Update date: February 13th 2019
– “We” are the NRJY Inc, a company registered in the United States of America, under company number 7113801 and with our registered office at 251 Little Falls drive, Wilmington, DE 19808, referred as “NRJY or the Company or we or us”.
- “The Company” is a trademark of the Company , registered in United States of America under the serial number 88184788.
- “You” are the customer who has accessed our website or called our telephone number and intends to place or has placed an order for our Product(s).
This Privacy Statement applies to all websites and mobile applications owned and operated by NRJY, Inc (“NRJY”), including www.prevent.one, and any other websites, pages, features, or content we own or operate, and to your use of the Company mobile app and any related Services. To simplify the following document, both the “website and mobile application of the company” can be referred as “website”.
Our Privacy Statement is designed to help you better understand how we collect, use, store, process, and transfer your information when using our Services.
Please carefully review this Privacy Statement and our Terms of Service. By using our Services, you acknowledge all of the policies and procedures described in the foregoing documents. If you do not agree with or you are not comfortable with any aspect of this Privacy Statement or our Terms of Service you should immediately discontinue use of our Services.
1. Data Protection and GDPR
The Company is committed to the robust data privacy and security protections enabled by GDPR compliance.
In 2016 the European Commission approved and adopted the General Data Protection Regulation (GDPR), a new framework for European data protection law. The GDPR is effective as of May 25, 2018 and applies to companies who process personal data of individuals in the EU. The GDPR strengthens the rights these individuals have regarding personal data relating to them, and seeks to unify data protection laws across Europe, regardless of where data is processed.
What is the GDPR?
The GDPR is a new European data protection law which replaces the existing EU data protection regime under Directive 95/46/EC. The GDPR sets out provisions intended to harmonize data protection laws throughout the EU by applying a single data protection law that is binding throughout all Member States. The GDPR is effective as of May 25, 2018.
Does the GDPR apply to the Company ?
The GDPR applies to virtually all organizations, including the Company , that process the personal data of EU residents through services offered to them, regardless of whether the organization is physically based in the EU. The GDPR applies to the Company because we market and provide the Service in EU Member States through our UK, EU and International sites. For a list of countries we ship to in the EU, contact us on email@example.com.
2. Description of Users and Acceptance of Terms
3. Information We Collect
We may collect and process the following data about you through this Site:
1. Information, including personal data (your name, contact information, billing address, delivery address, any information we receive from you through our Site and mobile application, as well as the results we receive from the Accredited Laboratories with which we work) that you volunteer to provide through www.prevent.one (our Site) when you decide to purchase our Services and Products (as defined in our Conditions of Use) including when you phone our Helpline, or any other information defined as “Protected Health Information” under HIPAA/HITECH laws and regulations (“personal information”).
Personal data includes visitor’s name, gender and address and such information which we collected when you order one or more Products and the Services. We may also ask you for information when you report a problem with our Site or as provided below.
2. If you contact us by email, we may keep a record of that correspondence.
3. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
4. Details of your visits to our Site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
5. Details of transactions you carry out through our Site and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Site.
6. Your search queries on the Site.
We collect this information:
• Directly from you when you provide it to us.
• Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses and information collected through cookies, web beacons and other tracking technologies.
• From third parties, for example, our business partners.
Information You Provide to Us.
You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Site, or transmitted to other users of the Site or third parties (collectively, “User Content”). Your User Content is posted on and transmitted to others at your own risk. We cannot control the actions of other users of the Site with whom you may choose to share your User Content. Therefore, we cannot and do not guarantee that your User Content will not be viewed by unauthorized persons.
4. IP adresses
We may collect information about your computer or mobile device, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
5. Information collected by third party
For Google Analytics, please visit: https://www.google.com/analytics
For Segment.io, please visit: https://segment.com/docs/legal/privacy/
For Intercom, please visit: https://docs.intercom.com/pricing-privacy-and-terms/intercom-inc-privacy-policy
For Mixpanel, please visit: https://mixpanel.com/privacy/
For Hotjar, please visit: https://www.hotjar.com/privacy
The Information Collected by or Through Third-Party Advertising Companies
6. How we use your information
We use your information in line with data protection laws – in particular, the EU General Data Protection Regulation (GDPR).
It means we only use it where we have a legal basis to do so.
These are the general legal basis for which we use your information:
• Consent – you have given clear consent to us to process your personal information for a specific purpose.
• Our contract – processing your personal information is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
• Legitimate interests – processing your personal information is necessary for our legitimate interests or those of a third party, provided those interests are not outweighed by your rights and interests.
Here are the specific reasons we process your personal information:
• to allow you to access and use our Website and to register for an account;
• to provide you with the information, products and services that you request from us;
• to do things necessary for our business, such as pursuing debts or ensuring the security of our services and Website;
• to carry out statistical analysis and market research;
• for marketing, advertising and promotional purposes;
• for improving and maintaining our Website, preparing reports or compiling statistics in order to improve our services;
• to notify you about changes to our services and to keep you informed about our fees and charges; and
• with your consent only, to contact you (including by email or post) with information about our products and services which either you request, or which we feel will be of interest to you.
7. Managing our third-party service providers
The Company directly conducts the majority of data processing activities required to provide our Services to you. However, we do engage some third party service providers to assist in supporting these Services, including in the following areas:
• Our partner labs
• Customer Care
• Cloud storage
• Marketing and analytics
• IT and Security
Our rigorous selection process ensures each third party service provider complies with the GDPR and can deliver the appropriate level of security and data protection.
8. Links to third party websites
As a convenience to our site visitors, the Company website may contain links to a number of sites that may provide useful information. Links contained on the Company website that transfer you to a non-Company site are not maintained by the Company and may contain different information and/or different privacy policies from those of our Company. You may review the privacy policies of these websites and/or receive specific information regarding that site’s privacy policies and procedures after leaving the Company site. The Company is not responsible for the content or privacy practices of a non- Company website. The Company does not control, or have any input into, whether our business partners or internet-linked sites use or accept cookies on their sites.
9. Periodic Information / Promotions
When you register online for one of our services, you may be given the option of receiving periodic informational/promotional mail or email from The Company. You choose whether or not to receive correspondence when you provide this information or by changing your preferences within your registration profile or by following the instructions provided in the email at any time. The Company utilizes a third-party service to manage certain email communications.
10. Disclosure of your information
We may disclose aggregated or de-identified information about our users, and information that does not identify any individual, without restriction.
• To our subsidiaries and affiliates.
• To contractors, service providers and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by us about our Site users is among the assets transferred, and you agree to and do hereby consent to our assignment or transfer of rights to your personal information.
• To third-parties to market their products or services to you if you have not opted out of these disclosures. We contractually require these third parties to keep personal information confidential and use it only for the purposes for which we disclose it to them.
• To fulfill the purpose for which you provide it.
• For any other purpose disclosed by us when you provide the information.
• With your consent.
We may also disclose your personal information:
• To comply with any court order, law or legal process, including responding to any government or regulatory request.
• To comply with any state or local requirements regarding the disclosure of information for public health purposes, including reporting HIV and other sexually transmitted disease results to state public health regulatory bodies.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our company, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
11. What we don’t do with your data
• We will not sell, lease, or rent your individual-level information to any third party or to a third party for research purposes without your explicit consent.
• We do not share customer data with any public databases.
• We will not provide any personal’s data (genetic or non-genetic) to an insurance company or employer.
• We will not provide information to law enforcement or regulatory authorities unless required by law to comply with a valid court order, subpoena, or search warrant for genetic or Personal Information.
12. Accessing, downloading, and deleting your data
GDPR is about enabling individuals to find out what personal data we hold about them, why we hold it, and who we disclose it to.
How to access and download your data
As a the Company customer, you can access and download your data from within your account. Specifically, you can:
• Access and download your Company reports, genetic data, self-reported survey data, and other personal data at any time within your account.
• Request a copy of your personal data processed by The Company’s third-party service providers. We work with these third-party service providers to provide, analyze, and improve our Service.
• Learn more about accessing and downloading your personal data here.
How to delete your data
You can delete your Company account and data from within your account settings at any time. Once you submit and confirm your request, we will delete your data. Data deletion is permanent and cannot be canceled, undone, withdrawn, or reversed. Learn more about deleting your personal data here.
Other rights you have regarding your data
The Company customers in the EU have additional rights under the GDPR, including the right to object to the processing of their personal data, restrict the processing of their personal data, and to rectify inaccurate or incomplete personal data. Learn more about these rights here.
13. Your choices about how we use your information
You can choose not to provide us with personal data
If you choose to do this, you can continue to visit our website and browse its content, but we won’t be able to provide you with services, even if you have already paid for them.
We provide you with choices regarding the personal information you provide to us. We have created ways to provide you with the following control over your information:
• Promotional Offers from Us. If you do not wish to have your email address or other contact information used by us to promote our own or third parties’ products or services, you can opt-out by logging into the Site and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes or by sending an email stating your request to firstname.lastname@example.org. If we have sent you a promotional email, you may send us a return email asking to be omitted from future promotional email distributions. This opt out does not apply to information provided by us as a result of a product purchase, warranty registration, product service experience or other transactions.
• Targeted Advertising. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers’ target-audience preferences, you can opt-out by adjusting your user advertising preferences in your account profile by checking or unchecking the relevant boxes or by sending an email stating your request to email@example.com.
We do not control third parties’ collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative via their website.
14. Where do we store your data
The information that we collect from you may be transferred to, and stored with the Accredit Laboratory (as defined in the Conditions of Use) and any supplier of data processing and data hosting services to us at, a destination within the United States of America, or the European Economic Area (“EEA”). It may also be processed by staff operating inside the United States of America or EEA who work for any of them. Such staff maybe engaged in, among other things, the fulfilment of your order, the and the provision of data processing and data hosting services to us. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this privacy statement by imposing on any such supplier obligations of security and confidentiality.
All information you provide to us in purchasing a Product or Services are stored on our secure servers or else on secure servers used by our service provider. Any payment transactions effected by us, will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. You must not share a password with anyone.
Unfortunately, the transmission of information via the internet is not secure and if you request that we communicate with you using a secure means of communication, we can arrange to do this. Once we have received your information, we will impose obligations of confidentiality and security on any service provider to us who processes the information.
We maintain reasonable physical, electronic, standard security practices, including encryption, passwords and physical security measures, and managerial procedures to protect the security and confidentiality of your personal data. Only a limited number of our internal staff are authorized to access, delete or modify your data. We will make reasonable efforts to ensure that your privacy interests are protected.
15. Information for Customers in Designated Countries
This section only applies to individuals located in the European Economic Area (“EEA”), United Kingdom, or Switzerland (the “Designated Countries”).
a. Privacy Shield
The Company participates in and has certified its compliance with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union (EU), European Economic Area (EEA), and Switzerland to the United States, respectively. The Company is committed to subjecting all Personal Information received from the EU member countries, EEA and Switzerland, in reliance on the Privacy Shield Frameworks, to the Framework’s applicable Principles. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit U.S. Department of Commerce’s Privacy Shield List.
The Company is responsible for the processing of Personal Information it receives, under the Privacy Shield Frameworks, or subsequently transfers to a third party acting as an agent on its behalf. The Company complies with the Privacy Shield Principles for all onward transfers of Personal Information from the EU, EEA and Switzerland, including the onward transfer liability provisions.
With respect to Personal Information received or transferred pursuant to the Privacy Shield Frameworks, the Company is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, the Company may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
b. Our relationship with you
We are the “controller” with respect to your Personal Information because we determine the means and purposes of processing your information when using our Services.
c. Legal bases for processing Personal Information from the EU
We describe how we process your Personal Information in this Privacy Statement. We may process your Personal Information if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights or safety of The Company, our customers or others.
d. Direct Marketing
We will obtain your consent where required to send you marketing communications using electronic means. You may withdraw your consent at any time within your Account Settings or by emailing firstname.lastname@example.org We will only contact you by electronic means (email, push notification, SMS, etc.) with information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you.
We will only share your Personal Information with third parties for marketing purposes with your explicit consent. If you do not want us to use your Personal Information in this way, please review and update your Account Settings as necessary or contact us email@example.com. You may raise such objection with regard to initial or further processing for purposes of direct marketing at any time and free of charge. The withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
Other marketing activities will happen based on the legitimate interests of The Company. E.g., where we tailor marketing communications or send targeted marketing messages via post, phone or social media and other third party platforms; and in providing existing customers with information (via email or other channels) about similar products and services.
e. Privacy Rights
You can exercise your privacy rights by following the instructions below or contacting us at firstname.lastname@example.org. We will handle your request under applicable law. When you make a request, we may verify your identity to protect your privacy and security.
i. Right to withdraw consent. To the extent the Company requests and you provide your consent to the processing of your Personal Information, you can withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
ii. Right of access to and rectification of your Personal Information. Our site allows you to access and rectify certain Registration Information within your Account Settings, and your Self-Reported Information by going to the surveys page. You can download your raw Genetic Information within your Account Settings or by going to the applicable tool in “Tools.” If you would like to access or rectify any other information, contact Customer Care and we will do our best to assist you without undue delay. We may reject part or all of your request if responding to your request could adversely affect the rights and freedoms of others.
iii. Right to erasure (or, “Right to be Forgotten”). As explained under Section 5.d. (“Account Deletion”), we allow our customers to delete their accounts at any time. You can request erasure of Personal Information that: (a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) was collected in relation to processing to which you previously consented, but later withdrew such consent; or (c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing. If we have made your Personal Information public and we are required to erase such Personal Information, we will take reasonable steps, including technical measures, to inform controllers that are processing any links to or copies or replications of your Personal Information of your erasure request. Our assistance with your request for erasure is subject to limitations by relevant data protection laws, available technology and the cost of implementation.
iv. Right to data portability. If we process your Personal Information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your Personal Information in a structured, commonly used and machine-readable format, and to have us transfer your Personal Information directly to another controller, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. A “controller” is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of your Personal Information.
v. Right to restriction of our processing. You can restrict our processing of your Personal Information where one of the following applies: (a) you dispute the accuracy of Personal Information processed by the Company (for a period enabling us to verify its accuracy); (b) the processing is unlawful and you oppose the erasure of the Personal Information and request the restriction of its use instead; (c) the Company no longer needs the Personal Information for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims; and (d) you have objected to certain processing relying on legitimate interest, pending the verification whether The Company’s legitimate grounds override your rights. Restricted Personal Information shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will notify you if the restriction is lifted.
vi. Notification of erasure, rectification and restriction. We will provide notice to each recipient that we disclosed your Personal Information to regarding any rectification or erasure of Personal Information or restriction of processing, unless you initiated the disclosure or providing notice proves impossible or involves disproportionate effort. Upon your request, we will share the list of recipients with you.
vii. Right to object to processing. Where the processing of your Personal Information is based on consent, contract, or legitimate interests described under the Legal Bases for Processing heading above, you may restrict or object, at any time, to the processing of your Personal Information as permitted by applicable law. We may continue to process your Personal Information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
viii. Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you, except as allowed under applicable data protection laws.
ix. Retention of your Personal Information. Unless you make a request for us to delete your account or delete certain Personal Information (i.e., User Content, etc.), we will store your Personal Information as long as your account is open. If you request to delete your account, we will take the steps described under “Your Choices – Account Deletion” and delete all your Personal Information, unless a longer retention period is required or permitted by law.
The rights described above may be limited by local laws. Further, your right of access and deletion is not absolute and may not be available if fulfillment of such right would, among other things:
o cause interference with execution and enforcement of the law and legal private rights (such as in the case of the investigation or detection of legal claims or the right to a fair trial);
o breach or prejudice the rights of confidentiality and security of others;
o prejudice security or grievance investigations, corporate re-organizations, future and ongoing negotiations with third parties, the compliance with regulatory requirements relating to economic and financial management; or
o otherwise violate the interests of others or where the burden or cost of providing access would be disproportionate.
If you believe that we have infringed your rights, we encourage you to contact us so that we can try to address your concerns or dispute informally. Our contact information is:
Global Privacy Officer, NRJY, Inc.,
251 Little Falls drive
Wilmington, DE 19808
The Company’s commitment to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks entitle you to lodge a complaint via our Privacy Shield independent dispute resolution mechanism. To send your privacy complaints under the Privacy Shield Principles, please contact the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and/or to file a complaint.
As a last resort and under limited circumstances, EU, EEA and Swiss individuals with residual privacy complaints may invoke a binding arbitration option before the Privacy Shield Panel.
You also have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence, place of work, or place of alleged infringement. You can find the relevant supervisory authority name and contact details here: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en.
16. Automated decision processes
As an online provider, we make use of automated computer systems and processes to complete your transactions with us.
We may use some of the information you provide us, such as your age or sex, to provide you with offers which we believe are more likely to be relevant to you in the future. For instance, if you have bought a test in the past, we may use the fact of that purchase to suggest other tests that you may like to buy.
We don’t make use of the results of any tests you have bought to do this, and we do not otherwise ‘profile’ our customers or use automated decision making.
17. Children under the age of 18
This Site is offered and available to users who are 18 years of age or older. We do not collect or maintain information from people we actually know are under 18 years old. If we obtain actual knowledge that a user is under 18 years old, we will use our best efforts to remove that person’s information from our database. If you are not 18 years of age or older, you must not access or use the Site.
18. California Residents
Under California Civil Code Section 1798.83, California residents who have an established business relationship with the Company may choose to opt out of our sharing their Personal Information with third parties for direct marketing purposes. If you are a California resident and (1) you wish to opt out; or (2) you wish to request certain information regarding our disclosure of your Personal Information to third parties for the direct marketing purposes, please send an e-mail to email@example.com or write to us at:
251 Little Falls drive
Wilmington, DE 19808
In addition, the Company does not monitor, recognize, or honor any opt-out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals.
19. How we protect your information
We take commercially reasonable steps to protect the Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We follow generally accepted industry standards to protect the Information submitted to us, both during transmission and once we receive it. However, we cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Platform may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Site, you are responsible for keeping this password confidential. You should not share your password with anyone. We urge you to be careful about giving out information in public areas of the Site like message boards. The information you share in public areas may be viewed by any user of the Site.
We are not responsible for circumvention of any privacy settings or security measures contained on the Site.
20. Data retention
We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services contact us. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
21. Changes to this Privacy Statement
22. Cookies policy
The Company tracks visitors to our website by collecting data elements called cookies. Cookies collected from the Company website and mobile application are used to
(1) enable certain functions and tools on this website,
(2) assist in the navigation of the website,
(3) track resources and data used on this site,
(4) promote The Company’s products and services, and
(5) remember computer settings. the Company also collects other forms of non-personal information, such as browsers used to access our website, search terms used to find the website, and traffic referrals and links to our website. Cookies are not permanently maintained within our tracking system. You may prevent your computer from accepting cookies by modifying the properties on your web browser; however, stopping your computer from accepting cookies may limit your web browser’s functionality on the Company website. the Company uses the services of Google Analytics software to analyze traffic to the various the Company webpages. Neither of these programs creates individual profiles for visitors, nor does the Company collect any personally identifying information using these services. Data collected regarding site usage is compiled in aggregate to improve the performance of the site. If you do not wish your information to be included in this aggregated data through Google Analytics, you can download and install Google’s “Google Analytics Opt-out Browser Add-on” available here. If you do not wish your information to be included in this aggregated data through Google Analytics modify the properties on your web browser to prevent your computer from accepting cookies, as described above.
Risks and Considerations
There may be some consequences of using the Company Services that you haven’t considered.
• You may discover things about yourself and/or your family members that may be upsetting or cause anxiety and that you may not have the ability to control or change.
• In the event of a data breach it is possible that your data could be associated with your identity, which could be used against your interests.
23. Contact Information
If you have questions about this Privacy Statement, or wish to submit a complaint, please email The Company’s Privacy Administrator at firstname.lastname@example.org, or send a letter to:
251 Little Falls drive
Wilmington, DE 19808