echiDNA Privacy Policy

Last Updated: July 1, 2025

Your privacy is of paramount importance to us, especially given the sensitive nature of genetic information. This Privacy Policy explains how echiDNA (referred to as "we", "us" or "our") collects, uses, discloses and protects information, including genetic and health-related data, that you provide when you use our website, www.echidnapathlabs.com (the "Site"), and our genetic laboratory services.

By using the Site and our services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect various types of information in connection with the services we provide, including:

a. Personal Information

This refers to information that can be used to identify you personally. We may collect Personal Information when you:

  • Register an account: Such as your name, email address, physical address, phone number, date of birth and password.

  • Order genetic testing services: This includes billing information, shipping address for sample collection kits and potentially health-related information necessary for interpreting genetic results.

  • Submit biological samples: Such as saliva or blood samples for DNA extraction and analysis.

  • Contact us: When you send us emails or other communications, we may collect your name, email address and the content of your message.

  • Participate in surveys or promotions: Information you provide when participating in voluntary surveys or promotions.

  • Submit content: If the Site allows user-generated content, we may collect information associated with your submissions.

b. Genetic and Health Information

This is highly sensitive information derived from your biological samples and related health data. We collect:

  • Genetic Data: Information about your DNA, including raw genotype data, DNA sequences, genetic variants and other genomic information obtained from the analysis of your biological samples.

  • Self-Reported Health Information: Information you voluntarily provide about your health conditions, medical history, family history, lifestyle and other phenotypic data that may be relevant to genetic analysis.

  • Ancestry Information: Information about your ancestral origins derived from your genetic data.

  • Research Data: If you provide explicit consent, data derived from your genetic and health information may be used for research purposes, which may include aggregated or de-identified data shared with research partners.

c. Non-Personal Information

This refers to information that does not directly identify you. We may collect Non-Personal Information automatically as you navigate through the Site, including:

  • Usage Data: Information about how you access and use the Site, such as your browsing history, pages viewed, time spent on pages and clickstream data.

  • Device Information: Information about the device you use to access the Site, including your IP address, browser type, operating system, unique device identifiers and mobile network information.

  • Cookies and Tracking Technologies: We use cookies and similar tracking technologies (like web beacons and pixels) to track activity on our Site and hold certain information. Cookies are small data files stored on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.

2. How We Use Your Information

We use the collected information, particularly your genetic and health data, for the following specific purposes:

  • To provide and maintain our Site and Services: Including processing your orders, delivering genetic test results, and monitoring the usage of our Site.

  • To manage your account: To manage your registration as a user of the Site and to provide you access to your genetic reports and other functionalities.

  • To perform genetic analysis: To extract DNA from your samples, analyse your genetic data, and generate personalised genetic reports based, on your consent and the services ordered by your healthcare professional.

  • To provide personalized insights: To offer insights related to your health, ancestry or other traits based on your genetic data, as per the scope of the services.

  • For research and development (with explicit consent): If you provide explicit consent, your de-identified or aggregated genetic and health information may be used for internal research and development, to improve our services, or for scientific research in collaboration with academic or commercial partners. Your individual genetic data will never be shared for research without your express, separate consent.

  • To contact your health providers: To enable them to contact you by email, telephone, SMS or other equivalent forms of electronic communication in regards to your tests orders, results, updates, or informative communications related to the functionalities, products, or contracted laboratory services, including security updates, when necessary or reasonable for their implementation.

  • To provide you with news, special offers and general information: About other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about, unless you have opted not to receive such information.

  • To improve our Site and Services: To understand how our users interact with the Site and our services and to enhance its functionality, content, and user experience.

  • For analytics: To perform data analysis, identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Site, products, services, marketing and your experience.

  • For business transfers: We may use your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our Site users is among the assets transferred, according to relevant privacy and medical services laws.

  • For other purposes: We may use your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate or improve our Site, products, services, marketing and your experience.

3. Consent for Genetic Data

By submitting your biological sample and using our genetic testing services, you provide your explicit consent for us to:

  • Process your biological sample to extract your DNA.

  • Analyse your DNA to generate your genetic data.

  • Process your genetic data to generate genetic reports and insights as per the services you ordered.

  • Store your genetic data and biological samples (if applicable and consented to according to all local laws and regulatory requirements) for the duration specified in this policy or until you request deletion.

Separate Consent for Research: We will always seek your separate, explicit and informed consent before using your individual genetic data or biological samples for any research purposes beyond the direct provision of the services you ordered. You will have the option to opt-in or opt-out of such research without affecting the core services.

4. Disclosure of Your Information

We take the sharing of your sensitive genetic and health information very seriously. We may share your information in the following situations, always striving to protect you by adhering to applicable privacy laws and regulations:

  • With Service Providers: We may share your Personal Information (including genetic data, where necessary for service provision) with third-party service providers who perform services on our behalf, such as sample processing laboratories, data storage providers, IT support, and analytics providers. These service providers are contractually obligated to protect your data and use it only for the purposes for which we disclose it to them.

  • For Business Transfers: We may share or transfer your Personal Information (including genetic data) in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all, or a portion of, our business to another company. In such cases, we will ensure that the acquiring entity adheres to this Privacy Policy or provides a comparable level of protection for your data.

  • With Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honour this Privacy Policy. Affiliates include our parent company and any other subsidiaries, joint venture partners or other companies that we control or that are under common control with us.

  • With Business Partners (with consent or de-identified): We may share your information with our business partners to offer you certain products, services or promotions, but only with your explicit consent or if the data is aggregated and de-identified, such that it cannot be linked back to you.

  • With Other Users: When you share personal information or otherwise interact in public areas with other users, such information may be viewed by all users and may be publicly distributed outside. Note: We strongly advise against sharing sensitive genetic or health information in public areas.

  • For Legal Reasons and Law Enforcement: We may disclose your information, including genetic data, if required to do so by law or in response to legally valid requests by public authorities (e.g., a court order or government agency request). We will resist decline such requests where legally permissible and notify you, unless prohibited by law.

  • To Protect Our Rights: We may disclose your information when we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person, or as evidence in litigation in which we are involved.

  • With Your Explicit Consent: We may disclose your Personal Information, including genetic data, for any other purpose, but only with your specific and explicit consent.

De-identification and Aggregation: We may de-identify or aggregate your genetic and health information so that it cannot reasonably be used to identify you. This de-identified or aggregated data may be used for research, statistical analysis or to improve our services and may be shared with third parties for these purposes, without further consent.

5. Retention of Your Personal Information and Genetic Data

We will retain your Personal Information and Genetic Data only for as long as is necessary for the purposes set out in this Privacy Policy, to provide you with services, or as required by law.

  • Genetic Data: Your raw genetic data and derived results will be retained for 10 years —until you request deletion— or —as long as your account is active and for a reasonable period thereafter to allow for re-analysis or follow-up services—. This retention period is mandated under our NATA accreditation and allows for future re-analysis, updates to scientific knowledge, and potential re-issuance of reports. In certain circumstances we may retain the data for longer than the minimum mandated retention periods. If you do not wish for this to happen, you can contact the laboratory following the minimum retention period to request disposal of your data.

  • Biological Samples: Your biological samples will be stored securely for 1 year after analysis. In certain circumstances, we may retain the sample for longer than the minimum mandated retention periods. If you do not with for this to happen, you can contact the laboratory following the minimum retention period to request disposal of your sample.

  • Usage Data: Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Site, or we are legally obligated to retain this data for longer time periods.

You have the right to request the deletion of your genetic data and the destruction of your biological samples at any time, subject to legal and contractual obligations.

6. Security of Your Personal Information and Genetic Data

The security of your Personal Information and especially your Genetic Data is of utmost importance to us. We implement robust technical and organisational measures to protect your data from unauthorised access, disclosure, alteration and destruction. These measures include:

  • Encryption: Data is encrypted both in transit (e.g. using SSL/TLS) and at rest.

  • Access Controls: Strict access controls are in place, limiting access to your genetic data only to authorised personnel who require it to use it to perform their duties.

  • Physical Security: Our laboratory and data centres employ physical security measures to prevent unauthorised access.

  • Regular Audits and Assessments: We regularly audit our security practices and conduct vulnerability assessments to ensure the ongoing integrity and security of our systems.

  • De-identification/Anonymisation: Where appropriate, we de-identify or anonymise data to further protect your privacy, especially for research purposes.

While we strive to use commercially acceptable means to protect your Personal Information and Genetic Data, please note that no method of transmission over the Internet or method of electronic storage is 100% secure.

7. Your Data Protection Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Information and Genetic Data:

  • Right to Access: You have the right to request copies of your Personal Information and Genetic Data held by us.

  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

  • Right to Erasure (Right to be Forgotten): You have the right to request that we erase your Personal Information and Genetic Data, under certain conditions.

  • Right to Restrict Processing: You have the right to request that we restrict the processing of your Personal Information and Genetic Data, under certain conditions.

  • Right to Object to Processing: You have the right to object to our processing of your Personal Information and Genetic Data, under certain conditions.

  • Right to Data Portability: You have the right to request that we transfer the data personal information that we have collected to another organisation, or directly to you, under certain conditions.

  • Right to Withdraw Consent: You have the right to withdraw your consent for the processing of your genetic data at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us through your healthcare provider using the details provided in the "Contact Us" section. We will respond to your request within a reasonable timeframe and in accordance with applicable laws.

8. Links to Other Websites

Our Site may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

9. Children's Privacy

Our Site and services are not intended for use by children under the age of 18. We do not knowingly collect personally identifiable information or genetic data from children under 18 without explicit parental or guardian consent and appropriate legal authorisation. If you are a parent or guardian and you are aware that your child has provided us with Personal Information or biological samples without appropriate consent, please contact us. If we become aware that we have collected such information from anyone under the age of 18 without verified parental consent, we will take steps to remove that information and destroy any associated samples from our servers and laboratory.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or legal requirements. Notification of any significant changes will be by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Site, prior to the change becoming effective and update the "Last Updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Contact Us

If you have any questions about this Privacy Policy, or if you wish to exercise your data protection rights, you can contact us:

  • By email: enquiries@echidnapathlabs.com