Mendelics collects your personal data as follows:

1. Information you share with us: when you register in the Platform and when you use the Services, you provide us several data, such as your full name, gender, date of birth, contact, CPF, financial data, requested test (whether by you or by your legal representatives), so as to make Mendelics’ Services provision feasible to you;
2. Collection of information in DNA for tests and analysis: personal data, including genetic data, collected by Mendelics to make feasible the conduction of tests and later analysis to those which led to the signature of the consent terms in first place;

3. When you access the Platforms and use Mendelics’ Services: by means of cookies and other similar technologies, data such as the visualization of pages and devices used for navigation will be collected, as well as information related to the use of certain functionalities of the Platforms and Services by you;
4. Collection of information from public and historical records: information extracted from public and historical records, such as newspapers, birth/death/marriage records, which may contain personal data related to you; and
5. Information from third-parties: data obtained through third-parties, due to partnerships established to make the access to the Platform feasible and the development of certain Mendelics’ Services (e.g.: physicians who request the test to Mendelics on behalf of you and research bodies).

The personal data collected by Mendelics are processed to meet the following purposes:

1. To allow the conduction of the requested exams and tests (e.g.: registration and identification of users, sending the kits, making payments, genetic material analysis), and authorize Mendelics contact with you during and after the use of the Platforms and Services (e.g.: to send the results), in compliance with the applicable Terms of Use and the consent terms;
2. In order to improve the analysis and the results of new diagnosis conducted by Mendelics, as well as in the development of its internal intelligence to read the genetic variants and related services, your data will integrate Mendelics’ database;
3. To allow the communication with you and warnings related to Mendelics’ Services and its internal policies (e.g.: to answer doubts submitted by you in the Contact area, inform about changes to the Services);
4. To allow the conduction of consultations and questionnaires during the use of the Platforms and Services, as well as to facilitate the development of products and research initiatives;
5. To provide security in and out of the Platforms and Services, so as to verify the accounts and suspected activities or infringements to the Consent Term, the Terms of Use or the Privacy Policy (e.g.: use of data to authenticate your access to a specific Mendelics’ Service);
6. To generate statistical analysis concerning the use of the Platforms and Services, so that Mendelics is able to better understand your needs and interests and, thus, provide better services and/or provide related information;
7. To share the information with third-parties as required to make the Service provision feasible and respecting the limits posed by the applicable legislation and your consent.
8. To allow a legal audit for the purposes of corporate operations, such as the merger, acquisition or sale of all Mendelics’ assets, its economic group, or of part of each of them, and transfer the information to the new owner, in case the ownership or control of total or part of Mendelics or its assets are changed;
9. To answer to judicial orders (e.g.: judicial order, search warrant or legal notice), only when necessary to do so and/or when Mendelics is thus required by the law or by judicial ruling, and to comply with the applicable legislation requirements;

You may also consent with some specific processing purposes provided by Mendelics to:

1. Improve the commercial and promotional initiatives by Mendelics and by its commercial partners and provide customized experiences for you, by sending messages about new services, advertising, promotions or other marketing means;
2. Make feasible the conduction of scientific researches, which can be developed in-house or be sponsored, conducted or performed in cooperation with third-parties, such as non-profit organizations, academic institutions or companies, based on your consent and in compliance with the requirements concerning personal data protection enforced by the applicable legislation;
3. Share information with Mendelics’ partners, so as to improve the Platforms and Services provided to you, in the limits of your consent and in compliance with the requirements concerning personal data protection enforced by the applicable legislation; and
4. Other purposes, in the form and limits of the corresponding consent granted by you, and in the limit authorized by the law.

By agreeing with the Consent Term, you declare to agree with the personal data processing activities required to conduct the contracted Services, as well as you can provide the specific consent to the activities and purposes mentioned in this privacy policy.

You can change your preferences directly in our Platforms, choosing who may access (e.g.: physicians, family members and certain companies) your information and for which purposes it can be used.

In case it’s necessary to process additional sensitive data by Mendelics, as part of your interaction with the Platforms and Services, Mendelics commits to, whenever necessary, obtain your additional consent before conducting such activities.

In cases where it’s necessary to provide the contracted Services or when you specifically consent, Mendelics may share your personal data with third-parties.

Such sharing will seek to reach the following purposes:

1. To assist in the provision or in the operation of the Platforms and Services, by sharing the personal data with our service providers and/or partners (e.g.: companies responsible for sending the kits, payment processors, payers, physicians who requested the test to be performed by Mendelics, companies providing cloud data storage services, suppliers for the purposes of marketing, fraud prevention and security), always within the strict limits authorized by the legislation and according to your previous and specific consent, when required;
2. To allow our service providers and commercial partners to conduct marketing, brand analyses, advertising activities based on interests or similar activities for Mendelics;
3. To analyze and solve technical problems and those related to potential security risks of Mendelics’ Services;
4. To allow, when strictly required, legal audit for the purposes of corporate operations, such as the merger, acquisition or sale of all Mendelics’ assets, its economic group, or of part of each of them, and transfer the information to the new owner, in case the ownership or control of total or part of Mendelics or its assets is changed. The provisions present in this Privacy Policy will continue to be applicable to its personal data in case they are transferred to the new owner;
5. To allow the establishment of partnerships by Mendelics, by sharing personal data, as they are required to implement the partnerships, according to its consent, when applicable and within the limits established by the applicable legislation;
6. To answer, as strictly required, the judicial orders and comply with the applicable legislation requirements, situations where the data can be shared by Mendelics with the government and judicial authorities. Mendelics emphasizes and seeks to ensure the highest protection level as possible to you and to your data. In cases where Mendelics is legally compelled to disclose your data, Mendelics will employ its best efforts to communicate you in advance concerning such sharing, except in cases where it is legally prevented to conduct such communication;
7. To generate individualized data concerning the use of the Platforms by you or by Mendelics’ employees, which will be available for Mendelics’ partners and other companies belonging to its economic group, base on your consent, when applicable and according to the applicable legislation limits, as long as they adopt a privacy policy and commercial practices with the same protection level as provided by this Policy;
8. To conduct and/or disclose statistical analysis and research results (e.g.: sharing in public genetic variants database), based on your consent, and in compliance with the legal and sectoral requirements concerning the personal data and genetic data protection; and
9. Other purposes, in the form and within the limits of the corresponding consent granted by the User, and in the limit authorized or required by the law.

The procession of certain personal data, especially genetic information, may disclose unexpected information about you and/or your family, with potential to affect your emotional or personal life. Once such information is discovered, Mendelics has no means to reverse it.

Mendelics employs all the personal data protection means. However, its conducts may also impact the secrecy and confidentiality protection of your data, such as sharing the exams and test results with other people and companies, by your own will.

Technologies such as cookies (small files stored in the users’ browser, cell phone or another device) are used during your browsing at Mendelics’ platforms, services and advertisements, to understand, transmit and protect your information. These technologies can be used to allow Mendelics to present the most relevant contents and offers for you, to improve Mendelics’ Services, and to help maintain these Services safe.

The specific names of the cookies used may vary as the Services are improved and updated, but they are generally restricted to the categories of use below:

1. Authentication – Example: Indicate that you are connected, so that it’s possible to provide appropriate resources, as well as to understand how you use Mendelics’ Platforms and its Services.
2. Site security and integrity – Example: To help keeping the safety of the Services, providing support or activating security resources and assisting to detect activities which violate the Consent Term and the Terms of Use.
3. Advertisements, ideas and measurement – Example: To analyze the browsing behavior and disseminate advertisements, make them more relevant to you and analyze the Services and their use. For example, it’s possible to use a cookie to discover if someone to whom an advertisement has been disseminated has purchased something in the advertiser’s site or installed the advertised applications subsequently. Likewise, partners may use cookies or other similar technologies to determine if Mendelics exhibited one of its advertisements and what was its performance, or inform how you interact with it.
4. Site resources and services – Example: To help providing products and services, for example, when you visualized or interacted with the Services’ content, and provide other social plug-ins, other experiences and customized contents or making suggestions.
5. Performance – Example: To provide the best experience as possible, for example, helping to route the traffic between the servers and notice how fast Mendelics’ Platforms are uploaded for different people. Occasionally, information can be stored in your browser or device so that the resources in use upload and respond on a fast manner.
6. Analysis and surveys – Example: To understand, improve and survey services, including when you access Mendelics Platforms or other sites and applications from the computer or from a mobile device. For example, it’s possible to use cookies or similar technologies (including information from your device) to understand how you are using social plug-ins and improve them, being that information about this analysis permited to be shared with Mendelics’ partners.

You may redefine your web browser to refuse the cookies or to indicate when a cookie is being sent. However, some of Mendelics’ Platforms functionalities may not properly work if the capacity to accept cookies is disabled.

Mendelics’ Platforms may contain links to partners’ services, having their own terms and policies. However, such Policy is limited to the Platform and to the Services provided by Mendelics itself.

Although Mendelics continuously seeks to establish relationships with reliable partners, Mendelics shall not be liable for the personal data processing practices exclusively conducted by such third-parties. For this reason, Mendelics recommends you to read the external terms and policies before providing any personal data during the use of Mendelics Services.

When processing your data, Mendelics will make efforts to store and keep them safe, in compliance with the current legislation and the information provided in the Consent Term signed by you when you contracted the service. For this reason, your personal data and your sequencing files will be stored encrypted, by using high security levels, including counting on access control practices.

By providing the Platforms and its Services, Mendelics always seeks for companies which use high security level storage of the information, establishing contracts which do not violate the terms of this Privacy Policy.

Mendelics commits to continuously implement information security physical, technical and administrative measures in the processing of its personal data, in compliance with the best practices in the market. Thus, it’s sought to protect your data against unauthorized accesses, accidental or illegal situations of destruction, loss, change, communication or any form of inappropriate or illegal processing.

In this regard, Mendelics allows your personal data to be accessed by its employees and by other third-parties limited only to the required to conduct their activities, according to express instructions and upon contractual obligation of secrecy and confidentiality of the processed personal data.

Mendelics guarantees that its health and genetic data storage practices comply with the laws and standards applicable to the genetic data processing, including those related to the storage forms and retention period.

In order to protect your personal data against unauthorized accesses, Mendelics recommends you to keep strong access passwords to the Platforms and to the Services and to protect yourself against the unauthorized use of your access devices.

Mendelics, as a company in line with the most current practices and technologies, may store your personal data in servers located out of the national territory, including, but not limited to, cloud computing providers (e.g.: Amazon Web Services, Google Cloud, Microsoft Azure, among others). In these circumstances, you authorize your personal data to be stored abroad according to the rules provided for in this Policy. This authorization does not imply the sharing of your personal data with these companies. The use of cloud services follows the international standards accepted for personal data security.

Mendelics may also transmit personal data to partners or to other international research bodies, in the limits of your consent, guaranteeing, whenever possible, the data anonymization.

In the cases mentioned above, Mendelics commits to comply with the applicable legislation in order to guarantee the protection of your personal data, through practices such as the execution of contractual agreements in conformity with the current legislation.

Mendelics will adopt appropriate technical and organizational measures to comply with its obligations concerning its rights as holder of the personal data. In this respect, Mendelics commits to make your rights feasible in the best way possible as provided in the law, namely:

1. Confirmation: right to be informed about the existence of processing;
2. Access: right to request access to the personal data processed by Mendelics;
3. Correction: right to request the change to the personal data processed by Mendelics whenever they are incomplete, inaccurate or out of date.
4. Restriction: right to request the anonymization, the blockage or elimination of unnecessary, excessive data or those processed by Mendelics in disagreement with the personal data protection legislation;
5. Portability: right to request the transmission of the data processed by Mendelics to another service provider;
6. Elimination: right to request the elimination of the personal data processed by Mendelics with your consent;
7. Information: right to be informed about the public and private entities with which Mendelics shares data, about the possibility not to provide the consent and about the consequences of such refusal;
8. Consent revocation: right to revoke the consent at any time, through express communication, by means of free and facilitated procedure; and
9. Review of the automated decisions: possibility to review decisions taken by Mendelics based on the automated processing of personal data which affect your interests.

In case you are interested in exercising any of the rights listed above, you must contact Mendelics by using the e-mail indicated in the “General provisions” Section below.

Concerning the request to eliminate your personal data, Mendelics will accomplish personal data exclusion requests upon your request or upon legal obligations. In this case, this data will be definitely excluded, except in cases of mandatory retention of records provided in the legislation, and the cases where the data retention by Mendelics is allowed by the law, in order to comply with legal or regulatory obligation.

This Privacy Policy consists in the valid and efficient version of the information about the processing of your personal data by Mendelics. This version is responsible for governing all the relationships between you and Mendelics, except when you use services containing distinct Privacy Policies, considering the acquired rights, the perfect legal acts and the judicial estoppel.

The Privacy Policy version in effect will always be the latest one. To identify the current version date, you must verify the “Last modified” section, in the top of this document.

Mendelics reserves the right to update and change on a periodic basis any of its legal documents, including this Privacy Policy.

Any changes to this Policy which cause impact to the previously provided consent or which implies financial burden to you will be communicated by Mendelics in advance. However, any changes conducted by legal reasons or due to new functionalities of a Service will come into force on an immediate basis.

Mendelics is continually seeking for improvements to provide you the best experience as possible when using the Services. However, Mendelics’ Services are provided on a “as is” basis, so that Mendelics may freely implement changes, alterations, additions, removals and any other modifications in the Services.

You can stop using Mendelics’ Services at any time. Thus, Mendelics can also stop providing the Services to you at any time, as well as to include or create new limits to the Services.

If you do not agree or if you do not feel comfortable with any changes to this Policy, you must interrupt the use of Mendelics’ Services. Otherwise, the subsequent use of the Services will imply your agreement with the new Policy version.

Mendelics may make additional information available to you concerning the personal data processing practices related to certain Services or its Platforms’ functionalities. This information may complement or clarify Mendelics privacy practices or provide you with additional choices on how Mendelics processes the personal data. In any event, Mendelics commits to comply with the legal and regulatory obligations applicable to the personal data processing and to its operating sector.

The clauses of this Privacy Policy will be in effect regardless of any termination means, occurred by any reason, so as to continue to produce effects on the parties while subsequent legal relationships exist.

In case you want to exercise any of the rights provided for in this Privacy Policy, or in case you have any doubts concerning this document and the practices described herein, you must contact David Schlesinger, responsible for processing personal data (“Responsible”), who will act as the communication channel between you and Mendelics, through dados@mendelics.com.br.