Lark + 23andMe
Effective Date: May 18, 2018
Is personal information about me secure?
Your account is protected by a password for your privacy and security. You need to prevent unauthorized access to your account and personal information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We endeavor to protect the privacy of your account and other personal information we hold in our records, but we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
Will Lark share any of the personal information it receives?
We neither rent nor sell your personal information in personally identifiable form to anyone. We share your personal information in personally identifiable form with third parties only as described below.
Affiliated businesses, third party websites and third party services we do not control: In certain situations, businesses, third party websites and third party services we're affiliated with may sell items or provide services to you through the website (either alone or jointly with us) or in-app service or conversation. Third party services are under contractual obligation to keep such user information confidential.
Agents and Business Partners: We employ other companies and people and affiliate with third party business partners (such as your healthcare insurer or provider) to perform tasks on our behalf in order to enhance the value and utility of our products and services, including the Website, App and Services and need to share your information with them to provide products or services to you. Unless we tell you differently or if you have entered into a direct agreement, our agents and business partners do not have any right to use the personal information we share with them beyond what is necessary to assist us.
User submissions: Any content or personal information that you voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by others.
Business transfers: We may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that is transferred. Also, if we (or substantially all of our assets) are acquired, or if we go out of business or enter bankruptcy, personal information would be one of the assets transferred to or acquired by a third party.
Protection of Lark and others: We may release personal information when we believe in good faith that release is necessary to comply with laws; enforce or apply our Terms and Conditions and other agreements; or protect the rights, property, or safety of Lark, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
With your consent: Except as set forth above, you will be notified when your personal information may be shared with third parties, and will be able to prevent the sharing of this information.
What personal information can I access?
Through your account settings, you may access, and, in some cases, edit or delete the following information you've provided to us:
name and password
user profile information, including your height, weight, and location
The information you can view and update may change as the Website or App changes. Please note that any information that is automatically uploaded from the App to the Website cannot be later changed or updated. If you have any questions about viewing or updating information we have on file about you, please contact us at: email@example.com.
What information does Lark collect?
Information you provide to us:
We receive and store any information you knowingly provide to us. For example, we collect personal information such as your name, username, email address, gender, birth date, ethnicity, weight, height, location, insurance provider, nutrition data, workouts, physical activity, and sleep habits and we may collect other sleep, activity, or health-related information as our services and products are further developed (collectively “Personal Information”). You can choose not to provide us with certain information, but then you may not be able to register with us or our partners or to take advantage of some features. We may, but not always, anonymize your personal information so that you cannot be individually identified, and provide that information to our partners. For example, you may tell us that you are female and sleep an average of 6 hours per night; we may combine this information with content received from our other users, and disclose to our partners that on the whole, our male users sleep more hours per night than our female ones, but we will not tell those partners who you are. We may use third party service providers and suppliers to facilitate the Website, App and Services we provide, and they may have access to Personal Information. In addition, we may buy or sell business assets or be acquired by or acquire other organizations. In such transactions, Personal Information generally is one of the transferred business assets. In addition, in the event we merge or consolidate with another organization, Personal Information may be transferred to the successor entity. We may also disclose Personal Information to other affiliated institutions and/or if we are required to do so by law.
We do not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register for the Services (as that term is defined in our License Agreement) or under the age of 16 in the European Union (EU) (see http://lark.com/gdpr). If you are under 13 or under the age of 16 in the EU, please do not attempt to register for the Services or send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 or 16 in the EU may provide any personal information to us or on the Services. In the event that we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13 or 16 in the EU, please contact us at: firstname.lastname@example.org.
Information collected automatically:
Whenever you interact with our Website, we automatically receive and record information on our server logs from your browser including your IP address, 'cookie' information, and the page you requested. 'Cookies' are identifiers we transfer to your computer or mobile device that allow us to recognize your browser or mobile device and tell us how and when pages in our Website are visited and by how many people. Lark does not save any personal information in the cookie and cannot connect the information in the cookie to a specific person. You may be able to change the preferences on your browser or mobile device to prevent or limit your computer’s or device's acceptance of cookies, but this may prevent you from taking advantage of our Website's best features.
When we collect usage information (such as the numbers and frequency of visitors to the Website), we only use this data in aggregate form, and not in a manner that would identify you personally. For example, this aggregate data tells us how often users use parts of the Website, so that we can make the Website appealing to as many users as possible. We may also provide this aggregate information to our partners; our partners may use such information to understand how often people use our Website, so that they, too, can provide you with an optimal online experience. We never disclose aggregate information to a partner in a manner that would identify you personally.
Interest based advertising and retargeting:
There exists a range of different kinds of online interest based advertising and retargeting services; from fairly simple forms to the far-reaching monitoring of web surfer activities carried out by search-engine owners or services carried out in partnerships between technology companies and Internet Service Providers. As a common denomination, you could say that interest based advertising and retargeting is intended to make online display advertising more relevant to web surfers' likely interests.
Lark's interest based advertising and retargeting services are cookie and web beacon based. Based on the anonymous information stored in the User's cookie, Lark is able to provide more relevant advertising to the User. For example, a User that visits sports sites often will be categorized in the 'sports fan' segment, and will primarily be served advertisements that are relevant to the interests of a sports fan, and a User that shows interest in a certain car model or a certain computer model, may be served advertisements or specific offers for such car model or computer model.
Interest based advertising:
Interest based advertising is Lark's solution for optimizing the selection of ads for a certain user. The selection of ads is based on an interest profile built up during visits to websites.
Interest based advertising step by step:
A website user browses sites. The category of each website is saved to a cookie in the web browser.
When the website user browse sites related to cars the counter for category "Automotive" is updated in the cookie.
Ads are selected and shown to the user based on the category count in the cookie. A user with a higher than average count in the "Automotive" category will be shown more ads related to cars.
Retargeting is a solution for displaying ads based on which websites or pages the user has visited before.
Retargeting step by step:
The user browses a website that runs a retargeting campaign.
Information on what pages the user visits on the website is stored in a cookie in the user's web browser.
When the user visits the Lark site, ads may be shown to the user based on the information in the retargeting cookie.
For the website user targeting means that more relevant ads will be displayed, ads that match the user's interests. For example, a user visiting more travel websites than average will be served more ads related to travel. A user being interested in a certain product will be served ads with offers related to that product.
Lark does not save any personal information in the cookie and cannot connect the information in the cookie to a specific person.
You can opt out from our targeting solutions as noted below; when you have opted out you will not be served ads based on your interests and no targeting information will be stored in your web browser. Note that the blocking ends if you clear your browser from cookies. Also, if you delete cookies or set your browser to disallow cookies, you will limit the functionality we can provide when you visit our website.
Delete targeting cookies
Your interest profile can be removed by deleting your browser's cookies.
Information stored on cookies
The cookie information stored on the User's hard drive for interest based advertising and retargeting purposes is: (i) User segment hits or information on a specific product, service, brand or model in which the User has shown interest during its visit to a certain website and (ii) time and date stamp of the latest update of the User profile.
If the cookie is deleted by the User, all profile data is removed. For the sake of clarity, no segments relating to information which Lark considers sensitive have been or will be created, such as segments relating to political opinions, religious beliefs, physical or mental health conditions or sexual life. Further, Lark is very sensitive to the issue of children's privacy and marketing directed to children. No segments are intended to be established for the profiling of children.
E-mail and other communications:
We may contact you, by email or other means; for example, we may send you promotional offers on behalf of other businesses, or communicate with you about your use of the Website or the App. Also, we may receive a confirmation when you open an email from us. This confirmation helps us make emails more interesting and improve our service. If you do not want to receive email or other communications from us, please indicate your preference by emailing us at: email@example.com.
What choices do I have?
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our special features.
You may be able to add, update, or delete information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. Please note that some information may remain in our private records after your deletion of such information from your account. We may use any aggregated data derived from or incorporating your personal information after you update or delete it, but not in a manner that would identify you personally.
How is my iOS HealthKit and Health app data handled?
How is my Android Google Fit data handled?
HIPAA policy and other questions or concerns?
It is the policy of the Company to adopt, maintain and comply with our privacy practices of customer and end-user data, which shall be consistent with HIPAA/HITRUST, California and EU GDPR laws.
Assigning Privacy and Security Responsibilities
It is the policy of the Company that privacy protections extend to information concerning deceased individuals.
Minimum Necessary Use and Disclosure of Protected Health Information
It is the policy of the Company that for all routine and recurring uses and disclosures of PHI (except for uses or disclosures made 1) to or as authorized by the customer, client or end-user or 2) as required by law for HIPAA/HITRUST/GDPR compliance such uses and disclosures of protected health information must be limited to the minimum amount of information needed to accomplish the purpose of the use or disclosure. It is also the policy of the Company that non-routine uses and disclosures will be handled pursuant to established criteria. It is also the policy of the Company that all requests for protected health information (except as specified above) must be limited to the minimum amount of information needed to accomplish the purpose of the request.
Prohibited Activities-No Retaliation or Intimidation
It is the policy of the Company that no employee or contractor may engage in any intimidating or retaliatory acts against persons who file complaints or otherwise exercise their rights under HIPAA/GDPR regulations. It is also the policy of the Company that no employee or contractor may condition payment on the provision of an authorization to disclose protected health information except as expressly authorized under federal and state regulations.
It is the policy of the Company that the responsibility for designing and implementing procedures to implement this policy lies with the Privacy Official.
Verification of Identity
It is the policy of the Company that the identity of all persons who request access to protected health information be verified before such access is granted.
It is the policy of the Company that the effects of any unauthorized use or disclosure of protected health information be mitigated to the extent possible.
It is the policy of the Company that appropriate physical safeguards will be in place to reasonably safeguard protected health information from any intentional or unintentional use or disclosure that is in violation of the HIPAA Privacy Rule.
It is the policy of the Company that business associates must be contractually bound to protect health information to the same degree as set forth in this policy. It is also the policy of the Company is organization that business associates who violate their agreement will be dealt with first by an attempt to correct the problem, and if that fails by termination of the agreement and discontinuation of services by the business associate.
Training and Awareness
It is the policy of the Company that all members of our workforce have been trained by the compliance date on the policies and procedures governing protected health information and how the Company complies with the HIPAA Privacy and Security Rules, HITRUST and GDPR rules. It is also the policy of the Company that new members of our workforce receive training on these matters within a reasonable time after they have joined the workforce. It is the policy of the Company to provide training should any policy or procedure related to the HIPAA Privacy and Security Rule materially change. This training will be provided within a reasonable time after the policy or procedure materially changes. Furthermore, it is the policy of the Company that training will be documented indicating participants, date and subject matter.
It is the policy of the Company that the term “material change” for the purposes of these policies is any change in our HIPAA/HITECH/HITRUST/GDPR compliance activities.
It is the policy of the Company that sanctions will be in effect for any member of the workforce who intentionally or unintentionally violates any of these policies or any procedures related to the fulfillment of these policies. Such sanctions will be recorded in the individual’s personnel file.
Retention of Records
It is the policy of the Company that the HIPAA Privacy Rule records retention requirement of seven years will be strictly adhered to. All records designated by HIPAA in this retention requirement will be maintained in a manner that allows for access within a reasonable period of time. This records retention time requirement may be extended at this Company’s discretion to meet with other governmental regulations or those requirements imposed by our professional liability carrier.
It is the policy of the Company to remain current in our compliance program with HIPAA/HITECH/HITRUST/GDPR regulations.
Cooperation with Privacy Oversight Authorities
It is the policy of the Company that oversight agencies such as the Office for Civil Rights of the Department of Health and Human Services be given full support and cooperation in their efforts to ensure the protection of health information within this Company. It is also the policy of the Company that all personnel must cooperate fully with all privacy compliance reviews and investigations.
HealthKit, Health app, iPhone, and Apple are registered trademarks of Apple Inc.
Google, Android and Google Fit are registered trademarks of Alphabet Corp.