PRIVACY NOTICE.
Your privacy is important to Alea Diagnostics, Inc. (the “Company,” “we,” “our,” or “us”). We are committed to collecting, using, maintaining, accessing, and processing your personally identifiable data (“Personal Data”) in an ethical and responsible manner that is fully transparent and in keeping with best practices related to privacy, humane technology, and individual human rights. When we talk about “Personal Data” in this Privacy Notice, we also mean Personal Data about your children that you provide to us or that you allow other people to provide to us.
We have modeled our privacy notice to align with best practices for data protection and privacy as described in the General Data Protection Regulation (GDPR), which was adopted in the European Union (EU) in 2016. The GDPR was created to uphold the fundamental information and privacy rights of individuals, and to improve the responsible and ethical management and protection of Personal Data by those entrusted with it. We also follow the guidelines provided by the Center for Humane Technology in the creation of our policies, products, and services.
This document serves as a companion document to our Terms of Use and Cookies Policy.
1. WHO WE ARE
We are the data controller of the Personal Data we collect about you. This means that we determine the purpose for which Personal Data is processed and how it is processed. We provide a way for parents to create a digital baby book that includes family, health, and education history. We also provide data to researchers and others (subject to the requirements of this Privacy Notice) to support social, scientific and historical research. Our product is called Lorestry™. Our website address is: https://www.aleadx.com.
2. GUIDING PRINCIPLES
Our guiding principles for privacy and processing Personal Data are:
Transparency. This Privacy Notice, our Terms of Use, and information regarding how we process Personal Data is readable, comprehensible, and easily accessible on our website and application. We inform you about how all Personal Data you provide to us is being collected, processed, and used.
Lawfulness and fairness. When we process Personal Data, we are committed to protecting your individual rights. All Personal Data we collect and process is done in a legal and fair manner.
Restricted to a specific purpose. Personal Data is processed only for the specific purposes we outline in this Privacy Notice and our Terms of Use. If our Privacy Notice, Terms of Use, or purposes change, we provide that information to you.
Processing in the public interest. Personal Data is processed, used, and archived by us in the public interest for the purpose of social, historical, and scientific research, including but not limited to understanding human growth, human development, human experiences, family histories, social determinants of health, digital determinants of health, environmental determinants of health, longitudinal health, and natural health or disease histories.
Privacy by Design. Privacy is a key attribute of our brand. We respect the privacy of the users of our products and services, and we design with data privacy and protection top of mind.
Privacy by Default. Personal Data is private by default. Personal Data is shared only in accordance with this Privacy Notice and subject to the completion of a quiz by you to ensure you understand how your Personal Data is shared. Where we process Personal Data based on your consent, you can revoke your consent at any time and for any reason.
Direct Marketing and Communication from Us. We process Personal Data for the purposes of direct marketing by us to you, for example: push notifications and reminders to enter Personal Data, or to ask for your participation in a survey, or to help support research. We do this with your consent and based on your preferences and direction.
Data Sales. We do not sell Personal Data to marketers, advertising companies, or data brokers.
User Tracking. We do not track your online activities outside of the functional and intended use of our products and services within our app or on our website and as defined by our Cookies Policy.
3. WHO IS OUR DATA SECURITY OFFICER
If you have any questions about this Privacy Notice or our data security practices, please contact David Kovel, MSIS, CPHIMS at the address, telephone number, or email address noted below, and specify your country of residence and the nature of your question.
David Kovel, MSIS, CPHIMS
2200 Benjamin Franklin Pkwy N505
Philadelphia, Pennsylvania
19130
Email: dkovel@2200healthtech.com
Telephone: +1 (443) 610-7407
4. HOW AND FROM WHOM WE COLLECT PERSONAL DATA
We collect Personal Data from you when you use our products and services. Other ways we collect Personal Data include:
When you opt-in to Every Baby, our social impact initiative, you agree that we may invite you to share data in support of children’s social and scientific research, or to view offers for goods, services, and other offers. When you choose to opt-in we may provide you with advanced app features and functionality.
We collect information through the limited use of Cookies as described in our Cookies Policy, either directly or through third-party data analytics services. We do not collect Personal Data about you outside your use of our products and services, our website, or our app.
With your consent, we may collect Personal Data on your behalf from third parties (such as obtaining a report from a doctor visit on the patient portal of a provider or from an educational provider).
5. HOW WE STORE PERSONAL DATA
We securely store your Personal Data on a private virtual cloud hosted by Amazon Web Services (AWS). Personal Data collected or received by us may be stored in the European Union (EU), and may be accessed by, and transferred to, individuals outside of the EU, including to individuals located within the U.S. Personal Data may also be replicated and stored on AWS’s hosted private virtual cloud in the US and elsewhere. All data is encrypted when in transit to our database, and it is further encrypted by AWS while stored in the private, virtual cloud.
6. WHAT PERSONAL DATA WE COLLECT AND PROCESS
We collect several different types of Personal Data. Personal Data may include, but is not limited to:
Email address
First name and last name
Phone number
Address, State, Province, ZIP/Postal code, City
Birthdate, ethnicity, and gender
Child development observations (baby’s first smile, first steps, language acquisition)
Health data (including genetic information from Newborn Screening results)
Educational and early intervention data
Family histories and stories
Family medical history as recommended and defined by the CDC.
7. THE PURPOSES FOR WHICH WE USE AND SHARE PERSONAL DATA
We use Personal Data (and share Personal Data) with contracted service providers, vendors and researchers that show evidence of compliance with our required privacy standards and applicable legal privacy requirements) for the following purposes:
To Provide Services and Products
To expand our products and services
To notify you about changes to our services and/or products
To provide account holder and customer support
To gather analysis or information so that we can improve our services
To detect, prevent, and address technical issues in connection with the services
To detect, prevent, and address suspected or actual abuse of our Terms of Use
To provide you with marketing information about children’s health centers of excellence, including new products, services, and therapeutics, if you consent to receiving such information
To provide you with information about health home services and care coordination support specific to your needs, if your child is eligible for such services under the ACE Kids Act of 2019 (effective date is October 1, 2022)
To identify and let you know if you, or your child, is a candidate for a clinical trial (including a normal control)
To Support Benchmarking and Research
To create new benchmarks and databases related to human growth, human development, human experiences, family histories, social determinants of health, digital determinants of health, environmental determinants of health, longitudinal health, and natural disease histories, in the public interest.
To provide an analysis of data in the Alea Diagnostics database (Data Analytics as a Service) to address researcher questions. We do not provide identifiable raw data to researchers or allow them to access our database, and will share your Personal Data with researchers only if you have provided explicit consent.
For Legitimate Legal and Business Reasons
We process Personal Data for other legitimate legal and business reasons:
To assert legal claims and defenses in legal disputes
As required by law including, but not limited to, to comply with a subpoena or other legal process, regulatory requirement, judicial proceeding, or court order served on us, or to comply with government reporting obligations.
When we believe in good faith that disclosure is necessary (a) to protect your or our rights or your safety or the safety of others; (b) to detect, prevent, or respond to fraud, intellectual property infringement, violations of confidentiality or other terms of an agreement, or violations of law; or (c) for corporate audits or to investigate or respond to a complaint or security threat;
To negotiate or complete a merger, acquisition, other similar business transaction, or sale of all or a portion of our assets, which includes disclosures to affiliates, service providers, advisors, and other third parties.
8. LEGAL BASIS FOR COLLECTING AND PROCESSING PERSONAL DATA
Our legal basis for collecting and using the Personal Data described in this Privacy Notice depends on the Personal Data we collect and the specific context in which we collect the information, as follows:
When you use our application, services, products, and website as outlined in our Terms of Use , you are entering into a contract with us. If the processing of your Personal Data is necessary to perform the contract, the legal basis for collecting and Processing your Personal Data is to perform the contract with you. Where the Personal Data involved is sensitive-- such as Personal Data concerning health, racial or ethnic origin, sexual orientation, religious or political beliefs-- the legal basis is your explicit consent.
When we process your Personal Data for the legitimate legal and business reasons described above, the legal basis is our legitimate business interests. Where the Personal Data involved is sensitive, the legal basis is for the establishment, exercise or defense of legal claims or your explicit consent.
When we process your Personal Data for benchmarking and research, the legal basis is our legitimate business interests. If the Personal Data involved in sensitive, where permitted by and subject to any additional requirements of applicable law, the legal basis is for public interest and scientific research purposes. If we are required to obtain your explicit consent as the legal basis for benchmarking and research, we will do so.
When we process Personal Data collected through cookies and related technologies, the legal basis is your consent, except that collection of your Personal Data through essential cookies is based on our legitimate interest in ensuring our applications and website can function.
9. RETENTION OF PERSONAL DATA AND SENSITIVE PERSONAL DATA
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Notice and as described in the Terms of Use.
We store Personal Data collected through cookies for different time periods depending on the type of cookie used. We store Personal Data collected through essential cookies for up to 12 months after your last use of our application or website. Personal Data collected through performance or functionality cookies is stored up to 24 months after your last use of our application or website. If you ask us to remove or erase your Personal Data, we will anonymize it. If permitted or required by law or a legal order, we may process and store your Personal Data for a longer period than described above consistent with the law or legal order or our contractual rights. For example, we may need to keep your Personal Data longer, if necessary, to fulfill obligations to preserve records for accounting purposes, or if we are obligated to hold Personal Data because of a legal prohibition against removing or anonymizing it.
10. DATA PROTECTION RIGHTS AND RESPONSIBILITIES
The Personal Data we hold about you is limited to Personal Data you provide to us by using our services and products, or Personal Data you direct us to collect on your behalf from a third party, with your consent. If you want your Personal Data to be removed from our systems, you should delete your account with us. If you delete your account we will anonymize the Personal Data you have provided, and as agreed to in our Terms of Use.
In certain circumstances, you may have the following data protection rights:
The right to access Personal Data we have about you
Your right to access allows you to obtain a copy of your Personal Data on request. Third- party data you authorize us to collect on your behalf for storage on our platform is provided as a list. Access to your Personal Data can be completed through an automated download process on the application.
The right of rectification
Your right to rectification may require us to change incorrect or incomplete Personal Data about you.
The right to restrict and object
The right to restrict and object to data processing may require us to limit or stop processing your Personal Data under certain circumstances. Your right to restrict or object to our application features and functionality, and how we process Personal Data, may require that you delete your account.
You hold us harmless for any impact and/or outcome that occurs as a result of you restricting or objecting to our processing of your Personal Data.
The right to erasure
The right to erasure may require us to erase or anonymize your data. If you request erasure and we are required to comply, we will anonymize your Personal Data.
The right to data portability
The right to data portability, which may require us to transfer your Personal Data from us to another controller in a structured, commonly used and machine-readable format, is limited to Personal Data you provided to us directly, and only to the extent that the transfer does not adversely affect the rights and freedoms of others, including our intellectual property and trade secrets. We do not provide any Personal Data in formats that would enable reverse engineering of our products, business methods, processes, or algorithms. In addition, the European Commission has determined that certain countries, including the U.S., do not have the same level of data protection as the EU. In all cases, we do not transfer Personal Data to any organization, anywhere in the world, that has not implemented GDPR levels of data protection and security.
The right to withdraw consent
In cases where consent is the legal basis for our processing of your Personal Data, you have the right to withdraw consent at any time by not using the application and deleting your account. If you withdraw consent and delete your account, we will anonymize your Personal Data. Please note that withdrawal of consent applies only to future actions. Processing that was carried out before the withdrawal of consent is not affected.
To make a request concerning your data protection rights, please contact us.
As the account holder, you are responsible for deciding whether to share Personal Data in your account with your child, except that when your minor child reaches the legal age of majority, your child will have the sole legal authority to control and manage Personal Data that constitutes copies of the minor’s medical or education record that we received from the child’s medical or education provider. When your child reaches the legal age of majority, we will also require both your and your child’s consent if you direct us to share Personal Data concerning your child directly with a third party. You will still continue to have access to Personal Data in your account when your child reaches the age of majority for as long as you keep your account open, with the exception of Data that is copies of your child’s medical and education records, which as mentioned above, will be subject to your child’s sole legal control.
11. TRANSFERS TO A THIRD COUNTRY OR AN INTERNATIONAL ORGANIZATION
We may collect or receive Personal Data outside of the U.S. in connection with the purposes described above. Personal Data collected or received by us is stored in the European Union (EU), but will be accessed by and transferred to individuals outside of the EU, including to individuals located within the U.S., and may be copied and stored in the U.S.
The European Commission has determined that the U.S. does not have the same level of data protection as the EU. The party in the U.S. receiving the Personal Data for the authorized purposes described in this Privacy Notice, must agree to standard data contractual clauses (“SCCs”) under which the receiving party promises to safeguard the Personal Data it receives. If Personal Data is transferred to the U.S. based on SCCs, we will take into account the circumstances surrounding the transfer and any supplementary measures that demonstrate that the U.S. law does not impinge on the promise of adequate data protection set forth in the SCCs.
12. COOKIES
We collect application and website visitor information either directly or through third-party data analytics services. See our Cookies Policy for more information.
13. WHEN YOU ARE OBLIGATED TO PROVIDE PERSONAL DATA
In the context of receiving goods and services or responding to an inquiry you have made, or to address another lawful purpose, you must provide all Personal Data that is required (as applicable) for that purpose. Without this Personal Data we are unable to provide respond to your inquiry, provide goods and services or address the purpose.
14. AUTOMATED DECISION-MAKING
In the general course of establishing and carrying out our normal business processes, we do not engage in automated decision-making with respect to your Personal Data. If we do so, we will inform you of the automated decision-making in connection with the relevant transaction.
15. USE OF PERSONAL DATA FOR MARKETING
We do not use Personal Data for marketing, unless you request or agree to receive information that may be considered marketing materials, in which case we send that information to you. We will otherwise ask for your consent before sending you marketing communications. Each marketing communication will also include a means for opting out of future marketing communications. We do not sell Personal Data to marketers, advertising companies, or data brokers.
16. SOCIAL MEDIA PLATFORMS AND OTHER THIRD-PARTY WEBSITES
If you click on our social media links (such as Facebook, Twitter, YouTube, and LinkedIn), you will be directed to a third-party platform, and any information you share on those websites will be covered by their privacy policies, not this Privacy Notice. Our application and website may also contain links to other third-party websites. Please be aware that we are not responsible for the privacy practices of third parties and their other websites. This Privacy Notice applies only to the information we collect on our application and website. We encourage you to read the privacy policies of other websites you link to from our website or otherwise visit.
17. USE OF WEBSITE BY MINORS PROHIBITED
Our website is not directed at nor intended for use by individuals under eighteen (18). If you learn that an individual under eighteen (18) has provided us with Personal Data without consent, please contact us. If we become aware that an individual under eighteen (18) has provided us with their Personal Data, we will promptly delete the data.
18. BUSINESS TRANSITIONS
In the event we go through a business transition, including without limitation any merger, acquisition, partnership, business reorganization, debt finance, or sale of assets, or in the event of an insolvency, bankruptcy, or receivership (each a “Business Transition”), we may use and disclose information collected in accordance with this Privacy Notice as part of that Business Transition, and your Personal Data may be part of any assets transferred.
19. DO-NOT-TRACK
You may have implemented a “do-not-track” signal through your browser. As there currently is no fixed standard for do-not-track signals, we currently do not respond to do-not-track signals from your web browser.
We do not track your activities on the internet.
20. CHANGES
We may revise this Privacy Notice from time to time. Each time you log in to our website or application you agree to our Terms of Use and our Privacy Notice. If changes materially affect your rights under this Privacy Notice, we may require that you update your application on the Apple Store or on Google Play. In certain cases, we may also provide email notification of the revised Privacy Notice and either seek your consent or give you the right to opt out of our use of your Personal data in accordance with the revised Privacy Notice, if required. However, because we may make changes at any time, we suggest that you periodically consult this Privacy Notice. Please note that our data protection practices will be based on the Privacy Notice in effect at the time the Personal Data is processed.
21. CONTACT US
We endeavor to review and reply promptly to communications sent to us. If you have any questions about this Privacy Notice, please feel free to reach out to us at:
Alea Diagnostics.
This Privacy Notice was updated June 19, 2022.