Privacy Policy

Welcome to the DNA Romance LTDPrivacy Policy (the “Privacy Policy”). This Privacy Policy is incorporated in and forms a part of the DNA Romance LTDUser Agreement (the “Agreement”), between DNA Romance LTD (“DNA Romance LTD”, “us”, “we” or “our”), the owner and operator of https://dnaromance.com (the “Site”) and our mobile applications (the “Apps”), and you (“you” or “your” or “user(s) ”), a user of the Site and/or Apps(together, the “Services”). This Privacy Policy explains how we collect, use, share, and retain information through your use of the Services.

For the purposes of this Privacy Policy, “Personal Information ” is information that can be associated with a specific person and could be used to identify that specific person. We do not consider information that has been anonymised or aggregated to be Personal Information.

(a) General Use. We collect, process, and retain information from you and any devices you use when you register for an account, update or add information, participate in community discussions, engage with us or other users, or otherwise access, use, or download any part of the Services. Such information includes, without limitation:

• DNA and/or genetic information you upload, including raw genotype data and any results derived from it
• identifying information such as your name, address, telephone number, and email address
• geographic or location information, which may be precise or imprecise
• the content of your communications via the Services
• financial information (such as credit-card or payment-account references) in connection with the Services
• information about how you use the Services and your interactions with content
• information you provide via web forms, community discussions, chats, and dispute resolution
• personality-test responses (e.g., MBTI, Big Five) and dating-preference selections
• match interactions, including likes, passes, messages, and reports

(b) Automatic Collection. By using the Services, we may automatically collect information about how you use them: areas you visit, your IP address, device identifier, physical location, browser and operating-system type, screen resolution, language settings, referring URLs, and other technical information. We use this information to provide personalised and location-based content, analyse traffic, troubleshoot, prevent fraud, and improve the Services.

(c) Third-Party Data. We may obtain data from third parties — such as social networks (when you grant permission), DNA-testing facilities, location services, and partners with whom we offer co-branded services. Third-party data is protected according to the practices in this notice plus any restrictions imposed by the source.

(d) Feedback. Any suggestions or comments you submit for improving the Services are deemed non-confidential and non-proprietary, and DNA Romance LTD is not subject to any confidentiality obligations with respect to such feedback.

You consent to our using any of the information we collect (the “Information”), which includes your Personal Information, for the following purposes:

• to deliver our online-dating and DNA-compatibility Services to you
• to improve our Services in order to better serve you
• to provide a personalised experience when using the Services
• to respond to your communications and provide customer service
• to contact you about feature updates and informational or service-related communications
• for internal statistical, research, marketing, or operational purposes (using aggregated or anonymised data where possible)
• to detect, prevent, mitigate, and investigate fraudulent or illegal activities, and to enforce the Agreement

If you submit DNA information, you remain the owner of that information. Any derivative material we produce — such as compatibility scores, carrier-status results, or trait predictions — will be owned by DNA Romance LTD, provided that the derivative material does not include Personal Information and is otherwise anonymous.

Only certain product features (those involving genetic-health information or other Protected Health Information “PHI”) are covered by HIPAA. General dating-product features are covered by the rest of this Privacy Policy, not by HIPAA.

Permitted Uses and Disclosures (45 CFR §164.502)

We may use and disclose your PHI without your written authorization for the following purposes, consistent with 45 CFR §164.502:

• Treatment. To coordinate or manage your healthcare and any related services with healthcare providers, including genetic counselors, telegenomics physicians, laboratories, and pharmacies you use.
• Payment. To bill and collect payment for the services we provide, including verification of insurance coverage where applicable.
• Healthcare Operations. For our business operations such as quality assessment, clinical staff training and review, accreditation, and audits — limited to the minimum necessary.
• Required by Law. When disclosure is required by federal, state, or local law (for example, public health reporting for communicable diseases or court-ordered disclosure).
• Public Health and Safety. To prevent or control disease, injury, or disability; to report births, deaths, or suspected abuse; or to avert a serious threat to health or safety.
• Health Oversight. To agencies that monitor the healthcare system, government programs, and compliance with civil rights laws.

Uses and Disclosures Requiring Your Written Authorization (45 CFR §164.508)

Other uses and disclosures of PHI not described in this notice will be made only with your written authorization, and you may revoke that authorization at any time in writing. Per 45 CFR §164.508, the following uses and disclosures of PHI always require your prior written authorization:

• Marketing. Any communication that encourages you to purchase or use a product or service, where we receive financial remuneration from a third party for making the communication.
• Sale of PHI. Any disclosure of PHI for which we receive direct or indirect remuneration. We do not sell your PHI; should this ever change, your written authorization will be obtained first.
• Psychotherapy Notes. Where applicable, the personal notes of a mental-health professional documenting a counseling session, kept separate from the rest of your medical record.
• Research and Other Disclosures Beyond Treatment, Payment, and Healthcare Operations. Except where a waiver has been granted by an Institutional Review Board (IRB) or Privacy Board.

Your Rights as a Patient

• Right to Access. You may inspect and obtain a copy of your PHI maintained in our designated record set, generally within 30 days of your written request.
• Right to Amend. You may request that we amend PHI you believe is incorrect or incomplete. We may deny your request in certain circumstances, and we will provide a written explanation.
• Right to an Accounting of Disclosures. You may request a list of certain disclosures of your PHI we have made (excluding disclosures for treatment, payment, healthcare operations, and disclosures you authorized).
• Right to Request Restrictions. You may request a restriction on certain uses or disclosures of your PHI. We are not required to agree to your request unless the disclosure is to a health plan for payment or healthcare operations and the PHI relates solely to a service you paid for in full out of pocket.
• Right to Request Confidential Communications. You may request that we contact you only at a specific phone number, mailing address, or email.
• Right to a Paper Copy of This Notice. Even if you have agreed to receive this notice electronically, you may request a paper copy at any time.
• Right to Receive Notification of a Breach. You will be notified in writing of any breach of unsecured PHI affecting you (45 CFR §164.404).

Audit Logging (§164.312(b))

Every access to your PHI is recorded in our audit log along with the actor, the time of access, the purpose, and the brand under whose Business Associate Agreement (BAA) the access was performed. This record is retained for at least six (6) years from the date of creation or, where applicable, the date last in effect, whichever is later (45 CFR §164.530(j)).

Multi-Brand BAA Isolation

We operate several brands. If you use more than one of our brands, each brand operates under a separate Business Associate Agreement and a separate authorization. Your consents and disclosures on one brand do not automatically extend to another brand — for example, an opt-in to predictions on one brand does not authorize the same prediction on another. You will be asked separately for each brand.

How to File a Complaint or Exercise Your Rights

To exercise any of these rights, or to file a complaint, contact our Privacy Officer at [email protected]. You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights at hhs.gov/hipaa/filing-a-complaint. We will not retaliate against you for filing a complaint.

(a) General. We will only share your Personal Information with third parties as described in this Privacy Policy. Any third party that receives Personal Information will be required to follow privacy practices substantially the same as those set forth herein. We disclose only the minimum amount of Personal Information necessary to accomplish the specified purpose.

(b) To Other Users. When interacting with another user, the other user may receive Personal Information necessary for the ordinary use of the Services — such as your chosen username and public profile details. The other user is not allowed to use that information for purposes unrelated to the Services. Contacting users with unwanted or threatening messages is a violation of our Agreement. Notwithstanding the foregoing, we do not disclose raw DNA information with other users, but will only disclose the results of our compatibility or screening assessment derived from such information, and only if we have determined there to be a reasonable likelihood of compatibility based on our proprietary algorithm and assessment. For certainty, we do not publicly display your raw DNA information.

(c) Service Providers. We may provide your Personal Information to third parties that provide services to help us operate the Services (for example: payment processors, fraud-prevention services, hosting providers, analytics providers, customer-support platforms, DNA analysis labs, and genetic counselors). These third parties are authorised to use your Personal Information only as necessary to provide their services to us.

(d) Reorganisation. We may disclose or transfer your Personal Information to an affiliate or third party in connection with a proposed reorganisation, merger, sale, joint venture, assignment, or other disposition of all or any portion of DNA Romance LTD’s business, assets, or equity.

(e) Legal Disclosure. Subject to applicable law in your jurisdiction, DNA Romance LTD may disclose Personal Information when we believe in good faith that disclosure is necessary to comply with legal process, respond to lawful requests from public authorities, enforce the Agreement, protect our operations or rights, or protect the rights, privacy, safety, or property of DNA Romance LTD, our affiliates, you, or others.

(f) International Transfer and Storage. Your Information may cross international borders in order to facilitate the Services. Personal Information may be processed and stored outside British Columbia, Canada, and therefore may be available to government authorities under lawful orders applicable in those jurisdictions.

This Privacy Policy addresses only the use and disclosure of Personal Information that DNA Romance LTDcollects from you. If you disclose your Personal Information to others, or if you engage with any third-party site or service, that third party’s privacy notices and practices will apply. We cannot guarantee the privacy or security of your Personal Information once you provide it to a third party, and we encourage you to evaluate the privacy and security policies of each third party before any such engagement or disclosure.

The Services may contain links to third-party websites or applications that are not owned, maintained, or operated by DNA Romance LTD. Any such links are provided solely as a convenience to you and not as an endorsement by DNA Romance LTD. We are not responsible for the content of such linked third-party websites or applications and do not make any representations, warranties, or guarantees regarding the content or the privacy practices of those third parties. DNA Romance LTD disclaims any liability associated with your access to, use of, download of, or reliance on any third-party website, application, or content. If you decide to access, use, or download any such third-party website, application, or content, you do so at your sole risk.

We protect your Personal Information using technical and administrative security measures designed to reduce the risks of loss, misuse, unauthorised access, disclosure, and alteration. These include encryption in transit (TLS 1.2+) and at rest (AES-256), access-authorisation controls, audit logging, network segmentation, and regular security review. DNA Romance LTD follows generally accepted industry standards. No method of transmission or storage is 100% secure; if you believe your account has been compromised, please contact us immediately.

We use cookies, pixel tags, web beacons, and similar tools to help personalise your experience, remember your session, secure logins, analyse usage, and measure the effectiveness of marketing communications. Some cookies are strictly necessary for the Services to function (for example, authentication and fraud prevention) and cannot be disabled without breaking the product.

If you do not wish to accept non-essential cookies, you can block or disable them in your browser settings, or use the cookie preferences link available in the site footer where applicable. Disabling non-essential cookies will not prevent strictly-necessary cookies from being set.

Unless you expressly opt out, your acceptance of the Agreement is deemed consent to receive service-related communications from us by email, push notification, or other channel for which you have provided contact information. You may opt out of marketing communications at any time by clicking “Unsubscribe” in any such communication or by contacting us. Opting out of marketing communications does not stop service or transactional messages (such as account-security alerts and billing notifications) which we are required or permitted to send.

• Anyone able to commit identity theft can also falsify a dating profile.
• Never include your full name, home address, phone number, place of work, or other identifying information in your dating profile or initial messages.
• Stop communicating with anyone who pressures you for personal or financial information. Use the block feature and report the profile.
• If you choose a face-to-face meeting, always tell someone in your family or a friend where you are going and when you will return. Provide your own transportation. Meet in a public place with many people around.

The Services are not intended for, nor does DNA Romance LTD knowingly collect information from, children under the age of eighteen (18) (or the higher age of consent applicable in your jurisdiction). If we learn that we have collected Personal Information from a child under eighteen, we will take steps to delete the information as soon as possible. If you are aware of a user under the age of eighteen using the Services, please contact us immediately.

DNA Romance LTD takes reasonable steps to help ensure that the Personal Information we collect from you is accurate, complete, and current. Subject to applicable law, you have the following rights with respect to your Personal Information:

• Access. You may request access to the Personal Information we hold about you.
• Correction. You may request that erroneous or incomplete Personal Information be corrected.
• Erasure. You may request that we delete your Personal Information, subject to legal-retention requirements (for example, financial-records statutes).
• Restriction & Objection. You may request that we restrict or stop certain processing of your Personal Information.
• Portability. You may request a machine-readable export of the Personal Information you provided.
• Withdrawal of Consent. Where processing is based on your consent, you may withdraw that consent at any time. This will not affect the lawfulness of processing carried out before withdrawal.

Canadian users may also contact the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca with privacy concerns. Quebec residents have additional rights under Loi 25 (Quebec Law 25), including the right to be informed of automated decision-making.

To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will respond within the timeframes required by applicable law.

DNA Romance LTD retains Personal Information only for as long as necessary to provide the Services and fulfil the transactions you have requested, or for other essential purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements. Retention periods vary by data type. After it is no longer necessary to retain your Personal Information, we dispose of it securely.

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be communicated to you in advance via email or in-product notice where required by applicable law. Continued use of the Services after the effective date of any change constitutes your acceptance of the revised Privacy Policy.

If you have any questions about DNA Romance LTD’s privacy or data-management practices, contact our Data Protection Officer:

• Email: [email protected]
• Mail: 6th Floor, 905 West Pender Street, Vancouver, BC V6C 1L6, Canada