VIOME PRIVACY POLICY


Version 5.2


Effective Date: October 10, 2023


This Viome Privacy Policy (“Privacy Policy”) applies to all products, programs, testing services, including Viome Discovery™ line of detection tests, Viome Precision Supplements™, Viome Precision Probiotics +Prebiotics™, VRx My.Biotics™ families of services, websites, pages, features, content, research, optional study participations, software (including mobile applications or services), collection, testing, and analysis of biological samples (collectively, the “Service”) provided by Viome Life Sciences Inc. (“Viome,” “we,” or “us”). Our Privacy Policy is designed to help you (“you”, “customer”, or “user”) better understand how we collect, use, store, process, and transfer your information when using our Services.


This Privacy Policy is incorporated by reference into the Viome terms of service (“Terms” or “Terms of Service”), which can be found on our websites located at www.viome.com, www.viomepro.com, and mobile software applications. Please carefully review this Privacy Policy and Terms of Service. By using our Services, you agree, accept, and consent to all of the policies and procedures described in these documents. If you do not agree with or are not comfortable with any aspect of this Privacy Policy or the Terms of Service, you should immediately discontinue use of our Services.


Introduction

Viome Life Sciences, Inc. is an AI-driven, personalized therapeutics platform that digitize, decode, and decipher human biology for the prevention and early detection of chronic diseases, and application that empowers people with data and technology based on the functional analysis of microbial, mitochondrial, and human gene expression. Our Services include access to the Viome public websites, mobile application, Viome Precision Supplements™(“Precision Supplements”), Viome Precision Probiotics+Prebiotics™ (“Precision Probiotics+Prebiotics”), VRx My.Biotics™ families of subscription services (“Subscription Service”), and personal “omics” testing services (e.g., microbiome, genetic, transcriptome, etc.) that include Viome Discovery tests (“Viome Discovery Tests”), including the collection and analysis of your stool, blood, saliva, or other biological samples.


The biological samples we collect include stool, blood, saliva, cheek swab, skin swab, and other (“Samples”), using sample collection kits (“Kits”) provided by Viome. Customers will collect the Samples using the Kits and ship them to Viome for testing and analysis. Data obtained from testing the Samples are subjected to a process of scientific testing to produce sample data (“Sample Data”) used for producing test data (“Test Data”) that will be stored and used with customer-provided information (in response to our questionnaires and other self-reported information) and Viome proprietary technology that use analytics and Artificial Intelligence to generate test results (“Test Results”). Based on our analysis of Test Results of Viome Wellness line of products (“Wellness Tests”) and customer-provided data, using Viome technology, Viome makes personalized diet, supplements, probiotics+prebiotics, and lifestyle recommendations and offer Supplements and Probiotics+Prebiotics Subscription Service (“Subscriptions”) to individuals via, Viome website located at www.viome.com and mobile applications. Based on our analysis of Samples associated with Viome Discovery line of Services and customer-provided data, using Viome technology, Viome detect molecular features that are associated with certain diseases including cancer and deliver associated Test Results using its web platform or its partner web platforms.


Viome takes privacy very seriously. We are committed to protecting the privacy and security of “Personal Information” which could be used to identify our customers, either alone or in combination with other information. By accessing or using the Service (as defined above), customers allow us to collect, store, and use their Personal Information that enables us to provide services associated with Viome Services (as defined above). Viome recognizes and understands the importance of privacy and respects our customers’ desire to store and access Personal Information in a private and secure manner.


THIS PRIVACY POLICY DESCRIBES HOW INFORMATION ABOUT YOU MAY BE COLLECTED, USED, STORED, MAINTAINED, SHARED, DISCLOSED, PROTECTED, AND ABLE TO ACCESS THIS INFORMATION. THIS PRIVACY POLICY FURTHER DESCRIBES OUR POLICIES ON OUR CUSTOMERS’ PERSONAL INFORMATION, PERSONAL DATA, PERSONALLY IDENTIFIABLE INFORMATION, SELF-REPORTED INFORMATION, PROTECTED HEALTH INFORMATION, AND SENSITIVE INFORMATION. PLEASE REVIEW IT CAREFULLY.


Acceptance of Privacy Policy

By subscribing to or otherwise using our Services (including our Subscription Service), or accessing any content or materials made available through the Service, you agree to be bound by our Terms of Service, that includes this Privacy Policy. Viome reserves the right to change or modify this Privacy Policy at any time and in its sole discretion. Any changes or modifications will be effective immediately upon posting of the revised Privacy Policy (with the revision effective date posted on the top left side) on our Service. Your continued use of the Service following the posting of revised Privacy Policy will constitute your acceptance of those.


What Information We Collect

When you subscribe to or use our Services, Viome collects and uses several types of information as identified below. These include information you provide directly to us, your clinical and test data, medical information and history, information our customers provide in response to our questionnaires, self-reported information, information we receive from our Partner Services, data we retain in order to improve our data analytics methods and artificial intelligence engine and our Service, data you provide us for the purpose of providing customer services, data we retain for provisioning our Service and securing payments for same, information we collected through tracking technology, chatbot, web analytics, and other types of information we receive about you from third party sources.


We may collect “Personal Information” about you that amounts to any factual or subjective information whether recorded or not about an identifiable individual.


“Personally, Identifiable Information” or “PII” is information about an individual when used alone or with other relevant data that can identify an individual (e.g., first and last name, birthdate, home address, social security number, bank account number, credit card number, passport number, Health insurance ID number, etc.).


“Personal Data” is any information relating to a natural person, when that person can be identified, directly or indirectly, in particular by reference to an identification number (e.g. social security number or credit card number) or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity (e.g. last name and first name, date of birth, biometrics data, fingerprints, or DNA).


“Sensitive Information” or “Sensitive Data” is a category of Personal Information or Personal Data of an individual relating to confidential medical facts, medical history, records, racial or ethnic origins, political or religious beliefs, or sexuality.


“Self-Reported Information” is all information you provide us about yourself, including input and answers to surveys, forms, questionnaires, email, features on our website and software applications, while participating in Research Studies and Study Participations, engaging with our customer service (“Customer Service”) or while using the Service (e.g., information about your personal traits (e.g., eye color, height), ethnicity, disease conditions (e.g., Type 2 Diabetes), physical health-related information (e.g., pulse rate, cholesterol levels, visual acuity, medicine you currently take, habits such as smoking), diet related information (e.g., vegetarian, vegan, allergies, etc.), mental health related information (e.g. emotional conditions such as fear or anxiety), your disease conditions, medical history, and family history (e.g., information similar to the foregoing about your family members).


“Protected Health Information” or “PHI” is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual that also includes such information as any part of a medical record or payment history.


“Registration Information” is collected when you subscribe to or register for our Service. This information includes, but is not limited to Personal Information such as your name, date of birth, password, payment information (such as credit card information of which, Viome stores only the 4 last digits and the expiration date unless your Services include a Subscription Service that involves monthly recurring charges), medical history of you or your family, billing and shipping addresses, and contact information such as email address and telephone number that you provided to create your Viome account (“Viome Account” or “Account”) used for the Service. Viome uses Registration Information to authenticate your access to Viome Account, websites and mobile applications for purposes that include but not limited to the following: use the Service, obtain physician authorization (“Physician Authorization”) for test requests made by customers in certain states for Viome Wellness Test Kits and customers seeking Viome Discovery line of Services, completing the orders made by Dentists on your behalf for oral health testing, and for facilitating Pre-Test and Post-Test Consultations service through our Partner Services, enable you to purchase, complete your orders, or access add-ons and new features related to the Service, charge recurring fees for Subscription Services, deliver personalized reports, send Research Studies or Study Participation Consent Forms and questionnaires, marketing and communications, and certain other purposes.


“Biological Samples” are the self-collected stool, blood, and other fluid samples such as saliva, cheek swab, skin swab, or urine, that you collect using Sample collection kits (“Kits”) and used for microbiome, genotype, phenotype, and gene expression testing and analysis performed by Viome.


“Sample Data” is molecular data created from the Samples you provide to Viome for testing and analysis. Sample Data analysis includes, but is not limited to, primary sequencing and other types of analysis including RNA and DNA, microbiome analysis, microbial gene expression analysis, human gene expression, and personal genotype.


“Medical Information” is information in your medical records or with your healthcare provider that you give Viome permission to access. Viome will access your Medical Information or contact your healthcare provider only with your written consent by acceptance of a Consent Form or by other means used at the time of obtaining consent such as Physician Authorization.


“User Content” is information that you create or content that you post or upload on our website, social media, or public forums that relate to us, such as blogs, data, text, software, documents, audio, photographs, graphics, video, messages, discussions, emails, or other materials that you create or provide to us through public or private transmissions.


“Test Data” is information we extract from Sample Data for use in our testing services that produce data and test results that help us provide you with accurate and personalized recommendations and Services.


“De-identified Information” or “De-identified Data” as used here is Samples and other forms of data after removing personal identifiers from them immediately upon receipt and assigning a unique code for each Sample or data, and performing all downstream testing, research, and data analyses relevant to Samples or data only using that unique code. De-identification is a well-established privacy practice followed in our industry whereby information likely to be identified with you will be scrubbed from the Sample Data, Test Data, internal records, or other forms of data before using the data for provisioning the Service. De-identification prevents Viome from storing your personally identifying information together with your Samples, Test Data or other data in any database or records or release them externally in any way (even accidentally). Your Samples and Test Data are used with your Personal Information only to the extent necessary and for the purpose of delivering the Service to you and communicating directly with you when necessary. For all other purposes, including for Research and Research Studies, analysis, and improving our Artificial Engine, except when you have specifically consented to, we use the De-identified Data.


“Pseudonymized Information” or “Pseudonymized Data” is Samples and other forms of data after removing their personal identifiers and replacing them with artificial identifiers or pseudonyms, that are held separately subject to strong technical safeguards to prevent identification with a natural person. De-identified or pseudonymized data as used in this Privacy Policy means data that cannot be attributed to you or a specific individual without the use of additional information, and that additional information is not accessible to the users of the data. Viome takes all reasonable precautions to avoid inadvertent identification of Samples and other Sensitive Data with their personal identifiers.


“Aggregate Information” or “Aggregate Data” means high-level information or data collected from a group of individual Samples or other data combined with similar data of the others and compiled into data collections or summaries such that when evaluated as a whole, that no specific individual may be reasonably identified. Aggregate Data is often used for data analysis and sometimes for Research.


“Individual-level Data” means information or data about a single individual's Sample or other types of data provided by the individuals themselves or collected from other sources.


“Web Information” is information on how you use Viome website (e.g., browser type, domains, page views, etc.) or other online media owned by Viome, and are collected through log files, cookies, and web beacon technologies.


Use of Cookies

Viome and its third-party service providers from whom it receives your information may use “cookies” and similar tracking technologies (such as web beacons, pixel tags, scripts, and device identifiers used for automatic collection of information), for a variety of purposes. Cookies are small data files that are stored on a user’s hard drive at the request of a website to enable the website to recognize and retain certain user information.


Cookies help us recognize when and how you use our Services, customize and improve your experience, provide security, retarget marketing content, analyze our interactions with our Services and its features, gather demographic information about our user base, make special offers of our Service, monitor the success of marketing programs; and for targeted advertising on our website and on other websites on the Internet.


Third Party Cookies and Pixels

When Viome engages third party cookie service providers for obtaining reports on how certain functionalities of our website works, usage and statistical information such as the user’s browser type, operating system, device IDs, these third party providers may collect personal and non-personal information from you including your email address and demographic information, in connection with the services they provide. They may place cookies, Pixel tags, or web beacons on your device to collect personal and non-personal information.


When you visit our website, log in, register, or open an email, cookies, ad beacons, and similar technologies may be used by our online data partners or vendors to associate these activities with information they or others have about you, including your email address. We (or service providers on our behalf) may then send communications and marketing messages about our Services to these email addresses. You may opt out of sharing your email by our third party cookie service provider by visiting their website at: https://app.retention.com/optout.


Your information may be used, among other things to, deliver advertising targeted to your interests, cross-referencing information, better understand the usage of the Service, and for other services tracked by these third parties. In addition, certain third-party cookie service providers may use your information for purposes other than providing their services to us, such as licensing and sharing your information with their customers. Except as expressly stated in a legally binding agreement executed between Viome and these third parties, Viome is not responsible for, and does not control, any actions or policies of any third-party service providers. For additional details, please see our Cookie Policy at https://www.viome.com/cookie-policy.


The information reports we receive from third party service providers can be in de-identified, individual-level, or at aggregate-level, and we may also use these reports to initiate communications with you, make Service offerings, and improve our data analytics methods. If we combine cookies with, or link them to, any of the Personal Information, Viome will treat this information as Personal Information.


If you wish to block, erase, or be warned of cookies, please refer to your browser instructions or help screen to learn about these functions. However, if you reject cookies or your browser or device settings do not accept cookies, you may not be able to use certain parts of our website or sign in to your Viome Account and may not be able to access certain Service features. For more information, including the types of cookies found on our Service and how to control cookies, please read our Cookie Policy.


Google Analytics

Like many websites, we use Google Analytics for web behavior monitoring, a service that provides information about how many users visit our website and online resources, when they visit, and how they navigate our website. We also may use other Google Analytics tools, such as Demographics and Interest Reporting, which enable us to learn more about the characteristics and interests of the users who visit our website, and Remarketing with Google Analytics, which enables us to provide relevant advertising on different websites and online services.


To learn more about Google’s privacy practices, please go to Google Privacy Policy at: https://www.google.com/policies/privacy/. You can also download the Google Analytics Opt-out Browser Add-on to prevent your data from being used by Google Analytics at: https://tools.google.com/dlpage/gaoptout.


User Content

Some features of our Service may include functionality enabling you to post user content, whether publicly posted or privately transmitted, such as profiles, posts, emails, feedback, experiences, suggestions, notes, messages, photos, and videos (“User Content”) that may be made available to Viome and other users of the Service.


You should be aware that any User Content you provide or post in public media may be read, collected, and used by others who access them, and we have no control over these media. Please exercise caution before and when you choose to share personal information on our blogs, forums or in any other public media.


Viome at its sole discretion, has the right (but not the obligation) to screen, reject, retain, or remove any User Content on our Service that infringes Viome’s or any third party’s intellectual property or other rights, violates our Terms and this Privacy Policy or our other policies, or is otherwise objectionable.


By sending User Content, you grant Viome a perpetual, irrevocable, worldwide, royalty-free, freely transferable and sub-licensable, non-exclusive right to use, reproduce, modify, transmit, translate, publish, publicly perform, display, distribute, commercialize, share with third parties, transmit or distribute over public network and media, and create derivative works of such User Content for purposes specified in Viome Terms of Service and for delivering the Service to you and other users of the Service.


Medical History

For the purpose of Physician Authorization and covered services associated with Viome Discovery Tests such as Pre and Post Consultations provided by Viome’s physician oversight and support service partner and their contractually affiliated partners including physician networks (collectively, “Oversight Partner”), we collect additional information pertaining to your medical history, personal habits such as smoking or using tobacco, or specific symptoms associated with certain diseases for the purpose of evaluation and Physician Authorization for Viome Discovery Tests as well as for associated services provided by Viome’s Oversight Partner in connection with Viome Discovery line of Services.


Order Data; Test Results

For the purpose of completion of orders placed for you by your oral health professional (“Dentist”) for Viome Discovery Test Oral Health Pro™ (“OH Pro Test”) using Imagn or any other platform (Provider Platform”) used by your provider (“Dentist Order”) and delivering the Test Results to you and the Dentist through our oral health support partner platform Imagn (“Imagn”) through Devdent (“Oral Health Partner”) or such other Provider Platform, we collect information pertaining to your name, email, and order data pertaining to the Dentist Order placed for you by your Dentist. By authorizing your Dentist to place an order for OH Pro Test, you have authorized Viome to receive your personal information from Devdent or Provider Platform for completion of the Dentist Order and deliver your Test Results and Services pertaining to OH Pro Test to your Dentist through the Provider Platform.


Other Types of Information

From time to time, we may collect other types of information automatically about your use of our Service through the log files. Such information may include your device’s Internet Protocol (IP) address, operating system, browser type, and your device ID. Viome uses this information for purposes such as analyzing trends, administering the Service, providing, and improving customer service, diagnosing problems with our servers, monitoring the security of our website and systems, tracking user movement, and gathering broad demographic information for aggregate use.


We may collect information about you or your interactions with our website, directly or indirectly through our authorized third party chatbot service provider, for the purpose of providing you with guidance on use of our website or customer service. The terms governing use of your personal information by such chatbot service are subject to the terms of the legally binding contractual agreements with Viome. Use of your personal information, interaction with our website, and conversation record or content by such chatbot services are generally limited for the purpose of providing their service to us and for fulfilling their contractual obligations. They may however use de-identified information about you for improving their chatbot and for other services as specified in their contractual agreements with us.


By using our websites and our Services, you agree to this Privacy Policy and provide express consent for our chatbot service, on our behalf, to retain a record or transcription of your interaction with our website or chatbot service. Any information collected by our chatbot service will be used by us in manners consistent with this Privacy Policy. All other information we receive directly or indirectly through the above methods, from you, our website, social media, referral, or a third party associated with you will be used in manners consistent with this Privacy Policy.


Information on our Services

To use our Services, you must first purchase, request authorization for certain tests (“Test Request”), receive from a third party (e.g., as a gift), or from us directly or through an authorized channel partner, a Kit or a Subscription Service, we receive a Dentist Order and then you complete the order, create an online Account, register your Kit or Subscription Service, and submit your Sample directly to our laboratory for testing within the timeframe specified in our Sample Submission Policy.


Currently, all testing Services are performed at Viome’s highly automated, CLIA-certified laboratory that complies with federal regulatory standards applicable to testing performed on humans governed by The Clinical Laboratory Improvement Amendments of 1988 (“CLIA”). Depending on our needs we may use certified and licensed third-party service facilities in the future for testing and Sample collection services.


Our laboratory will use your Samples associated with our Services for testing, analysis and generation of Sample Data that will be used to generate Test Data. Test Data is used with Self-Reported Data in conjunction with our data analysis methods and artificial intelligence engine that we use for generating the Test Results that we use in order to provide personalized diet, lifestyle, supplements, probiotics+prebiotics recommendations, and providing you with Viome Supplements and Probiotics+Prebiotics Subscription Services. Our laboratory will use your Samples and Medical History associated with Discovery Services for Physician Authorization for test requests, testing, analysis, counseling, consultation, and generation of Sample Data that will be used to generate Test Data. Test Data is used with Medical History in conjunction with our data analysis methods and artificial intelligence engine that we use for detecting molecular features that are associated with certain diseases including cancer and deliver associated Test Results through our web platform.


During the Kit Registration, Test Requests, and at various stages of using our Service, you will be requested to review this Privacy Policy, Terms of Service, and other relevant documents (such as Consent Forms, and study specific Consents or questionnaires) and accept them. By accepting these documents, you consent to use of your information according to the terms specified in these documents, that include informed consent for use of your Samples, Sample Data, Test Data, Medical History, Test Requests, and other types of information for purposes specified herein and in our Terms in accordance with this Privacy Policy.


How We Use your Information

Viome will use and share your information (including Personal Information) in the ways that are described below and elsewhere in the Privacy Policy.


a) Provide you with the Services

We use your information for activities necessary for provisioning the Service that include testing and analysis of data, Physician Authorizations, Oversight Partner services, complete Dentist Orders, generate and deliver Test Results and recommendations, customize your Supplements and probiotics+prebiotics, and improve our Services. These activities may include but not limited to: i) open and maintain your Viome Account; ii) enable purchase of our Service (e.g., process payments and make personalized supplements, probiotics+prebiotics); iii) communicate with you (e.g., informing you of policy changes, security updates or issues, delivery of Test Results (directly or through our Oversight Partner or the Oral Health Partner), Pre and Post-Test Consultations with our Oversight Partner or the Oral Health Partner, etc.); iv) implement your requests (e.g. requests to Customer Service); v) facilitate use of our website and mobile applications (including authenticating your visits, providing personalized content, and tracking your use of our Services); vi) facilitate the covered services of our Oversight Partner or the Oral Health Partner (“Partner Services”); vii) enforce our Terms and other agreements such as monitor, detect, investigate and prevent prohibited or illegal activities, spam and other security risks, performing quality control; vii) perform Research Studies and Research & development activities (which may include, for example, Research conducted by the Viome Research Institute); viii) conducting data analysis to improve existing Services or develop new Services; and ix) improving our data analytics and artificial intelligence engine that help us provide more precise and accurately personalized recommendations, and infer data that help us make customized Supplements and probiotics+prebiotics for you.


We may also use your information to fix bugs or issues, analyze the use of our website, charge recurring Subscription Fees, to improve or optimize the customer experience and Customer Service, or assess the efficacy of our marketing campaigns.


For individuals located in Europe, we process your Personal Data in the same way in accordance with this Privacy Policy and our Terms of Service.


b) Provide Partner Services

If you made a Test Request for Viome Discovery Services (e.g., CancerDetect™ Test), we use and disclose your Personal Information to a) obtain Physician Authorization for your Test Request, b) process your Test Order, c) deliver or communicate your Test Results, d) provide you with certain covered services associated with such Test Request such as Pre/Post Test Physicians or Clinicians Consultations through our Oversight Partner, and e) support activities necessary for provisioning the Service directly or through the Oversight Partner. The Physician Authorization and Oversight Partner services are covered by an existing contractual arrangement, and the Oversight Partner Services are fully paid for by Viome under the terms of such contractual arrangements between Viome and Oversight Partner.


If we receive a Dentist Order for Oral Health Pro™ Test for you, or you or placed a Test order (“Test Order”) using our Oral Health Partner or other Provider Platform (e.g., Imagn or Henry Schien), we will receive a limited set of Personal Information of you (e.g., name, email, and order data) for the purpose of communicating with you on completing your Dentist Order. In providing Services associated with your OH Pro Test we use and disclose your Personal Information for a) completing the Dentist Order, b) deliver or communicate Test Results to your Dentist via Imagn, and c) support activities necessary for provisioning the Service directly or through our Oral Health Partner. By the consent you expressed by using our Services, you consent to share and disclose your Personal Information (including Test Results) with your Dentist through our Oral Health Partner platform.


The consent as expressed by making a Test Request for Viome Discovery Tests (e.g., CancerDetect), acceptance of applicable terms in the process, or using our Service, you consent to share and disclose your Personal Information (including medical history and other sensitive data) with Viome Oversight Partner or Provider Platform for evaluating your Test Request for Physician Authorizations as well as for providing the Partner Services by our Oversight Partner.


Any use of your data (including your Medical Information) shared with or provided to the Oversight Partner or the Oral Health Partner for the purpose of providing Partner Services (directly or through their service providers) associated with Discovery Services shall be governed by this Privacy Policy. Viome Oversight Partner or the Oral Health Partner may also use third party service providers employed by or contracted with them for the purpose of delivering Partner Services specified herein. Use of your Personal Information by any third-party service providers of Oversight Partner or Oral Health Partner as well as use of your Personal Information shared with Oversight Partner or Oral Health Partner for any purposes outside the scope of Partner Services covered by an existing contractual arrangement between Viome and Oversight Partner are governed by the privacy and data practices as specified in the privacy policies of such Oversight Partner, Oral Health Partner, and/or their third-party service providers. We recommend and request that you review such privacy policies regarding use of your information for purposes other than for Partner Services as specified herein.


c) For Research and Research Studies

When you use our Services, Viome may use your Personal Information, and other data at individual-level or otherwise (in de-identified, pseudonymized, or aggregate forms) for ongoing research conducted by Viome and Viome Research Institute (“VRI”) that help us better understand the connections among microbiome, gene expression, and your health and wellness at individual as well as at population scale (“Research”). The information we use in Research is often summarized, aggregated, or combined across a group of subjects to minimize the chance of identification. In the event we require use of individual-level Personally Identifiable Information in Research or for other purposes, we will reach out to you for obtaining specific consents applicable to such other use.


With your consent as expressed by acceptance of the Participant Information and Consent Form presented to you at Registration, Test Request, or while using the Service (“Consent Form”), Viome may use your Individual-level Personally Identifiable Information in Viome lead clinical studies and scientific research activities identified by Viome study protocols that support a specific diagnosis of a disease, development of a treatment, or predict certain health conditions (“Research Study” or “Research Studies”). Participation in Research Studies is voluntary.


Research and Research Studies are important aspects of our Service. The primary aim of VRI is to improve our Service using the data we gather from our Research. We invite you to take part in these Research and Research Studies that may help improve our Services and also help generate breakthrough discoveries in the fields of microbiota and gene expression leading to pushing the boundaries in human health. We strongly believe that the insights we gain through Research and Research Studies may benefit the general population as a whole, and indirectly you or your family as well sometime in the future.


The Research activities may include but not limited to conducting data analysis to develop new or improve existing Services, perform quality control, and identifying potential areas or targets for specific diet or lifestyle recommendations. Research Studies may encompass population-scale studies, development of a specific diagnosis or treatment, predict certain health conditions, or develop scientific knowhow, discoveries, and intellectual property assets to improve healthcare for the population as a whole. They may also include publishing study results in peer reviewed scientific journals publications and commercialization activities.


Research Studies may also entail, use of your Personal Information (including Medical Information), for selecting candidates suitable for a particular research study for identifying the correlations between dietary and lifestyle inputs and illness or wellness at molecular levels. As a result, we may reach out to you from time to time with requests for additional information about you, your diet, lifestyle, or certain conditions by way of surveys and questionnaires as well as additional consents as necessary. When we do, you have the opportunity to choose which surveys to take, which questions to answer and grant us or decline your specific consent for these Research Studies. By choosing to answer, you are granting us the consent for Research Studies.


Unless required by law or a court order, Viome will not release your individual-level Personal Information to any third party not identified in this Privacy Policy without first receiving your explicit consent by way of acceptance of a Consent Form.


For individuals located in the European Union (“EU”): Our legal basis for processing your Sensitive Data for the purposes described above is based on your consent. Please read below on Data Privacy for EU Residents Under GDPR for further details.


d) For Study Participations

From time to time, Viome may engage in certain study specific research in collaboration with third parties such as non-profit foundations, academic institutions, healthcare organizations, or commercial research partners with the intent to study about a specific disease condition or a segment of the population (“Study Participations”). Study Participations are governed by specific regulations and require approval by an independent review board and your informed consent by way of acceptance of a study specific optional informed Consent Form that contains specific details on the study, collaborator, and the type of information we collect and share. If we identify you as a potential participant in a Study Participation, you will be presented with the Consent Form for acceptance that grants us your informed consent for Study Participations.


Some of these Study Participations are aimed at publication in peer-reviewed journals and other research publications. Study Participations are completely optional and voluntary for participants, and if you wish, you can choose to decline to accept the Consent Forms or choose not to respond.


Study Participations require use of Personal Information by way of collection and analyses of physiological and molecular data such as Samples, individual Clinical Data, Test Data, and Self Reporting Information. When you have accepted a study specific Consent Form for Study Participations, we may share your Personal Information with the identified third-party study collaborators. Viome employs industry standard controls and safeguards in protecting and using your Personal Information for Study Participations as specified in the Consent Form and in accordance with the terms of this Privacy Policy.


When you have consented to Study Participations by way of accepting a study specific informed Consent Form, we may store and use your Sample Data and other Personal Information for current and future Study Participations. In addition, based on your Personal Information, if you were a potential fit for other Study Participations, we may contact you at any time of Service via email, website, or mobile application, with a notification for specific Study Participation and acceptance of a study specific Consent Form. You may choose to accept, decline, or choose not to respond to these invitations and Consent Forms. In the event you have not accepted a Consent Form or an invitation for Study Participation, you may still choose to join Study Participations in the future. Similarly, if you have accepted an invitation and a Consent Form and you do not wish Study Participations, you may decline to participate by withdrawing your consent.


For example, if a university or a collaborator tells us about a new research project on irritable bowel syndrome, we may send you the study specific details and a Consent Form to make you aware of the Study Participation. Viome scientists may run, in collaboration with a university, an extensive clinical study program focused on developing science-based personalized nutrition algorithms towards treatment, prevention, and reversal of a chronic disease like diabetes.


In the event if you do not wish to receive the Study Participation notifications, you can send a request to our Studies Team using the details below:


By Email:

Send in a request with the subject line Assistance with “Study Notifications” using studies@viome.com


By Mail:

Viome Life Sciences Inc.

Viome Studies Team (Study Notifications)

205 108th Ave NE, STE 150

Bellevue, WA 98004


e) Improve Service, Analysis Methods, and Artificial Intelligence Engine

We are constantly working on improving our Service and enhancing the capacity and accuracy of our data analysis methods and artificial intelligence engine we use for the purpose of delivering more accurate and personalized recommendations to you.


We may use your Sample Data, Test Results, and Self-Reported Information in de-identified, pseudonymized, anonymized, or aggregate forms (after carefully removing the identifiers that easily identify who you are), together with similar data of others, for the purpose of improving Viome’s data analysis methods. Our artificial intelligence engine runs multiple analyses of aggregated de-identified data across our massive database of information, carefully selected high-quality scientific literature, expert knowledge from our team of scientists, and customer feedback to discover what foods, supplements, probiotics+prebiotics are ideal for you and your gut microbiome to experience optimal health. It is through our artificial intelligence engine that we are able to provide better and more accurate personalized Services to you.


f) Provide Customer Service and Support

When you contact Viome customer service (“Customer Service”), we may use or request additional Personal Information, as necessary to verify your identity, answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints. In certain instances, we may require using one customer’s Personal Information to resolve another customer’s request. For example, if a customer reports the behavior of another customer that violates our Terms of Service, we will separately process both customers’ Personal Information and respond separately to each customer as appropriate. We will not share your Personal Information with another customer or any third party without your specific consent.


g) Surveys and Testimonials

We value our customers’ feedback and may send you surveys, polls, or requests for testimonials to improve and optimize our Services. We may use your Personal Information to send you surveys, questionnaires, and requests for testimonials that we use to optimize our Service and perform quality control activities. You are in control of the information you would like to share with us. If you do not wish to receive these requests, you can manage them by a request to our Customer Service using the details provided in this Privacy Policy.


h) Marketing and communications

By creating a Viome Account and using our Service, you agree to receiving Service-related email with information such as new features, add-ons, promotions, contests, and other notifications about our Services. You can unsubscribe from receiving these marketing communications at any time. To unsubscribe, click the email footer “unsubscribe” link or send a request to our Customer Service using the details provided above. You may not opt-out of receiving non-promotional messages regarding your Account, such as technical notices, purchase confirmations, important Viome policies and deadlines applicable to use of Kits and Sample submissions or Service-related emails.


We may also use the Personal Information you submit to us to personalize your user experience and to allow us to recommend or deliver the type of content, new features, or Service offering in which you are most interested. We may also use your Personal Information to compile usage statistics and other data regarding use of our Services and for other types of marketing and communication purposes, without asking for and receiving your explicit consent (e.g., targeted advertising that uses third party advertising networks and providers who help us deliver targeted online advertisements or measure the effectiveness of ad campaigns). We and our third-party service providers will not use your Sensitive Information for marketing and communication purposes.


Withdrawing Consent

You may withdraw your consent as expressed by acceptance of a Consent Form for Research Studies or Study Participations, at any time by sending a request to our Studies Team to change your Consent Form status as stated below:


By Email:

Send in a request titled “Consent Withdrawal” using studies@viome.com


By Mail:

Viome Life Sciences Inc.

Viome Studies Team (Consent Withdrawal)

205 108th Ave NE, STE 150

Bellevue, WA 98004


Pursuant to your request, we will not include your Individual-level Personal Information in Research Studies or Study Participations that start more than forty-five (45) days after the date of receipt of your consent withdrawal. Any Research Studies or Study Participations that used your Individual-level Personally Identifiable data that have already been performed or published prior to your withdrawal for which you have given consent to cannot and will not be reversed, undone, or withdrawn.


To the extent permitted by applicable law, we may still use the de-identified, anonymized, or pseudonymized information that do not personally identify you for Research, Research Studies, Study Participations, data analysis, marketing, and other purposes in accordance with the terms of this Privacy Policy.


What happens if you do NOT sign a Consent Form?

If you choose not to accept the Consent Form or grant a study specific Consent to us, your Individual-level Personal Information will not be used for Research Studies or shared with collaborators or third parties or used for Study Participations. However, you may still have an opportunity to participate if we identify you as a potential candidate for and extend you an invitation to participate in a Research Study or a Study Participation. You may or may not accept the invitation and study specific Consent Form or you may decide not to respond.


When you have not accepted a Consent Form, your Personal Information in de-identified, pseudonymized, and anonymized forms (that do not identify you personally) and in aggregate form may still be used by us, to the extent permitted by law, for Research, Research Studies, data analysis, marketing, and for other purposes as outlined in this Privacy Policy.


How We Disclose Your Information

In general, Viome will not disclose individual-level Personal Information (including Self-Reported Information and Medical Information) to third parties, except under the following circumstances:


a) With Express Written Permission

Viome may disclose your Personal Information to third parties in accordance with our Terms of Service or where you have otherwise provided express written consent for sharing (e.g., by way of accepting a Consent Form).


b) Facilitate Business Operations

Viome may disclose individual-level Personal Information as stated in the Terms and this Privacy Policy to partners, vendors, or service providers (e.g., credit card processors, Sample collection services, electronic data processors, chatbot service providers, supplements and probiotics+prebiotics manufacturers, fulfillment and logistics service providers, customer service accelerators, accredited reference laboratories, and genotype and microbiome testing labs), eCommerce store providers, and payment gateways that process and/or store such information in order to help Viome provide, or improve the Service or any part of it. In these instances, the protection of your individual-level Personal Information will be subject to the service agreements between us and the specific service provider and their privacy policies. In addition, we also employ strong terms on data privacy, security, protection, and confidentiality of information shared (including protection of our customer data) in our legally binding agreements with the service providers. These service providers may use information that does not personally identify you, for their internal operations including data analysis and improving their services in general.


c) As Required by Law

Under certain circumstances, Personal Information may be subject to disclosures pursuant to judicial or other government subpoenas, warrants, or orders, or in coordination with regulatory authorities. You acknowledge and agree that Viome is free to preserve and disclose any and all Personal Information to law enforcement agencies or others regulatory agencies that oversee manufacturing and logistics service, if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (i) comply with legal or regulatory process (such as a judicial proceeding, court order, or government inquiry); (ii) obligations that Viome may owe pursuant to ethical, regulatory (such as Food and Drug Administration), and other professional rules, laws, and regulations; (iii) enforce Terms of Service; (iv) respond to claims that any content violates the rights of third parties; or (v) protect the rights, property, or personal safety of Viome, its employees, its customers (including you), and the public. In the event Viome is required by law to disclose Personal Information, Viome will notify you through the contact information provided to Viome in advance, unless doing so would violate the law or a court order.


d) Sharing with Third Parties

We may share your individual-level Personal Information, to the extent permitted, without explicit consent, to the extent necessary, with third parties: i) in order to perform business operations that help deliver the Services to you (e.g., Sample collection services, laboratory service, inventory controllers that ship Kits, Precision Supplements and Precision Probiotics+Prebiotics manufacturers, logistics operators, IT service providers, customer service optimizers, etc.); ii) in order to provide Partner Services provided to you by our Oversight Partner and the Oral Health Partner; iii) in order to fulfil certain contractual obligations with our authorized channel partners for use in accordance with their then current terms and privacy policies, and iv) for marketing and communication purposes.


We may also share Personal Information de-identified, pseudonymized, or aggregate forms (without your personal details or aggregated with the information of others so that you cannot reasonably be identified as an individual) for: i) Research and Research Studies; ii) strategic initiatives with Research partners; and iii) for other purposes, to the extent necessary, and as permitted by law.


Unless required by law or a court order, or as specifically stated in the Terms and this Privacy Policy, Viome will not release your individual-level or individually identifiable Personal Information to any third party without first receiving your consent. Specifically, Viome does not share your individually identifiable sensitive Personal Information with third parties, in the following ways, without your explicit consent: i) sell, lease, or rent them; ii) release to any public databases; iii) for Study Participations with collaborators; and iv) with insurance companies, healthcare providers, educational institutions, government agencies, or employers.


e) Lost Capacity

When a customer has lost capacity or passed away, we will only give their Account information to individuals who are legally authorized to make decisions on their behalf, such as an executor, a personal representative, or a beneficiary of a deceased's estate. The person requesting the information must complete an authorization form and provide evidence and legal documentation indicating they are allowed to act on behalf of the individual before we will provide any information.


f) Business Transitions

In the event Viome goes through a business transition such as a merger, acquisition by another company, or sale of all or a portion of its assets, your Personal Information will likely be among the assets transferred. In such a case, Personal Information would remain subject to the terms of the pre-existing or the current Privacy Policy.


g) Commonly Owned Entities

We may share your Personal Information with other companies under common ownership or control of Viome (e.g., Viome Habit, Habit LLC, etc.), as necessary to deliver our Services, perform our contractual obligations, or for other purposes specified in our Terms of Service and this Privacy Policy. We may provide additional notice and ask for your prior consent if we wish to share your Personal Information in a materially different way than as specified in this Privacy Policy. We can confirm that all commonly owned entities are compliant with the the EU-U.S. DPF Principles and the Data Privacy Framework (as defined below).


Information Security Measures

Viome uses a number of physical, technical, and administrative measures to keep your Personal Information safe and secure. By employing these safeguards, we aim to prevent unauthorized access, minimize accidental disclosure, maintain data accuracy and integrity, and ensure appropriate use of the information in accordance with current technological and industry standards. In particular, all connections to Viome websites, software, and mobile applications are encrypted using Secure Socket Layer (“SSL”) technology.


You acknowledge and agree that protecting Personal Information is a responsibility shared between you and Viome. In this regard, we ask all users of our Service to be responsible for keeping their login IDs, passwords, and other authentication information used to access the Service in a secure manner and maintain strict confidentiality. You should not share Account and authentication information with any third parties and should inform Viome immediately of any prohibited use of your Account or authentication information. Viome cannot secure and assumes no liability for Personal Information that is released by our customers to third parties, such as physicians, insurance companies, or healthcare service providers.


Viome implements several physical and technical security measures to ensure confidentiality, integrity, security, and availability of Viome and customer data by employing industry standard safeguards such as de-identification, pseudonymization, encryption, and data segmentation. Your Sample Data and other Personal Information you provided to us are stored after labeling them with an assigned code without your name or other Personal Information that can easily identify your Sample with you.


To ensure the on-going confidentiality, integrity, and security of your data, Viome conducts periodic risk assessments of its electronically protected health information systems (“ePHI”) which we use to store your Personal Data. We de-identify customers’ PII from PHI and use multiple layers of industry standard security measures applicable to encryption and access protection for Sensitive Data, based on job function and role. Viome access controls include multi-factor authentication, single sign-on, and strict least-privileged authorization policies.


Viome keeps all customer Personal Data and information on secure cloud servers. Only a small group of qualified personnel within Viome can access the information that can be used to identify you. These are personnel who need that information in order to provide, complete, testing, analysis, and reporting related to the Services. The Personal Information that matches the assigned codes will be kept in a secure, access controlled, and protected database at Viome. Only a small group of essential personnel will have access to this secure and protected database.


We will not include any Personal Information that would make it possible to identify you in any Research, studies, or publications. All Viome employees, consultants, and others who might have access to your Personal Information must sign confidentiality and non-disclosure agreements that mandate them to keep customer Personal Information confidential. Your Personal Information may be shared with your health care service provider only with your written permission. Your Samples and their specimens and their remnants, after testing and analysis, will be stored securely with de-identified alphanumeric IDs (with no Personal Information that can identify you).


Children’s Privacy

Viome is committed to protecting the privacy of children and abiding by the provisions of the Children’s Online Privacy Protection Act (“COPPA”). The Service is not directed, designed, or intended to attract children under the age of 13.


In rare instances, a parent or legal guardian of a child, however, may specifically request or consent his/her child to Study Participation, and may assist the child with providing assent to Study Participation, if the child is old enough to do so. In such cases, the parent or guardian may create an Account for, assist and be responsible with collection of the Clinical Sample, and provide Self-Reported Information on behalf of his or her child. If you are the parent or guardian of a child, you assume full responsibility for ensuring that the information you provide to Viome about your child is: i) accurate; ii) you have the legal right to provide your child’s information to Viome, and iii) that the child’s information is kept confidential and secure.


In the event Viome is notified or becomes aware that the Service has been used by a child under the age of 13 to store information of that child without parental consent, Viome shall be and is authorized to delete, in its entirety, with no notice to you, any of the information stored by that child or by you on that child’s behalf. Viome also reserves the right to revoke any license to use the Service, which is being used or has been used by a child under the age of 13.


Further, Viome Services are not designed for, intended to attract, or directed toward children under the age of 18 or below the legal age of majority to form a binding contract in your country of residence, whichever is greater. A parent or a legal guardian, however, may collect Samples using Kits, and create an Account for, and provide Registration information for his or her child who is under the age of majority. On these occasions, the parent or guardian assumes full responsibility for following the Sample collection instructions and ensuring that the information that he or she provides to Viome about his or her child is kept secure, and that the information submitted is accurate.


Some features associated with the Services and Study Participations are not offered to children or minors, even with parental/guardian consent. In such cases, Viome will restrict Registration for these Service or Study Participations for anyone below the age of 18.


Retention of Personal Information

By choosing to have Viome extract the molecular level data from your Samples as part of the Service, you consent to have Viome access, analyze, and store your Personal Information using the same or more advanced technologies, in a manner consistent with our Terms and this Privacy Policy. Unless we notify you otherwise, we will store your Samples and data from the Samples for at least ten (10) years, but may, in its sole discretion, to the extent permitted by law, retain such Samples and data for a longer period of time. All of the same safeguards applicable to Personal Information will be provided, to any further use of your Samples, as in our Terms of Service and this Privacy Policy.


Unless you close your Account that results in deletion of your Personal Information in the Account as described in the Account Closure process as specified below, Viome will store your Personal Information as long as your Account is open.


Correction of Personal Information

Your Personal Information and Registration Information, if incorrect, can be corrected, changed, or updated by sending a request to our Customer Service using the information stated below:


Submit online:

Visit https://support.viome.com and request “Correction of Personal Information”


Submit by mail:

Viome Customer Service (Correction of Personal Information)

Viome Life Sciences Inc.

205 108th Ave NE, STE 150,

Bellevue, WA 98004


Account Closure

If you no longer wish to use the Service or have your Personal Information processed by us in order to provide you the Service, you may close your Account by sending our Customer Service a request using the information specified below.


Submit online:

Visit https://support.viome.com and request Account Closure.


Once we receive your request, we will send an email to the email address linked to your Account detailing our Account Closure Policy and requesting that you confirm your closure request. Once you confirm your request to close your Account, your Account will no longer be accessible. When your request is processed, it cannot be cancelled, undone, withdrawn, or reversed. When closing an Account, Viome removes or deletes Personal Information associated with that Account, subject to certain limitations stated below:


To the extent necessary and permitted by law, Viome may still retain:

Limited Registration Information on order history (e.g., name, contact details, closure request, and transaction data) for accounting, audit, and compliance purposes;

Limited Personal Information for compliance with legal retention requirements (e.g., CLIA requirements);

Limited Personal Information to fulfill contractual obligations, exercise or defend legal claims;

Limited Personal Information to fulfill audit and compliance processes;

Information already used for Research and Study Participants; and

Limited information in de-identified, pseudonymized, or aggregate forms used in Research, data analysis and artificial intelligence.


Retention of Personal Information

Unless you close your Account and delete your Personal Information in the Account as described under Account Closure as specified above, Viome will store your Personal Information as long as your Account is open.


California Residents

Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), California residents are afforded certain additional rights regarding use of your Personal Information. However, depending on your data choices, certain services may be limited or unavailable. If you are a California Resident, to learn more about your California Residents’ privacy rights under CCPA by reading our CCPA Notice for California Residents located at https://www.viome.com/CCPA_Notice.


If you have any questions about your CCPA rights you may contact our Customer Service by sending a request using the information specified below.


Submit online:

Visit https://support.viome.com and request Assistance with CCPA Notice Rights.


Submit by mail:

Viome Life Sciences Inc.

Viome Customer Service (CCPA Notice Rights)

205 108th Ave NE, STE 150

Bellevue, WA 98004

Or

Call our Customer Service at 1.855.958.4663


California Do-Not-Track Disclosures

Viome does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (“DNT”) signals. Third party cookie service providers we use may have content embedded on Viome’s websites or mobile applications (e.g., social features) and may set cookies on a user’s browser and obtain information about the web browser visiting a specific Viome website from a certain IP address. These third parties may collect your Personal Information from Viome’s websites, software, or mobile applications unless you have opted out of receiving their marketing messages by visiting our third-party service provider websites such as https://app.retention.com/optout.


Nevada Residents

Pursuant to Nevada Privacy Law (“NPL”), Nevada residents may direct a business that operates an internet website not to sell certain Personal Information about you. Viome does not sell your Personal Information to third parties. If you are a Nevada resident, for more information about your rights under NPL or how we handle and share your Personal Information, contact our Customer Service by sending a request using the information specified below:


Submit online:

Visit https://support.viome.com and request Assistance with NPL Rights.

Or

Call our Customer Service at 1.855.958.4663


Residents of other US States

Pursuant to the privacy laws of various other US States, residents of certain states may be afforded certain additional rights regarding use of their Personal Information. The privacy policies and practices of Viome as stated herein are intended to cover the rights of the residents of these US States when applicable. Please contact our Customer Service by sending a request using the information specified above for further details.


Data Privacy for Residents of Designated Countries

This section applies only to the Personal Information of the residents of the European Economic Area (“EEA”), European Union (“EU”), United Kingdom (“UK”), or Switzerland (collectively, the “Designated Countries”). When we transfer, store, and process the Personal Information of the residents of the Designated Countries, we implement appropriate safeguards applicable to transfer of such Personal Information to and from the Designated Countries in accordance with the terms specified below:


International Transfers

When we transfer, store, or process your Personal Information to U.S. or other countries outside of where you reside, we rely on various legal bases to lawfully transfer such Personal Information around the world, including the European Union Commission approved model contractual clauses (“lawful data transfer mechanisms”).


In addition to such lawful data transfer mechanisms, Viome also adheres to the EU-U.S. Data Privacy Framework Program Principles (“Data Privacy Framework”) regarding the collection, transfer, use, and retention of Personal Information from EU to the United States.


For EU Residents

Viome complies with the EU-U.S. Data Privacy Framework program (“EU-U.S. DPF”) as set forth by the U.S. Department of Commerce. Viome has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework program Principles (“EU-U.S. DPF Principles” or the “Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.


Our Relationship with You

We are the “controller” with respect to your Personal Information because we determine the means and purposes of processing your information when you use our Services.


Legal bases for processing Personal Information from the EU

We describe how we process your Personal Information in this Privacy Policy under the below section on “Data Privacy for EU Residents under GDPR”.


Marketing Communications

We may contact you by electronic means for marketing communications with information about our Services that are similar or related to our Services with you. If you do not want us to use your Personal Information in this way, please contact us at Privacy@viome.com to withdraw your consent at any time. The withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.


Transfer to a Third Party

If your Personal Information is transferred to a third party located outside the Designated Countries, Viome implements industry standard privacy and security measures as specified in this Privacy Policy, and we secure appropriate contractual terms with such third party relating to the transfer of such Personal Information.


Privacy Rights

You can exercise your privacy rights by following the instructions set forth in this Privacy Policy or by contacting us at Privacy@viome.com. When you make a request, we may verify your identity as well as the residency status to protect your privacy and security. We will process your request in accordance with the applicable data protection laws.


Data Privacy for EU Residents Under GDPR

This Section outlines our policies and commitment to General Data Protection Regulation (“GDPR”) applicable ONLY to information from and of the residents of the European Union (“EU”). Except where a term is specifically defined herein, the terms used in this Section will have the meaning provided under in the GDPR. In addition to GDPR, Viome is committed to ensure that all Personal Data received from the EU will handled in compliance with the EU-U.S. DPF Principles.


Viome is committed to GDPR compliance through our robust data privacy and security protections. Under the GDPR, organizations that collect and store Personal Information must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with processing Personal Information. Viome uses industry-leading organizational and technical measures to keep your Personal Information secure.


In exercising rights under GDPR, applicable only to EU residents, as a precondition for processing your requests, we require proof of your identity and EU resident status both.


Note: GDPR and Data Privacy policies outlined below do not extend or apply to residents of non-EU countries or residents of the United States.


Below we describe how we process your Personal Data in accordance with this Privacy Policy.


a) When Viome acts as Controller

Viome acts as a Controller when it determines the purposes and means of processing Personal Data. Where we process your Personal Data in our capacity as a Controller, this Privacy Policy will govern such processing of your Personal Data.


b) When Viome acts as a Processor

Viome acts as a Processor where it processes Personal Data for another Controller. Where we process your Personal Data in our capacity as a Processor, on behalf of a third-party Controller, this Privacy Policy will not govern the processing of your Personal Data. In such events, we encourage you to contact the Controller directly to learn about their privacy policies applicable to processing of your Personal Data and exercise your rights directly with the Controller, or we will forward your request directly to such Controller upon receipt of a request from you.


c) Right to Withdraw Consent

To the extent Viome has requested and you provided your consent for processing of your Personal Data, or accepted a Consent Form, you can withdraw your consent at any time by contacting our Customer Service using the information specified below. Your withdrawal will not affect the lawfulness of our processing based on consent you granted before its withdrawal as well as use of your data in ways otherwise permitted by law.


Submit online:

Visit https://support.viome.com and send us a request titled Assistance with GDPR: Consent Withdrawal or send us a request with the same title using privacy@viome.com.


Submit by mail:

Viome Customer Service (GDPR: Consent Withdrawal)

Chief Privacy Officer

Viome Life Sciences Inc.

205 108th Ave NE, STE 150,

Bellevue, WA 98004


d) Right of Access and Rectification

Viome allows you to access and rectify certain Registration Information, Self-Reported Information, and other information as required by applicable law. If you would like to access or rectify your Personal Data, please contact our Customer Service using the details specified below. We may not be able to fulfil part or all of your request if doing so could adversely affect the rights and freedoms of others.


Submit online:

Visit https://support.viome.com and send us a request titled GDPR: Data Access and Rectification or send us a request with the same title using privacy@viome.com.


Submit by mail:

Viome Life Sciences Inc.

Chief Privacy Officer

Viome Customer Service (GDPR: Data Access and Rectification)

205 108th Ave NE, STE 150

Bellevue, WA 98004


e) Right to Erasure ("Right to be Forgotten")

We allow you to delete your Account or your Personal Information following a request for Account Closure at any time. You can request erasure of Personal Data that: (a) is no longer necessary in relation to the purpose for which it was collected or used; (b) was collected with your consent but later you withdrew such consent; or (c) was collected for a purpose with your consent, but there are no overriding legitimate grounds for our further processing.


Viome will take reasonable steps to fulfil your request. Our assistance with your request, however, is subject to the following limitations:


When processing your Personal Data is necessary to comply with a legal obligation, establish, exercise, or defend legal claims;


In relevant data protection laws that restrict this right for certain types of data;


When there are limitations in the available technology; and


When we are limited by the cost of implementing


Subject to the above terms and conditions, Viome will fulfill your request within thirty (30) days from receipt of a request from an EU customer, subject to verification of requester’s identity and other details such as the EU resident status, before erase of the Personal Data concerning such customer. Notwithstanding the above, Viome shall be permitted to retain, to the extent permitted by law, any and all Personal Data that is in de-identified, anonymized, pseudonymized, and aggregated forms in accordance with the terms of this Privacy Policy.


Please contact Viome using privacy@viome.com to exercise your right to erase your Personal Data pursuant to GDPR using the subject line: GDPR: Right to Erasure


f) Right to Restrict Processing

Under GDPR, you have the right to restrict our processing of your Personal Data under the following circumstances: (a) you dispute the accuracy of Personal Data; (b) the processing is unlawful and you do not wish the erasure and request the restriction instead; (c) we no longer need the Personal Data for the purposes; and (d) when our legitimate grounds for processing override your rights.


Following a request for restriction, however, we can continue to use your restricted Personal Data, when: a) we have your consent; b) to establish, exercise or defend legal claims; c) to protect the rights of another natural or legal person; or d) for reasons of important public interest.


Please contact Viome by using privacy@viome.com to execute your right to Restrict Processing Personal Data using the subject line: GDPR: Right to Restrict Processing.


g) Right to Data Portability

To the extent that we process your Personal Data as Controller (i) with your consent or under a contract; and (ii) through automated means, you may request your Personal Data in a structured, commonly used, machine-readable format. You may also request the transfer of your Personal Data directly to another data Controller, where it is technically feasible, unless choosing to exercise this right adversely affects the rights and freedoms of others.


There may be an additional fee associated with processing your request.


Please contact Viome by using privacy@viome.com to exercise your rights to portability of your Personal Data pursuant to GDPR with the subject line: GDPR: Right to Data Portability.


h) Account Closure

To close your Account, please contact our Customer Service using the information specified below. If you closed your Account, we will take the same steps described under Account Closure above.


Submit online:

Visit https://support.viome.com and send us a request titled GDPR: Account Closure or send us a request with the same title using privacy@viome.com


i) Personal Data retention

Unless you close or delete your Viome Account, we retain and store your Personal Data as long as your Account is open, for other important purposes such as providing you with our Service, complying with legal obligations, resolving disputes, enforcing our agreements, and for other purposes specified in this Privacy Policy and permitted by applicable law.


j) Third parties with access to your Personal Data

Viome may share your Personal Data, with third parties as necessary for them to provide their services to us and help us deliver our Services to you. Service providers are third parties (other companies or individuals) that help us provide, analyze, and improve our Services. While Viome directly conducts the majority of the data processing activities required to provide our Services to you, we may engage some third-party service providers to assist us in supporting our Services, including in the following areas and ways:


Order fulfillment and shipping: to provide you with our Services including the Kits and Subscription Services, and their delivery to you.


Manufacturers of our Services including the Kits and Subscription Services.


Customer Service and related service providers: to process orders, respond to customer service requests, phone services, and for customer relationship management.


Website and mobile application usage analytics services: to determine who is using Viome’s Services, to improve those Services, and to assist users on use of our website.


eCommerce Platform or Storefront Services, Payment processors to make recurring charges to process customer payments using billing information.


Sequencing facilities: to provide primary sequencing and other types of analysis (including RNA and DNA).


Testing facilities: to provide genotype, microbiome, and gene expression testing that form part of our Service.


Sample collecting service providers or agents that facilitate the collection process.


Study Collaborators: to engage in scientific Study Participations.


Software developers: to develop and test Viome’s software and mobile applications.


Database service providers: to securely store Sample Data and Test Results.


Storage facilities: to securely store raw and processed Samples and Sample Data.


Business process outsourcers and electronic data processors.


Study Participation collaborators.


Provide Partner Services to you (if applicable).


Other service providers that support our Services.


Like many online services, to the extent necessary and permitted by applicable law, Viome may share de-identified, anonymous, or pseudonymized Personal Data that does not personally identify you or on aggregate basis with our business partners, service providers, and advertisers in accordance with our Terms and this Privacy Policy. This may also include non-individually identifiable data contained in databases, server log files such as your IP address and cookies, generalized traffic flow data, data used for Research, inferred, or resulting data, and aggregated statistical data that are not personally identifiable, including users’ demographic information.


Our data processors and their sub processors who use your Personal Data for providing Services may transfer such Personal Data to any country or territory, as may be reasonably necessary for provisioning of their services described in our service agreements with them.


k) How to exercise your rights on Personal Data

If you would like to exercise your rights under GDPR on use of your Personal Data as described above, please send us a request using the designated methods specified above. In your message, please indicate the right you would like to exercise, request you make, and the information that you would like to access, review, correct, or erase.


We may ask you for additional information to confirm your identity and resident status and other information, for security purposes, before disclosing the Personal Data you requested.


We reserve the right to charge a fee, where permitted by law (e.g., if our cost of processing your request is prohibitive, or your request is manifestly unfounded or excessive).


We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.


We ask that you attempt to resolve any issues regarding your Data Protection or data requests first with us. Please contact us at privacy@viome.com and we will be happy to respond to your request promptly.


Viome’s “Privacy By Design” approach requires that our user data protection levels be at the highest setting by default. In the unlikely event of a breach, Viome will notify the applicable Data Subjects and Supervisory Authorities ("SA"s) in the EU according to procedures provided in GDPR Articles 33 and 34.


l) Legal bases for using and sharing your Personal Data

We collect, use, and share your Personal Data where we are satisfied that we have an appropriate legal basis for doing so. This may include: i) when our use of your Personal Data is necessary to perform a contract, providing a Service (including Partner Service), or take steps to enter into a contract with you; ii) in our legitimate interest as a commercial organization (for example in order to make improvements to our Services, perform Research for improving our Service, and to provide you with the Data you request); iii) necessary to comply with a relevant legal or regulatory obligation that we have (for e.g., where we are required to disclose Personal Data to a court); or iv) in accordance with your consent (e.g., acceptance of a Consent Form).


If you would like to find out more about the legal bases on which we process your Personal Data, please contact us using the details specified above.


m) Exporting Personal Data from the EU

Data protection laws vary among countries and privacy regulations keep changing. Nonetheless, we strive to ensure our privacy practices stay compliant with applicable data protection laws and use your Personal Data in ways that are compliant. Regardless of where your data is processed, we apply the same protections described in this Privacy Policy to your data.


Viome may transfer your Personal Data outside of the country from which it was originally provided. This transfer may be intra-group or to third parties that we work with who may be located in jurisdictions outside of the EU that have no data protection laws or have laws that are less strictive compared with those governing the EU.


Whenever we transfer Personal Data out of the EU, EEA, UK, and Switzerland, we use appropriate safeguards and controls to protect your Personal Data in accordance with applicable laws. Please contact us for more information about the safeguards we have put in place to protect your Personal Data and privacy rights in these circumstances.


In light of the evolving body of regulations applicable to international data transfers, we remain committed to having a lawful basis for data transfers in compliance with applicable data protection laws. We will continue to abide by the lawful data-transfer mechanisms, Privacy by Design, and Privacy by Default.


The following provisions govern information collected in reliance on the EU-U.S. DPF Principles for transfers of Personal Data from the EU to the United States:


Confirmation and Correction

Pursuant to the EU-U.S. DPF Principles and the Data Privacy Framework, EU and UK individuals have the right to obtain our confirmation of whether we maintain Personal Data relating to you in the United States. Upon request, we will provide you with access to the Personal Data that we hold about you subject to the processes and conditions stated in this Privacy Policy. You may also correct, amend, or erase the Personal Data we hold about you if it is incorrect or has been processed in a manner inconsistent with the Principles. An individual who seeks access to, or who seeks to correct, amend, or erase inaccurate Personal Data transferred to the United States under the Data Privacy Framework, should direct their query to privacy@viome.com. If requested to erase or remove Personal Data, subject to verification of your identity and other safeguards we employ, we will respond within a reasonable timeframe.


Lawful Requests

Viome may be required to disclose Personal Data pursuant to lawful requests made by public authorities, including to meet national security or law enforcement requirements.


Dispute Resolution

In compliance with the EU-US Data Privacy Framework program’s Principles, Viome commits to resolve complaints about your privacy and our collection or use of your Personal Information transferred to the United States pursuant to the DPF Principles. European Union individuals with DPF inquiries or complaints should first contact Viome at: privacy@viome.com.


Viome has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs.


If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit: https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you. For the purpose of EU-US Data Privacy Framework and adherence to the DPF Principles, Viome includes the covered entity of Viome Habit LLC that is covered by this Privacy Policy.


If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See DPF Program Arbitration Procedures set forth in Annex I of the DPF Principles: https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2


For EU, UK, and EEA Individuals

Depending on where you reside, you may also contact Viome’s designated EU,UK, and EEA-based representatives at:


For EU:

DataRep

12 Northbrook Road

Dublin, Ireland

For UK:

DataRep

107-111 Fleet Street,

London, EC4A 2AB

United Kingdom

For EEA:

DataRep

In each country location


Email (for EU, UK, and EEA): viome@datarep.com quoting < Viome Life Sciences, Inc. > in the subject line. Find this online webform at: www.datarep.com/data-request


If you are not happy with how we have responded to your request or resolved your complaint, you may contact the relevant supervisory authority found at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html


Notice

When Viome collects Personal Data from individuals, it will inform the individual of the purpose for which it collects (as stated in this Privacy Policy that adheres to the DPF Principles or by other means) and uses the Personal Data and the types of non-agent third parties to which Viome discloses or may disclose that information. Viome shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to Viome, or as soon as practicable thereafter, and in any event before Viome uses or discloses Personal Data for a purpose other than for which it was originally collected.


In instances in which Viome is not the Controller or Collector of the Personal Data, but only a Processor, it may not have means of providing individuals with the choice and means for limiting the use and disclosure of their Personal Data or providing notices when individuals are first asked to provide Personal Data to Viome. In such instances, Viome will comply with the instructions of the Controller or the Collector of such information; provide appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and to the extent appropriate, assist the Controller or the Collector in responding to individuals exercising their rights under the Principles.


Choice

In those instances where Viome collects Personal Data from individuals, we will provide an individual opt-out choice, or opt-in for Sensitive Data, before we share your Sensitive Data with third parties other than our agents, or before we use it for a purpose other than for which it was originally collected or subsequently authorized.


To request to limit the use and disclosure of your Personal Data, please submit a written request to: privacy@viome.com


Disclosures to Third Parties

In those instances, in which Viome collects Personal Data from individuals, prior to disclosing Personal Data in personally identifiable way to a third party that is not already identified in this Privacy Policy, Viome shall notify the individual of such disclosure and allow the individual the choice to opt-out of such disclosure, or opt-in for Sensitive Data.


Viome shall ensure that any agent third party for which Personal Data may be disclosed to subscribes to these Principles or are subject to laws providing the same level of privacy protection as is required by these Principles and agree in writing to provide an adequate level of privacy protection.


Viome will not sell, lease, or rent your individual-level Personal Data to any third party or to a third party for research or study purposes without your explicit consent. However, we may use and share de-identified, anonymized, pseudonymized, and aggregate forms of data with third parties (together with the data of others so that you cannot reasonably be identified with the shared data as an individual), in order to perform business operations, initiate Research or Research Studies, Study Participations, for data analytics and enhancing our data analytics engine, send you marketing emails, or to improve our Services.


Viome’s Accountability

Viome’s accountability for Personal Data that it receives in the United States under the Data Privacy Framework and subsequent transfers to a third party as described in the Data Privacy Framework. In particular, Viome remains responsible and liable under the Data Privacy Framework in certain circumstances for onward transfers of Personal Data to third parties if the third-party agents that it engages to process the Personal Data on its behalf do so in a manner inconsistent with the Principles, unless Viome proves that it is not responsible for the event that gave rise to the damage.


Viome is also subjected to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”), the U.S. Department of Transportation (“DOT”) or any other U.S. authorized statutory body and such bound by other applicable laws and regulations.


Data Security

Viome shall take reasonable steps and employ processes to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction. Viome has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the customer information from loss, misuse, unauthorized access or disclosure, alteration, or destruction. However, Viome cannot guarantee the security of information on or transmitted via the Internet. Such safeguards and processes include but not limited to:


i) Self-assessment

Viome uses a self-assessment approach or outside compliance review to assure compliance with this Privacy Policy and it periodically verifies that this Privacy Policy is accurate, comprehensive for the information intended to be covered, and in accordance with the Principles.


ii) Data Integrity

Viome shall only process Personal Data in a way that is compatible with and relevant for the purpose for which it was collected or authorized by those who provided the information. To the extent necessary for those purposes, Viome shall take reasonable steps to ensure that Personal Data is accurate, complete, current and reliable for its intended use.


iii) Access

In those instances, in which Viome collects Personal Data directly from individuals, Viome shall allow those individuals access to their Personal Data and allow the individual to correct, amend or erase inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.


Contact Us

If you have questions about this Privacy Policy, please contact us by email at privacy@viome.com or by writing to us at:

Viome Life Sciences, Inc.

Attn: Chief Privacy Officer

205 108th Ave NE, STE 150

Bellevue, WA 98004

Email: privacy@viome.com