Effective date: 14-DEC-2021
and households) whose personal data we collect in the ways described in Section 1 below.
This Policy does not apply to the personal data of our employees, job applicants, contractors, business owners, directors, officers, or medical staff. This Policy also does not apply to information that does not constitute personal data, such as information
that has been irreversibly anonymized.
If we do not maintain information in a manner that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular individual or household, such information is
not considered personal data and this Policy will not apply to our processing of that information.
YourBio Health, with its registered address at 200 Boston Ave, Suite 3700, Medford, MA 02155, USA will be the controller of your personal data. We collect your personal data when you request products or services from us or when you use our website (
we recommend that you read it carefully.
The personal data we collect from you
We may collect and use your personal data when you submit it to us in the following ways:
The reasons for processing your personal data
Account registration: when you set up an account with us on one of our websites or applications, we will collect your personal data, such as your full name, email address and password.
Purchasing our products and services: when you purchase YourBio Health products or services direct from us on our website, we will collect your personal data to process your request, such as: your full name, date of birth,
gender, payment details, billing address, shipping address, contact details (such as email address and telephone number). To process your order, an order ID and KIT ID will be assigned to you. We will also receive a tracking reference number
from our third party partner who will send the product that you have purchased from us to your shipping address.
Medical questionnaire: if you choose to do so, you can update your user profile with details about vaccination doses and your medical history so we are able to better tailor your test results.
Website interactions: when you browse or interact with our website, the servers hosting the website automatically record certain information about you when you use the website, including details of your IP address, operating
device, geolocation, and your device serial number (for more information, read our Cookies Policy).
Reviews: if you choose to provide a review of a YourBio Health product or service and agree to allow us to post that review on our website, we will process the details of your review along with your first name and your last
initial. Your review, first name, and last initial will then be visible to the general public on our website.
General communications: when you provide personal data to us in correspondence and communications (including through our website), including for technical support or general support for our products and services, we will process
any personal data that you provide to us in connection with these correspondence and communications, including your full name, email address, telephone number, your IP address (to track your location), and any other information you choose
Anonymisation: We may anonymise your personal data so all identifying features are irretrievably removed and you cannot be identified. We may use the anonymised data for any lawful purpose.
Health-related data you provide to receive our products and services: in order to provide you with our products and services, we will need to log and record your medical test results in order for you to access the test results.
We will also log a unique order ID, an image of the test report and your test results on our database.
The types of personal data relating to you that we may collect, and the purposes for which we process this data, depends on the nature of your interaction with us. This section describes our reasons for processing your personal data and, in accordance
with applicable data protection laws in the United Kingdom and the European Economic Area ("EEA"), specifies the legal basis under which we are allowed to process your personal data.
Reasons for Processing General Personal Data
Generally, we may process your general (non health related) personal data because it is necessary to perform our obligations under a contract with you or for your benefit, for the establishment, exercise or defence of legal claims or proceedings, and
to comply with our legal and regulatory obligations. Other bases for processing your other personal data are described below.
To enable us to perform the contract you have entered into for our products and services. This covers processing we carry out to process any request for a YourBio Health product or service we receive from you or which is made on your behalf, to deliver
your requested YourBio Health product or service (including sharing your personal data with our third party partner) and to enable us to take payment from you or provide you with a refund.
On the basis of our legitimate business interests (including for statistical purposes), including:
to notify you about changes to our products or services and provide you with customer service;
to improve and monitor the quality of our products and services;
to enable us to respond to an enquiry or other request you make when you contact us via our website or through another communication channel;
to promote and advertise the YourBio Health product via our website; and
to protect the security of and manage access to our IT and communication systems, online platforms, websites, and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities.
On the basis of our legitimate business interests, we may contact you to inform you of, and make suggestions and recommendations about our products and services that we believe may be of interest to you.
Reasons for Processing Health-Related Data
We may process your health related data (as detailed above) as described below. Please note that the legal bases which we rely on to process your health related data will be determined by your use of the product or service which you have requested from
Where you have requested a product or service from us in connection with a medical diagnosis, we will process your health related data:
for the provision of health and social care and to conduct scientific research;
for the purpose of providing the products or services you have requested;
to allow you to register for our products or services on your behalf, to access your test results which we receive from our third party partner who has processed your test results, and provide you with statistical information in connection with your test
results (Please note that we will store your test results for your use, including for the purposes of allowing you to access and verify your results);
to de identify your health related data and to use that de identified data in order to monitor how our products and services are used and to evaluate the performance, impact and experience of our products and services and for product improvement and development,
including the effectiveness of our sample testing techniques; and
to conduct scientific research into diagnostics on de identified data in connection with related health factors, which may include repeated observations over time of test results and associated risk factors or health outcomes, and other data analysis
and market research.
We also process your health related data (such as details about vaccination doses and your medical history), where we have your explicit consent, to better tailor our services to you.
You can withdraw your consent to any of these processing activities at any time by contacting us. When you withdraw your consent, we will stop any future processing of your health related data for the relevant purposes. We will be entitled to continue
to process any data that we have irreversibly anonymised so that it is no longer possible to identify you.
We may archive your health related data in furtherance of scientific research purposes. In certain circumstances, we may need to process your health related data to comply with local legal and regulatory requirements, for example if we need to issue a
safety notice or corrective action related to any of our products or services; for reporting to and/or being audited or investigated by national and international regulatory bodies; or to comply with court orders and to exercise and/or defend
our legal rights.
will be sought.
We may use your personal data to market our products and services to you which we believe may be of interest to you based on previous products and services provided to you. We may contact you by SMS, post, e mail, telephone or via your social media account
unless you have told us that you do not wish to receive marketing communications from us. Where we are required by applicable laws, we will obtain your prior consent before contacting you. We will not sell or otherwise share your personal data
You have the right to opt out of receiving marketing at any time by following the information in each communication on how to unsubscribe or by writing to us at: email@example.com. You also
have the right to object to any processing that includes profiling for direct marketing purposes and can exercise this right by writing to us at the email provided above.
Our disclosure of your personal data
We may share your personal data with the following third parties:
Information technology service providers: We may use certain trusted third party companies and individuals to help us provide, analyze, and improve our products and services, including but not limited to those that provide:
- data storage, database management, and infrastructure as a service ("IaaS") services; software development services;
- customer service and support software; and
- web analytics software.
Individuals under 21
Partners: where you have requested a product or service from us, we may share your personal data with the partner so that they may deliver your product to you or process your medical test results.
Payment processors: we use third party payment processors in order to process your payment for our goods or services. Our payment processors are separate controllers who collect and process your information, including payment
information, in accordance with their privacy policies, which can be found on their websites.
Administrative and legal reasons: we may disclose personal data as we deem necessary and appropriate under applicable laws, such as to comply with bankruptcy proceedings or similar legal process, or in response to lawful requests
by public, governmental and regulatory authorities. Where we are required to by law, we may also disclose your personal data (a) where it is necessary to investigate or protect the rights, property, or safety of YourBio Health, our products
and services, our partners who help us provide our products and services to you, or other business partners; or (b) to prevent or take action regarding illegal activities, fraud, or situations involving potential threats to the safety of any
person; or (c) as evidence in litigation.
Business transfers: we may disclose and transfer your information and data to a third party: (a) if we assign our rights regarding any of the information to a third party, or (b) in connection with a corporate merger, consolidation,
restructuring, sale of certain of our ownership interests or assets (or both), or other corporate change.
Aggregated statistics: We may collect statistics about the behavior of visitors to our websites. For instance, we may monitor the most popular pages on the site. We may display this information publicly or provide it to others.
However, we do not disclose personally identifying information other than as described in this policy.
Our products and services are not aimed at individuals under 21. If you are aware of the fact that an individual under 21 has given us personal data, please contact us at: firstname.lastname@example.org.
We do not intentionally collect personal data from individuals under 21 years of age. If we become aware of the fact that an individual under 21 has given us his/her personal data, we will take the necessary measures to remove this information.
We use a variety of technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, in accordance with our internal security procedures and applicable
applicable privacy and data protection laws, and any misuse by employees is subject to disciplinary action.
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws and/or regulatory requirements and standards
or until you withdraw your consent (where applicable). To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use
or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements and standards.
The personal data that we, or our third party service providers, collect from you may be stored in the United Kingdom and/or EEA as well as being transferred to a destination outside the United Kingdom and the EEA, such as to the United States. This location
may not provide the same protections as the data protection laws in the United Kingdom and/or EEA. Where the country we transfer your personal data to outside the United Kingdom or the EEA is not already recognised by the relevant authorities
as providing adequate data protection under Article 45 of the GDPR, we will implement appropriate safeguards (such as the European Commission or United Kingdom approved standard contractual clauses) to govern such transfers, pursuant to applicable
the EU Standard Contractual Clauses can be found here and a copy of the UK Standard Contractual Clauses can be found here. For further
information, please contact us using the details in the "Contact Us" section below.
Links to other websites
Links to the Third Party Sites from our website do not imply that YourBio Health endorses or has reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies.
You may have the right to: (a) access the personal data we hold about you; (b) request we correct any inaccurate personal data we hold about you; (c) request we delete any personal data we hold about you; (d) restrict the processing of personal data we
hold about you; (e) object to the processing of personal data we hold about you; (f) not be subjected to a decision based solely on automated processing, including profiling, which produces legal effects, or similarly significant effects, concerning
you; and/or (g) receive any personal data we hold about you in a structured and commonly used machine readable format or have such personal data transmitted to another company.
Please note that we may ask you to verify your identity before responding to such requests.
Where you have been asked to consent to the processing of your personal data, you can withdraw consent, such as by contacting us using our contacts details below. Any withdrawal of consent will not affect the lawfulness of the processing based on your
consent before the withdrawal. Please also note that where you withdraw consent, we will only stop processing your personal data that relates to the withdrawal of consent.
To exercise any of your rights in connection with your personal data, please contact us using the details in the "Contact Us" section below. If you are located in the United Kingdom or the EEA, you have the right to complain to a data protection authority
in your country about our collection and use of your personal data.
VeraSafe has been appointed as YourBio Health's representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can
be contacted in addition to or instead of email@example.com only on matters related to the processing of personal data.
To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or
via telephone at: +44 (20) 4532 2003. Alternatively, VeraSafe can be contacted at: VeraSafe United Kingdom Ltd. 37 Albert Embankment London SE1 7TL United Kingdom.
Please also note that VeraSafe has been appointed as YourBio Health's data protection officer. VeraSafe's data protection officer contact details are as follows: VeraSafe, LLC, 100 M Street S.E., Suite 600, Washington D.C. 20003, USA, +1 (617) 398 7067,
D-15963 Rev A