Privacy Policy
Molecular You Corporation (“Molecular You”, “MYCO”, “We”, “we”, “Us”, “us”, “Our” or “our”) is committed to protecting your privacy. This Privacy Policy applies to the collection, use and disclosure of personal information, including personal information relating to you (“you”, “You”, “user” or “User”), by MYCO in connection with your use of the Services accessed through the Molecular You website, including the website located at [https://molecularyou.com/], the MyHealthIntelligence
TM platform, or any other MYCO website (collectively, the “MYCO Site”), or software application of MYCO (the “MYCO App”), and any and all products, software, services, mobile applications, features, tools, reports, action plans and web applications made available through and in association with the Molecular You Personalized Health Platform, including MYCO’s molecular profiling analysis and related services and web site (including but not limited to text, graphics, images, and other material and information) as accessed from time to time by the user, regardless if the use is in connection with an account or not (collectively, the “Services”).
1. COLLECTION OF PERSONAL INFORMATION
1.1 Through the MYCO Site, the MYCO App and the Services, and subject to your consent, MYCO collects information about identifiable individuals (the “Personal Information”) relating to use of the MYCO Site and the Services by Users. Personal Information includes: (i) information you provide about yourself when registering for and/or purchasing our Services (e.g. name, email, address, user ID and password, and payment information (collectively, the “Registration Information”); (ii) information regarding your Biomarker Information that we generate from your samples and other information (including Genome, Proteome, Metabolome, Exposome, Microbiome and Phenome; the “Biomarker Profile”) and other test results (whether Biomarker-related or not), generated or supplied by MYCO or by its contractors, whether through processing of your saliva, blood, urine and fecal matter or any other means of analyzing your samples, as well as any other test results that we generate from testing or analyzing your samples in the course of providing the Services to you (collectively, the “Biomarker Information”); and (iii) information about yourself that you enter into surveys, forms, or features while signed into your MYCO account (including via the “About Me: Phenomic Profile” section or another section of the MYCO Health Intelligence Platform), including what you reported concerning your disease conditions, other health-related information, personal traits, ethnicity, family history, and other information that you enter into surveys, forms, or features while signed in to your MYCO account, and any other information about yourself (other than the foregoing information) that you supply to us in one form or another, as well as any third party generated results or information about yourself that you supply to us, that you have a third party supply to us such as medical record or other data provided by your health care provider(s), or health claims information, or that you approve MYCO requesting and obtaining from a third party that you identify for us (collectively, the “Self-Reported Information”).
1.2 Personal Information does not include de-identified or anonymized versions of the Personal Information, including versions of the Biomarker Information and Biomarker Profile with your identity removed, versions of any other data generated from samples with your identity removed, and versions of any information that MYCO is provided about you (other than identifying information such as your name and contact information, and the Registration Information) with your identity removed; for avoidance of any doubt, information about you is de-identified (your identity is removed) when personal identifiers about you are removed from the applicable information, excluding genetics and other Biomarker Information which will remain as part of the de-identified information.
1.3 MYCO only collects such Personal Information as is required to provide the Services to you. If the personal information we require is collected for a reason other than as outlined in this Privacy Policy, your consent will be obtained before or at the time the information is collected.
1.4 You may view your Personal Information on file with MYCO, and may request that corrections be made to your Personal Information on file with MYCO. Any requests to view your Personal Information on file with MYCO or to make corrections to your Personal Information on file with MYCO can be directed to MYCO’s privacy officer at Suite 307, 788 Beatty Street, Vancouver (the “Privacy Officer”).
2. USE OF PERSONAL INFORMATION
2.1 Personal Information submitted to us, whether through the MYCO Site, the MYCO App, the Services, your samples, or otherwise, may be used by us for the purposes specified in this Privacy Policy, the Consent Form, any agreement between MYCO and you or as otherwise communicated to you in connection with your use of the Services including but not limited to any IRB approved study documentation such as a study Participant Information and Consent Form. In addition to the other purposes identified in this Privacy Policy, MYCO may use your Personal Information to: (i) carry out the Services; (ii) administer and operate and maintain the MYCO Site and applications and the provision of the Services; (iii) test and analyze samples that you provide; (iv) generate and maintain Biomarker Profiles and other Biomarker Information; (v) personalize the Services and aspects of the MYCO Site and applications; (vi) to keep you informed about software updates; (vii) process transactions related to your use of the Services; (viii) handle inquiries, complaints, submissions and feedback relating to the Services and/or the MYCO Site and applications; (ix) contact you with your consent, including to promote, update, and announce new, improved or expanded Services or products, special offers, or other useful information pertaining to your needs; (x) store your Personal Information for providing the Services; (xi) maintain copies or backups of your Personal Information for security and archival purposes where we consider it appropriate; (xii) verify compliance with agreements between you and us; (xiii) improve the Services and the MYCO Site and applications; (xiv) generate De-Identified Information for ongoing research and development and commercial use by MYCO and its affiliates to enhance and expand upon our Services, systems, software, databases and offerings; (xv) conduct surveys or research about your opinion of current Services or of potential new Services that may be offered in the future; (xvi) track and monitor your activity through the web site and applications and the Services; (xvii) comply with legal and regulatory requirements; and (xviii) achieve other purposes as may, from time to time, be permitted by law.
MYCO may also use de-identified versions of your Biomarker Information and any other data generated from your samples and any information that MYCO is provided about you (collectively, the “De-Identified Information”) to: (i) conduct scientific and commercial research and development with the purpose of advancing personal care in human performance and health and improving and furthering the products and services we provide; (ii) conduct surveys and/or research relating to the opinion of customers and potential customers with respect to the Services or of potential new Services that may be offered in the future; (iii) publish or have published observations, analyses, data and/or results in scientific journals or other publications; (iv) advance and implement our commercial business and engage in commercial activity to further our business, including through enhancement and expansion of our Services, systems, software, databases, products and offerings; (v) engage in research and development that result in the development of commercial products or services; (vi) the same extent as provided for Personal Information in the paragraph immediately above; and (vii) conduct data analysis in connection with any of the foregoing activities. Any Personal Information used for scientific or commercial purposes, including with third parties, will be stripped of any identifiable information and anonymized (i.e. it will be De-Identified Information), meaning your personal identifiers about you such as your name, contact information, and your physician’s identity will be removed (excluding genetic information and other biomarker information, which will remain as part of the de-identified information).
We may engage other companies and individuals (“Third Party Service Providers”) and other researchers, investigators, and organizations (“Research Partners”) to carry out some or all of the uses of the Personal Information and/or De-Identified Information referred to in the foregoing paragraphs, and/or to perform some or all of the Services on our behalf. Third Party Service Providers and Research Partners may require or be provided with access to your Personal Information. We make commercially reasonable efforts to ensure that all Third Party Service Providers and Research Partners acting on our behalf provide a comparable level of protection for your Personal Information to the level of protection that we provide, as set out in this Privacy Policy.Applicable laws described in Section 6.1, below, divide uses and disclosures of PHI into those which can be done without Participant authorization and those which require Participant authorization. Section IV describes uses and disclosures that can be done without Participant authorization. Section V describes uses and disclosures that can be made only with written Participant authorization.
Permissible Uses and Disclosures Without A Written Authorization
Uses and Disclosures For Treatment, Payment and Health Care Operations. MYCO may use and disclose PHI under United States federal law in order to provide treatment, receive payment or engage in healthcare operations.
Research. We may also use your de-identified PHI to run (or authorize third parties to run) statistical or other research on individual or aggregate health or medical trends. Such research would only use your PHI in an anonymous manner that cannot be tied directly back to you.
Disclosure to Relatives, Close Friends and Other Caregivers. MYCO may use or disclose PHI to a Participant’s family member, other relative, a close personal friend or any other person identified by a Participant if MYCO (1) obtains and documents the Participant’s authorization; (2) provides the Participant with a confidential opportunity to object to the disclosure and the Participant does not object; or (3) reasonably infers from the circumstances and in the MYCO provider’s professional judgment, that the Participant’s condition is dependent upon such a disclosure and/or that the Participant would not object given the circumstances. If a Participant is not present, or the opportunity to agree or object to a use or disclosure cannot practicably be provided because of incapacity or an emergency circumstance, MYCO personnel may exercise professional judgment to determine whether a disclosure is in the best interest of the Participant. If MYCO discloses information to a family member, other relative or a close personal friend without an authorization, MYCO would disclose only information that MYCO believe is directly relevant to the person’s involvement with the health care or payment related to the Participant’s health care. MYCO may also disclose PHI in order to notify (or assist in notifying) such persons of a Participant’s location, general condition or death.
Public Health Activities. MYCO may disclose PHI in order to comply with public health requirements, including but not limited to: (1) to report certain diseases, conditions or other findings to public health authorities for the purpose of preventing or controlling disease, injury or disability; (2) to report suspected abuse or neglect to a governmental authority, including a social service or protective services agency, authorized by law to receive reports of such abuse or neglect; (3) to report information about products and services under the jurisdiction of the U.S. Food and Drug Administration; or (4) to alert a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition (under specifically limited circumstances).
Health Oversight Activities. MYCO may disclose PHI to a health oversight agency that oversees the health care system and is charged with responsibility for ensuring compliance with the rules of government health programs such as Medicare or Medicaid and civil rights laws.
Judicial and Administrative Proceedings. MYCO may disclose PHI in the course of a judicial or administrative proceeding in response to a legal order or other lawful process.
Law Enforcement Officials. MYCO may disclose PHI to the police or other law enforcement officials as required or permitted by law or in compliance with a court order or a grand jury or administrative subpoena.
Uses or Disclosures Required By Law. MYCO may use and disclose your PHI when required to do so by any other law not already referred to in the preceding categories.
Uses and Disclosures Requiring Written Authorization
MYCO only may use or disclose PHI when it receives a written authorization for such use or disclosure for any purpose other than the ones described above, and as described below.
HIV/AIDS Related Information. MYCO shall only disclose PHI related to HIV or AIDs with the express authorization of the Individual, and for those reasons listed above.
Behavioral Health Information. Consistent with U.S. State and Federal laws, MYCO will only disclose Behavioral Health Information pursuant to a valid written authorization. The confidentiality of alcohol and drug abuse Participant records maintained by MYCO is protected by federal and state law and regulations. MYCO may not disclose drug and alcohol medical records without a Participant’s written authorization.
Rights Regarding Your Protected Health Information
For Further Information; Complaints. Further information, concerns or complaints about MYCO’s privacy practices, or about any violations of Participant privacy rights or disagreements with a decision that MYCO made regarding access to PHI, should be addressed to the MYCO Privacy Office, at the following address:
Haiyan Yang
Chief Privacy Officer
Suite 307, 788 Beatty Street
Vancouver, BC, Canada
V6B 2M1
Privacyofficer@molecularyou.com
In the United States, a Participant may also file written complaints with the Office of Civil Rights of the U.S. Department of Health and Human Services, at the following address:
Office for Civil Rights:
https://www.hhs.gov/hipaa/filing-a-complaint/complaint-process/index.html
Or
Centralized Case Management Operations
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Room 509F HHH Bldg.
Washington, D.C. 20201
Or, Email to
OCRComplaint@hhs.gov
MYCO will not retaliate against any person who reports a privacy issue or files a complaint with the Director of OCR/HHS or with the Privacy Officer.
Right to Request Restrictions. As provided in the MYCO Consent and Authorization Form
, a Participant may request restrictions on MYCO’s use and disclosure of PHI (1) for treatment, payment and health care operations, (2) to individuals (such as a family member, other relative, close personal friend or any other person identified by the Participant) involved with care or with payment related to care, or to prevent or limit the notification of such individuals regarding a Participant’s location and general condition. While MYCO will consider all requests for restrictions carefully, MYCO is not required to agree to a requested restriction.
Right to Receive Confidential Communications. A Participant may request, and MYCO will accommodate, any reasonable written request to receive his or her PHI by alternative means of communication or at alternative locations. Requests should be made to the Privacy Office in writing.
Right to Revoke Your Authorization. A Participant may revoke his or her Authorization, except to the extent that MYCO has taken action in reliance upon it, by delivering a written revocation statement to the Privacy Office identified above.
Right to Inspect and Copy Health Information. A Participant may request access to medical record files and billing records maintained by MYCO, if any, in order to inspect and request copies of the records. Under limited circumstances, MYCO may deny access to a portion of such records. Record requests must be made in writing to the Privacy Office. MYCO will charge $1.00 per page, for the first 100 pages, and $0.25 per page after that, up to a maximum of $200.00 per record, plus postage costs if mailing is requested.
Right to Amend Records. Each Participant has the right to request that MYCO amend Protected Health Information maintained in MYCO’s medical record file or billing records, by making such a request in writing to the Privacy Office. MYCO will comply with such requests unless MYCO believes that the amendment is inaccurate or would result in an inaccurate or incomplete record.
Right to Receive An Accounting of Disclosures. Upon written request to the Privacy Office, MYCO will provide a Participant with an accounting of certain disclosures of PHI made by MYCO during any period of time prior to the date of said request to the Effective Date, provided such period does not exceed six years.
2.2 Personal Information that we collect may be uploaded, moved, stored, processed in, backed up, transmitted and/or transferred between any of the countries in which we operate or do business (including across international borders), in our discretion, in order to enable us to use the Personal Information in accordance with this Privacy Policy, and you consent to the same.
3. WHEN MYCO MAY DISCLOSE YOUR PERSONAL INFORMATION
3.1 Any Personal Information provided by you, or that is derived by or through the MYCO Site and/or the Services, including your Biomarker Information and Self-Reported Information, is not sold, traded, rented, shared or otherwise transferred by us with any third party without your consent, except as described in this Privacy Policy and any agreement between you and us.
3.2 We may disclose your Personal Information on a need-to-know basis to our employees, officers, agents, Third Party Service Providers, Research Partners or subcontractors, to the extent that such disclosure is reasonably necessary for the purposes set out in Sections 2.1 and 2.2 of this Privacy Policy. We may also disclose your Personal Information to the extent required by law.
4. WE LIMIT COLLECTION OF YOUR PERSONAL INFORMATION THROUGH THE WEBSITE
4.1 Your express, written consent is obtained, through the Consent Form, to collect, use or disclose Personal Information when you sign up with MYCO, for the purposes of availing MYCO’s Services. Implied consent is obtained in circumstances where a customer relationship already exists, express consent has previously been given, or the purpose of using the personal information is reasonably apparent to you. You can change your consent preferences at any time by contacting MYCO’s designated Privacy Officer at the address referred to in section 1.4 above.
4.2 You may withdraw your consent to the collection, use and disclosure of your Personal Information by MYCO as set out in this Privacy Policy at any time by writing to the Privacy Officer at the address noted above in section 1.4. Withdrawal of your consent to the collection, use and/or disclosure of your Personal Information as set out in this Privacy Policy may mean that MYCO is no longer able to deliver the Services and that any fees paid by you will be non-refundable and forfeited by you. If you withdraw your consent to the collection, use and disclosure of your Personal Information as set out in this Privacy Policy, any De-Identified Information generated from or based on your Personal Information before consent is withdrawn will continue to be retained and used by MYCO.
5. WE LIMIT RETENTION OF YOUR PERSONAL INFORMATION
5.1 We may receive and store certain types of computer information whenever you interact with the MYCO Site or the Services. Examples of the information that we may automatically receive and store may include the Internet protocol (IP) address used to connect your computer to the Internet; computer and connection information such as browser type and version, operating system, and platform; and the full Uniform Resource Locators (URL) click stream to, through, and from our MYCO Site, including date and time information relating to your visits.
5.2 Such automatically gathered information may be used by MYCO for the operation of the Services provided to you via the MYCO Site or otherwise, to maintain the quality of the Services provided through the MYCO Site or otherwise, and to provide MYCO with general statistics relating to use of the Services and/or MYCO Site. We may use IP addresses to analyze trends, administer the site, and track user’s movement, to determine what Services are the most popular, advertise, and gather broad demographic information for aggregate use. Although we do receive IP addresses, we do not use them to identify you personally or disclose them to others.
6. WE KEEP YOUR PERSONAL INFORMATION UP TO DATE AND ACCURATE
6.1 MYCO secures your Personal Information from unauthorized access, use and disclosure by third parties. We use a variety of physical, electronic, and managerial procedures in order to protect the Personal Information that we collect. This includes maintaining computer equipment, networks, programs, and documentation to a high standard and restricting access to equipment and information to appropriate staff. The MYCO database holding personal health information was developed according to the principles of Privacy by Design and has advanced features for privacy, security, and governance. Sophisticated controls for data de-identification and audit logging for compliance reporting are employed. MYCO’s database security is aligned with the Personal Information Protection and Electronic Documents Act, SC 2000, c 5 (PIPEDA), the Freedom of Information and Protection of Privacy Act, RSBC 1996, c 165 (FIPPA), the E-Health (Personal Health Information Access and Protection of Privacy) Act, SBC 2008, c 38, the Personal Health Information Protection Act, 2004, SO 2004, c 3, Sch A (PHIPA), the Personal Information Protection Act, SBC 2003, c 63 (PIPA) and the Health Insurance Portability and Accountability Act (HIPAA, US) requirements, as well as applicable state laws including the California Consumer Privacy Act of 2018 (the “CCPA”) for California residents, and information is hosted in locked cabinets in a secure data centre. All of our Third Party Service Providers and Research Partners are required under their contracts with us to use commercially reasonable efforts to maintain your confidentiality and may not use your information for any unauthorized purpose. We review our procedures and security measures regularly to ensure that they are properly administered and remain effective and appropriate for the sensitivity of the information.
6.2 There are always risks associated with providing Personal Information and sensitive data, whether in person, by phone, mobile, or tablet device, via the Internet or via other technologies. You acknowledge that the transmission of information and data over the Internet is inherently insecure, and there are no security systems that are completely safe or fool-proof against hacking or tampering. MYCO endeavours to take commercially reasonable precautions to prevent and minimize such risks in connection with your Personal Information, but MYCO offers no (and hereby expressly disclaims any) guarantee, representation, warranty, or covenant of any kind with respect to securing your Personal Information from unauthorized access, use and disclosure by third parties.
6.3 You are solely responsible for controlling access to your accounts associated with the MYCO Site and/or the Services, and maintaining the confidentiality and security of your accounts and related password information.
6.4 Personal Information shall not be kept by MYCO for any longer than is necessary for the purposes identified in this Privacy Policy. Personal Information that is no longer required to fulfil the purposes identified in this Privacy Policy will be destroyed, erased, or converted to De-Identified Information.
7. THE SECURITY OF YOUR PERSONAL INFORMATION IS A PRIORITY FOR MYCO
7.1 The MYCO Site may include hyperlinks to, and details of, third party web sites or Internet resources. MYCO does not endorse, approve of, verify, attest to, or offer any representation or warranty with respect to, the accuracy of the content of such websites that are linked. If you decide to leave the MYCO Site and access these third-party sites, you do so at your own risk.7.2 When you click on one of these links, you are contacting another web site or Internet resource that may collect information about you including Personal Information, voluntarily or through cookies. The privacy policies of such third parties may not mirror those of MYCO. MYCO has no control over other web sites or Internet resources or their policies regarding the collection, use and disclosure of your Personal Information, and MYCO accepts no responsibility or liability for the privacy practices of third parties, including any unauthorized collection, use or disclosure of your Personal Information through third party web sites or Internet resources. Use of these web sites is at your own risk.
8. WHAT ABOUT LINKS TO OTHER WEBSITES?
8.1 Our Privacy Policy may be amended from time to time. We encourage you to review the current Privacy Policy from time to time. The collection, use and disclosure of Personal Information by MYCO will be governed by the version of this Privacy Policy in effect at that time. All new, amended, or otherwise modified terms take effect immediately. We will alert you and ask for your consent if at any time there are changes that could affect the use of your Personal Information.
9. WE PROVIDE ACCESS TO YOUR PERSONAL INFORMATION STORED BY MYCO
9.1 This Privacy Policy and all matters relating to your use of the Services and the MYCO Site shall be governed by and construed in accordance with the laws of the Province of British Columbia, without regard to conflict of law principles.
10. CHANGES TO THIS PRIVACY POLICY
Effective Date. This Notice is effective on April 26, 2024.
Right to Change Terms of this Notice. MYCO may change the terms of Privacy Policy at any time. If MYCO changes this Policy, MYCO may make the new Policy terms effective for all Protected Health Information that MYCO maintains, including any information created or received prior to issuing the new notice. Copies of any amended notice will be available from the Privacy Office.
For further information on MYCO’s organizational privacy policies, or to view and/or request that corrections be made for your Personal Information on file with MYCO, please use our contact form or contact:
Haiyan Yang
Chief Privacy Officer
Suite 307, 788 Beatty Street
Vancouver, BC, Canada
V6B 2M1
Privacyofficer@molecularyou.com
If you believe that MYCO has not adhered to the terms of this Privacy Policy, please contact the Privacy Officer. We will use commercially reasonable efforts to promptly identify and remedy any failure by MYCO to adhere to the terms of this Privacy Policy.