Circle Privacy Policy

These "Privacy Highlights" provide an overview of some core components of our data handling practices. Please be sure to review the Full Privacy Statement.

Information We Collect

We generally collect the following information:

Information we receive when you use our Services. We collect Web-Behavior Information via cookies and other similar tracking technologies when you use and access our Services (our website, mobile apps, products, software and other services). See our Cookie Policy (https://circledna.com/cookies) for more information.

Information you share directly with us. We collect and process your information when you place an order, create an account, register your CircleDNA Collection Kit, complete surveys, post on our platform or use other messaging features, and contact Customer Care. This information can generally be categorized as Registration Information, Self-Reported Information, and/or User Content as defined in our full Privacy Statement.

Information from our DNA testing services. With your consent, we extract your DNA from your DNA sample and analyze it to produce your Genetic Information (the As, Ts, Cs, and Gs at particular locations in your genome) in order to provide you with Circle reports.

Information from third parties who lawfully provide it to us.

This Privacy Policy is made into Chinese and English. In case of any discrepancies between the English and Chinese versions, the English version shall prevail.

How We Use Information

We generally process Personal Information for the following reasons:

To provide our Services. We process Personal Information in order to provide our Service, which includes processing payments, shipping kits to customers, creating customer accounts and authenticating logins, analyzing DNA samples and DNA, and delivering results and powering tools that benefit our customers.

To analyze and improve our Services. We constantly work to improve and provide new reports, tools, and Services. We may also need to fix bugs or issues, analyze use of our website to improve the customer experience or assess our marketing campaigns.

For Circle Research, with your consent. If you choose to consent to participate in Circle Research, Circle researchers can include your anonymised Genetic Information and Self-Reported Information in a large pool of customer data for analyses aimed at making scientific discoveries.

Control: Your Choices

Circle gives you the ability to share information in a variety of ways. You choose:

To store or discard your DNA sample after it has been analyzed. In the event that you choose to store your DNA sample, it would be stored securely in our medical laboratory that is certified to ISO:15189 and has internal quality and access control procedures as required by international standards.

When and with whom you share your information, including friends, family members, health care professionals, or other individuals outside our Services, including through third party services that accept Circle data and social networks.

To give or decline consent for Circle Research. You can give consent for the use of your data for scientific and/or medical research and development.

To delete your Circle account and data, at any time.

You have the right to make a complaint about how your data in handled.

Disclosure of Your Information

Your Personal Information may be shared in the following ways:

With our service providers as necessary for them to provide their services to us.

With research collaborators, only if you have given your consent.

We will not sell, lease, or rent your individual-level protected health information to any third party or to a third party for research purposes without your consent.

We do not share customer data with any public databases.

We will not provide any Personal Information to an insurance company or employer.

We will not provide information to law enforcement or regulatory authorities unless required by law to comply with a valid court order, subpoena, or search warrant for genetic or Personal Information.

How We Secure Information

Circle implements measures and systems to ensure confidentiality, integrity, and availability of Circle data.

Anonymisation, encryption, and data segmentation. Registration Information is stripped from Sensitive Information, including genetic and phenotypic data. This data is then assigned a random ID so the person who provided the data cannot reasonably be identified. Circle uses industry standard security measures to encrypt sensitive personal data both when it is stored (data-at-rest) and when it is being transmitted (data-in-flight). Additionally, data are segmented across logical database systems to further prevent re-identifiability.

Limiting access to essential personnel. We limit access of information to authorized personnel, based on job function and role. Circle access controls include a strict least-privileged authorization policy.

Detecting threats and managing vulnerabilities. Circle uses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our build pipeline and regularly engage third party security experts to conduct penetration tests.

We treat your information with the importance it deserves. We are committed to protecting your information, handling it responsibly and securing it with administrative, technical and physical measures and safeguards. All genetic test results and any Personal Information are maintained under a strict policy of confidentiality.

Our Privacy Statement is designed to help you better understand how we collect, use, store, process, and transfer your information when using our Services. Our Privacy Statement is applicable to all new and existing Users of our Services, and applies to all websites owned and operated by Prenetics Limited and its subsidiaries and/or affiliates (collectively referred "Prenetics", “we”, “us” and “our”), including www.circledna.com, and any other websites, pages, features, or content we own or operate, and to your use of the Circle mobile app and any related Services.

Please carefully review this Privacy Statement and our Terms of Service. By using our Services, you acknowledge all of the policies and procedures described in the foregoing documents. If you do not agree with or you are not comfortable with any aspect of this Privacy Statement or our Terms of Service, you should immediately discontinue use of our Services.

1. Key Definitions

Aggregate Information: information that has been combined with that of other users and analyzed or evaluated as a whole, such that no specific individual may be reasonably identified.

Anonymised Information: means any Information that we have anonymised in a manner to result in the Information no longer being able to identify you, whether directly or indirectly, and is therefore no longer Personal Information.

Individual-level Information: information about a single individual's genotypes, diseases or other traits/characteristics, but which is not necessarily tied to Registration Information.

Personal Information: information that can be used to identify you, either alone or in combination with other information. Circle collects and stores the following types of Personal Information:

1. Registration Information: information you provide about yourself when registering for and/or purchasing our Services (e.g. name, email, phone number, address, user ID and password, and payment information).
2. Genetic Information: information regarding your genotypes (i.e. the As, Ts, Cs, and Gs at particular locations in your genome), generated through processing of your DNA sample by Circle or by its contractors, successors, or assignees; or otherwise processed by and/or contributed to Circle.
3. Self-Reported Information: information you provide directly to us, including your disease conditions, other health-related information, personal traits, ethnicity, family history, and other information that you enter into surveys, forms, or features while signed in to your Circle account.
4. Sensitive Information: information about your health, Genetic Information, and certain Self-Reported Information such as racial and ethnic origin, sexual orientation, and political affiliation.
5. User Content: all information, data, text, software, music, audio, photographs, graphics, video, messages, or other materials - other than Genetic Information and Self-Reported Information-generated by users of Circle Services and transmitted, whether publicly or privately, to or through Circle.
6. Web-Behavior Information: information on how you use Circle Services collected through log files, cookies, web beacons, and similar technologies, (e.g., browser type, domains, page views).
7. Pseudonymised Information: means replacing the identifying markers of your Information with artificial identifiers to reduce the association between the data subject and the Information during processing.

2. Information we collect

a. Information you provide directly to us:

1. Registration Information. When you purchase our Services or create a Circle account and register your kit, we collect Personal Information, such as your name, date of birth, billing and shipping address, payment information (e.g., credit card) and contact information (e.g. email, phone number and license number).
2. Self-Reported Information. You have the option to provide us with additional information about yourself through surveys, forms, features and applications. For example, you may provide us with information about your personal traits (e.g., eye color, height), ethnicity, disease conditions (e.g. Type 2 Diabetes), and other health-related information (e.g. pulse rate, cholesterol levels, visual acuity), and, where applicable, family history information (e.g. information similar to the foregoing about your family members). Before you disclose information about a family member, you should make sure you have permission from the family member to do so.
3. User Content. Some of our Services allow you to create and post or upload content, such as data, text, software, music, audio, photographs, graphics, video, messages, or other materials that you create or provide to us through either a public or private transmission ("User Content"). For example, User Content includes any discussions, posts, or messages you send on Circle’s platforms.
4. Blogs and platforms. Circle customers may participate in our online platforms. You should be aware that any information you provide or post in these areas may be read, collected, and used by others who access them. To request that we remove or anonymise your Personal Information from our blog or platform, contact us at [email protected] Please note that whenever you post something publicly, it may sometimes be impossible to remove all instances of the posted information, for example, if someone has taken a screenshot of your posting. Please exercise caution before choosing to share Personal Information publicly on our blogs, platforms or in any other posting. You may be required to register with a third party application to post a comment. To learn how the third party application uses your information, please review the third party's privacy statement.
5. Social media features and widgets. Our Services include Social Media Features. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. They may also allow third-party social media services to provide us information about you, including your name, email address, and other contact information. The information we receive is dependent upon your privacy settings with the social network. Features are either hosted by a third-party or hosted directly on our site. Your interactions with these Features are governed by the privacy statements of the third party companies providing them. You should always review and, if necessary, adjust your privacy settings on third party websites and services before linking or connecting them to our website or Services.
6. Third party services (e.g., social media). If you use a third party site, such as Facebook or Twitter, in connection with our Services to communicate with another person (e.g., to make or post referrals or to request that we communicate with another person), then in addition to that person's name and contact information, we may also collect other information (e.g., your profile picture, network, gender, username, user ID, age range, language, country, friends lists or followers) depending on your privacy settings on the third party site. We do not control the third party site's information practices, so please review the third party’s privacy statement and your settings on the third party’s site carefully.
7. Referral information and sharing. When you refer a person to Circle, we will ask for that person's email address. We will use their email address solely, as applicable, to make a referral to them, and we will let your contact know that you requested the communication. By participating in a referral program or by choosing to share information with another person, you confirm that the person has given you consent for us to communicate (e.g., via email) with him or her. The person you referred may contact us at [email protected] to request that we remove this information from our database.
8. Gifts. If you provide us with Personal Information about others, or if others give us your information, for the purpose of ordering the Service as a gift, we will only use that information for the specific reason for which it was provided to us. Once a gift recipient registers for his or her Services and agrees to our Privacy Statement, our Terms of Service, and if applicable, provides certain consent , his or her Personal Information will be used in manners consistent with this Privacy Statement, and will not be shared with the purchaser, unless they independently choose to share their own Personal Information through the Services with the purchaser.
9. Customer service. When you contact Customer Care or correspond with us about our Service, we collect information to: track and respond to your inquiry; investigate any breach of our Terms of Service, Privacy Statement or applicable laws or regulations; and analyze and improve our Services.

b. Information related to our genetic testing services

1. DNA samples. To use our genetic testing services, you must purchase, or receive as a gift, a CircleDNA Sample Collection kit, create an online account and register your kit, and ship your DNA sample to our laboratory. Our laboratory will extract your DNA from your DNA sample for analysis. Your DNA sample and DNA are destroyed after our laboratory completes its work, subject to legal and regulatory requirements.
2. Genetic Information. Information regarding your genotype (e.g. the As, Ts, Cs, and Gs at particular locations in your genome), your Genetic Information, is generated when we analyze and process your DNA sample, or when you otherwise contribute or access your Genetic Information through our Services. Genetic Information includes the Circle results reported to you as part of our Services, and may be used for other purposes, as outlined in Section 3 below.

c. Web-Behavior Information collected through tracking technology (e.g. from cookies and similar technologies)

We and our third party service providers use cookies and similar technologies (such as web beacons, tags, scripts and device identifiers) to:

1. Help us recognize you when you use our Services;
2. Customize and improve your experience;
3. Provide security;
4. Analyze usage of our Services (such as to analyze your interactions with the results, reports, and other features of the Service);
5. Gather demographic information about our user base;
6. Offer our Services to you;
7. Monitor the success of marketing programs; and
8. Serve targeted advertising on our site and on other sites around the Internet.

If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited. We may receive reports based on the use of these technologies from third party service providers as anonymised, Individual-level Information or as Aggregate Information (as described in section 4.c). We and our third party service providers do not use your Sensitive Information, such as Genetic Information and Self-Reported Information, for targeted advertising.

Google Analytics. Google Analytics is used to perform many of the tasks listed above. We use the User-ID feature of Google Analytics to combine behavioral information across devices and sessions (including authenticated and unauthenticated sessions). We have enabled the following Google Analytics Advertising features: Remarketing, Google Display Network Impression Reporting, Google Analytics Demographics and Interest Reporting, and DoubleClick Campaign Manager integration. We do not merge information collected through any Google advertising product with individual-level information collected elsewhere by our Service. Learn more about how Google collects and uses data here. To opt out of Google Analytics Advertising Features please use Google Ad Settings.

d. Other Types of Information

We continuously work to enhance our Services with new products, applications and features that may result in the collection of new and different types of information. We will update our Privacy Statement and/or obtain your prior consent to new processing, as needed.

3. How we use your information

Circle will use and share your Personal Information with third parties only in the ways that are described in this Privacy Statement.

a. To provide you with Services and analyze and improve our Services

1. Open your account, enable purchases and process payments, communicate with you, and implement your requests (e.g., referrals);
2. Enable and enhance your use of our website and mobile application(s), including authenticating your visits, providing personalized content and information, and tracking your usage of our Services;
3. Contact you about your account, and any relevant information about our Services (e.g. policy changes, security updates or issues, etc.);
4. Enforce our Terms of Service and other agreements;
5. Monitor, detect, investigate and prevent prohibited or illegal behaviors on our Services, to combat spam and other security risks; and
6. Perform research & development activities, which may include, for example, conducting data analysis and research in order to develop new or improve existing products and services, and performing quality control activities.

b. To process, analyze and deliver your genetic testing results

As described above, to receive results through the Personal Genetic Service, you must create a Circle account, register your kit, and submit your DNA sample to our laboratory. Your sample to provide us would be analyzed to generate your raw Genetic Information. Once we have your raw Genetic Information, we further analyze it to provide you with our reports, dependent on the Service purchased. Circle continuously works to improve our Services based on our research and product development, and genetic associations identified in scientific literature. If you are eligible to receive additional reports or updates in the future, you may be notified of or may directly access these updates.

We process your Personal Information in this way is to provide our Services to you in accordance with our Terms of Service.

c. To allow you to share your Personal Information with others

Circle gives you the ability to share information, including Personal Information, through the Services. You have the option to share directly with individuals with Circle accounts through (i) our platform, (ii) other sharing features and tools. You may also have the ability to share information directly with individuals who have not participated in our Services through social media platform (such information is "User Content"). Some sharing features, including receiving sharing invitations, may require that you opt-out, however you will always be required to take a positive action, such as opting in, to share sensitive data.

Our legal basis for processing your Personal Information for the purpose described above is based on your consent. You may withdraw your consent at any time, however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.

d. To allow you to share your Personal Information for Circle Research purposes

You have the choice to participate in Circle Research by providing your consent. "Circle Research" refers to research and development projects, including but not limited to those aimed at publication in peer-reviewed journals conducted by Circle.

Circle Research may be sponsored by, conducted on behalf of, or in collaboration with third parties, such as non-profit foundations, academic institutions or for healthcare companies. Circle Research may study a specific group or population, identify potential areas or targets for therapeutics development, conduct or support the development of drugs, diagnostics or devices to diagnose, predict or treat medical or other health conditions, work with public, private and/or non-profit entities on genetic research initiatives, or otherwise create, commercialize, and apply this new knowledge to improve health care. Circle Research uses Aggregate and/or Individual-level Genetic Information and Self-Reported Information as specified in the appropriate Consent form, as explained in greater detail below.

Your anonymised Genetic and Self-Reported Information may be used for Circle Research only if you have consented to this use by providing consent. If you have provided consent:

1. Your Genetic Information and/or Self-Reported Information will be used for research and development purposes, but it will be anonymised and will not be linked to your Registration Information.
2. Circle may use individual-level Genetic Information and Self-Reported Information at Circle for research and development purposes.
3. Circle may share summary statistics, which do not identify any particular individual or contain individual-level information, with our qualified research collaborators.

If you have completed the Informed Consent, or additional consent agreement, in addition to the uses above under the Consent form, Circle may share anonymised Individual-level Genetic Information and Self-Reported Information with select third party research collaborators for Circle partners for Research purposes.

Withdrawing your Consent. You may withdraw your consent to participate in Circle Research at any time by changing your consent status within your Account Settings. If you experience difficulties changing your consent status, contact [email protected] Circle will not include your Genetic Information or Self-Reported Information in studies that start more than 30 days after you withdraw (it may take up to 30 days to withdraw your information after you withdraw your consent). Any research involving your data that has already been performed or published prior to your withdrawal from Circle Research will not be reversed, undone, or withdrawn. You may also discontinue your participation in Circle Research by deleting your Circle account (as described in section 5.d).

What happens if you do NOT consent to Circle Research?

If you choose not to provide consent to us or complete any additional agreement with Circle, your Personal Information will not be used for Circle Research. However, your Genetic Information and Self-Reported Information may still be used by us and shared with our third party service providers in order for us to provide our Services to you as outlined in this Privacy Statement.

Our legal basis for processing your Sensitive Information for the purpose described above is based on your consent. You may withdraw your consent at any time, however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.

e. To recruit you for external research

Research is an important aspect of Circle’s Services and we want to ensure interested participants are aware of additional opportunities to contribute to interesting, novel scientific research conducted by academic institutions, healthcare organizations, pharmaceutical companies, and other groups. If you have chosen to participate in Circle Research, from time to time we may inform you of third party research opportunities for which you may be eligible. For example, if a university tells us about a new cancer research project, we may send an email to Circle research participants who potentially fit the relevant eligibility criteria based on their Self-Reported Information to make them aware of the research project and provide a link to participate with the research organization conducting the study. However we will not share Individual-level Genetic Information or Self-Reported Information with any third party without your consent. If you do not wish to receive these notifications, you can manage them by editing your preferences in your Account Settings.

f. To provide customer support

When you contact Customer Care, we may use or request Personal Information, including Sensitive Information, as necessary to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints. In some instances, we may be required to process one customer’s Personal Information to resolve another customer’s dispute or request. For example, if a customer reports behavior that violates our Terms of Service, we will separately process both customers’ Personal Information and respond separately to each individual as appropriate. We will not share your Personal Information with another customer without your consent.

g. To conduct surveys or polls, and obtain testimonials

We value your feedback and may send you surveys, polls, or requests for testimonials to improve and optimize our Services. You are in control of the information you would like to share with us. If you do not wish to receive these requests, you can manage them in your Account Settings. Our legal basis for processing your Personal Information for the purpose described above is based on our legitimate interest. We think it is important to continue improving our Services to ensure your continued enjoyment.

h. To provide you with marketing communications

By creating a Circle account, you are agreeing that we may send you product and promotional emails or notifications about our Services, and offers on new products, services, promotions or contests. You can unsubscribe from receiving these marketing communications at any time. To unsubscribe, click the email footer “unsubscribe” link or go to the “Preferences” section of your Account Settings to edit your email notification preferences. You may not opt-out of receiving non-promotional messages regarding your account, such as technical notices, purchase confirmations, or Service-related emails.

4. Information we share with third parties

a. General service providers.

1. Order fulfillment and shipping. When you purchase a Circle kit from the www.circleDNAdna.com online store, our payment processor processes certain Registration Information, such as your billing address and credit card information, as necessary to enable you to purchase a Circle kit online. Our logistic services providers ship your kit(s) to you, and help return your kit safely to our laboratory so your sample can be processed. If you purchase a Circle kit from retail outlets, our logistic services providers help return your kit to our laboratory.
2. Customer Care support. Our Customer Care team uses a number of tools to help organize and manage the requests we receive. These tools help to ensure we provide timely, high quality support.
3. Cloud storage, IT, and Security. Our cloud storage and other services providers provide secure storage for information in Circle databases, ensure that our infrastructure can support continued use of our Services by Circle customers, and protect data in the event of a natural disaster or other disruption to the Service. Our IT and security providers assist with intrusion detection and prevention measures to stop any potential attacks against our networks. We have these third party experts perform regular penetration tests and periodically audit Circle’s security controls.
4. Marketing and analytics. When you use our Services, including our website or mobile app(s), we and our third party service providers may collect Web-Behavior Information about your visit, such as the links you clicked on, the duration of your visit, and the URLs you visited. This information can help us improve site navigability and assess our Marketing campaigns. Per applicable data protection regulations, our websites present visitors with a cookie opt out to allow the processing described above via Functionality and Advertising Cookies.

NOTE: Our service providers act on our behalf. We implement procedures and maintain contractual terms with each service provider to protect the confidentiality and security of your information. However, we cannot guarantee the confidentiality and security of your information due to the inherent risks associated with storing and transmitting data electronically.

b. "Targeted advertising" service providers

We permit third party advertising networks and providers to collect Web-Behavior Information regarding the use of our Services to help us to deliver targeted online advertisements ("ads") to you. They use cookies and similar technologies, to gather information about your browser's or device's visits and usage patterns on our Services and on other websites over time, which helps to better personalize ads to match your interests, and to measure the effectiveness of ad campaigns.

c. Aggregate information

We may share Aggregate Information, which is information that has been stripped of your name and contact information and combined with information of others so that you cannot reasonably be identified as an individual, with third parties. This Information is different from "Individual-level" information and is not Personal Information because it does not identify any particular individual or disclose any particular individual’s data. For example, Aggregate Information may include a statement that "30% of our female users share a particular genetic trait," without providing any data or testing results specific to any individual user. In contrast, Individual-level Genetic Information or Self-Reported Information consists of data about a single individual's genotypes, diseases or other traits/characteristics information and could reveal whether a specific user has a particular genetic trait, or consist of all of the Genetic Information about that user. Circle will ask for your consent to share Individual-level Genetic Information or Self-Reported Information with any third party, other than our service providers as necessary for us to provide the Services to you.

d. Information we share with commonly owned entities

We may share some or all of your Personal Information with other companies under common ownership or control of us, which may include our subsidiaries, our corporate parent, or any other subsidiaries owned by our corporate parent in order to provide you better service and improve user experience. Generally, sharing such information is necessary for us to perform on our contract with you. We may provide additional notice and ask for your prior consent if we wish to share your Personal Information with our commonly owned entities in a materially different way than discussed in this Privacy Statement.

e. As required by law

Under certain circumstances your Personal Information may be subject to processing pursuant to laws, regulations, judicial or other government subpoenas, warrants, or orders. For example, we may be required to disclose Personal Information in coordination with regulatory authorities in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Circle will preserve and disclose any and all information to law enforcement agencies or others if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (a) comply with legal or regulatory process (such as a judicial proceeding, court order, or government inquiry) or obligations that Circle may owe pursuant to ethical and other professional rules, laws, and regulations; (b) enforce our Terms of Service and other policies; (c) respond to claims that any content violates the rights of third parties; or (d) protect the rights, property, or personal safety of us, its employees, its users, its clients, and the public. View our Transparency Report for more information.

f. Business transactions

In the event that we go through a business transition such as a restructuring, merger, acquisition by another company, or sale of all or a portion of its assets your Personal Information will likely be among the assets transferred. In such a case, your information would remain subject to the promises made in any pre-existing Privacy Statement.

5. Your choices

a. Access to your account

We provide access to your Circle data within your Circle account. You can access and download certain data processed by Circle within your Account Settings and within applicable Reports, Tools, and features. If you lose access to your Circle account or account email address, please contact Customer Care for assistance. If you lose access to your Circle account, in certain circumstances, we may require that you submit additional information sufficient to verify your identity before providing access or otherwise releasing information to you. If you choose not to submit the required documentation, or the information provided is not sufficient for the purposes sought, Circle will not be able to sufficiently verify your identity in order to complete your request.

You may access, correct or update most of your Registration Information on your own within your Account Settings. You may also review and update your consent to Circle Research. To exercise one or more of the rights described in this Privacy Policy, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Information, please contact [email protected]

b. Marketing communications

As noted in Section 3.h. you may be asked to opt out to receive product and promotional emails or notifications when creating your Circle account. Otherwise, you may view or update your email notification preferences by contacting our Privacy Administrator at [email protected] You can also click the "unsubscribe" button at the bottom of promotional email communications.

c. Sharing outside of the Circle Services

You may decide to share your Personal Information with friends and/or family members, doctors or other health care professionals, and/or other individuals outside of our Services, including through third party services such as social networks and third party apps that connect to our website and mobile apps through our application programming interface ("API"). These third parties may use your Personal Information differently than we do under this Privacy Statement. Please make such choices carefully and review the privacy statements of all other third parties involved in the transaction. We do not endorse or sponsor any API applications, and does not affirm the accuracy or validity of any interpretations made by third party API applications.

In general, it can be difficult to contain or retrieve Personal Information once it has been shared or disclosed. Circle will have no responsibility or liability for any consequences that may result because you have released or shared Personal Information with others.

d. Account deletion

1. Information previously included in Circle Research. As stated in Informed Consent, Genetic Information and/or Self-Reported Information that you have previously provided and for which you have given consent to use in Circle Research cannot be removed from completed studies that use that information. Your data will not be included in studies that start more than 30 days after your account is closed (it may take up to 30 days to withdraw your information after your account is closed).
2. Legal Retention Requirements. Circle and our laboratory will retain your Genetic Information, date of birth, and sex as required for compliance with applicable legal obligations. Circle will also retain limited information related to your account and data deletion request, including but not limited to, your email address, account deletion request identifier, and record of legal agreements for a period of time as required by contractual obligations, and/or as necessary for the establishment, exercise or defense of legal claims and for audit and compliance purposes.

6. Security measures

Circle implements physical, technical, and administrative measures to prevent unauthorized access to or disclosure of your information, to maintain data accuracy, to ensure the appropriate use of information, and otherwise safeguard your Personal Information.

Circle produces secure applications by design. Circle incorporates explicit security reviews in the software development lifecycle, quality assurance testing and operational deployment.

Anonymisation. Registration Information is stripped from Sensitive Information, including Genetic and Self-Reported Information. This data is then assigned a randomly generated ID so an individual cannot reasonably be identified.

Encryption. Circle uses industry standard security measures to encrypt Sensitive Information both at rest and in transit.

Separation of Environments. Circle ensures processing, production, and research environments are separated and access is restricted. Data, including Registration Information, Genetic Information, and Self-Reported Information are segmented across logical database systems to further prevent re-identifiability.

Limiting access to essential personnel. We limit access to Personal Information to authorized personnel, based on job function and role. Circle access controls include strict least-privileged authorization policy.

Detecting threats and managing vulnerabilities. Circle uses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our processes and regularly engage third party security experts to conduct penetration tests.

Incident Management. Circle maintains a formal incident management program designed to ensure the secure, continuous delivery of its Services. Circle has implemented an incident management program using industry best practices.

Managing third party service providers. Circle requires service providers to implement and maintain accepted industry standard administrative, physical and technical safeguards to protect Personal Information.

Your Responsibility. Please recognize that protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party and should immediately notify Circle of any unauthorized use of your password. Circle cannot secure Personal Information that you release on your own or that you request us to release.

7. Children's privacy

Circle is committed to protecting the privacy of children as well as adults. Neither Circle nor any of its Services are designed for, or directed toward children under the age of 18. A parent or guardian, however, may collect a DNA sample from, create an account for, and provide information related to, his or her child who is under the age of 18. The parent or guardian assumes full responsibility for ensuring that the information that he/she provides to Circle about his or her child is kept secure and that the information submitted is accurate.

Non-Asian Region Customers

Circle is not available to users under the age of 18 (eighteen) years old and therefore information is not knowingly collected for such Data Subjects as detailed in the ‘PREREQUISITES’ section of the TOS.

8. Linked websites

Circle provides links to third party websites operated by organizations not affiliated with Circle. We do not disclose your information to organizations operating such linked third party websites. We do not review or endorse, and is not responsible for the privacy practices of these organizations. We encourage you to read the privacy statements of each and every website that you visit. This Privacy Statement applies solely to information collected by us and our service providers on our behalf.

9. Changes to this Privacy Statement

Whenever this Privacy Statement is changed in a material way, a notice will be posted as part of this Privacy Statement and on our website for 30 days. After 30 days the changes will become effective. In addition, all customers will receive an email with notification of the changes prior to the change becoming effective. Circle may provide additional "just-in-time" disclosures or additional information about the data collection, use and sharing practices of specific Services. Such notices may supplement or clarify our privacy practices or may provide you with additional choices about how we process your Personal Information.

10. Contact Information

If you have questions about this Privacy Statement, or wish to submit a complaint, please email Circle Privacy Administrator at [email protected], or send a letter to:

CircleDNA c/o Prenetics Limited 7/F, Prosperity Millennia Plaza, 663 King’s Road, Quarry Bay Hong Kong Attn: Chief Privacy Officer +852 2210 9588