdraw your consent at any time by contacting our Customer Service using the information specified below. Your withdrawal will not affect the lawfulness of our processing based on consent you granted before its withdrawal as well as use of your data in ways otherwise permitted by law.
Visit https://support.viome.com or send us a request titled Assistance with GDPR: Consent Withdrawal using firstname.lastname@example.org.
Submit by mail:
Viome Customer Service (GDPR: Consent Withdrawal)
Chief Privacy Officer
Viome Life Sciences Inc.
205 108th Ave NE, STE 150,
Bellevue, WA 98004
d) Right of Access and Rectification
Viome allows you to access and rectify certain Registration Information, Self-Reported Information, and other information as required by applicable law. If you would like to access or rectify your Personal Data, please contact our Customer Service using the details specified below. We may not be able to fulfil part or all of your request if doing so could adversely affect the rights and freedoms of others.
Visit https://support.viome.com or send us a request titled GDPR: Data Access and Rectification using email@example.com.
Chief Privacy Officer
Viome Customer Service (GDPR: Data Access and Rectification)
205 108th Ave NE, STE 150
Bellevue, WA 98004
e) Right to Erasure ("Right to be Forgotten")
We allow you to delete your Account or your Personal Information following a request for Account Closure at any time. You can request erasure of Personal Data that: (a) is no longer necessary in relation to the purpose for which it was collected or used; (b) was collected with your consent but later you withdrew such consent; or (c) was collected for a purpose with your consent, but there are no overriding legitimate grounds for our further processing.
Viome will take reasonable steps to fulfil your request. Our assistance with your request, however, is subject to the following limitations:
i) When processing your Personal Data is necessary to comply with a legal obligation, establish, exercise, or defend legal claims;
ii) In relevant data protection laws that restrict this right for certain types of data;
iii) When there are limitations in the available technology; and
iv) When we are limited by the cost of implementing
Please contact Viome using firstname.lastname@example.org to exercise your right to erase your Personal Data pursuant to GDPR using the subject line: GDPR: Right to Erasure
f) Right to Restrict Processing
Under GDPR, you have the right to restrict our processing of your Personal Data under the following circumstances: (a) you dispute the accuracy of Personal Data; (b) the processing is unlawful and you do not wish the erasure and request the restriction instead; (c) we no longer need the Personal Data for the purposes; and (d) when our legitimate grounds for processing override your rights.
Following a request for restriction, however, we can continue to use your restricted Personal Data, when: a) we have your consent; b) to establish, exercise or defend legal claims; c) to protect the rights of another natural or legal person; or d) for reasons of important public interest.
Please contact Viome by using email@example.com to execute your right to Restrict Processing Personal Data using the subject line: GDPR: Right to Restrict Processing.
g) Right to Data Portability
To the extent that we process your Personal Data as Controller (i) with your consent or under a contract; and (ii) through automated means, you may request your Personal Data in a structured, commonly used, machine-readable format. You may also request the transfer of your Personal Data directly to another data Controller, where it is technically feasible, unless choosing to exercise this right adversely affects the rights and freedoms of others.
There may be an additional fee associated with processing your request.
Please contact Viome by using firstname.lastname@example.org to exercise your rights to portability of your Personal Data pursuant to GDPR with the subject line: GDPR: Right to Data Portability.
h) Account Closure
To close your Account, please contact our Customer Service using the information specified below. If you closed your Account, we will take the same steps described under Account Closure above.
Visit https://support.viome.com or send us a request titled GDPR: Account Closure using email@example.com.
i) Personal Data retention
j) Third parties with access to your Personal Data
Viome may share your Personal Data, with third parties as necessary for them to provide their services to us and help us deliver our Services to you. Service providers are third parties (other companies or individuals) that help us provide, analyze and improve our Services. While Viome directly conducts the majority of the data processing activities required to provide our Services to you, we may engage some third-party service providers to assist us in supporting our Services, including in the following areas and ways:
i) Order fulfillment and shipping: to provide you with our Services including the Kits and Subscription Services, and their delivery to you.
ii) Manufacturers of our Services including the Kits and Subscription Services.
iii) Customer Service and related service providers: to process orders, respond to customer service requests, phone services, and for customer relationship management.
iv) Website and mobile application usage analytics services: to determine who is using Viome’s Services and how to improve those Services
v) eCommerce Platform or Storefront Services, Payment processors to make recurring charges to process customer payments using billing information
vi) Sequencing facilities: to provide primary sequencing and other types of analysis (including RNA and DNA)
vii) Testing facilities: to provide genotype, microbiome, and gene expression testing that form part of our Service
viii) Sample collecting service providers or agents that facilitate the collection process
ix) Study Collaborators: to engage in scientific Study Participations
x) Software developers: to develop and test Viome’s software and mobile applications
xi) Database service providers: to securely store Sample Data and Test Results
xii) Storage facilities: to securely store raw and processed Samples and Sample Data
xiii) Business process outsourcers and electronic data processors
xiv) Study Participation collaborators
xv) Provide Partner Services to you (if applicable)
xvi) Other service providers that support our Services
Our data processors and their sub processors who use your Personal Data for providing Services may transfer such Personal Data to any country or territory, as may be reasonably necessary for provisioning of their services described in our service agreements with them.
k) How to exercise your rights on Personal Data
If you would like to exercise your rights under GDPR on use of your Personal Data as described above, please send us a request using the designated methods specified above. In your message, please indicate the right you would like to exercise, request you make, and the information that you would like to access, review, correct, or erase.
We may ask you for additional information to confirm your identity and resident status and other information, for security purposes, before disclosing the Personal Data you requested.
We reserve the right to charge a fee, where permitted by law (e.g., if our cost of processing your request is prohibitive, or your request is manifestly unfounded or excessive).
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
We ask that you attempt to resolve any issues regarding your Data Protection or data requests first with us.
Please contact us at firstname.lastname@example.org and we will be happy to respond to your request promptly.
You may also contact Viome’s designated, EU-based representative at:
Cork, T12 H1XY,
Republic of Ireland
372 Old Street,
London, United Kingdom
Email (for both EU and UK): email@example.com quoting < Viome Life Sciences, Inc. > in the subject line. Find online webform at: www.dpr.eu.com/datarequest
If you are not happy with how we have responded to your request or resolved your complaint, you may contact the relevant supervisory authority found at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
Viome’s “Privacy By Design” approach requires that our user data protection levels be at the highest setting by default. In the unlikely event of a breach, Viome will notify the applicable Data Subjects and Supervisory Authorities ("SA"s) in the EU according to procedures provided in GDPR Articles 33 and 34.
l) Legal bases for using and sharing your Personal Data
We collect, use, and share your Personal Data where we are satisfied that we have an appropriate legal basis for doing so. This may include: i) when our use of your Personal Data is necessary to perform a contract, providing a Service (including Partner Service), or take steps to enter into a contract with you; ii) in our legitimate interest as a commercial organization (for example in order to make improvements to our Services, perform Research for improving our Service, and to provide you with the Data you request); iii) necessary to comply with a relevant legal or regulatory obligation that we have (for e.g., where we are required to disclose Personal Data to a court); or iv) in accordance with your consent (e.g., acceptance of a Consent Form).
If you would like to find out more about the legal bases on which we process your Personal Data, please contact us using the details specified above.
m) Exporting Personal Data from the EU
Viome may transfer your Personal Data outside of the country from which it was originally provided. This transfer may be intra-group or to third parties that we work with who may be located in jurisdictions outside of the EU that have no data protection laws or have laws that are less strictive compared with those governing the EU.
Whenever we transfer Personal Data out of the EU, EEA, UK, and Switzerland, we use appropriate safeguards and controls are in place (as specified below) to protect your Personal Data in accordance with applicable laws. Please contact us for more information about the safeguards we have put in place to protect your Personal Data and privacy rights in these circumstances.
In light of the evolving body of regulations applicable to international data transfers, we remain committed to having a lawful basis for data transfers in compliance with applicable data protection laws. We will continue to abide by the lawful data-transfer mechanisms, Privacy by Design, and Privacy by Default.
For EU and UK Individuals:
Privacy Shield Notice for Personal Data transfers to the United States
EU-US Privacy Shield Framework
Viome continues to comply with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce ("Privacy Shield Framework") regarding the collection, use, and retention of Personal Data of EU Individuals from European Union member countries and the United Kingdom transferred to the United States pursuant to the Privacy Shield Framework.
To learn more about the Privacy Shield, and to view our certification page, please visit: https://www.privacyshield.gov/
With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, Viome is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
The following provisions govern information collected in reliance on the EU-U.S. Privacy Shield Framework Principles (“Principles”) for transfers of Personal Data from the EU to the United States:
Confirmation and Correction
If requested to erase or remove Personal Data, subject to verification of your identity and other safeguards we employ, we will respond within a reasonable timeframe.
Viome may be required to disclose Personal Data pursuant to lawful requests made by public authorities, including meeting national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, Viome commits to resolve complaints about your privacy and our collection or use of your Personal Information transferred to the United States pursuant to Privacy Shield.
European Union individuals with Privacy Shield inquiries or complaints should first contact Viome at: firstname.lastname@example.org
Viome has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism: BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit the below website for more information and to file a complaint: www.bbb.org/EU-privacy-shield/for-eu-consumers
This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.
See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
In instances in which Viome is not the Controller or Collector of the Personal Data, but only a Processor, it may not have means of providing individuals with the choice and means for limiting the use and disclosure of their Personal Data or providing notices when individuals are first asked to provide Personal Data to Viome. In such instances, Viome will comply with the instructions of the Controller or the Collector of such information; provide appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and to the extent appropriate, assist the Controller or the Collector in responding to individuals exercising their rights under the Principles.
In those instances where Viome collects Personal Data from individuals, we will provide an individual opt-out choice, or opt-in for Sensitive Data, before we share your Sensitive Data with third parties other than our agents, or before we use it for a purpose other than for which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your Personal Data, please submit a written request to: email@example.com
Disclosures to Third Parties
Viome shall ensure that any agent third party for which Personal Data may be disclosed to subscribes to these Principles or are subject to laws providing the same level of privacy protection as is required by these Principles and agree in writing to provide an adequate level of privacy protection.
Viome will not sell, lease, or rent your individual-level Personal Data to any third party or to a third party for research or study purposes without your explicit consent. However, we may use and share de-identified, anonymized, pseudonymized, and aggregate forms of data with third parties (together with the data of others so that you cannot reasonably be identified with the shared data as an individual), in order to perform business operations, initiate Research or Research Studies, Study Participations, for data analytics and enhancing our data analytics engine, send you marketing emails, or to improve our Services.
Viome’s accountability for Personal Data that it receives in the United States under the Privacy Shield and subsequent transfers to a third party is described in the Privacy Shield Principles. In particular, Viome remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the Personal Data on its behalf do so in a manner inconsistent with the Principles, unless Viome proves that it is not responsible for the event that gave rise to the damage.
Viome shall take reasonable steps and employ processes to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. Viome has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the customer information from loss, misuse, unauthorized access or disclosure, alteration or destruction. However, Viome cannot guarantee the security of information on or transmitted via the Internet. Such safeguards and processes include but not limited to:
ii) Data Integrity
Viome shall only process Personal Data in a way that is compatible with and relevant for the purpose for which it was collected or authorized by those who provided the information. To the extent necessary for those purposes, Viome shall take reasonable steps to ensure that Personal Data is accurate, complete, current and reliable for its intended use.
In those instances in which Viome collects Personal Data directly from individuals, Viome shall allow those individuals access to their Personal Data and allow the individual to correct, amend or erase inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.
Viome Life Sciences, Inc.
Attn: Chief Privacy Officer
205 108th Ave NE, STE 150,
Bellevue, WA 98004