Silverberry Approach to DNA Data Privacy
DNA test and genetic assessment can inform our lifestyle and enable us to optimize our daily wellness decisions. At the same time, there are valid concerns about what else can be done with our DNA data and how our data is managed. In this page, we outline Silverberry approach to DNA Data Privacy.
Silverberry Genomix is built around a strict approach to privacy, and it is done by-design, not an afterthought. Our Founder and CEO has been one of the pioneers in the privacy field and introduced Personal Data Protection Initiative back in 2011, to create awareness about privacy risks driven by use of smartphones and mobile apps, and educate consumers on how to manage their risk.
In our view, there is one principle when it comes to privacy: you own and control your data. Period.
To implement that principle, these are the important items that should be considered:
What personal Information is collected?
The only information we collect from you is what you provide us when you sign up, order a product, or put the information on Release Form when mailing your saliva sample. We don’t harvest, aggregate or attempt to collect any other personal data that you have not shared with us. In other words, we don't collect any data without your knowledge and consent.
How my DNA file is stored, secured, used or deleted?
We use the best-in-class secure software and servers to store your data that comply with security and privacy rules. The security measures are applied to your data when it is stored or in transition. Once you delete your account with us, we delete your Silverberry account and DNA file. Your name and the products you purchased remain in our ecommerce module (which is a separate sub-system) and it enables us to unlock your reports in future in case you change your mind, so you won’t pay again to get your reports.
Who has access to my data?
- Access to your data is explicitly restricted to the internal admins that provide support to ensure your reports are processed properly. Also if you contact our support to resolve an issue, your data might be reviewed, we restrict such access on a need-basis; for instance if you are inquiring about a payment transaction, only such information will be reviewed.
- If you provide consent separately to participate in genomics studies, administrations of those studies can get access to your data.
- If you take the DNA test with us, our partner lab produces your file and naturally they will have access to your DNA file and personal information you have shared. We also share your data with our Ancestry Reports partner that generates your ancestry reports.
- We use external ecommerce website (shopify) and support systems (i.e. Zendesk), Email systems to send you emails and communicate with you on account updates, newsletter, etc. While those services have access to your information and can store it, such as first name, last name, email, physical address and what reports you have ordered, no DNA Data or wellness reports are shared with any of those third party services.
- We may also share your anonymized DNA file with third party services (called sub-processes) to generate/validate your wellness reports; in such cases, a unique anonymized ID is created for your file and no personal information is shared.
- In certain circumstances, we may be required by law to comply with a valid court order, valid trial, grand jury, subpoena, or search warrant for genetic or personal information. We require valid legal process in order to consider producing information about our users only in response to a valid administrative subpoena, trial, or grand jury. Unless we are legally barred from doing so, our policy for any request is to notify users of the request and supply a copy of the request prior to disclosure.
What is company's direction and policy for the future and how it will impact access to my data?
Our business strategy is to build value-added services to enable you better manage your health and wellness. We are not selling or sharing data for business growth or revenue purposes.
Silverberry is one of the few companies that has formed an Internal Institutional Review Board (or IRB). The task of IRBs (usually established by government agencies and universities) to oversee ethical and social implications of research.
If any opportunity or project comes up which requires data sharing for research, we obtain approval from IRB committee which enforces rules of informing our users and obtaining their consent for any use of their data, in addition to other measures. Learn more about our IRB and the code of conduct we follow at About page.
Feel free to send your questions regarding this important matter to firstname.lastname@example.org