FOXO’s Privacy Policy
Updated on 3/06/2020
FOXO BioScience LLC (“FOXO” and “we,” “our,” or “us”) recognizes that you may have questions about our collection, use and disclosure of information collected from you when you interact with our www.foxobioscience.com website (“Website”). We value our relationship with you and want to help keep your experience on our Website secure, enjoyable and easy.
This Privacy Policy summarizes our information collection and processing practices and is provided with the goal of helping you understand how we use this information.
Information We Collect
We collect several types of personal information from and about users of our Website and of products and services, including:
- Personally Identifiable Information
- Non-Personally Identifiable Information (Computer, Device, and Browsing Information)
- Epigenetic Information
Some of this information is collected through voluntary submissions of information, some of it is collected or received in the course of us providing website content, and some through our products and services. The types of information we collect are defined in greater detail below:
Personally Identifiable Information (“PII”)
You may provide certain personally identifiable information (“PII”) when you request a quote or purchase our products and services in order for us to administer our relationship with you, provide such products and services, and respond to inquiries. This information may include your name, email address, address, and phone number.
Non-Personally Identifiable Information (“NPII”)
We collect non-personal information “(NPII”). NPII cannot be easily used to personally identify you. For example, as you interact with our Website, we may use automatic data collection technologies to collect certain information about your computer, as well as your browsing actions and usage patterns. This data may include:
- Details of your visit to our Website, which could include:
- The content that you access and use on our Website
- The external sites that referred you to our Website
- Information about your computer or device and internet connection, which could include:
- Your IP address or other device ID
- Your operating system
- Geolocation data
- The date and time of your visit to the Website
- Your browser or device type
We use NPII to track your usage of the Website and other internal purposes, such as Website maintenance, evaluation and enhancing the end-user experience.
We use various Website usage tracking technologies, including cookies, flash cookies and web beacons. If you would like to change how your browser interacts with these tracking technologies, you should consult your browser settings.
Epigenetic Information
Some of our products and services may involve the testing of biological samples for the purposes of creating or analyzing epigenetic or other data. The results of such analysis may be utilized for research, clinical, or commercial purposes. In receiving samples and providing our products and services, we may obtain date-of-birth, gender, and other health information.
In addition to the information discussed above, we may come into possession of other types of information:
Information About Minors
If you are under 18, do not register on our website or provide any information about yourself to us. We do not provide products or services directly to minors or proactively collect their personal information. Despite this prohibition, it is possible that we may sometimes be given information about minors while handling samples from our customers in our clinical labs, or through use of our products or services by our customers and partners. If we become aware that we have inadvertently collected personal information from children under the age of 18, without parental consent, we will take the necessary steps to delete it as soon as possible in compliance with applicable laws.
Aggregated Information
We may aggregate information we collect or receive about customers and users of the website and our products and services for quality, regulatory, and internal business purposes to improve our products and services, data quality, and/or laboratory processes. Information that is aggregated is summary-level and cannot reasonably permit someone to identify an individual. FOXO may also use aggregated information to publish findings.
How We Use PII (Non-Epigenetic Information)
FOXO uses PII primarily for the purpose of responding to and processing your request for a quote or order in connection with our epigenetic testing services. This use includes, but is not limited to, processing inquiries you may have regarding our products and services, keeping you informed about changes to our Website or offerings, and sending you marketing materials from time to time.
The table below explains FOXO’s use of PII that we collect or that you provide to us, the legal basis for processing PII, and in what circumstances it may be shared with a third party (if at all):
Purpose for processing | Legal basis for processing | Third party organizations with which it is shared |
To provide products and services, respond to your inquiries, and otherwise administer our relationship with you. | To meet the requirements of a contract. | None. |
To ensure the billing of any products or services procured by you and obtain payment. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. | To meet the requirements of a contract. | Government VAT and tax inspectors, external auditors, credit check agencies, financial partners. |
To communicate with you about content and service offerings, newsletters, webinars, seminars, and event invitations which are relevant to your interests and in line with your preferences. | Where required by law, to seek explicit consent prior to sending individuals the information and to manage individual preferences. | None. |
To provide inquiries with support via email or by telephone. | To fulfill contractual obligations, including taking action before entering into a contract. | None. |
To process and respond to complaints. | To meet a legal obligation. | None. |
To monitor and record information relating to the use of our products and services, including our website. | To meet a legitimate business interest in order to improve our products and services and our website. | Web service providers and cookie providers. |
To remarket, target, and retarget content to you about our products and services. | To meet a legitimate business interest in order to improve our products and services and our website, and to improve the targeting of our advertising, such as by showing advertisements on third-party websites to users who have previously visited our Website. | Google AdWords Remarketing, LinkedIn Website Retargeting, Twitter, Facebook Website Retargeting, Adobe Analytics. |
To verify compliance with our Terms of Use, license, services, or other agreement governing the use of our website or our products and services. | To fulfill contractual obligations. | None. |
To conduct human resource administration including assessing suitability, eligibility and/or fitness to work. | To fulfill contractual obligations, including taking action before entering into a contract. | HR administrator, background check agencies. |
How We Use Epigenetic Information
To provide our products and services, FOXO and/or its authorized testing partners may collect, receive, and process biological samples to perform DNA methylation analysis. FOXO may then interpret and store resulting epigenetic information, use epigenetic information to provide our products and services, or share resulting epigenetic information with an authorized research partner or customer.
FOXO may also perform interpretations of epigenetic information as part of its own internal research for purposes including but not limited to improving FOXO’s products and services, data quality, and/or laboratory processes.
The table below explains FOXO’s use of epigenetic information that we or our authorized testing partners collect, the legal basis for processing epigenetic information, and in what circumstances epigenetic information may be shared with a third party (if at all):
Purpose for processing | Legal basis for processing | Third party organizations with which it is shared |
To provide support and maintenance services to customers who use our product or services. | To meet the requirements of a contract. | None. |
To provide DNA methylation services and analysis for our customers, including research partners, clinicians, and business partners. | To meet the requirements of a contract. | Under a contract, we may share epigenetic information with authorized partners. Epigenetic information may be shared with the FDA or other regulatory agencies only as required by law or regulation. |
To conduct DNA methylation services and analysis for quality control, process and product development and improvements, and optimization in our or our partner labs to reflect quality improvements and advances in our technology. | To meet the requirements of a contract. | Under a contract, we may share epigenetic information with authorized partners. Epigenetic information may be shared with the FDA or other regulatory agencies only as required by law or regulation. |
Sharing of PII (Non-Epigenetic Information)
We will not share PII with any third parties for the purposes of marketing, unless we have express consent.
We use third-party data processors to provide elements of services to us. Contracts with our data processors restrict their access to and use of PII.
We may also disclose PII to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of FOXO’s assets, in which PII held by FOXO about our users and customers of our products and services is among the assets transferred.
We may also disclose PII, including epigenetic information, to comply with applicable law, a valid court order, a judicial proceeding, subpoenas, warrants, or in connection with any legal process. We will not disclose epigenetic information without a valid subpoena or warrant, or without otherwise being satisfied that we have a sufficient legal basis on which to share the information.
Your Choices About How We Use and Share Your Information
We strive to provide you with choices about the information you provide to us, including the following:
Tracking Technologies and “Do Not Track”
You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies some parts of our Website may not be accessible or may not function properly. If you would like to opt-out of our Website tracking, please send an email to [email protected].
Google Analytics
FOXO works with Google Analytics to better understand our audience and users, to improve our marketing campaigns, and to enhance our products and services. To opt-out of being tracked by Google Analytics across all websites, you can visit http://tools.google.com/dlpage/gaoptout.
FOXO Marketing
We may use your account information (e.g., your email address and order history) to promote our products and services or those of our business or research partners. If you would like to be removed from our marketing list, you can opt-out by sending an email to [email protected]. Note that you may not be able to opt-out of receiving certain service-related emails, such as communications about orders, billing, and legally required communications. If we have sent you a promotional email or other informational email not related to your order, the email will have an “UNSUBSCRIBE” feature that will allow you to opt-out of receiving future email distributions.
Privacy Rights for the European Economic Area, United Kingdom, and Switzerland
If you are in the European Economic Area, United Kingdom, or Switzerland, you have certain data protection rights under the General Data Protection Regulation (GDPR). These include the following:
Your right to be informed
This Privacy Policy tells you about the ways in which we use your personal information (which is referred to as “Personal Data” in the GDPR).
Your right to access
You have the right to ask us for copies of your personal information. There are some exemptions and limitations in what we can provide in response to such requests, which means you may not always receive all personal information we process. We will inform you if any exemption or limitation applies and what its impact is.
Your right to correction
You have the right to ask us to correct personal information you think is inaccurate. You also have the right to ask us to complete personal information you think is incomplete.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances. Where it is appropriate for us to comply, your request will be processed within 30 days. Please note that we may not always be able to remove your personal information from ongoing or completed research studies. We may also retain some information related to your order history. This enables us to provide ongoing support regarding prior orders, and is also necessary for accounting, audit and compliance purposes. We may also maintain limited backup copies and archival files of your personal information to satisfy our state and federal legal obligations and requirements, including those set forth by the Clinical Laboratory Improvement Amendments (CLIA).
Your right to restriction of processing
You have the right to ask us to restrict the processing of your personal information in certain circumstances. For example, you can request that we limit the way in which we use your “Personal Data” (as defined by the GDPR) if you are concerned about the accuracy of the data or how it is being used.
Your right to object to processing
You have the right to object to our processing of your personal information in certain circumstances. Where it is appropriate for us to comply with your request, we will stop processing your information for the use you have objected to.
Your right to data portability
You have the right to receive your personal information which you have provided to us. You also have the right to have us send your personal information to another organization where the lawful basis for the processing is your consent, or where the processing is necessary for the performance of an agreement and the processing is carried out by automated means.
Privacy Rights for Residents of California
The California Consumer Privacy Act (CCPA) permits California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their PII, if any, and as defined by the CCPA for their direct marketing purposes in the prior calendar year, as well as the types of PII disclosed to those parties. FOXO does not share your PII with third parties for their own marketing purposes without your consent.
Your right to opt-out of sale
California residents have the right to opt out of any sale of their PII. You may designate authorized agents to make such requests on your behalf.
Your right to non-discrimination
We will not discriminate against you if you exercise any of your privacy rights.
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
The rights available to residents of the European Economic Area, United Kingdom, Switzerland, and California depend on FOXO’s reasons for processing your personal information. To request access to, correct, restrict or remove any personal information that you have provided to us, email us at [email protected]. We may not accommodate a request if we believe the request would violate any law or legal requirement. Information that has already been de-identified and/or aggregated, including aggregated epigenetic information, may not be retrievable or traced back for correction or removal from any database.
Information Security
We are committed to protecting the security of the information we collect, and we take reasonable physical, technical, and administrative security measures to help protect information from unauthorized or inappropriate access or use. However, no security measures are invulnerable to attack. We are not responsible for the security of your PII that you transmit to us over networks that we do not control, including, but not limited to, wireless networks. Furthermore, it is your responsibility to adhere to any applicable Terms of Use or other contract between us and you or your organization.
Retention of Collected Information
We may retain collected information to comply with applicable law, to resolve disputes, to enforce rights in connection with the Website, our products and services, and to use as provided in this Privacy Policy, the Terms of Use, or any applicable contract between us and you or your organization. How long we retain specific information varies depending on the purpose of its use, and we may delete or retain your information in accordance with applicable law.
Information Relating to Third-Party Websites
Our Website may contain links to third-party sites. We do not endorse nor otherwise accept responsibility for the content or privacy policies of those sites. If you have any questions about the content delivered by or information tracked by those third-party websites, you should contact the third-party directly.
Changes to this Policy
We reserve the right to modify this Privacy Policy at any time and without prior notice. If we make changes, we will post a notice of the change on the Website. You are responsible for visiting this Privacy Policy from time to time to check for any changes. All changes are effective immediately when we post them, and they apply to all access to and use of the Website and our products and services that point onward. Your continued access to or use of the Website or our products and services represents your acceptance of any such changes made to our Privacy Policy.
Contact Us
If you have any questions or comments about this Privacy Policy, please contact us at [email protected]. Note that inquiries sent through [email protected] are not encrypted or secure, unless you have an email encryption service. Alternatively, you can write to us at the following address: FOXO BioScience LLC, 220 South Sixth St., Suite 1200, Minneapolis, MN 55402, attention: Legal Department – Website Privacy Policy. Any person with a disability that prevents or restricts them from accessing this Privacy Policy through the website may request a copy of the Privacy Policy at the aforementioned email or postal address.