Privacy

Privacy Policy & Cookie Policy

DNA Diagnostics Center Privacy Policy

Updated December 8, 2025

At DDC, we respect and protect the privacy of our customers and those who use our websites, products and services. DNA Diagnostics Center, Inc., (“DDC” or “we” or “us”) is committed to protecting your privacy. We prepared this privacy policy (the “Privacy Policy”) to describe our practices regarding the information we collect from users of our websites that link to this policy, and use of our related services, including without limitation our testing services and web applications.

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND OUR VIEWS AND PRACTICES REGARDING YOUR INFORMATION AND HOW WE WILL TREAT IT. BY SUBMITTING INFORMATION THROUGH OUR WEBSITE OR USING OUR SERVICES, YOU ARE EXPRESSLY ACCEPTING AND CONSENTING TO THE PROCESSING DESCRIBED IN THIS PRIVACY POLICY.

Data Controller
DNA Diagnostics Center, Inc. is the data controller for personal data collected through our websites and services.

EU Representative (GDPR Article 27)
We have appointed EU Rep as our Representative under Article 27 of the EU General Data Protection Regulation (“GDPR”). All GDPR queries from EU Data Subjects or Data Protection authorities should be submitted to eurep.ie via their dedicated form or to [email protected]. BizLegal Ltd trading as EU Rep have their registered office at 27 Cork Road, Midleton Co. Cork, Ireland. Company number 635921.

UK Representative (UK GDPR Article 27)
DDC’s appointed representative for individuals located in the United Kingdom:
DDC UK Services Limited
184 Shepherds Bush Road

London

W6 7NL
Email: [email protected]

Data Protection Officer
DDC has appointed a Data Protection Officer who may be contacted at:
[email protected]

1 DDC Way

Fairfield, OH 45014

USA

1. TYPES OF INFORMATION WE COLLECT

1.1 Information You Provide Us Directly. We may collect information related to you, including, but not limited to your username, first and last name, e-mail, password, phone number, and mailing address, credit card information, when you create an account to log in to our network or at other times. If you provide us with feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, to send you a reply, and any information that you submit to us, such as a resume. For customers who engage us for our testing services, we may also collect basic information to perform the applicable service and/or test. This information may include but is not limited to date of birth, gender, blood transfusion and bone marrow transplant history, height and weight. This information is used to provide accurate and complete testing results applicable to the test requested by the client. We may also collect information that is necessary for our legitimate interests, which will be disclosed to you at the time of collection. DDC will use this information for the purposes of which it was collected.

We process this information under the following lawful bases:

• Contractual necessity (to provide requested testing services)
• Legitimate interests (e.g., fraud prevention, service improvement)
• Legal obligations (e.g., accreditation and record-keeping requirements)
• Explicit consent for the processing of genetic or other special category data, where required by law (GDPR Art. 9(2))

Where we rely on legitimate interests, we balance those interests against your rights and freedoms and ensure they do not override your fundamental privacy expectations.

Whether Providing Data Is Mandatory

Certain information—such as your name, contact details, and information necessary to perform the requested test—is required for us to provide our services. If this information is not provided, we may be unable to fulfill your order or deliver accurate testing results. Other information, such as marketing preferences, is optional and you may choose not to provide it without affecting the core service.

1.2 Digital Information and Cookies. We value your privacy and want to ensure a transparent online experience. Our website uses cookies to enhance your browsing experience and provide you with personalized content and services. Cookies are small text files stored on your device that help us collect information about your usage of our website. This data may include your IP address, browser type, device information, and browsing patterns. We use this information to improve our website, tailor content to your preferences, and analyze user trends. You can find detailed information about how we use cookies in our Cookie Policy.

We use non-essential cookies only with your consent. You may accept, reject, or manage your cookie preferences at any time through our Cookie Settings. Essential cookies necessary for the functioning of the website are always active.

Our cookie banner provides the ability to:

• Accept all cookies
• Reject all non-essential cookies
• Manage cookie categories

Non-essential cookies will not load unless you actively consent.

1.3 International Data Transfers.  DDC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. DDC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. DDC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.  Our DPF Policy is provided in the Appendix of this document.

Where we transfer personal data outside the EU/EEA or UK based on mechanisms other than the DPF, we use Standard Contractual Clauses or other appropriate safeguards as permitted by applicable law.

1.4 Information We Receive from Third Parties

In some cases, we receive personal data about you from third parties, such as:

• clinics, hospitals, or laboratories assisting in the testing process,
• individuals ordering a test on your behalf or in connection with a legal case,
• business partners or distributors,
• law enforcement or government entities (for legal or chain-of-custody tests).

We process this information in accordance with the purposes and legal bases described in this Privacy Policy. The categories of data received may include identifiers, contact information, and testing-related information.

2. USE OF YOUR DATA

2.1 General Use. In general, information you submit to us is used either to respond to requests that you make, or to aid us in serving you better. DDC uses your information to facilitate the creation of and secure your account on our network; identify you as a user in our system; provide improved administration of our website and services; improve the quality of experience when you interact with our website and services; send you administrative e-mail notifications; respond to your inquiries related to employment opportunities or other requests; to enhance our website for optimal user experience; to monitor the usage and performance of our website and services; to facilitate transactions and process payments; to provide maintenance, support, and customer service for our site; to conduct research and analysis; and to fulfil other legitimate purposes permitted by applicable law. Where we rely on legitimate interests, we ensure those interests are balanced against your rights and freedoms.

Our Legitimate Interests

When we process personal data based on our legitimate interests, those interests include:

• ensuring the security and integrity of our systems and testing operations,
• preventing fraud and misuse of our services,
• improving and optimizing our website and user experience,
• conducting internal analytics to enhance service quality, and
• communicating with existing customers about similar products or services where permitted.

We conduct a balancing assessment to ensure that our interests do not override your rights and freedoms.

2.2 Use of your Testing Information. We will only use your Testing Information in order to provide you the services you have requested, process your order, and respond to any order or billing related questions. Genetic data constitutes ‘special category data’ under GDPR. We process such data only with your explicit consent or where another legal basis under Article 9 applies, including processing necessary for health-related purposes or for establishing, exercising, or defending legal claims.

2.3 Explicit Consent for Genetic Data

Where required by law, we obtain your explicit consent before processing your genetic data or other special category data. Consent is collected through a clear affirmative action when you submit your testing kit or electronically authorize testing. You may withdraw your consent at any time by contacting us at [email protected]. Please note that withdrawal will not affect processing already completed as part of providing your test, nor will it require us to delete data we are legally or contractually required to retain.

2.4 Creation of Anonymous Data. We may create anonymous data records from information (including without limitation, Testing Information) by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyze request and usage patterns so that we may enhance the content of our services and improve site navigation. DDC reserves the right to use anonymous data for any purpose in its discretion.

For clarity, “anonymous data” refers to data that has been irreversibly de-identified such that no individual can be identified directly or indirectly. We do not use or disclose identifiable genetic data for secondary purposes such as marketing, research, or product development unless permitted by law and supported by an appropriate legal basis.

2.5 Feedback. If you provide feedback on any of our services to us, we may use such feedback for any purpose, provided we will not associate such feedback with your information. DDC will collect any information contained in such communication and will treat the information in such communication in accordance with this Privacy Policy and our Terms of Use.

3. DISCLOSURE OF YOUR INFORMATION

3.1 Affiliates. We may share some or all your information with our parent company, any subsidiary, or any other company under common control (collectively, “Affiliates”), including for marketing purposes. If we do share your information, we will require our Affiliates to honor this Privacy Policy. If another company acquires our company or our assets, that company will possess the information collected by it and us and will assume the rights and obligations regarding your information collected by us as described in this Privacy Policy.

3.2 Services Providers. We may share your information with agents to the extent necessary for them to provide their products and services to us, or to provide you with the products and services that you have requested. For example, if you engage us for testing services through a local laboratory, the laboratory is acting as our agent. Other examples include, database storage, file storage and file destruction, hosting services, marketing assistance, analyzing user data, processing payment card information, and for other legitimate purposes permitted by applicable law.

Service providers include, for example:

• accredited laboratories performing testing services,
• couriers and logistics providers handling sample shipments,
• cloud hosting and database storage providers,
• IT security and monitoring vendors,
• customer support platforms,
• payment processors,
• file destruction vendors, and
• marketing service providers (where permitted).

These providers receive only the data necessary to perform their contracted functions.

3.3 Business Partners. We may partner with other companies and individuals with respect to particular products or services. These third parties may be provided access to your information needed to perform their function. To restrict sharing of information with these third parties for their marketing purposes, please see the section below titles “Your Choices and Rights Regarding Your Information.”

3.4 Other Disclosures. Regardless of any choices you make regarding your information (as described below), DDC, may disclose information if it believes in good faith that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants served on DDC; (b) protect or defend the rights or property of DDC, or users of our services; (c) to protect against fraud or for risk management purposes; or (d) or to honor a request that you have made to DDC.

3.5. Processors Acting on Our Behalf

Where third parties process personal data on our behalf, we ensure appropriate contracts and safeguards are in place as required by GDPR Article 28.

4. THIRD PARTY WEBSITES

We may link to third party websites. Our provision of a link to any other website or location is for your convenience and does not signify our endorsement of such other website or location or its contents. When you click on such a link, you will leave our site and go to another site. During this process, another entity may collect information from you. We have no control over, do not review, and cannot be responsible for, these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or framed websites, or to any collection of data after you click on links to such outside websites.

5. YOUR CHOICES REGARDING YOUR INFORMATION

5.1 Choices. We offer you choices regarding the collection, use, and sharing of your information. We will periodically send you free newsletters and e-mails that directly promote the use of our website or services and may contain advertisements for third party companies or our Affiliates. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the e-mail you receive or by contacting us directly at [email protected]. Should you decide to opt-out of receiving future mailings, we may share your e-mail address with third parties to ensure that you do not receive further communications from third parties. Despite your indicated e-mail preferences, we may send you emails related to your account or transactions there under, or notices of any updates to our Terms of Use or Privacy Policy.

5.2 Withdrawal of Consent You have the right to withdraw your consent to processing that is currently underway with your consent. Consent can be withdrawn by sending an email. Without your consent, DDC will use information, only insofar as such processing is permitted by applicable law (e.g., for the performance of an Agreement between DDC and you) or where such processing is necessary for compliance with a legal obligation to which DDC is subject.

5.3 Accessing, deleting and updating your information. At your request, we will inform you of what personal information we have on file. In accordance with applicable data protection laws, you may have the right to request: access to, rectification, and erasure of your personal information; restriction of processing of personal information; objecting to certain processing of personal information; and the right to data portability. To exercise your rights under these provisions, please contact us at the “Contact Information” details below. When we receive your requests, we will ask you to verify your identity before we can act on your request. We may withhold information where the search for that information would require disproportionate effort or have a disproportionate effect to, for example, the cost of providing the information, the time it would take to retrieve the data, or how difficult it may be to obtain the information requested.  Please note that we may be required (by law, accrediting bodies, or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). Please be advised that by deleting your personal information, it will limit or eliminate our ability to provide future communication or explanation regarding any products or services, test results or other offerings in connection with DNA Diagnostics Center. Please be further advised that after your personal information is deleted, residual copies may take a period of time before they are deleted from all latent and backup systems.

5.4 Right to Lodge a Complaint

EU/EEA/UK individuals have the right to lodge a complaint with their local supervisory authority.

5.5. Automated Decision-Making

DDC does not use personal data to make automated decisions that produce legal or similarly significant effects.

6. RETENTION OF DATA

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law, accreditation bodies, or contractual obligations. Retention periods vary by test type and applicable regulations. When data is no longer required, we delete or anonymize it in accordance with our internal data retention schedules. Deletions occur in periodic batches.

Legal/Chain of Custody/Accredited Tests-We store your samples for a minimum of six months or according to contractual and legal requirements, if longer. All accompanying data and records associated with these tests are maintained as required by accrediting bodies, which is a minimum of five years or longer in some instances as required by law. The New York Department of Health requires all testing records be maintained for a period of 7 years. All such accompanying data will be destroyed following the minimum timeframes at intervals annually thereafter.

Non-Legal/Non-Chain of Custody Tests-We store your samples for a period of 6-8 weeks or according to contractual and legal requirements if longer. All accompanying data and records associated with these tests are maintained for a minimum period of one year and will be destroyed at intervals annually thereafter.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent: this information will not be shared with third parties.

7. SECURITY OF YOUR INFORMATION

We are committed to protecting the security of your information. We implement security measures appropriate to the risk level associated with the processing of genetic and other sensitive data. We use a variety of reasonable security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. Access to your personal information is limited and we take reasonable measures to ensure that your personal information is not accessible.

8. DISPUTE RESOLUTION

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, DDC commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact DDC at:

1 DDC WAY
FAIRFIELD OH 45014
1-800-362-2368

[email protected]

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, DDC commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

9. A NOTE TO USERS OUTSIDE OF THE UNITED STATES

DDC is based in the United States of America. If you are from a country outside of the United States of America with laws governing data collection, use, and disclosure that may differ from U.S. law and you provide information to DDC, please note that any information that you provide to DDC may be transferred to the United States of America. If you are located outside the United States, we process your data in accordance with applicable data protection laws, including GDPR and UK GDPR.

10. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy is subject to occasional revision, and if we make any substantial changes in the way we use your information, we will notify you by sending you an e-mail to the last e-mail address you provided to us and/or by prominently posting notice of the changes on our website or on our service. Any material changes to this Privacy Policy will be effective upon the earlier of thirty (30) calendar days following our dispatch of an e-mail notice to you or thirty (30) calendar days following our posting of notice of the changes on our site or on our service. These changes will be effective immediately for new users of our website or services. Please note, that at all times, you are responsible for updating your information to provide us with your most current e-mail address. In any event, changes to this Privacy Policy may affect our use of information that you provided us prior to our notification to you of the changes. If you do not wish to permit changes in our use of your information, you must notify us prior to the effective date of the changes that you wish to deactivate your account with us. Continued use of our website, or services, following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

11. CONTACT INFORMATION

We welcome your comments or questions regarding this Privacy Policy. Please e-mail us at [email protected] or contact us at the following address or phone number:

1 DDC WAY
FAIRFIELD OH 45014
1-800-362-2368

If DDC needs, or is required, to contact you concerning any event that involves information about you, we may do so by email, telephone, or mail.

APPENDIX

EU-U.S. Data Privacy Framework (DPF) Policy

Compliance & Principles

This EU-U.S. Data Privacy Framework Policy (“Policy”) outlines how DDC and its subsidiaries, branches, divisions, and business units in the United States, collect, use and disclose certain Personal Data that we receive in the United States from the European Economic Area (“EEA”), and the choices affected individuals have regarding DDC’s use of, and the individual’s ability to correct that information. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Protecting the privacy of its clients is important to DDC. DDC has elected to participate in the EU-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding Personal Data transferred to the United States from European Economic Area member states. DDC has certified that it adheres to the EU-U.S. Data Privacy Framework Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.

For the purposes of enforcing the EU-U.S. Data Privacy Framework, DDC is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”).

This Policy is intended to supplement our DNA Diagnostics Center Privacy Policy. In the event of any inconsistency, the terms of this Policy will govern.

Definitions
The following definitions apply throughout this Policy:

Agent
Any third party that uses Personal Data provided to DDC to perform tasks on behalf of and under the instruction of DDC.

DDC
DNA Diagnostics Center, its subsidiaries, branches, divisions, and business units in the United States.

Personal Data
Any information or set of information that identifies a living individual or could reasonably be used to identify a living individual (in each case, whether alone or in combination with any other information in the possession, or likely to come into the possession of DDC).

Sensitive Personal Data
Personal Data that reveals racial or ethnic origin, political opinions, religious beliefs (or beliefs of a similar nature), trade union membership, physical or mental health or condition, sexual life, the commission or alleged commission of any offence or any proceedings for any offence committed or alleged to have been committed. In addition, DDC will treat as Sensitive Personal Data genetic data and any information received from a third party where that third party treats and identifies such information as sensitive.

Legitimate Interests

Legitimate interests refer to a legal basis for processing personal data that is recognized under data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union. It allows organizations to collect and use personal information without explicit consent if they have a legitimate and justifiable reason for doing so, and if the individual’s interests, rights, and freedoms are not overridden by these interests.

Privacy Principles

Notice
When DDC collects Personal Data directly from individuals in the EEA, it will inform them about the purposes for which it collects their Personal Data and the choices and means, if any, that DDC offers individuals for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to DDC, or as soon as practicable thereafter, and in any event before DDC uses or discloses the information for a purpose other than that for which it was originally collected. The DNA Diagnostics Center Privacy Policy describes the categories of Personal Data that we may receive in the United States under the DPF as well as the purposes for which we use such Personal Data.

If DDC receives Personal Data from its subsidiaries, affiliates, or other entities in the EEA, it will use such information in accordance with the notices such entities provided, and the consents or choices made by the individual about whom such Personal Data relates.

Choice
DDC will offer individuals the opportunity to choose (“opt-out”) whether their Personal Data is (a) to be disclosed to a non-Agent third party (unless allowed or required by contract), or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

For Sensitive Personal Data, DDC will give individuals the opportunity to affirmatively and explicitly consent (“opt-in”) to the disclosure of the information to a non-Agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

Accountability for Onward Transfer
We may transfer Personal Data to our third-party Agents or business partners as described in the DNA Diagnostics Center Privacy Policy. Where required by the DPF, DDC will obtain assurances and enter into contracts with its Agents or business partners, stating they will safeguard Personal Data consistently with the Principles and limiting their use of the data to the specified services provided on our behalf. If DDC has knowledge that an Agent or business partner is using or disclosing Personal Data in a manner contrary to this Policy, DDC will take reasonable steps to prevent or stop the use or disclosure. Under certain circumstances, DDC may remain liable under the Principles if the third-party Agents that it engages to process Personal Data on its behalf do so in a manner inconsistent with the Principles.

Access
Upon request, DDC will grant individuals reasonable access to Personal Data that it holds about them. In addition, DDC will take reasonable steps to permit individuals to correct, amend or delete that information where it is inaccurate, incomplete or has been processed in violation of the Principles. These access rights may not apply fully in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access.

If you would like to request access to, correction, amendment or deletion of your Personal Data, you can submit a written request to the contact information provided below or email [email protected]. We may request specific information from you to confirm your identity. We will provide a copy of your personal data, but for any further data requested we may charge a reasonable fee based upon administrative costs.

Recourse, Enforcement and Liability
DDC may conduct internal compliance reviews of its relevant privacy practices to verify adherence to this Policy. Any employee that DDC determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.

Any questions or concerns regarding the use or disclosure of Personal Data should be directed to the DDC Privacy Department at the address given below or email [email protected]. DDC will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of Personal Data in accordance with the Principles contained in this Policy.

For complaints that cannot be resolved between DDC and the complainant, DDC has agreed to participate in dispute resolution using JAMS International (located in the United States) as a third-party resolution provider to resolve disputes pursuant to the DPF Principles. You may submit, at no charge to you, your complaint to JAMS for mediation under the JAMS International Mediation Rules, which are accessible on the JAMS website.

You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with DDC and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the U.S. Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see the U.S. Department of Commerce’s DPF (Binding Arbitration).

Limitation on Application of Principles
Adherence by DDC to these DPF Principles may be limited (a) to the extent necessary to meet national security, public interest, or law enforcement requirements; (b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations, provided that, in exercising any such authorization, an organization can demonstrate that its non-compliance with the Principles is limited to the extent necessary to meet the overriding legitimate interests furthered by such authorization; or (c) if the effect of the Directive or Member State law is to allow exceptions or derogations, provided such exceptions or derogations are applied in comparable contexts. Consistent with the goal of enhancing privacy protection, DDC strives to implement these Principles fully and transparently, including indicating in our privacy policies where exceptions to the Principles permitted by (b) above will apply on a regular basis. For the same reason, where the option is allowable under the Principles and/or U.S. law, DDC will opt for the higher protection where possible.

Contact Information
Questions or comments regarding this policy should be submitted to:

DDC
Attn: Privacy Department—Data Privacy Framework
1 DDC Way
Fairfield, OH 45014
[email protected]
1-800-362-2368

Changes to this Policy
This Policy may be amended from time to time, consistent with the requirements of the DPF Principles. DDC will post appropriate notice about such changes and amendments, including by updating the effective date at the top of this Policy.

DNA Diagnostics Center Cookie Policy

Updated December 8, 2025

1.Controller Information.

The controller of any of your information obtained through the use of first-party cookies on this website is DNA Diagnostics Center (referred hereinafter as “DDC” or “we”), the owner of the website you are visiting (please browse to the “contact section” for details).

This Cookie Policy sets out the basis on which all data that DDC collects on you through tracking technologies like cookies, web beacons or pixels, will be processed by DDC and provides you with information about these tracking technologies and especially about cookies. This information is intended to give you a better understanding of what cookies are and the role they play in your visit to our website.

If you have any questions regarding this Cookie Policy, if you want to submit a request in relation to your personal information, please contact us at [email protected].

For additional information about how we process personal data, including your rights as a data subject and our contact details, please refer to our main Privacy Policy, available on our website.

2. Which information does DDC collect about me?

DDC may obtain information about you when you use this website.

The information we collect about you includes:

• information that may identify you, such as your IP Address;
• device event information such as browser type, browser language, the date and time of your request and referral URL;
• your preferences such as language settings, website notifications, or alerts;
• your location;
• what content you view or pages you visit;
• search enquiries you make using our site search.

3. How does DDC collect information about me?

3.1 Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

In addition to Google and similar providers, we also use the Meta (Facebook/Instagram) Pixel. This tool helps us understand how visitors interact with our site and enables us to show relevant ads to people who have previously visited our website when they are on Meta platforms. The Meta Pixel collects information such as your browser type, pages visited, and actions taken on our site, which may then be linked to your Meta account for advertising purposes.

These partners may combine the information collected through cookies on our website with data you have provided to them or that they have collected from your use of their services. This may include data relating to your interactions with advertisements, your device and browsing activity, and, where you are logged into your Meta or Google account, information associated with that account. This data may be used to create interest-based profiles for targeted advertising.

Functional Cookies

These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Analytics Cookies

Analytics Cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Below is a list of the cookies used on our website, including their provider, purpose, type, and duration. This list may be updated periodically as our website evolves.

Non-essential cookies—including analytics, functional, and targeting cookies—are only activated after you provide your explicit consent through our Cookie Preferences tool. These cookies remain disabled unless and until you opt in.

3.2 How to control cookies?

You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

For more general information about cookies, web beacons, pixels or other similar technologies and how to disable them through your browser, visit https://cookiepedia.co.uk/all-about-cookies.

You can easily accept or reject each of the cookies, web beacons or pixels on this site by adjusting your preferences on the relevant link or icon provided on each of DDC’s webpages.

3.3 We collect information about you via parameter tracking

We also use Scripts and components (such e.g. JavaScript code) used to generate Web pages and to automate computer processes. You can disable the Scripts, such as JavaScript, through your browser (see your browser’s settings).

We may also use ETag, which is an HTTP protocol header field mainly used to validate web caches and allow more efficient browsing. It has also been used for cookie-like purposes.

3.4 We collect information about you via third parties

We use Google Analytics’ 3rd-party audience data such as age, gender and interests to work with companies that collect information about your online activities to provide advertising targeted to suit your interests and preferences. For example, you may see certain ads on other websites because we may contract with Google and other similar companies to target our ads based on information we or they have collected, including information that was collected through automated means (such as cookies and web beacons). These companies also use automated technologies to collect information when you click on our ads, which helps track and manage the effectiveness of our marketing efforts.

You may opt in for or opt out of the automated collection of information by third-party ad networks for the purpose of delivering advertisements tailored to your interests, by visiting the consumer opt-out page for the Self-Regulatory Principles for Online Behavioral Advertising at http://www.aboutads.info/choices/ and edit or opt-out your Google Display Network ads’ preferences at http://www.google.com/ads/preferences/. Because those opt-out and preference control pages are specific to the individual browser used to visit it, and because that page is not operated by DDC, we are unable to perform the opt-ins or opt-outs on your behalf.

3.5 International Transfers via Third-Party Cookies

Some third-party providers, such as Google and Meta, process your cookie-derived information outside the European Economic Area (“EEA”) or the United Kingdom (“UK”), including in the United States. Where such transfers occur, they are carried out in accordance with applicable data protection laws and rely on appropriate safeguards such as the EU-U.S. Data Privacy Framework, the UK Extension, or Standard Contractual Clauses.

For more information, please see:

• Google Privacy Policy: https://policies.google.com/privacy
• Meta Privacy Policy: https://www.facebook.com/privacy/policy

4. Which processing ground(s) do you rely upon for processing my personal information?

In order to use cookies and process your data collected through the use of cookies, we rely on your consent. You can withdraw your consent in full or in parts at any time by adjusting your preferences on the relevant link provided on each of DDC webpages titled Cookie Preferences.

4.1 Data Retention for Cookie-Derived Information

Personal data collected through cookies is retained only for as long as necessary for the purposes for which it was collected. Retention periods correspond to the lifespan of the cookie (as listed in Section 3) or, for aggregated analytics data, for no longer than 26 months unless a shorter period is specified.

5. Who will my personal information be transferred to?

Your personal data might be transferred to any DDC affiliates. These affiliates operate internationally and may be outside the European Union or United States. We do not sell or otherwise disclose personal information about our website visitors to third parties except as described below.

• to trusted businesses or persons to process your personal information for us, based on our instructions and in compliance with applicable data privacy regulations;
• to service providers we have retained to perform services on our behalf;
• to companies, organizations or individuals outside of DDC if we have a good reason to believe that access, use, preservation or disclosure of the information is reasonably necessary to:
  • execute and enforce contractual terms;
  • meet any applicable law, regulation, legal process or enforceable governmental request;
  • detect, prevent, or otherwise address fraud, security or technical issues;
  • protect against harm to the rights, property or safety of DDC, our users or the public as required or permitted by law;
• to regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, or in connection with legal proceedings;
• to third parties as part of a merger, acquisition or bankruptcy, in the event we sell or transfer all or a portion of our business or assets (including through bankruptcy).

This includes third-party providers such as analytics and advertising partners whose cookies are set on our website. When these partners receive personal data through cookies, they act as independent controllers responsible for their own processing activities.

6. Which rights do I have over my personal data?

You have the right to ask for:

• accessing your data;
• rectifying your data;
• restricting the processing of your data;
• withdrawing your consent at any time as explained above;
• erasing your data

You may submit relevant request in this respect through our dedicated contact point mentioned in this Cookie Policy. You also have the right to complain to the relevant national data protection authority in case these rights are not complied with. For EU visitors, an overview of the national data protection authorities is available at the following link: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

6.1 Profiling

Some cookies, particularly targeting and analytics cookies, may involve profiling to analyze or predict your preferences and behavior for advertising or website optimization. Such profiling does not produce legal or similarly significant effects.

7. Links to other sites

We provide links to other websites for your convenience and information. If you follow such links, this Cookie Policy will no longer apply. These websites may have their own privacy notice or policies in place, which we recommend you review if you visit any linked websites. We are not responsible for the content of linked websites or their use.

8. Changes to this Cookie Policy

We recognize that transparency is an ongoing responsibility so we will keep this Cookie Policy under regular review. We will always update this Cookie Policy on our website, so please read or print it when you visit the website (the revision date can be found on the top of this Cookie Policy).

9. Contact

We welcome your comments or questions regarding this Cookie Policy. Please e-mail us at [email protected] or contact us at:

DNA Diagnostics Center

1 DDC WAY

Fairfield, OH 45014

1-800-362-2368