As part of our genetic testing, we will need to collect information (including but not limited to a single saliva sample) from you to accurately determine your genetic make-up. This Privacy Policy describes our practices in connection with personal data (defined below) that we or our service providers may collect, use or disclose when you use our services, visit our website, mobile sites, applications, software and other services that we offer (collectively, the “Services”), operated and controlled by us, Gene Story Pte. Ltd. (Company Registration No. 202315699Z), a private limited company incorporated under the laws of the Republic of Singapore with its registered address at 9 Raffles Place, #29-05, Republic Plaza, Singapore 048619 (the “Company” or “we”). This Privacy Policy should be read in accordance with the Company’s Terms and Conditions available at [insert website link].
By using the Services, you (“you” or “your” shall mean the party disclosing personal data who may include individuals or businesses) are deemed to have read, understood and accepted our practices in this Privacy Policy, including providing your express consent for using or dealing with your saliva sample for genetic testing in or out of Singapore. We are not responsible for the privacy practices of any third-party websites that may be linked to our Services. It is your responsibility to check this webpage periodically to see if any terms have been changed or modified. Your continued use of the Services constitutes your acceptance of any updates to this Privacy Policy.
This Privacy Policy is drafted in accordance with the Personal Data Protection Act 2012 (“PDPA”) under Singapore law and is intended for use in Singapore and, where applicable, other countries or regions which provide the same level of protection for personal data that is comparable to the standards of the PDPA.
The PDPA recognizes the rights of individuals to protect their personal data (including rights of access and correction) and the requirement for organizations to collect, use or disclose personal data for legitimate and reasonable purposes. Accordingly, this Privacy Policy outlines the personal data that we collect, how it may be used, how it is stored and retained, whom it may be transmitted to as well as our and your responsibilities in relation to such uses and disclosures. We recommend that you read this Privacy Policy and our Terms and Conditions carefully before disclosing any personal data to us or using the Services.
We collect personal data when you create an account to use the Services.
“personal data” or “personal information” means data, whether true or not, about an individual who can be identified –
If you choose not to provide us with the information requested, you may not benefit from certain features of the Services and your use of the Services may be limited. If you have an account with us, you may login using your e-mail, Google account, Naver Account, or Kakao Account.
The personal information we collect from you may include but are not limited to the following and you will be informed what information is required and what information is optional:
We will only collect information that is reasonably necessary for us to provide you with the Services. We collect such information only when we ask you for it and you provide it, and through technology that collects information automatically, such as cookies or other similar technologies. We will not be responsible for relying on inaccurate or incomplete data arising from your failure to notify us of any changes or inaccuracies in your personal data that was provided to us.
We collect information in several ways, such as:
We do not collect audio, visual or similar information such as photographs, videos or voice recordings. Unless specifically requested for, we ask that you do not send us or disclose to us any sensitive personal information such as passport/national identification card numbers, social security numbers, credit card numbers, information related to racial or ethnic origin, political opinions, sexual orientation, criminal background on or through the Services or otherwise to us.
We may collect certain information automatically through the use of cookie-less tracking technology when you use the Services, and the information may be collected in the following ways:
This may include your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, and Internet browser type and version.
Your IP address, along with the time of the visit and pages visited, is identified and logged automatically in our server log files whenever you visit the Services. Collection of IP addresses is standard practice and is done automatically by many online services. The IP address collected may be use for diagnosing server problems and administering the Services.
If you access the Service through a mobile device, we may collect information on it such as smartphone device brand and type to understand how you use the Service.
We may use your personal information only for purposes permitted by applicable laws and for the purpose for which it is collected, which generally includes the following:
By using the Services, you expressly authorize and consent to us gathering, reviewing, retaining and where reasonably required, transmitting your personal information to our intermediary companies and entities for the proper and reasonable purpose of them storing and using the data responsibly and in accordance with the PDPA. When you provide personal information on or through the Services, the information may be sent to servers located outside of Singapore. In such an event, we will take appropriate steps to ascertain that the foreign recipient organization of the personal data is bound by legally enforceable obligations that are in-line with the requirements under the PDPA.
We may also use your personal information to:
We may, after anonymizing your personal information, conduct analytics on the data collected for the purposes of obtaining big data, trends, patterns or any other form of result or finding which the Company in its sole discretion deems necessary for the delivery of the Services.
Personal data collected by the Company are stored in information systems adopted by the Company. We adopt commercially reasonable security measures to safeguard personal data collected including but not limited to the following:
The Company adopts measures and procedures that are aligned with guidance from the Personal Data Protection Commission. However, we do not guarantee that data breaches will not occur despite the adoption of commercially reasonable security measures that include the measures set out above.
We do not share your personal information with others except as indicated in this Privacy Policy or when we inform you and give you an opportunity to opt out of having your personal information shared. We may share personal information with:
We may disclose your information, including personal information in response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights, to defend against legal claims, or as otherwise required by law.
Personal data collected by the Company are stored in information systems adopted by the Company. We adopt commercially reasonable security measures to safeguard personal data collected including but not limited to the following: [to confirm]
The Company adopts measures and procedures that are aligned with guidance from the Personal Data Protection Commission. However, we do not guarantee that data breaches will not occur despite the adoption of commercially reasonable security measures that include the measures set out above.
We do not share your personal information with others except as indicated in this Privacy Policy or when we inform you and give you an opportunity to opt out of having your personal information shared. We may share personal information with:
We may disclose your information, including personal information in response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights, to defend against legal claims, or as otherwise required by law.
In order to accurately determine your genetic make-up or to provide the Services, your personal information (including saliva sample) may be transferred, stored or processed in, or any country outside of, Singapore where we have facilities (including laboratories or clinics) or service providers. By using our Service or by providing consent to us (where required by law), your information may be transferred to countries or territories outside Singapore, which may provide for different data protection rules than in Singapore. We will ensure that the use and disclosure of personal information transferred offshore is dealt with in accordance with this Privacy Policy, and we will not transfer your personal data to service providers within Singapore, or (as the case may be) a country or territory outside Singapore that does not provide protection of personal data that is comparable to the protection under the PDPA.
We retain information for different periods of time for as long as needed or permitted for the purpose(s) for which it was obtained. Generally, we determine retention periods by the length of time for which we have an ongoing relationship with you and provide the Service to you; whether there is a legal obligation to which we are subject; or whether retention is advisable having regard to legal considerations (such as applicable statutes of limitations or regulatory investigations).
There are a number of places on our Services where users may click on a link to access other websites that do not operate under this Privacy Policy. For example, if users click on an advertisement (news and promotions) on our Services, they may be taken to a website that we do not control. These third-party websites may independently solicit and collect information, including personal information, from the users and, in some instances, provide us with information about the users’ activities on those websites. You are advised to consult the privacy statements of all third-party websites that you visit. The availability of, or inclusion of a link to, any such site or property on the Service does not imply endorsement of it by us or by our affiliates.
We use reasonable physical, administrative and technical measures to help safeguard and secure your personal information from unauthorized access, collection, use, copying, modification, disposal and disclosure. However, no system can be completely secure. Therefore, we cannot guarantee that your personal information, activities while you use the Services, or other communications will always remain secure. If you have a reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you have with us has been compromised), please immediately contact us below.
We do not keep personal information for longer than it is required, and we destroy or permanently anonymize personal information that we no longer need, where permitted.
In the event of a data breach, the Company shall have regard to the Guide on Managing and Notifying Data Breaches under the PDPA, including:
Although our Services are for a general audience, we restrict the use of the Services to individuals aged 18 and above. By proceeding with the use of the Services, you warrant that you are either aged 18 or above, or you are the legal guardians of individuals below 18. It is your sole responsibility to provide your correct birth date when you set up an account and we are entitled to assume that all personal data provided is true and accurate. We will take appropriate steps to delete any personal data of persons less than 12 years of age that has been collected on or through the Services without verified parental consent, or consent from a legal guardian, upon learning of the existence of such personal data.
This Privacy Policy does not create rights enforceable by third parties or require disclosure of any personal information relating to users of the Services.
We acknowledge that the European Union General Data Protection Regulation (“GDPR”) will apply if we process or hold any personal data of individuals located at or residing in the European Economic Area (“EEA”) or if we offer goods or services to individuals in the EEA (“EU Individuals”).
We understand that we may lawfully process personal data if consent is provided by the EU Individual for the processing for specific purposes, if it is necessary for the performance of a contract of if it is necessary for our compliance with a legal obligation.
We understand that personal data must be processed lawfully, fairly and transparently, be collected and applied only for specified, explicit and legitimate purposes, must be limited to only what is required, must be accurate, not be kept in personally identifiable form for longer than is necessary and must be secured and protected pursuant to the GDPR.
We acknowledge and agree that the GDPR affords EU Individuals with rights such as:
We agree that we will act on a request from an EU Individual without undue delay (within one month). We will maintain records of how we process personal data, acknowledge the need to conduct data protection impact assessments and the need to apply careful consideration in the adoption and engagement of our data processors.
If at any time you would like to access, review, correct, update, restrict, or delete your personal data (including deleting your genetic data and/or DNA sample from our data storage) or if you would like to enquire about our privacy practices, please contact us by:
We will endeavour to respond to your request as soon as reasonably practicable and no later than one (1) month after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response. Your withdrawal of consent to our collection, use and disclosure of personal information may mean that we will not be able to continue with the existing relationship with you and the contract that you have with us may be terminated.
Please note that while you may have a right to access your personal data, there are some circumstances where we are not permitted to give you access to it under the PDPA (for example, we will not accommodate a request to access, change or delete personal data if we believe that doing so would violate any law or legal requirement).
As part of our efforts to ensure that we properly manage, protect and process your personal data, we will review our policies, procedures and processes from time to time. We reserve the right to amend the terms under this Privacy Policy at our absolute discretion. We will notify you of any changes to this Privacy Policy by way of email or by a pop-up notification when you access the website, app or Services to help ensure that you are always aware of the information that we collect, how we use it, and in what circumstances, if any, that we share it with other parties.
You are encouraged to visit the Services from time to time to ensure that you are well informed of our latest policies in relation to personal data protection. Your use of the Service following any changes means that you accept the revised Privacy Policy. This Privacy Policy was last updated on 18.05.2023.