VIOME PRIVACY POLICY

Version 2.1.5

Effective Date: January 15, 2020

This Viome Privacy Policy (“Privacy Policy”) applies to all products, programs, testing service, websites, pages, features, content, optional research participations, studies, and software (including mobile applications or services), collection, testing, and analysis of biological samples (collectively, the “Service”) provided by Viome, Inc. (“Viome,” “we,” or “us”). Our Privacy Policy is designed to help you better understand how we collect, use, store, process, and transfer your (“you”, “customer”, or “user”) information when using our Services.

This Privacy Policy is incorporated by reference into the Viome terms of service (“Terms” or “Terms of Service”), which can be found on our website and mobile software applications. Please carefully review this Privacy Policy and Terms of Service. By using our Services, you agree and accept all of the policies and procedures described in these documents. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy or our Terms of Service you should immediately discontinue use of our Services.

Introduction

Viome, Inc. is a company that collects and analyzes physiological, physical, and molecular data for the purpose of understanding and optimizing the wellness of individuals.

The biological samples we collect include stool and other bodily fluids such as, blood, saliva, cheek swab, skin swab, and other  (“Samples”), using sample collection kits (“Sample Kits”) provided by Viome. Customers will collect the Samples using the Sample Kits and ship them to Viome for testing and analysis. Data obtained from testing the Samples are subjected to a process of sequencing to produce sample data that results in test data (“Test Data”) that will be stored and used with customer-provided information (in response to our questionnaires as well as self-reported information) to generate test results (“Test Results”) that we provide you as part of the Service. Based on our analysis of Test Data, Test Results, and customer provided data, Viome will make personalized diet, supplements, and lifestyle recommendations to the individual via, Viome website located at www.viome.com and Viome’s mobile applications.

Viome takes privacy very seriously. We are committed to protecting the privacy and security of “Personal Information” which could be used to identify our customers, either alone or in combination with other information. By accessing or using the Service (as defined above), customers allow us to collect, store, and use their Personal Information that enable us to provide more accurate and personalized diet and lifestyle recommendations. Viome recognizes and understands the importance of privacy and respects our customers’ desire to store and access Personal Information in a private and secure manner.

THIS PRIVACY POLICY DESCRIBES HOW INFORMATION ABOUT YOU MAY BE COLLECTED, USED, STORED, MAINTAINED, DISCLOSED, PROTECTED, AND ABLE TO ACCESS THIS INFORMATION. THIS PRIVACY POLICY FURTHER DESCRIBES OUR POLICIES WITH REGARD TO OUR CUSTOMERS' PERSONAL INFORMATION, PERSONAL DATA, PERSONALLY IDENTIFIABLE INFORMATION, SELF-REPORTED INFORMATION, PROTECTED HEALTH INFORMATION, AND SENSITIVE INFORMATION. PLEASE REVIEW IT CAREFULLY.

  1.  Acceptance of Privacy Policy
    By subscribing to or otherwise using the Service, or accessing any content or materials made available by Viome through the Service, you agree to be bound by the Terms, including this Privacy Policy. Viome reserves the right to change or modify this Privacy Policy at any time and in its sole discretion. Any changes or modifications will be effective immediately upon posting of the revised Privacy Policy (with the revision effective date posted on the top left side) on the Service. Your continued use of the Service following the posting of revised Privacy Policy will constitute your acceptance of those changes or modifications.
  2.   What Information We Collect
    When you subscribe to or use our Service, Viome collects and uses several types of information in connection with our Service. These include information you provide directly to us, your clinical and test data, information our customers provide in response to our questionnaires, self-reported information, data we retain in order to improve our data analytics methods and artificial intelligence engine and our Service, information we collected through tracking technology, web analytics, and other types of information we receive about you from third party sources.

    “Registration Information” is collected when you subscribe to or register for our Service. This information includes, but is not limited to Personal Information such as your name, date of birth, password, payment information (such as credit card information of which, Viome stores only the 4 last digits and the expiration date), billing and shipping addresses, and contact information such as email address and telephone number that you provided to create your Viome account (“Viome Account” or “Account”) used for the Service. Viome uses Registration Information to authenticate your access to Viome Account, websites and mobile applications for purposes that include but not limited to the following: use the Service, enable you to purchase or access add-ons and new features related to the Service, deliver personalized reports, send research or study participation consents, and for marketing and communication purposes.

    “Biological Samples” are the self-collected stool and other fluids samples such as blood, saliva, cheek swab, skin swab, or urine, that you collect using Sample Kits and used for testing and analysis.

    “Sample Data” is created when you provide self-collected Samples to Viome for testing and analysis. Sample Data includes, but is not limited to, gut or mouth microbe analysis, gut gene expression analysis, gut metabolite analysis, personal genetic analysis, personal gene expression, and personal metabolite analysis.  Your Sample Data is used in de-identified, anonymized, or aggregate form together with other customers’ Sample Data in order to improve our data analytics and artificial intelligence engine.

    “Self-Reported Information” is any optional information you provide us about yourself using the surveys, forms, questionnaires, email, features on our website and software applications (e.g., information about your personal traits (e.g., eye color, height), ethnicity, disease conditions (e.g. Type 2 Diabetes), health-related information (e.g., pulse rate, cholesterol levels, visual acuity, medicine you currently take, habits such as smoking), diet related information, and family history (e.g., information similar to the foregoing about your family members). Before you disclose information about a family member, you should make sure you have permission from the family member to do so. We may use Self-Reported Information for selecting candidates suitable for a particular study or research or identifying the correlations between dietary and lifestyle inputs and illness or wellness at molecular levels.

    “Medical Information” is information in your medical records or with your healthcare provider that you give Viome permission to access. Viome will access your Medical Information or contact your healthcare provider only with your signed Consent. We may use your Medical Information for the purpose of selecting suitable candidates for a particular study or research and to improve our data analysis methods used for better predicting and optimizing the diet and wellness recommendations provided to you as part of our Service.

    “User Content” is information that you create or content that you post or upload on our website, social media, or public forums that relate to us, such as blogs, data, text, software, documents, audio, photographs, graphics, video, messages, discussions, emails, or other materials that you create or provide to us through public or private transmissions.

    All other information we received directly or indirectly through “Web Analytics,” tracking technology such as “Cookies”, our website, social media, referral, or a third party associated with you will be used in manners consistent with this Privacy Policy.
  3.   Use of Cookies
    Viome and its third party service providers from whom it receives your information may use “cookies” and similar tracking technologies (such as web beacons, tags, scripts and device identifiers used for automatic collection of information), for a variety of purposes. Cookies are small data files that are stored on a user’s hard drive at the request of a website to enable the site to recognize and retain certain user information such as customer preferences and history.

    Cookies help us recognize when and how you use our Services, customize and improve your experience, provide security, analyze our interactions with our Services and its features, gather demographic information about our user base, make special offers of our Service, monitor the success of marketing programs; and for targeted advertising on our site and on other sites on the Internet.

    When Viome receives reports from third parties on how certain functionalities of our website works, usage and statistical information such as the user’s browser type, operating system, device ID (only for IOS users), these third parties may collect personal information from you in connection with the services they provide and may place cookies, web beacons or other devices on your device to collect non-personal information which may be used, among other things, to deliver advertising targeted to your interests and to better understand the usage of the Service and the other services tracked by these third parties. Viome is not responsible for, and does not control, any actions or policies of any third-party service providers. For additional details, please see our Cookie Policy at https://www.viome.com/cookie-policy. 

    The information reports we receive from third party service providers are in de-identified, individual-level, or as aggregate-level, which we will also use to improve our data analytics methods. If we combine cookies with, or link them to, any of the Personal Information, Viome will treat this information as Personal Information.

    If you wish to block, erase, or be warned of cookies, please refer to your browser instructions or help screen to learn about these functions. However, If you reject cookies or your browser or device settings does not accept cookies, you may not be able to use certain parts of our website or sign in to your Viome Account and will not be able to access certain Service features. For more information, including the types of cookies found on our Service and how to control cookies, please read our Cookie Policy.
  4.   Google Analytics
    Like many websites, we use Google Analytics for web behavior monitoring, a service that provides information about how many users visit our website and online resources, when they visit, and how they navigate our sites. We also may use other Google Analytics tools, such as Demographics and Interest Reporting, which enable us to learn more about the characteristics and interests of the users who visit our website, and Remarketing with Google Analytics, which enables us to provide relevant advertising on different websites and online services. To learn more about Google’s privacy practices, please go to Google Privacy Policy at https://www.google.com/policies/privacy/. You can also download the Google Analytics Opt-out Browser Add-on to prevent your data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.
  5.   User Content
    Some features of our Service may include functionality enabling you to post user content, whether publicly posted or privately transmitted, such as profiles, posts, emails, feedback, experiences, suggestions, notes, messages, photos, and videos (“User Content”) that may be made available to Viome and other users of the Service.

    You should be aware that any User Content you provide or post in public media may be read, collected, and used by others who access them and we have no control over these media. Please exercise caution before and when you choose to share personal information on our blogs, forums or in any other public media.

    Viome at its sole discretion, has the right (but not the obligation) to screen, reject, retain, or remove any User Content posted using the Service that infringes Viome’s or any third party’s intellectual property or other rights, violates our Terms and this Privacy Policy or our other policies, or is otherwise objectionable.

    By sending User Content, you grant Viome a perpetual, irrevocable, worldwide, royalty-free, freely transferable and sub-licensable, non-exclusive right to use, reproduce, modify, transmit, translate, publish, publicly perform, display, distribute, commercialize, share with third parties, transmit or distribute over public network and media, and create derivative works of such User Content for purposes specified in Viome Terms of Service and of delivering the Service to you and other users of the Service.
  6.    Other Types of Information
    From time to time, we may collect other types information automatically about your use of our Service through the use of log files. Such information may include your device’s Internet Protocol (IP) address, operating system, browser type, and your device ID. To ensure your data is safe and used only to the extent necessary to provide the Service, Viome deletes this information every three months. Viome uses this information for purposes such as analyzing trends, administering the Service, improving customer service, diagnosing problems with our servers, tracking user movement, and gathering broad demographic information for aggregate use.
  7.    Information on our Testing Service
    To use our Services, you must first purchase, receive from a third party (as a gift), or from us directly, a Sample Kit, and create an online Account, register your Sample Kit, and ship your Clinical Sample to our laboratory. Our laboratory will use your Clinical Sample for analysis and generation of Sample Data that will be used in conjunction with our data analysis methods and artificial intelligence engine we use for generating Test Data that we use to provide custom diet, supplements, and wellness recommendations to you. During Sample Kit Registration and at various stages of using our Service via our website and mobile applications, you will be requested to review this Privacy Policy, Terms of Use, and other relevant documents such as Consent Forms and accept them. By accepting these documents, you consent to use your information according to the terms specified in these documents, which include informed consent for use of your Samples, Sample Data, Self-Reported Information, and other types of information for purposes specified in these documents that include testing, analysis, reporting, improving our data analysis methods, internal research and development, as well as for collaborations with external parties on Research Participations.

  8.    How We Use your Information
    Viome will use and share your information (including Personal Information) only in the ways that are described below and elsewhere in this Privacy Policy.

    a)   Provide you with Services
    We use your information as described above to provide, analyze and improve our Services in accordance with this Privacy Policy. These activities include: open and maintain your Viome Account, enable purchases of our Service, process payments, communicate with you (e.g., policy changes, security updates or issues, etc.), and implement your requests, facilitate use of our website and mobile applications (including authenticating your visits, providing personalized content, and tracking your use of our Services, enforce our Terms and other agreements, monitor, detect, investigate and prevent prohibited or illegal activities, spam and other security risks, performing quality control, perform study, research & development activities (which may include, for example, conducting data analysis and research in order to improve existing Service or develop new Services), and improving our data analytics and artificial intelligence engine.

    For individuals located in the Europe, we process your Personal Information in the same way in accordance with this Privacy Policy and our Terms of Service.

    b)   For Research and Development

    Viome may use your Personal Information and Self-Reported Information at individual –level or in anonymized, de-identified, or aggregate forms for certain studies and research activities that may identify potential areas or targets for specific diet or lifestyle recommendations, support development of a specific diagnosis or treatment, predict certain medical or health conditions, publish research results in peer-reviewed scientific publications, or develop scientific know how and intellectual property assets to improve healthcare for the population which may also include commercialization activities (“Research”).

    Self-Reported Information may also be used at individual-level, or in aggregated, de-identified, generic, and/or combined forms with Samples, Test Data, and Test Results for Research purposes.

    Unless required by law or a court order, Viome will not release your individual-level or individually identifiable Samples, Test Results or Self-Reported Information to any third party without first receiving your acceptance of a Consent Form.

    c)   For Study or Research Participation

    From time to time, Viome may engage in certain specific scientific studies or research in collaboration with third parties such as non-profit foundations, academic institutions, healthcare organizations, or commercial research partners with the intent to study a specific group or segment of the population. This may require use of research participant’s Personal Information by way of collection and analyses of physiological and molecular data such as Samples, individual Clinical Data, Test Data, and Self Reporting Information. Some of these Research Participations are aimed at publication in peer-reviewed journals and other research publications.

    These studies or research activities are governed by specific regulations and approval by an independent review board (“Research Participation”), and require your informed consent for optional research participation by way of accepting the research specific optional research participation informed consent form that contains specific details on the research and the type of information we collect and share (“Consent Form”).

    During the Registration or use of Service, you will be presented with the Consent Form that grants us your informed consent for Research Participation. If you consent by way of accepting a Consent Form, we may store and use your Sample Data and other Personal Information for current and future Research Participations. In addition, based on your Personal Information and Self-Reported Information, if you were a potential fit for a Research Participation, we may contact you at any time of Service via email, website, or mobile application, with a notification for acceptance of a Consent Form.

    For example, if a university or a collaborator tells us about a new research project on irritable bowl syndrome, we may send you a Consent Form to make you aware of the Research Participation. Research Participation is optional and it is a voluntary action, and if you wish, you can choose to decline to accept the Consent Forms or choose not to respond. If you do not wish to receive these notifications, you can send a request to our Customer Service using the details below:  

    Viome Customer Service (Notifications)
    Viome Inc.
    81 Camino Entrada, Suite 100
    Los Alamos, NM 87544
    info@viome.com

    d)   Improve Service, Analysis Methods, and Artificial Intelligence Engine

    We are constantly working on improving our Service, data analysis methods, and enhancing the capacity and accuracy of our artificial intelligence engine that would help us deliver more accurate recommendations to you. Viome may use your Personal Information and Self-Reported Information for the purpose of improving Viome’s data analysis methods and the artificial intelligence engine we use to provide better and more accurate personalized diet, supplements, and lifestyle recommendations to you.

    e)   Provide Customer Service and Support
    When you contact Viome customer service (“Customer Service”), we may use or request Personal Information, as necessary to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints.  In certain instances, we may require using one customer’s Personal Information to resolve another customer’s request. For example, if a customer reports behavior of another customer that violates our Terms of Service, we will separately process both customers’ Personal Information and respond separately to each customer as appropriate. We will not share your Personal Information with another customer without your specific consent.

    f)   Surveys and Testimonials
    We value our customers’ feedback and may send you surveys, polls, or requests for testimonials to improve and optimize our Services. We may use your Personal Information to send you surveys, questionnaires, and request for testimonials that we use to optimize our Service and perform quality control activities. You are in control of the information you would like to share with us. If you do not wish to receive these requests, you can manage them by a request to our Customer Service using the details provided above.  

    g)   Marketing and communications
    By creating a Viome Account and using our Service, you agree to receiving Service related email with information such as new features, add-ones, promotions, contests and other notifications about our Services. You can unsubscribe from receiving these marketing communications at any time. To unsubscribe, click the email footer “unsubscribe” link or send a request to our Customer Service using the details provided above.  You may not opt-out of receiving non-promotional messages regarding your Account, such as technical notices, purchase confirmations, or Service-related emails.

  9.    Withdrawing Consent
    You may withdraw your consent for Research Participations at any time by sending a request to change your Consent Form status as stated below in this Privacy Policy. We will not include your Personal Information in studies or Research Participations that start more than 45 days after the date of receipt of your withdrawal.  Any Research Participations involving your data that has already been performed or published prior to your withdrawal will not be reversed, undone, or withdrawn.

    Research (Consent Withdrawal)
    Viome Inc.
    81 Camino Entrada, Suite 100
    Los Alamos, NM 87544
    testing@viome.com
  10.    What happens if you do NOT sign a Consent Form?
    If you choose not to complete or accept the applicable Consent Form or a research specific agreement with us, your Personal Information will not be used or shared with collaborators or third parties by Viome for Research Participations. However, your Personal Information and Self-Reported Information may still be used by us for our internal studies, research and development and for other purposes as outlined in this Privacy Policy.

  11.    How We Disclose Your Information
    In general, Viome will not disclose individual-level Personal Information (including Self-Reported Information) to third parties, except under the following circumstances:

    a)   With Express Written Permission
    Viome may disclose your Personal Information to third parties in accordance with our Terms of Service or where you have otherwise provided express written consent for sharing (e.g. by way of accepting a Consent Form).

    b)   Facilitate Business Operations
    Viome may disclose individual-level Personal Information to partners or service providers (e.g. credit card processors and accredited reference laboratories) who process and/or store such information in order to help Viome provide, understand, or improve the Service. In those instances, the protection of your individual-level Personal Information will be subject to the Privacy Policy of the specific Viome partner or service provider.

    c)   As Required by Law
    Under certain circumstances, Personal Information may be subject to disclosure pursuant to judicial or other government subpoenas, warrants, or orders, or in coordination with regulatory authorities. You acknowledge and agree that Viome is free to preserve and disclose any and all Personal Information to law enforcement agencies or others if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (i) comply with legal or regulatory process (such as a judicial proceeding, court order, or government inquiry); (ii) obligations that Viome may owe pursuant to ethical and other professional rules, laws, and regulations; (iii) enforce Terms of Service; (iv) respond to claims that any content violates the rights of third parties; or (v) protect the rights, property, or personal safety of Viome, its employees, its customers (including you), and the public. In the event Viome is required by law to disclose Personal Information, Viome will notify you through the contact information provided to Viome in advance, unless doing so would violate the law or a court order.

  12.    Information Security
    To prevent unauthorized access, disclosure of your information, and to maintain data and information integrity and to ensure appropriate use of the information, in accordance with current technological and industry standards, Viome uses various physical, technical, and administrative measures to keep your Personal Information safe and secure. In particular, all connections to Viome websites, software, and mobile applications are encrypted using Secure Socket Layer (“SSL”) technology. You acknowledge and agree that protecting Personal Information is a responsibility shared between you and Viome. In this regard, we ask all users of our Service to be responsible for keeping their login IDs, passwords, and other authentication information used to access the Service in a secure manner and maintain strict confidentiality. You should not share Account and authentication information with any third parties, and should inform Viome immediately of any prohibited use of your Account or authentication information.

    Viome cannot secure and assumes no liability for Personal Information that is released by our customers to third parties, such as physicians, insurance companies, or healthcare service providers. Viome keeps all customer personal data and information on secure cloud servers. Only a small group of personnel within Viome can access information that can be used to identify you. These are personnel who need that information in order to provide, complete, testing, analysis, and reporting related to the Services. Your Sample Data and other Personal Information you provided are stored after labeling with an assigned code and not your name or other Personal Information. The Personal Information that matches the assigned code will be kept in a secure, access controlled, and protected database at Viome. Only a small group of personnel will have access to this secure and protected database.

    We will not include any Personal Information that would make it possible to identify you in any studies or publications. All Viome employees, consultants, and others who might have access to your Personal Information must sign confidentiality and non-disclosure agreements that mandate them to keep customer Personal Information confidential. Your Personal Information may be shared with your health care service provider only with your written permission. Your Samples and their specimens and their remnants, after testing and analysis, will be stored securely with de-identified alphanumeric IDs (with no Personal Information).

  13.    Children’s Privacy
    Viome is committed to protecting the privacy of children and abiding by the provisions of the Children’s Online Privacy Protection Act (“COPPA”). The Service is not directed, designed, or intended to attract children under the age of 13.

    In rare instances, a parent or legal guardian of a child, however, may specifically request or consent his/her child to Research Participation, and may assist the child with providing assent to Research Participation, if the child is old enough to do so. In such cases, the parent or guardian may create an Account for, assist and be responsible with collection of the Clinical Sample, and provide Self-Reported Information on behalf of his or her child.  If you are the parent or guardian of a child, you assume full responsibility for ensuring that the information you provide to Viome about your child is: i) accurate; ii) you have the legal right to provide your child’s information to Viome, and iii) that the child’s information is kept confidential and secure.

    In the event Viome is notified or becomes aware that the Service has been used by a child under the age of 13 to store information of that child without parental consent, Viome shall be and is authorized to delete, in its entirety, with no notice to you, any of the information stored by that child or by you on that child’s behalf. Viome also reserves the right to revoke any license to use the Service, which is being used or has been used by a child under the age of 13.  

    Further, Viome Services are not designed for, intended to attract, or directed toward children under the age of 18 or below the legal age of majority to form a binding contract in your country of residence, whichever is greater. A parent or a legal guardian, however, may collect Samples using Sample Kits, and create an Account for, and provide Registration information for his or her child who is under the age of majority. On these occasions, the parent or guardian assumes full responsibility for ensuring that the information that he or she provides to Viome about his or her child is kept secure and that the information submitted is accurate.

    Some Viome features associated with the Services and Research Participations are not offered to children or minors, even with parental/guardian consent. In such cases, Viome will restrict Registration of those Service or Research Participations for anyone below the age of 18.
  14.   Account Closure; Correction of Personal Information
    If a customer wishes to stop participating in the Service, you may close your Account by sending us a request via email at: info@viome.com.  When closing an Account, Viome removes all Personal Information associated with the Sample Data. In addition, Viome retains limited Registration Information related to the customer’s order history (e.g., name, contact, and transaction data) for accounting and compliance purposes. Personal Information and Registration Information can be changed, corrected, or updated by sending a request to our Customer Service to that effect using the information stated below:

    Viome Customer Service (Account Closure)
    Viome Inc.
    81 Camino Entrada, Suite 100
    Los Alamos, NM 87544
    info@viome.com

  15.     Business Transitions
    In the event Viome goes through a business transition such as a merger, acquisition by another company, or sale of all or a portion of its assets, your Personal Information will likely be among the assets transferred. In such a case, Personal Information would remain subject to the terms of the pre-existing or the current Privacy Policy.
  16.    California Do-Not-Track Disclosures
    Viome does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track ("DNT") signals. Third parties that have content embedded on Viome’s websites or mobile applications (e.g. social features) may set cookies on a user’s browser and obtain information about the web browser visiting a specific Viome website from a certain IP address. Third parties cannot collect any other Personal Information from Viome’s websites, software, or mobile applications unless you provide it to them directly.

  17.    Data Privacy for EU Residents Under GDPR
    This Section outlines our policies and commitment to General Data Protection Regulation (“GDPR”) applicable to information from and of the residents of the European Union (“EU”). Except where a term is specifically defined herein, the terms used in this Section will have the meaning provided under in the GDPR.

    a)   When Viome acts as Controller
    Viome acts as a Controller when it determines the purposes and means of processing Personal Data. Where we process your Personal Data in our capacity as a Controller, this Privacy Policy will govern such processing of your Personal Data.

    b)   When Viome acts as a Processor
    Viome acts as a Processor where it processes Personal Data for another Controller. Where we process your Personal Data in our capacity as a Processor, on behalf of a third party Controller, this Privacy Policy will not govern the processing of your Personal Data. In such events, we encourage you to contact the Controller directly to learn about their privacy policies applicable to processing of your Personal Data and exercise your rights directly with the Controller, or we will forward your request directly to such Controller upon receipt of a request from you.

    c)    Right to access, correct, and delete your Personal Data
    Please contact Viome by using privacy@viome.com to exercise your rights to access, correct, and delete your Personal Data pursuant to GDPR. We are not required to comply with your request to erase Personal Data if the processing of your Personal Data is necessary for compliance with a legal obligation or for the establishment, exercise, or deference of legal claims. Subject to the above terms and conditions, Viome will, within 30 days from receipt of a request from a customer, delete the Personal Data concerning such customer and destroy all Data Samples attributable to such customer. Notwithstanding the above provisions, Viome shall be permitted to retain any and all Personal Data that is in de-identified, anonymized, and aggregated forms.

    d)   Right to restrict processing of Personal Data
    Under GDPR, you have the right to restrict our use of your Personal Data. However, following a request for restriction, we can continue to use your Personal Data, when:
    1.  We have your consent; or 2. To establish, exercise or defend legal claims; or 3. To protect the rights of another natural or legal person

    e)   Right to Data Portability
    To the extent that we process your Personal Data as Controller (i) with your consent or under a contract; and (ii) through automated means, you have the right to receive such Personal Data in a structured, commonly used, machine-readable format, or you can ask to have that Data transferred directly to another data Controller.

    f)   Personal Data retention
    We retain your Personal Data for as long as necessary to provide you with our Services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements.

    g)   Third parties with access to your Personal Data
    Viome may share your Personal Data with third parties in the following ways:

    1. Customer Service or Support service providers: to process orders and respond to customer service requests
    2. Website and mobile application usage analytics services: to determine who is using Viome’s Services and how to improve those Services
    3.  Payment processors: to process customer payments
    4. Sequencing facilities: to provide critical sequencing and analysis required to deliver personalized diet and wellness recommendations to you
    5.  Research Collaborators: to engage in scientific Research Participations
    6.  Software developers: to develop and test Viome’s software and mobile applications.
    7.  Database service providers: to securely store results of testing customer Samples and Sample Data and personalized diet and wellness recommendations
    8.  Storage facilities: to securely store raw and processed Samples and Sample Data of Viome customers

    h)   How to exercise your rights on Personal Data
    If you would like to exercise your rights under GDPR on use of your Personal Data as described above, please send us a request to privacy@viome.com. In your message, please indicate the right you would like to exercise and the information that you would like to access, review, correct, or delete.

    We may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

    We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

    We ask that you attempt to resolve any issues regarding your Data Protection or requests first with us. Please contact us at privacy@viome.com and we will be happy to respond to your request promptly.

    You may also contact Viome’s designated, EU-based representative at:

    DPR Group
    BPM 335368
    372 Old Street
    EC1V 9AU
    London, United Kingdom

    Email: datainquiry@dpr.eu.com quoting < Viome, Inc. > in the subject line
    Find online webform at:  www.dpr.eu.com/datarequest 

    If you are not happy with how we have responded to your request or resolved your complaint, you may contact the relevant supervisory authority found at:
    http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm 

    Viome’s “Privacy By Design” approach requires that our user data protection levels be at the highest setting by default. In the unlikely event of a breach, Viome will notify the applicable Data Subjects and Supervisory Authorities ("SA"s) in the EU according to procedures provided in GDPR Articles 33 and 34.

    i)   Using and sharing your Personal Data
    We collect, use, and share your Personal Data where we are satisfied that we have an appropriate legal basis for doing so. This may include when our use of your Personal Data is necessary to perform a contract or take steps to enter into a contract with you; or in our legitimate interest as a commercial organization (for example in order to make improvements to our Services and to provide you with the information you request); necessary to comply with a relevant legal or regulatory obligation that we have (for example, where we are required to disclose Personal Data to a court); or in accordance with your consent.

    If you would like to find out more about the legal bases on which we process your Personal Data, please contact us using the details specified above.

    j)   Exporting Personal Data from the EU
    Viome may transfer your Personal Data outside of the country from which it was originally provided. This transfer may be intra-group or to third parties that we work with who may be located in jurisdictions outside of the EU that have no data protection laws or have laws that are less strict compared with those governing the EU. Whenever we transfer Personal Data outside of the EU, we take legally required steps to make sure the appropriate safeguards are in place to protect your Personal Data as further set forth below. Please contact us for more information about the safeguards we have put in place to protect your Personal Data and privacy rights in these circumstances.


    For EU Individuals:
       
      Privacy Shield Notice for Personal Data transfers to the United States
      EU-US Privacy Shield Framework

    Viome complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce ("Privacy Shield" or "Privacy Shield Framework") regarding the collection, use, and retention of Personal Data of EU Individuals/Residents from EU member countries transferred to the United States pursuant to the Privacy Shield Framework. Viome has certified that it adheres to the Privacy Shield Principles with respect to such Personal Data. If there is any conflict between the policies in this Privacy Policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield, and to
    view our certification page, please visit: https: //www.privacyshield.gov/

    With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, Viome is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

    The following provisions govern information collected in reliance on the EU-U.S. Privacy Shield Framework Principles (“Principles”) for transfers of Personal Data from the EU to the United States:

    k)  Confirmation and Correction
    Pursuant to the Privacy Shield Framework, EU individuals have the right to obtain our confirmation of whether we maintain Personal Data relating to you in the United States. Upon request, we will provide you with access to the Personal Data that we hold about you. You may also correct, amend, or delete the Personal Data we hold about you. An individual who seeks access to, or who seeks to correct, amend, or delete inaccurate Personal Data transferred to the United States under the Privacy Shield, should direct their query to privacy@viome.com. If requested to remove Personal Data, we will respond within a reasonable timeframe.

    l)   Lawful requests
    Viome may be required to disclose Personal Data pursuant to lawful requests made by public authorities, including meeting national security or law enforcement requirements.

    m)   Dispute Resolution
    In compliance with the Privacy Shield Principles, Viome commits to resolve complaints about your privacy and our collection or use of your Personal Information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact Viome at: privacy@viome.com

    Viome has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism: BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit the below website for more information and to file a complaint:
    www.bbb.org/EU-privacy-shield/for-eu-consumers 

    This service is provided free of charge to you.

    If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

    n)   Notice
    When Viome collects Personal Data from individuals, it will inform the individual of the purpose for which it collects and uses the Personal Data and the types of non-agent third parties to which Viome discloses or may disclose that information. Viome shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to Viome, or as soon as practicable thereafter, and in any event before Viome uses or discloses Personal Data for a purpose other than for which it was originally collected.

    In instances in which Viome is not the Controller or Collector of the Personal Data, but only a Processor, it has no means of providing individuals with the choice and means for limiting the use and disclosure of their Personal Data or providing notices when individuals are first asked to provide Personal Data to Viome. In such instances, Viome will comply with the instructions of the Controller or the Collector of such information; provide appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and to the extent appropriate, assist the Controller or the Collector in responding to individuals exercising their rights under the Principles.

    o)   Choice
    In those instances where Viome collects Personal Data from individuals, we will provide an individual opt-out choice, or opt-in for Sensitive Data, before we share your Data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your Personal Information, please submit a written request to: privacy@viome.com

    p)   Disclosures to Third Parties
    In those instances in which Viome collects Personal Data from individuals, prior to disclosing Personal Data to a third party, Viome shall notify the individual of such disclosure and allow the individual the choice to opt out of such disclosure. Viome shall ensure that any agent third party for which Personal Data may be disclosed subscribes to these Principles or are subject to laws providing the same level of privacy protection as is required by these Principles and agree in writing to provide an adequate level of privacy protection.

    q)   Viome’s Accountability
    Viome’s accountability for Personal Data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Viome remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the Personal Data on its behalf do so in a manner inconsistent with the Principles, unless Viome proves that it is not responsible for the event that gave rise to the damage.
  18.    Data Security
    Viome shall take reasonable steps to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. Viome has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Viome cannot guarantee the security of information on or transmitted via the Internet.

    a)   Self-assessment
    Viome uses a self-assessment approach or outside compliance review to assure compliance with this Privacy Policy and periodically verifies that this Privacy Policy is accurate, comprehensive for the information intended to be covered, and in accordance with the Principles.

    b)   Data Integrity
    Viome shall only process Personal Data in a way that is compatible with and relevant for the purpose for which it was collected or authorized by those who provided the information. To the extent necessary for those purposes, Viome shall take reasonable steps to ensure that Personal Data is accurate, complete, current and reliable for its intended use.

    c)   Access
    In those instances in which Viome collects Personal Data directly from individuals, Viome shall allow those individuals access to their Personal Data and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. 
  19.   Contact Us
    If you have questions about this Privacy Policy, please contact us at privacy@viome.com or by writing to us at:

    Viome, Inc.
    Attn: Chief Privacy Officer
    4677, Old Ironsides Drive, # 450
    Santa Clara, CA 95054