Privacy Policy for Nurture Genetics LLC
Effective Date: September 18, 2025
Nurture Genetics LLC ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our genetic counseling services. This policy complies with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Introduction
This Privacy Policy applies to all individuals who interact with Nurture Genetics LLC, including those who:
- Visit our website (if applicable).
- Contact us via phone, email, or other means.
- Receive genetic counseling services from us.
By using our services, you consent to the practices described in this Privacy Policy.
2. Information We Collect
We collect the following categories of personal information:
- Contact Information: This includes your name, email address, phone number, and street address.
- Genetic Information: Information obtained through genetic testing, family history, and other related data provided by you.
- Demographic Information: Information such as age, gender, and ethnicity, if you choose to provide it.
- Communication Data: Records of your communications with us, including emails, phone calls, and other correspondence.
- Payment Information: While we do not directly process payments, any payment information shared through secure channels with our payment processors is subject to their privacy policies, not ours.
3. Purposes of Data Collection and Use
We collect and use your personal information for the following purposes:
- Providing Genetic Counseling Services: To assess your genetic risks, provide personalized counseling, and offer recommendations based on your genetic information.
- Communication: To communicate with you regarding appointments, test results, and other relevant information related to your genetic counseling services.
- Improving Our Services: To analyze data and identify areas for improvement in our services and processes.
- Compliance with Legal Obligations: To comply with applicable laws, regulations, and legal processes.
- Internal Record Keeping: For internal administrative and record-keeping purposes.
4. Legal Basis for Processing (GDPR)
For individuals located in the European Economic Area (EEA), the legal basis for processing your personal information is as follows:
- Consent: We will obtain your explicit consent to process your genetic information and other sensitive personal data for the purpose of providing genetic counseling services. You have the right to withdraw your consent at any time.
- Contractual Necessity: Processing your contact information is necessary for the performance of a contract with you (i.e., providing genetic counseling services).
- Legal Obligation: We may process your personal information to comply with legal obligations.
- Legitimate Interests: We may process your personal information for our legitimate interests, such as improving our services, provided that such interests do not override your rights and freedoms.
5. Data Retention
We will retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:
- Genetic Information: We will retain your genetic information for [Specify Number] years from the date of your last interaction with us, or as required by applicable regulations.
- Contact Information: We will retain your contact information for [Specify Number] years from the date of your last interaction with us, or as required by applicable regulations.
- Communication Data: We will retain records of your communications with us for [Specify Number] years from the date of the communication, or as required by applicable regulations.
After the retention period expires, we will securely delete or anonymize your personal information.
6. Data Security
We have implemented appropriate technical and organizational measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:
- Encryption: We use encryption to protect sensitive data during transmission and storage.
- Access Controls: We restrict access to your personal information to authorized personnel only.
- Regular Security Assessments: We conduct regular security assessments to identify and address potential vulnerabilities.
- Data Minimization: We only collect and retain the minimum amount of personal information necessary for the specified purposes.
- Secure Storage: We store your personal information in secure facilities with appropriate physical and logical security measures.
7. Data Sharing and Disclosure
We do not share or disclose your personal information to third parties, except in the following limited circumstances:
- Legal Requirements: We may disclose your personal information if required to do so by law or legal process.
- Protection of Rights: We may disclose your personal information to protect our rights, property, or safety, or the rights, property, or safety of others.
- With Your Consent: We may disclose your personal information to third parties with your explicit consent.
We do not sell your personal information.
8. Your Rights (GDPR)
If you are located in the EEA, you have the following rights regarding your personal information:
- Right to Access: You have the right to request access to your personal information and to receive a copy of it.
- Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information about you.
- Right to Erasure ("Right to be Forgotten"): You have the right to request that we erase your personal information under certain circumstances.
- Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal information under certain circumstances.
- Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller.
- Right to Object: You have the right to object to the processing of your personal information under certain circumstances.
- Right to Withdraw Consent: If we are processing your personal information based on your consent, you have the right to withdraw your consent at any time.
- Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe that we have violated your rights under the GDPR.
To exercise any of these rights, please contact us using the contact information provided below.
9. Your Rights (CCPA)
If you are a California resident, you have the following rights regarding your personal information:
- Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of the information, the purposes for collecting it, and the categories of third parties with whom we share it.
- Right to Delete: You have the right to request that we delete your personal information, subject to certain exceptions.
- Right to Opt-Out of Sale: You have the right to opt-out of the sale of your personal information. We do not sell your personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within 45 days.
10. Children's Privacy
Our services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete the information.
11. International Data Transfers
Since we do not use third-party services, international data transfers are not applicable. All data is stored and processed within the United States.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post any changes on our website and update the "Effective Date" at the top of this policy. We encourage you to review this Privacy Policy periodically for any updates. Your continued use of our services after the posting of changes constitutes your acceptance of the updated Privacy Policy.
13. Contact Information
If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:
Nurture Genetics LLC
Salado, TX
privacy@nurture-genetics.org
(254) 561-9255
14. Verification Process for CCPA Requests
To process your CCPA requests (Right to Know and Right to Delete), we will need to verify your identity. This may involve requesting additional information from you, such as:
- Full Name
- Address
- Date of Birth
- Email Address
- Phone Number
We will compare this information to the information we have in our records to verify your identity. If we are unable to verify your identity, we may deny your request.
15. Authorized Agent
You may designate an authorized agent to make requests on your behalf. To do so, you must provide the authorized agent with written permission to act on your behalf, and we may require you to verify your own identity directly with us.
16. Shine the Light Law (California Residents)
California residents have the right to request information regarding the disclosure of their personal information to third parties for direct marketing purposes. We do not disclose your personal information to third parties for direct marketing purposes.
17. Do Not Track Signals
We do not currently respond to "Do Not Track" signals from web browsers.
This Privacy Policy is intended to provide you with a clear and comprehensive understanding of our privacy practices. If you have any questions or concerns, please do not hesitate to contact us.
