What Personal Information Do We Collect?
Avellino Labs collects your Personal Information through the Site when you voluntarily choose to provide such information, such as the “Contact Avellino Labs” page to learn more about our diagnostic products for determining risk factors and diagnosis of genetic corneal diseases or our current efforts in developing gene editing technology to manage and potentially cure diseases.
“Personal Information” means information that identifies you or could reasonably be used to identify you. The definition of Personal Information depends on the applicable law based on your physical location and may include other types of information such as your IP address. Only the definition that applies to your physical location will apply to you under this Policy. Typical examples of Personal Information include your name, address, phone number, and/or email address.
Avellino Labs may collect the following information:
- Information you voluntarily provide to us, eg, through the “Contact Avellino Labs” page or any actions performed by you on our website.
- Communications between you and Avellino Labs. We collect any communications between us, including any files or attachments we exchange.
- Registration information. When you register through our Patient Portal or purchase or use our services, we collect Personal Information. This information is combined with other information, including protected health information that you voluntarily provide to us, to give you access to the Patient Portal, to permit you to sign any consent forms, check the status of your orders, and schedule appointments with a genetic counselor through our Patient Portal.
- If you apply for position with Avellino Labs through the website, we will collect your resume, contact information, employment and educational background, and other related information.
- When you use a mobile device, to access our services, we may collect information about your device, including hardware, operating system or software, device name, unique device identifier, your mobile network information and any other information about your device’s interaction with our services.
- When you browse our website, our system may collect information such as your web request, IP address, browser type, browser language, domain names, referring and exit pages and URLs platform types, pages viewed and the order of the page views, the amount of time spent on particular pages, the date and time of your request, and one or more cookies that may uniquely identify your browser. We may collect this information through third-party analytics tools. This information may be used to analyze trends, administer our website, improve the design of our website, and otherwise enhance our services to you.
- Our servers may record information created by your use of our website and we use visitor logs to compile anonymous aggregate statistics. The aggregate information is collected sitewide and includes anonymous website statistics.
How Do We Use Your Personal Information?
We will only use your Personal Information to the extent permitted under the law. Most commonly, we will use your Personal Information in the following circumstances:
- We process your Personal Information to provide you with our services that you request. We share this information with third-party services upon your request, or our service providers or partners to the extent necessary to provide you with our services. We cannot provide you with our services without processing your Personal Information.
- If you are a healthcare provider or patient ordering our products, we may contact you for information about research opportunities, clinical trials, or clinical treatments for you or your patients when appropriate.
- When you contact us, such as with questions, concerns, feedback, disputes or issues, we process your information. Without your Personal Information, we cannot respond to you or ensure your continued use and enjoyment of our services.
- When you sign up for our services, we will send administrative or account-related information to you to apprise you about our services. As service-related communications are not promotional in nature you are not able to unsubscribe from such communications, otherwise you may miss important developments relating to your account or our services that could affect your use of our services.
- When you contact us, such as with questions, concerns, feedback, disputes, or issues, we process your information. Without your Personal Information, we cannot respond to you or ensure your continued use and enjoyment of our services.
- We process your Personal Information to actively monitor, investigate, prevent, and mitigate any alleged or actual prohibited, illicit, or illegal activities on our services; investigate, prevent, or mitigate violations of our terms, agreements, or policies; enforce our agreements with third parties and partners. We cannot perform our services in accordance with our terms, agreements, or policies without processing your Personal Information for such purposes.
- We process your Personal Information to combat spam, malware, malicious activities, or security risks; improve and enforce our security measures; and to monitor and verify your identity so that unauthorized users do not access your account with us. We cannot ensure the security of our services if we do not process your Personal Information for security purposes.
- Certain laws or regulations apply to our services that may require us to process your Personal Information. For example, we process your Personal Information to fulfill our business obligations, ensure compliance with employment and recruitment laws, or as necessary to manage risk as required under applicable law. Without processing your Personal Information for such purposes, we cannot perform our services in accordance with our legal and regulatory requirements.
- To continue to provide you with our innovative services, we may collect information about the way you use and interact with our services for research and development purposes. Research and development help us improve our services and build new services and customized features or services. We take additional security measures when processing your personal information for such purposes, by de-identifying or pseudonymizing your information, limiting access to personnel that may conduct research and development, and applying other technical, physical, and administrative security measures. Without processing your Personal Information for such purposes, we cannot guarantee your continued enjoyment of part or all of our services.
- If in the future, we use your Personal Information in any way that is not described in this Policy, we will disclose this to you. At that time, you can choose not to allow us to use your Personal Information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your consent. If you choose to limit the ways we can use your Personal Information, some or all of our services may not be available to you.
Do We Disclose Any Personal Information to Outside Parties?
Disclosures to Patients. If you are a patient, when you provide your email address or other contact information, we may share that Personal Information with a physician who performs the DNA Exam, and that physician may contact you about your interest in the DNA Exam.
Disclosures to Third Parties Assisting in Our Operations. Avellino Labs may share your Personal Information under confidentiality agreements with other companies that work with, or on behalf of, Avellino Labs to provide products and services. These companies may use your Personal Information to assist Avellino Labs in its operations. However, these companies do not have any independent right to share this information.
Disclosures Under Special Circumstances. We may provide information about you to respond to subpoenas, court orders, legal process, or governmental regulations, or to establish or exercise our legal rights or defend against legal claims. We believe it is necessary to share information in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law.
Automatically Collected Information and Anonymous Information. Each time a Visitor comes to the Site, Avellino Labs collects some information to improve the overall quality of the Visitor’s online experience.
Aggregated Data. Avellino Labs collects aggregate queries for internal reporting and also counts, tracks, and aggregates the Visitor’s activity into Avellino Labs’ analysis of general traffic-flow at the Site. To these ends, Avellino Labs may merge information about you into aggregated group data. In some cases, Avellino Labs may remove personal identifiers from Personal Information and maintain it in aggregate form that may later be combined with other information to generate anonymous, aggregated statistical information. Such anonymous, group data may be shared on an aggregated basis with Avellino Labs’ affiliates, business partners, service providers and/or vendors; if it does so, Avellino Labs will not disclose your individual identity.
Web Server Logs and IP Addresses. An Internet Protocol (“IP”) address is a number that automatically identifies the computer or device you have used to access the Internet. The IP address enables our server to send you the web pages that you want to visit, and it may disclose the server owned by your Internet Service Provider. Avellino Labs may use IP addresses to conduct Site analyses and performance reviews and to administer the Site.
By accessing and using the Site, you expressly consent to the storage of cookies, other local storage technologies, beacons or other information on your computer or devices. You also consent to the access of such cookies, local storage technologies, beacons and information by us.
We have put in place procedures to deal with any suspected Personal Information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Links on the Site
The Site may contain links to other websites. Please be aware that Avellino Labs is not responsible for the privacy practices of such other websites. When you connect to a website that is linked to our Site, we encourage you to read the privacy statements of that website. This privacy statement applies solely to information collected by this Site.
Response to “Do Not Track” Signals
Some Internet browsers include the ability to transmit “Do Not Track” signals. Since uniform standards for “Do Not Track” signals have not yet been adopted, Avellino Labs does not process or respond to “Do Not Track” signals.
Children’s Privacy Protection
Under Age 13
Avellino Labs understands the importance of protecting children’s privacy in the interactive online world. The Site is not designed for, or intentionally targeted at, children under 13 years of age. It is not our policy to intentionally collect or maintain information about anyone under the age of 13. No one under the age of 13 should submit any Personal Information to Avellino Labs or the Site.
Under Age 18
Minors under 18 years of age may have the Personal Information that they have provided to Avellino Labs through the Site deleted by sending an email to email@example.com requesting deletion. Please note that, while we make reasonable efforts to comply with such requests, deletion of your personal information does not ensure complete and comprehensive removal of that data from all systems.
Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your Personal Information that Avellino Labs has collected.
You have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it
- Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us
- Request erasure of your personal data. This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your erasure request for specific legal reasons of which you will be notified, if applicable, at the time of your request
- Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms
- Request restriction of processing of Personal Information. This enables you to ask us to suspend the processing of Personal Information in the following scenarios:
- If you want us to establish the data’s accuracy
- Where our use of the data is unlawful, but you do not want us to erase it
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims
- You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it
- Request the transfer of Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you are located in the EU, you have the right to make a complaint at any time to the data protection authority based in the country in which you are resident. If you are located in the UK, the Information Commissioner’s Office (ICO)(www.ico.org.uk) is the relevant data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach the ICO or any other data protection authority, so please contact us in the first instance.
You can exercise your rights by sending an email to firstname.lastname@example.org. You can otherwise mail your request to the following postal address: Avellino Lab USA, Inc., 1505 Adams Drive, Suite B2, Menlo Park, California 94025 USA.
We will only retain your Personal Information for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Information, we consider the amount, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your Personal Information are available in our retention policy, which you can request from us by sending an email to email@example.com.