Genfosis Company Limited (the “Company”) commits that all the Personal Identifiable Information (the “PII”) that you have provided is very important to us and the Company assures to protect their security and shall only process the PII by adopting the most appropriate information security standard, in particular, all of the information gathered shall be kept in strict confidence pursuant to the defined legal framework.
This Privacy Notice has been prepared with the intention to inform you as the user (“User”) of how the Company collects, uses, stores, processes, and transfers or discloses your PII during the use of DNAcanvas (“DNAcanvas”).
In summary, all the services provided by the Company to the User via DNAcanvas include the service of providing insights into your health and lifestyle based on the DNA sample collected; and being the health and lifestyle advisor to the User, in particular in providing the personalized recommendations on the products (including skincare, supplements, restaurants and ingredients that matches your DNA test result) (the “Personalized Products” ) (all the services provided via DNAcanvas shall be collectively referred to as the “Services”). For the avoidance of doubt, the Personalized Products may be sold, provided, and delivered by the business partner and supplier of the Company (the “Partner”).
Acceptance of the Notice.
Please thoroughly study the Privacy Notice, together with the Terms of Services announced by the Company. By using the Services, the Company shall deem that the User acknowledges and understands the Company’s process of the User’s PII as defined under this Privacy Notice (and the amendment hereof). If the User disagrees or does not accept the PII process undertaken by the Company pursuant to the Privacy Notice, it shall be deemed that the relevant User exercises the right not to use the Services since the process of the User’s PII defined hereunder is critical to the provision of the relevant Services by the Company.
Scope of Application.
This Privacy Notice is only applicable to the Services directly performed by the Company via DNAcanvas and shall not apply to the PII process undertaken by other applications or websites developed and operated by any other third party that the Company does not have any control over (the “Third Party”) that being displayed or connected to the Services, including without limitation the process of the PII by the relevant Partner. The User understands and agrees that the User shall study and agree to the Privacy Notice announced by those Third Party that are separated from this Privacy Notice.
Revision of the Notice.
The Company may amend or revise this Privacy Notice at any time to assure compliance with the relevant laws and regulations and to assure the updates in the Services at any time; provided that the Company will communicate the amendments or revisions made and the amendment or revisions shall become effective once communicated and announced.
PII being Processed by the Company for the performance of the Services
Sources of PII. In order to perform the required Services, the Company may collect, receive, compile, and process the User’s PII in 3 main sources:
1. Information collected directly from the communication made between the User to the Company and collected directly from any transaction executed on DNAcanvas, including without limitation the information gathered from the behavior, lifestyle, and health questionnaire developed by the Company;
2. Saliva or other genetic sample kits that the Company shall use to analyze through the laboratory process whose test result shall be used in the assessment and analysis of the health and lifestyle risk and the recommendation on the health and lifestyle improvement of the User; and
3. Other information that the Company may receive from the Partner where the User may give consent to the Partners to share their PII to the Company for the use of the Services; provided in this case, the Company will inform the relevant User of the source of such information.
PII to be processed. Through the channel and manner defined above, the Company may collect, receive, store, and process the following PII of the User:
1. General information about the relevant User, including name, biological gender, date of birth, and race;
2. Contact information, including telephone number and e-mail address;
3. Health and Lifestyle information, including weight and height, activity type, smoking, and alcohol consumption, daily nutrient information, sleep duration, degree of stress that the User directly submits and manifests in the questionnaire, and the processed health score done by the Company on the information provided by the User;
4. Biometric and genetic information as well as other health risk information obtained from the genome analysis of the sample collection kits purchased by the User and delivered to the Company for testing;
5. DNA reports displaying and summarizing the assessment of the result from health and lifestyle information, including lifestyle reports and health reports;
6. Order and transaction information that the User made and executed on DNAcanvas, including order detail summary, payment information (i.e., payment slip or credit card or account information), and the order history (the “Order Information”);
7. Other after-sale or support information, including without limitation the PII that the User may submit to the Company’s customer support.
Please kindly note that the Company does not intend to provide Services to the User who is the minor. Upon the submission of the relevant PII by the relevant User (even though such User is minor), the Company shall deem that the relevant User is fully entitled to enter into the Services agreement with the Company as required under the applicable laws; provided that the Company shall be entitled to, but not obligated to, verify the rights and entitlement of the relevant User and in case of any minor User who does not have any right to enter into the Services, the Company reserve the right to terminate the use of Services by such User.
Objectives for PII Process
The Company represents that the Company shall only collect, store, and use the User’s PII solely for the purposes and manner as defined under this Privacy Notice. The objectives of the PII process hereunder include:
1. To perform any Services as defined under the Terms of Services to the User. It is understood by the User that without these PII, the Company shall not be able to perform the agreed Services. The PII shall be processed in the following manners:
2. To perform the legal obligations of the Company. The Company may have legal obligations under the applicable laws to perform, in particular for the taxation and accounting obligations, and in order for the Company to perform those obligations, the Company would need to perform the User’s relevant PII;
3. To exercise the Company’s legitimate interest without causing excessive effect on the User’s rights. The Company would process the User’s PII in particular for these particular purposes:
4. With the User’s explicit consent. The Company may use the User’s PII for the specific purposes defined under the consent given, in particular for the purpose of marketing and promotion purposes of all the information that the User may be interested in, via in-application notification or other communication channels that the User may register and notify the Company; and
5. Process of Anonymized Data. The User’s PII may be anonymized before being used in further analysis and research purposes that would be beneficial for the general public or for the commercial benefit of the Company; provided that in this circumstance, the Company shall assure that information security of such information and the Company shall use the best effort in assuring that the information disclosed under this circumstance shall not be entitled to reprocessed to identify each specific User.
Retention Period:
The Company may collect, user and retain all of the User’s personal data for the purposes defined above for the period of times as follows: (1) throughout the period of time that the User still have DNAcanvas user account, or in other words, until the User has notified the Company in writing of the intention to terminate the user account; (2) throughout the period of time specified by the relevant laws that the Company shall be obliged to comply with; (3) for a period of 5 (five) years after the termination of each User's user account under such time that the Company may retain such personal data solely for the purpose of protecting the Company’s legitimate interest in any dispute or claim that may arisen during such time; or the purpose of improving the relationships between the Company and the Users; (4) in case of any de-identified information, for any period of time that the Company may consider necessary for their business operation; and (5) for any personal data being processed with the consent given, for any period of time until such consent will be withdrawn.
Retention of the Sensitive PII.
The biometric and genetic information of the User as collected and stored in the DNA sample toolkits shall be analyzed; provided that (a) such sample shall be collected for the purpose of quality and accuracy assurance for another 3 months after the completion of the analysis where the sample will be immediately destroyed; and (b)result from the test that would include the Sensitive PII, in particular the health information and raw genetic information, shall be stored for regular assessment again in order to seek the most appropriate recommendation to the relevant User until the time that User notifies the Company of their intention to terminate the DNAcanvas user account.
Disclosure of the PII
Generally, your PII will be stored in strict confidence and shall not be disclosed to any third party except in case of strictly necessary in order to assure the performance of the Services as committed, the Company may need to disclose the User’s PII in the following circumstances:
1. Disclosure to the Partner and the outsourced service providers engaged in performing any support to the provision of the Services, including without limitation the advisors, outsourced service provider, and logistic contractors; provided that the Company shall only disclose the User’s PII to the relevant recipient strictly on the need to know basis in strict compliance with the defined objectives for PII process defined; In case of the disclosure and transfer of any Sensitive PII, in particular the DNA sample, the Company shall use the best standard in order to assure that the recipient of such information shall not be able to identify specifically the relevant Users so the information shall be shared on the anonymous basis.
2. Disclosure to any third party in the legal proceedings to protect the Company’s legitimate rights or to detect and prevent any fraud on the Services; provided that such disclosure shall be done on the limited and specific purposes as defined;
3. Disclosure in case the Company is obliged under the applicable laws, court judgment, or administrative order to disclose any PII of any particular users, the Company would need to do so only on the necessary basis;
4. Disclosure to any person that the User may give explicit consent to; and
5. Statistic information that has been processed on an anonymous basis may be disclosed to the public or to the research institute for the general public interest, medical preventive and diagnosis purposes, health and society services, or health management.
Representation of the Privacy Security
The Company represents and guarantees that the Company shall use the most appropriate security measures to prevent the unauthorized access, amendment, or disclosure of the PII in any form or any circumstance by either internal or external persons and the Company commits to review those measures on the regular basis with the strong commitment to use the best industrial practice and to be in strict compliance with the applicable laws.
Data Subject Rights
The Company acknowledges and accepts the User’s rights as the data subject over their PII as defined under the applicable laws that include the following rights: (a) Right to access; to request for the copy of all the PII; and to rectify or update their own PII; (b) Right to request for the PII that the Company has processed in the readable forms by the tools or automatic mechanics and to request for the data portability to other data controller; (c) Right to object to the PII process being undertaken; (d) Right to request for the erasure or de-identification of any PII that does not have any necessary basis to process, i.e. after the consent withdrawal; (e) Right to request for the PII process suspension in case that request for erasure is being exercised or when such PII is not necessary; and (f) Right to withdraw consent that has been given for the PII process for a specific purpose. The User can contact the Company in order to make the request to exercise any defined rights through the defined channel without any charge and the Company will consider and notify the User of the Company’s determination within a reasonable period of time defined under the applicable laws.
Contact Us
Data Controller
Name: Genfosis Company Limited
Address: 101 Soi Rama IX 60 (Soi 7 Seree 7), Phatthanakan, Suan Luang, Bangkok 10250 Thailand
Data Protection Officer
email: contact@genfosis.com
101 Pongtheerathon Building, Soi Rama IX 60 (Soi 7 Seree 7), Rama 9 Road, Phatthanakan, Suanluang, Bangkok 10250