deCODEme Privacy Policy

Your privacy is very important to us

Privacy Policy

deCODE Genetics has been working in large scale population genetic research for over ten years and has always focused on using the highest standards in data security and privacy policies. deCODEme is no different – we believe that genetic information is both personal and private. You should have total control over access to your deCODEme account and be the one who decides who can compare or share your information.

User accounts

deCODEme allows you to select your username at will, as long as it doesn’t conflict with existing usernames of other people. Email addresses are required for contacting deCODEme users; however, many users can in principle share the same email address. Thus, email cannot be used to directly identify users and users can change email addresses once the account has been created.

User profile (my settings) visibility and friends

Users are free to enter further information about themselves into their user profile (my settings) or settings, such as gender, date of birth, or even their full names if the so choose. In every case, they can specify who is able to share their user attributes: make the attribute visible to all deCODEme users, visible only to their friends, or fully private and visible only to themselves.

Friends are created by sending invitations to existing users or by sending an email to potential future users. In both cases, the individuals have to accept the invitation in their invitation inbox or by following a link in the email they receive. Friendships are reciprocal, i.e. if user A is the friend of user B then user B is also the friend of user A. Finally, existing friendships can be terminated simply by removing users from the friend lists.

Genetic data

Once a Genetic Scan has been bought and processed, users can use the various analysis features in the deCODEme website. What features are available may depend on the type of the Genetic Scan. As an example of features are genetic risk calculations and comparison of genetic variants with the corresponding variants of their friends, e.g. relationship analysis and genetic sharing. In both cases, the user has full control over it who can compare his genetic data and what details are made visible.

The user owns their genetic data and therefore we do not keep the data locked from the user in the deCODEme website. Users are free to save the genotypes from the Genetic Scan calculations, however, we urge them to ensure the security of the data once it is on their computer, e.g. by encrypting the data file.

Our use of your personal data

User attributes, public or private, will be used by deCODE only to gather statistical aggregate information about the users of the deCODEme website. Such analysis may include, but is not limited to; counting the number of users grouped by age, or associating genetic variants with any of the self reported user attributes. In the process of presenting any such statistical information, deCODE will ensure that users identities are not exposed.

deCODE may disclose your personal information only if we believe such action is necessary to: comply with the law or legal process served upon deCODE or to protect and defend the rights or property of deCODE in relation to your agreement with deCODEme. Except for the above, deCODE will under no circumstances provide any 3’rd party, including insurance companies, health management organizations, hospitals, and government agencies, access to any of your personal data or data derived from your samples, unless you grant us an explicit authorization in your privacy settings.

The use of email addresses

Email addresses, provided by users, are only used for the purposes of contacting users in relation to the services of the deCODEme website, e.g. for friend invitations or for the deCODEme newsletters. Under no circumstances will the email addresses be provided to 3rd parties. Users can choose to opt out from deCODEme newsletters and from invitations to participate in research studies by deCODE genetics.

Since email is not guaranteed to be secure or private, users can choose to disable the “forgot password option”, i.e. the option to allow the deCODEme system to send out password renewal invitation in email.

Secure Socket Layer

Once you log into your code page (myCODE) from the deCODEme home page, all data transfer between the deCODEme web-server and your web client is encrypted using the HTTPS protocol. deCODEme uses public-key pairs, private key and a certificate, issued by Verisign. Your web browser should be configured to authenticate such certificates.

Cookies

deCODEme uses cookies to maintain secure sessions with clients. Cookies are small files that are placed on your hard disk by your browser and automatically uploaded by the web browser to the web server in the domain that issued the cookie. deCODEme cookies have time expiration and are intelligible to any other applications.

Page caching

Some deCODEme pages contain disease related information that is based on people’s gene profile. Users should keep this in mind when they access their data from an insecure client computer because some browsers may cache the content of these pages to the hard disk drive.

Sample measurements

The buccal swab sample and the DNA extracted from the sample will be stored by deCODE only for the time necessary to perform the Genetic Scan and will be discarded upon successful measurements. Thus, deCODE will only use buccal swab samples and samples derived from them for the specific measurements ordered by its customers.

Data storage and archival

deCODE uses a state-of-the-art network and storage infrastructure. Our server rooms have rigorous access restrictions and our policies and development procedures have in the past been designed to meet the requirements of SOX and FDA.

deCODE guarantees that Genetic Scan data is always accessible at deCODEme for a minimum of 3 months after it was generated. This does not mean that data will be deleted from deCODEme servers after that. However, in the unlikely case of a catastrophic failure of the disk storage systems, users with older data may be required to upload their data to deCODEme, whereas users whose data is less than 3 months old can request to have a new Genetic Scan carried out, free of charge.

Termination of your account

If you choose to terminate your account your account will be deactivated. To prevent your accounts from being accidentally or maliciously removed, the termination request is not executed until 60 days after initiation. During this time period, you can always attempt to re-login to your account and reactivate it.

If your account is not reactivated within the time frame specified above, your data will be deleted from all the operational systems at deCODEme and eliminated from all future backup restores of the operational systems. However, the data may not be eliminated from all historical archival tapes of the operational systems.

Changes to this Privacy Policy

deCODE reserves the right to update this privacy policy. In such an event, you will be notified through our newsletter and we will update the revision date of the policy.

Last revised on April 16, 2012.

Version: 34