Hi there, we are DNAstack Corp. (“DNAstack’, “we”,“us”, or “our”), the creators of Publisher, Explorer, Workbench products and data networks such as Viral AI, software that helps (i) data custodians connect, organize, protect and share data; and (ii) data consumers search, access, curate and analyze shared data (the “Software”, the “Platform”, or the “Service”).
This Privacy Policy applies to your access and use of the Platform. We take great care to protect your private and personal information under applicable legislation. Before you start using the Platform, please take a moment to carefully read and understand our Privacy Policy, which tells you what personal information we collect about you, how we use that personal information, how this information may be shared, and what choices and rights you have with respect to this information.
We are headquartered in Toronto, Canada and our Platform is provided to you by DNAstack. If you are a resident of the European Union (“EU”), DNAstack is the controller of your personal data for the purposes of the EU data protection legislation.
With respect to Input Data which includes data you upload to, share to and delete from the Platform, you are the data controller as you control the Input Data and determine what processing is to be done on such data. DNAstack is the data processor in this case, as DNAstack’s systems are processing the data on your behalf.
Data controllers and data processors do not have to be based out of the EU to be subject to the provisions of the GDPR. If you believe you, your organization, or your affiliates is/are a data controller processing EU citizen’s personal data, we require that you or an authorized representative from your organization contact us at privacy@dnastack.com to execute necessary agreements as an addendum to our Terms of Use and this Privacy Policy.
This policy was originally written in English. To the extent a translated version conflicts with the English version, the English version governs. Unless indicated otherwise, this Privacy Policy does not apply to third-party products or services or the practices of companies that we do not own or control, including other companies you might interact with on or through our Platform.
If you have questions or comments about this Privacy Policy, please contact us at: support@dnastack.com.All capitalized terms not specifically defined in this Privacy Policy are defined in the Terms of Use.
We rely on a number of legal bases to collect, use, share, and otherwise process the information we have about you for the purposes described in this Privacy Policy, including:
The legitimate interests of DNAstack and our third-party service providers and partners include:
When you use DNAstack, we collect various types of information about you. Some of this information like email address, can be used to identify you (“Personally Identifying Information” or “PII”), and some of this information, like activity and log data, cannot be used to identify you (“Non-Personally Identifying Information” or “Non-PII”).
The amount and type of personal information we ask for depends on the nature of the interaction. We will only collect such information as is necessary or appropriate to fulfill the purpose of your requested interaction with DNAstack.
We collect information in a few different ways, including information that you enter when you create an Account and automatically when you use the Platform (for example, when you navigate within the Platform).
We collect information that you provide us, including:
Such information may be considered your personally identifying information.
We collect information that third parties provide us, including information from other platforms, publicly available information, information from our Third-Party Service Providers, or the organization which granted you access to the Platform. The information we receive from these other platforms for log in or sign up purposes will generally be considered Personally Identifiable Information.
We collect certain information automatically whenever you use the Services:
In general, we use both Personally Identifiable Information and Non-Personally Identifiable Information in order to administer, operate and provide the Platform to you.
How we use your Personally Identifiable Information:
We may also de-identify or aggregate the information collected in connection with the Platform, in ways that do not personally identify you. From time to time, we may use this non-identifying aggregated information to perform statistical analyses of user behaviour and demographics in order to measure the interest in and use of the Platform, to publish trends such as types of Users, number of active Users, etc., or to provide information on Platform activity to our Third-Party Service Providers or other third-party software solutions that you may connect and use with the Platform.
Any use of your information that is incompatible with these uses will be disclosed to you in advance so that you may opt out of such uses at your discretion.
With respect to a particular Data Access Application, DNAstack will use Access Information to facilitate such application and data access permissions/operations on the Platform between Data Consumers and Data Custodians.
We will not rent or sell your information to anyone. If any of your information is shared or disclosed to third parties, it will only be so that we can provide you with the full suite of our Services.
Third-Party Service Providers. We may share your information with third parties who provide services to us (“Third-Party Service Providers”), such as hosting by Microsoft Azure, mailing list management, credit card payment processing solutions, analytics and reporting, real-time customer service chat, independent contractors, etc. These Third-Party Service Providers will only have access to the information necessary to perform these limited functions on our behalf and are required to protect and secure your information. These Third-Party Service Providers may have their own terms of service and privacy policies on the collection and use of your information which either we or you provide them. We may use a variety of third-party service providers both inside and outside of Canada, which may make your information subject to foreign laws and foreign legal proceedings.
If you would like to know what third-party service providers are in use with the Platform, please contact us at support@dnastack.com.
Legal Requests. We cooperate with law enforcement inquiries and demands for information that are made under force of law. Therefore, we may disclose your information (a) to any governmental authority as part of an investigation to determine our compliance with any applicable law, rule, or regulation (including privacy laws, rules, and regulations), in accordance with the applicable law (b) in response to a court order, subpoena, discovery request, or other lawful judicial or administrative proceeding, in accordance with the applicable law (c) as otherwise required under any applicable law. If we are required by law to make any disclosure of your information (including personal or business information), we may (but are not obligated to) provide you with written notice (to the extent permitted by law) prior to such disclosure so that you may take appropriate action.
We may also disclose your information if we determine in good faith that disclosure is reasonably necessary or appropriate to protect the property rights of DNAstack, third parties, yourself or the public at large.
Related Business Affiliates. We may share your information with affiliates under common control with us, who are required to comply with the terms of this Privacy Policy with regards to your information.
Sale of Business. If we become involved in a business merger, acquisition, securities offering, bankruptcy, reorganization, dissolution or other similar transaction, we may share or transfer your information in connection with such transaction. If we do this, such disclosure will be subject to confidentiality arrangements that are typical of such transactions.
Marketing. We do not share your information with third parties for promotional purposes unless you have opted-in to such disclosure. If you have opted-in to have your information shared, you may choose to opt-out from receiving further communications from any third party that is not our agent or service provider at any time by contacting the marketing partner/affiliate directly.
FAQ. If you send us a request for information or support in relation to our Services, we reserve the right to publish the content of your request (with any PII removed) for the purposes of clarifying our Service for other users (e.g. in a “FAQs” section).
Access Information. With respect to a particular Data Access Application, DNAstack will disclose a Data Consumer’s Access Information to the corresponding Data Custodian.
We strive to protect your information. We use commercially reasonable administrative, technical, and physical measures to safeguard your information in our possession against loss, theft and unauthorized use, disclosure or modification. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. For data transmission security, we use standard encryption protocols (SSL/HTTPS) for transmission of information. The encryption process protects your information by scrambling it before it is sent to us from the App. Our hosting service providers for our database and application are reputable third-party hosting service providers whose privacy, security, transparency and industry-specific standards are best-in-class. Our systems and databases are backed up regularly to help protect your information in case of an uncontrollable catastrophe.
Unfortunately, no data transmission over the Platform and the internet and no storage of data can be guaranteed to be 100% secure. Therefore, while we strive to make all reasonable efforts to use commercially acceptable means to protect your information, we cannot warrant the security of any information you transmit to us, and you acknowledge that there is always some risk when transmitting information to us through the Services.
To the fullest extent permitted by law, in no event will we, our affiliates, officers, directors, shareholders, employees, contractors, agents, suppliers, or licensors be liable, howsoever caused, for the loss or theft of your personal information, your Input Data (including genomics data), or any damages caused as a result thereof, so long as we are not grossly negligent in the protection of said information.
You must be diligent in protecting your own personal information and Input Data, including logging out of your Account at the end of each Session.
You also acknowledge that where you use workflows or code uploaded or provided by third parties or other Users, we cannot confirm what security protocols are in place to protect your personal information, Input Data, or the transferring of such information and data.
Information associated with your account will generally be kept until it is no longer required for the purpose for which it was collected. We may however retain information from deleted accounts to comply with the law, to prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce the Terms of Use and take other actions permitted by law. The information we retain will, of course, be subject to this Privacy Policy.
Information about you that is no longer necessary and relevant to provide our Services to you may be de-identified and aggregated with other non-personal data to provide insights which are commercially valuable to us, such as statistics related to the use of the Services.
Adjusting Notification and Email Preferences. If you originally subscribed or opted-in to receive newsletter communications from us, you may unsubscribe by following the instructions contained at the bottom of each type of email. All other notification settings, if applicable, are found in the account settings section of the Platform.
Updating Account Information. You may correct, amend or update User Account information that is inaccurate at any time by adjusting that information in the account settings section of the Platform.
Deleting Information and Accounts. You may request that your User Account is deleted by contacting us at: support@dnastack.com. We will generally respond to your request within 10-14 business days.
If you are habitually located in the European Union, you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances. We describe these rights below:
Access and Porting. You can access much of your information by logging into account and accessing the account settings screen of the Platform. If you require additional access or to download a copy of your data, please contact us at: support@dnastack.com We will generally respond to your request within 10-14 business days.
Correcting and Deleting. You can also rectify, restrict, limit or delete much of your information by logging into your account and accessing the account settings screen of the Platform. If you are unable to do this please contact us at support@dnastack.com We will generally respond to your request within 10-14 business days.
Objecting. Where we process your information based on our legitimate interests explained above, or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
Revoke Consent. Where you have previously provided your consent, you have the right to withdraw your consent to the processing of your information at any time. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
Complain. Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.
Response. We will respond to all requests that we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request.
The Platform is hosted and operated from within Canada. If you are located outside of Canada and choose to use the Services or provide information to us, you acknowledge and understand that your information will be transferred, processed and stored in Canada, as it is necessary to provide the Services and our obligations to you under the Terms of Use.
The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from individuals under 18 years of age. In the event that we learn that we have collected personal information from a child under 18 years of age, we will take appropriate steps to delete that information. If you become aware or believe that a child has provided us with personal information, please contact us as provided in the “Questions” section.
Links To Other Websites. The Platform may contain links to other websites on the internet maintained by third parties. Clicking on a link to a third party site will make you leave the Platform and go to the site you requested. We cannot control the activities of third parties. Therefore, we cannot accept responsibility for any use of your PII by such third parties, and we cannot guarantee that these third parties will adhere to the same privacy practices as ours. We encourage you to carefully review the privacy policies of any other service provider from whom you request services.
We reserve the right to make changes to this Privacy Policy at any time and in our sole discretion, so please check back frequently. If we decide to change our privacy practices, we will post the changes to this Privacy Policy on the home page or dashboard of the Platform as an update alert, or message in the notification section of the Platform, or by sending you an e-mail update, and/or any other places we deem appropriate so that you can be made aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.
If you believe that we have not adhered to this Privacy Policy, and would like to make an amendment to your personal information being held by us, please contact our privacy officer by email at support@dnastack.com or privacy@dnastack.com.
If any provision of this Privacy Policy is found to be unlawful, void, or for any reason unenforceable, then that provision shall be deemed severable from this policy and shall not affect the validity and enforceability of any remaining provisions.
Concerns, complaints, and comments regarding privacy can be communicated to us by email at privacy@dnastack.com
Upon contacting us, you will receive a response within 24h. If you feel your concern has not been adequately addressed, DNAstack provides you with an appeal process. The DNAstack Chief Privacy and Security Officer (CPSO) will re-examine your concern and work with you to determine the fairest course of action. The CPSO can be contacted by email at cpso@dnastack.com
Finally, if DNAstack is unable to resolve your concern, you may contact the Privacy Commissioner of Canada in writing, at:
112 Kent Street,
Ottawa, ON K1A 1H3
Additionally, the privacy commissioner offers these phone numbers for general inquiries:
Call 1-800-282-1376
Fax 613-947-6850