Segterra (InsideTracker) Privacy Policy

Last updated: February 17, 2020

Introduction

Segterra ("Segterra", "InsideTracker", "GoalGetter," "us," "our" or "we") recognizes the importance of privacy. We respect your desire to store and access your information in a private and secure manner. This Policy explains how we handle your Personal Information, Blood Information and Genetic Information. Your Personal Information is data that could be used to identify you. Your Blood Information is data related to your blood tests. Your Genetic Information is data related to your genotype for a specific set of genes.

This Privacy Policy governs the way in which we collect, use, maintain, and disclose information collected from users of our websites. These websites may include but are not limited to www.insidetracker.com, and any other website or mobile software application owned or operated by InsideTracker (the "Platform"). This Privacy Policy applies to the Platform and all products and services (collectively, the "Services") offered by us. We are committed to providing you a secure, user-controlled Platform. At the same time, you share responsibility for maintaining privacy and security. For example, we ask you to keep your password secure. Do not share it with any third parties. We urge you to read this Privacy Policy carefully.

The Policy applies to all new and existing InsideTracker users. To use the InsideTracker Services, you must agree to the Privacy Policy. You may not use the Services if you do not agree to the Privacy Policy because it is part of the Terms of Service ("Terms"). Any capitalized terms not defined in the Privacy Policy have the same meaning as those in the Terms.

Our Terms of Service explains that, by using our Platform and signing up for services provided by InsideTracker or on our behalf by third parties with whom we contract, you are allowing us to collect, use and process your Personal Information, Blood Information and Genetic Information according to the Terms, the Product Consent and this Privacy Policy. If you have any questions about this Policy, please contact us at support@insidetracker.com. If you do not agree with the terms of this Privacy Policy, please do not use the Platform or Services.

By voluntarily giving us Personal Information and agreeing to have partner companies transmit your blood data and/or your genetic data to us, you are consenting to our use of it in accordance with this Privacy Policy and our Product Consent. If you give Personal Information to us, you agree that such Personal Information may be transferred from your current location to the offices and servers of InsideTracker and third parties we authorize.

Privacy Principles

We follow the principles listed below to protect your privacy:

  • We do not collect any more Personal Information about you than we need.
  • We only use your Personal Information for the purposes we specify in this Privacy Policy, unless you agree otherwise.
  • Other than as we specify in this Privacy Policy, we do not share your Personal Information with third parties.

Information We Collect

  • Personal Information (Data).
    InsideTracker collects several types of Personal Information. Personal Information is data that could be used to identify you, either alone or when combined with other information. We gather this information from you when you buy our Services, subscribe to our newsletters, and use the Platform. You will also provide such information when you create a personal account and complete surveys and forms. When you communicate with us or request information from us we will collect Personal Information from you. Personal Information collected online can be combined with Personal Information collected offline. The Personal Information we collect may include your name, email address, mailing address, date of birth, gender, and credit card or bank account information. If you buy our InsideTracker service we will also collect certain health, test, and biometric information, including, but not limited to, blood biomarker data, height, weight, ethnicity, and heart rate. If you buy the InsideTracker genetics service, we will also collect certain DNA (Genetic) information. Personal information may include registration information, blood biomarkers information, DNA information, self-reported information, user content and web behavior information.
    • Registration Information is information that we collect from you when you register for InsideTracker Services. Examples include your name, age, login credentials, and contact information, such as an email address. We use this information to deliver our Services to you, to communicate with you, and to confirm your identity.
    • Blood biomarker data is data related to your blood test results from tests done by InsideTracker laboratory partners. You may also upload existing blood test results from tests ordered by your doctor or insurance company. We may use your blood biomarker data in a de-identified, aggregated way for InsideTracker research.
    • Genetic (DNA) information is data related to your genotype for a specific set of genes related to healthy aging, nutrition, weight, sleep and physical activity. InsideTracker will receive your genetic information from our partner Helix when you buy the GoalGetter product. When you purchase the InsideTracker DNA kit, you will collect a DNA sample using the provided collection kit and send it to our partner AKESOgen for DNA extraction and analysis. If you purchase our genetics add-on service, you will provide your genetic data from DNA tests that you have previously had done. InsideTracker analyzes your DNA data using an algorithm that determines your genetic potential for certain traits. InsideTracker may use your aggregated, de-identified genetic data for research and development to improve future products. For research that we hope to publish in scientific publications, we will request separate permission through a Research Consent document to use your de-identified Genetic Information. Any Research Consent is optional and voluntary. You will not be required to agree to a Research Consent document in order to use the Platform or Services.
    • Self-Reported Information includes information you provide in the InsideTracker questionnaire or in any other website surveys or forms, such as sex, body weight, height, diet, etc. We may use your Self-Reported Information in a de-identified way for InsideTracker research.
    • User Content is all information other than Genetic Information or Self-Reported Information provided by the users of the InsideTracker Services and transmitted, whether publicly or privately, to InsideTracker. User content may include data, text, software, music, audio, photographs, graphics, video, messages, or other materials. For example, user content includes comments made on InsideTracker blogs and emails to customer support.
    • Web Behavior Information is information on how you use the Platform (e.g. browser type, domains, page views). We may collect this information through log files, cookies, and web beacon, analytical and advertising technologies.

If you have purchased InsideTracker as a gift for someone else, any information you provide about the gift recipient will be used only as needed to deliver the gift. Your gift recipient must create their own account. The gift recipient also must provide their own blood and genetic samples or data depending on the InsideTracker plan selected. The gift recipient must provide their own consent. No one else can consent for them. InsideTracker will not share any Personal Information of the gift recipient with you.

You can always refuse to supply the Personal Information that we request. If you do refuse to supply information, you may not be able to engage in certain Platform-related activities and receive certain Services and information.

  • Non-Personal Information. We may collect non-Personal Information about you when you interact with our Platform. Non-Personal Information may include your browser name, type of computer, and the files you viewed on the Platform. Clickstream data, (i.e. a list of pages or URLs visited), and technical information about how you connect to the Platform, such as the operating system and the internet service providers used, are other types of non-Personal Information that we may collect. We may, in some cases, need to review this automatically collected data in combination with specific registration information to identify and resolve issues for individual users, detect fraud, etc. To the extent that we link this non-Personal Information with your Personal Information, this Privacy Policy governs our use of such information.
  • Electronic Health Records Disclaimer. At no time shall your Personal Information, including blood data or genetic data collected from you in accordance with this Privacy Policy be deemed to be an electronic health record or an electronic medical record for any purpose, including without limitation for purpose of compliance with the Health Insurance Portability and Accountability Act of 1996.

How We May Use Your Personal Information

We may collect and use Personal Information for the following purposes:

  • To provide InsideTracker services. We use your Personal Information, including blood biomarker data, height, weight, ethnicity, along with your Self-Reported Information to produce your InsideTracker analysis. If you buy InsideTracker genetic services, we will use your DNA Information to provide you with analysis of your genetic potential.
  • To process transactions. Information you give to us lets us process transactions made on the Platform or otherwise as necessary to perform our contractual obligations to you, including confirming your order, billing, and delivering products or services.
  • To improve customer service. Information you provide helps us respond to your customer service requests and support needs more efficiently. We will do this on the basis of our legitimate business interests.
  • To personalize your experience. We may use combined, de-identified information to understand how our users as a group use the Services. We will do this on the basis of our legitimate business interests.
  • To improve our Services. We may use combined, de-identified information and feedback you provide to improve our Services. We will do this on the basis of our legitimate business interests.
  • To run a promotion, contest, survey, or other feature of the Platform. With your consent, we will use your Personal Information, preferences and details of your transactions to keep you informed by email, text, web or telephone about our products and services. These products may include tailored special offers, discounts, promotions, events, competitions and so on. We do not use your blood test results or DNA data for marketing. Of course, you are free to opt out from hearing from us by any of these channels at any time.
  • To respond to your inquiries. We will use your Personal Information to respond to your inquiries, questions and/or other requests. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests.
  • To share offers from third parties that may be of interest to you. With your consent, we may use your information to tell you about offers, programs, products, or services from third parties that may be of interest to you.
  • As required by law To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Policy and other legally required notices or information. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your Personal Information for these purposes, we would be unable to meet our legal obligations.
  • To comply with our legal or contractual obligations to share data with law enforcement. If we are required to disclose your information, we will do our best to provide you with notice in advance, unless we are prohibited by law from doing so.
  • To fulfill any other purpose for which you provide Personal Information. We may use your Personal Information for purposes that we tell you about at the time we collect the information or later with your consent.
  • For scientific research. We may include your anonymized blood test information and self-reported information in disclosures to third parties for the purpose of research or other applications, but no identifying information will be shared without your prior knowledge and consent. InsideTracker research is intended to advance wellness and nutrition knowledge and to create, commercialize, or undertake activities toward the practical applications of this learning to the improvement of health care. Our research partners may include commercial or non-profit organizations that conduct or support medical research or conduct or support the development of drugs or devices to diagnose, predict, or treat health conditions. We may ask permission to use your de-identified Genetic Information for research that we hope to publish in scientific publications. If you choose to give this permission, you will agree to a Research Consent document. The Research Consent document is optional and voluntary. You may use the website or services without agreeing to the Research Consent document.

How We Protect Your Information

The security of your Personal Information is important to us. We have adopted generally accepted industry standards for our data collection, storage, and processing practices and security measures to protect against unauthorized access, alteration, disclosure, or destruction of your Personal Information, username, password, transaction information, and data stored on the Platform. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

Please recognize that protecting your Personal Information is also your responsibility. We ask you to safeguard your password, secret questions and answers, and other authentication information you use to access our services. You should not disclose your authentication information to any third party. You should also immediately notify us of any unauthorized use of your password. We cannot secure Personal Information that you release on your own or that you request us to release.

In addition, you may choose to disclose, through other means not associated with us, any part of your Personal Information and/or Genetic Information. You may share this information with friends or family members, groups of individuals, third-party service providers, doctors or other health care professionals, or other individuals. We recommend that you make such choices carefully.

The Genetic Information Nondiscrimination Act of 2008 (GINA) says that you are not required to share your genetic information with your employer or your health insurance company. Other companies, such as life insurance, long-term care insurance, and disability insurance companies, may ask you to share your genetic information. Always be careful with whom you choose to share your genetic information as it is your ultimate right and choice to share such information.

If you do choose to share genetic data with your doctor or other health professional, those genetic data may become part of your medical record. Other health professionals and health insurance companies may be able to access the genetic data in your health record.

We will have no responsibility or liability for any consequences that may result because you have released or shared Personal Information and/or Genetic Information with a third party. It is your responsibility to share Personal Information and Genetic Information only with people you know and trust.

We reserve the right to update our privacy and security policies and practices from time to time at our sole discretion. We will employ commercially reasonable technical and organizational safeguards against unauthorized disclosure or access to your data or other personally identifiable information about you, consistent with our Privacy Policy. HOWEVER, YOU ACKNOWLEDGE THAT SECURITY SAFEGUARDS, BY THEIR NATURE, ARE CAPABLE OF CIRCUMVENTION AND INSIDETRACKER DOES NOT AND CANNOT GUARANTEE THAT PERSONALLY IDENTIFIABLE INFORMATION ABOUT YOU WILL NOT BE ACCESSED BY UNAUTHORIZED PERSONS CAPABLE OF OVERCOMING SUCH SAFEGUARDS. IN PARTICULAR, OUR PLATFORM MAY BE USED TO ACCESS AND TRANSFER INFORMATION, INCLUDING PERSONALLY IDENTIFIABLE INFORMATION ABOUT YOU OVER THE INTERNET. YOU ACKNOWLEDGE AND AGREE THAT INSIDETRACKER DOES NOT OPERATE OR CONTROL THE INTERNET AND THAT UNAUTHORIZED USERS (SUCH AS HACKERS) MAY USE VIRUSES, WORMS, TROJAN HORSES, KEYSTROKE LOGGERS AND OTHER UNDESIRABLE DATA AND SOFTWARE TO OBTAIN ACCESS TO OR DAMAGE OUR SITE OR TO ACCESS PERSONALLY IDENTIFIABLE INFORMATION ABOUT YOU. Furthermore, we cannot be responsible for any personally identifiable information about you that you release on your own, or that you request or authorize us to release.

Disclosure of Your Personal Data

We may disclose aggregated, or other non-Personal Information or information about our users without restriction. We may disclose Personal Information about you in the ways described below and/or to the third-parties mentioned below.

  • Affiliates. To our parents, affiliates, joint ventures, or promotion partners, for their use in a manner consistent with the purposes described in this Privacy Policy.
  • Agents and Service Providers. To contractors, service providers, and other third parties we use to support our business and provide the Services. These providers may complete transactions or perform services on our behalf or for your benefit.
  • Marketing. With your consent, we may share your personal data to third parties for their own direct marketing purposes, to provide you with information about products that may be of interest to you, and for other purposes as specifically set forth in this Privacy Policy. We do not share any DNA data, DNA analysis or blood test data with third parties for marketing purposes.
  • Legal Process. As required by law, such as to comply with a subpoena or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. If we are required to disclose your information, we will do our best to provide you with notice in advance, unless we are prohibited by law from doing so.
  • Certain Business Transfers. As part of a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. It may also be disclosed in the event of insolvency, bankruptcy, or receivership. We will use reasonable efforts to direct any such transferee to use your Personal Information in a manner that is consistent with our Privacy Policy.
  • Consent. In additional ways upon your consent.

Your Rights

  • Request a Copy of your Personal Information. You have the right to request a copy of any Personal Information that we hold about you. If you would like a copy of your Personal Information, please contact us using the contact information below. We may request proof of your identity before sharing such information. If you discover that the information we hold about you is incorrect or out of date, you may ask us to correct that information by contacting us using the contact information below.
  • Cease Processing or Delete Personal Information. You may ask us to stop processing, or delete, the personally identifiable data we hold about you in certain circumstances. It may not be possible for us to stop processing or delete all of the information we hold about you where we are fulfilling a transaction or have a legal basis to retain the information, however please contact us to discuss how we can assist you with your request.
  • Withdraw Consent. When we process your information on the basis that you have consented to such processing, you have the right to withdraw your consent, or ask us to stop or restrict processing the Personal Information we have about you, at any time by contacting us using the contact information below.
  • Portability. You may also ask us to transfer your Personal Information to a third party in certain circumstances. If you would like any further information about your rights or how to exercise them, please contact us using the contact information below.
  • Complaints. If you are in the European Union, you have the right to make a complaint at any time to the relevant data protection authority in your country.
  • Retention. We will retain your information for as long as needed to fulfill your requests, provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements.
  • Unsubscribe. If you receive marketing emails from us, you can unsubscribe to our emails by clicking "unsubscribe" within each email. You may not opt-out of service-related communications, which are not promotional in nature.

Closing or Correcting Your Account

Your use of the InsideTracker service is voluntary. It is your choice whether to participate or not. You may cancel the service at any time. If for any reason you believe that your use is anything but voluntary, please stop all use of the service.

If you no longer wish to use InsideTracker Services, you may close your account by sending a request to Customer Support at support@insidetracker.com. When closing an account, we remove all Personal Information within your account. However, Personal Information that you have previously provided will not be removed from ongoing or completed internal R&D or business activities that use the information (as de-identified statistical information). Similarly, if you close your account after you have separately agreed to the Research Consent document, any genetic information that you have previously given consent to use in de-identified form will not be removed from ongoing or completed studies. If you wish to have your data removed from our business partners, you must contact them separately. In addition, we keep limited information related to your order history (e.g., name, contact, and transaction data) for accounting and compliance purposes.

If your Personal Information changes, you may correct or update it on your Profile page. You may also correct or reset Personal Information entered into a survey, form, or feature by emailing a request to customer support at support@insidetracker.com and including the name of the specific survey, form, or feature.

Third-Party Websites

You may find advertising or other content on the Platform that link to the websites and services of our partners, suppliers, advertisers, sponsors, licensors, and other third parties. We do not control the content or links that appear on these websites. We are not responsible for the practices employed by websites linked to or from the Platform. In addition, these websites or services, including their content and links, may be constantly changing. These websites and services may have their own privacy policies and customer service policies. Browsing on and interacting with any other website, including websites which have a link to the Platform, are subject to that website's own terms and policies. We encourage you to read the Privacy Policies of each website that you visit. This Privacy Policy applies solely to information collected by InsideTracker.

Cookies and Other Tracking Technologies

  • As is true of most websites, we gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our Platform (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the Platform.
  • InsideTracker uses cookies. A cookie is a small text file that is stored on a user’s computer when visiting certain websites. We use cookies or similar technologies to store session information, analyze trends, run the Platform, track users' movements on InsideTracker, and gather demographic information about our user base as a whole. These cookies are only applicable within our Platform.
  • The length of time a cookie stays on your device or computer depends on its type. "Persistent" cookies stay on your device or computer until they expire or are deleted. "Session" cookies will only stay on your device or computer for as long as you are on our Platform.

    We use first party cookies and third party cookies on our Platform. First party cookies belong to us. Third party cookies are placed on your device or computer by a third party through our Services, such as an advertiser.

  • Please click here for a list of the cookies used on our site.You can modify your cookie setting by following the instructions provided by your browser. These instructions are usually found in the "Tools", "Help" or "Edit" tabs. If you set your browser to reject cookies, you may not be able to fully access and use our Platform. You can learn more about the choices provided by advertisers for individuals to decide how their information is collected and used by visiting the Digital Advertising Alliance (www.aboutads.info), the Network Advertising Initiative (www.networkadvertising.org/
    managing/opt_out.asp    ) or the European Digital Advertising Alliance (www.youronlinechoices.eu).

Changes to This Privacy Policy Notice

We have the discretion to update this Privacy Policy at any time. When we do, we will revise the updated date at the top of this page. If we make material changes to this Privacy Policy, we will notify you here, by email, or by means of a notice on the Platform prior to the change becoming effective. We encourage you to frequently check this page for any changes to stay informed about how we are helping to protect the Personal Information we collect. You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of modifications.

Where We Store Your Information

The Platform and Services are intended for adults. Users under the age of 18 are not permitted to use the Services. The Platform is not directed to, and we do not knowingly collect or solicit Personal Information from, children under the age of 18. If we learn we have collected or received Personal Information from a child under the age of 18, we will delete that information. If you believe we might have any information from or about a child under the age of 18, please contact us using the contact information below.

Children Under the Age of 18

The Platform and Services are intended for adults. Users under the age of 18 are not permitted to use the Services. The Platform is not directed to, and we do not knowingly collect or solicit Personal Information from, children under the age of 18. If we learn we have collected or received Personal Information from a child under the age of 18, we will delete that information. If you believe we might have any information from or about a child under the age of 18, please contact us using the contact information below.

Where We Store Your Information

Segterra (InsideTracker) is located, and the Platform is hosted, in the United States of America. In order for us to provide the Services to you, we will process and store Personal Data you provide to us in the United States of America, which may have different data protection laws than those in the country in which you reside.

California Privacy Rights

California Civil Code Section § 1798.83 permits California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us using the contact information below.

HIPPA

Segterra ("Segterra", "InsideTracker", "GoalGetter", "us", "our" or "we") is fully compliant with the HIPAA Standards for Privacy, Electronic Transactions and Security (including the HITECH Act and the Omnibus Rule of 2013). We have implemented policies, processes, and procedures designed to ensure compliance with Federal security laws, regulations, and rules, and we monitor ongoing compliance efforts and maintain various reporting mechanisms that are required by law or requested by our customers. We recognize that it is a key responsibility for our business and will continue to provide all of our various programs and services in accordance with the relevant requirements of all federal laws and regulations, including, as applicable, HIPAA.

Questions regarding our HIPAA policies or compliance may be directed to: support@insidetracker.com

Contacting Us

If you have any questions about this Privacy Policy, the practices of the Platform, or your dealings with us, please contact us at:

Privacy Office
Segterra, Inc. (InsideTracker)
One Broadway, 14th Fl, Cambridge, MA 02142

Tel: +1 (800) 513-2359   Email: support@insidetracker.com

Cookies used on the InsideTracker site:

  • InsideTracker
  • Hubspot
  • Facebook
  • Referral Candy
  • Google