Effective Date: March 18, 2025
INTRODUCTION
GeneLean360° Inc. ("GeneLean", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, purchase our products, or use our services, including our genetic testing and weight loss services.
We partner with FullMetrics Medical, LLC, operating as GeneMetrics, a genetic testing provider, to deliver our personalized weight loss and nutrition recommendations. This Privacy Policy covers how both GeneLean and our testing partner handle your personal and genetic information.
PLEASE READ THIS PRIVACY POLICY CAREFULLY. By accessing our website or using our services, you consent to the collection, use, and disclosure of your information as outlined in this Privacy Policy.
INFORMATION WE COLLECT
Personal Information
To enroll in, purchase, or use our products or services, we may collect personal data or information including:
• Name, email address, phone number, and mailing address
• Billing information and payment details
• Date of birth
• Health history and current health information
• Physical characteristics (height, weight, measurements)
• Dietary preferences and restrictions
• Lifestyle information
• Genetic sample (via testing kit)
• Information you provide through questionnaires, forms, or customer service interactions
Genetic Information
When you use our genetic testing services:
• You will provide a physical DNA sample using our testing kit
• This sample will be processed by our partner, GeneMetrics
• The genetic data extracted from your sample will be analyzed to generate personalized reports and recommendations
Other Information
We may also collect information when you:
• Interact with our website or mobile application
• Submit comments, questions, or feedback
• Participate in surveys, contests, or promotions
• Communicate with our customer service team
Cookies and Tracking Technologies
We use cookies and similar tracking technologies to track activity on our website and hold certain information. Cookies are files with small amounts of data which may include an anonymous unique identifier. We use cookies for the following purposes:
• To maintain your session and preferences
• To understand how you use our website
• To improve our website and services
• To personalize your experience
• To analyze website traffic
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our website or services as intended.
HOW WE USE YOUR INFORMATION
We request and require various personal data and genetic information to understand your needs and to provide you with better Services. We use this information for the following reasons:
1. To provide our products and services, including genetic testing and personalized
weight loss recommendations 2. For internal record-keeping and account management 3. To process payments and fulfill orders 4. To improve our products or services 5. To send promotional emails about new products or services, special offers, or other information which we think you may find interesting (you may unsubscribe at any time) 6. For aggregate, non-identifiable data for research purposes 7. To customize the respective programs and services that you purchase or use
according to your interests and needs 8. For support or communication related to your program, products, or services 9. To respond to your inquiries and provide customer support 10. To comply with legal obligations
We will not sell or rent your personal information to anyone. We will not collect personal information indiscriminately. We will limit the amount and the type of information we collect to that necessary to fulfill the purposes we have identified to you, or as otherwise permitted by law.
STORAGE AND SECURITY OF YOUR INFORMATION
Storage
All personal, demographic, health, and genetic information (“Confidential Information”) gathered by us is stored through secure data management systems. This data can only be accessed by authorized personnel who help manage that information in order to deliver our services or otherwise contact those who would like to receive our correspondence.
Our genetic testing partner, GeneMetrics, securely stores genetic data primarily using Google Cloud's encrypted infrastructure and Amazon Cloud. GeneLean and GeneMetrics’ systems have been audited for compliance with HIPAA and other high security standards.
You agree and acknowledge that we, including but not limited to our team, staff and affiliates, and those who manage the data management system, may have access to your Confidential Information as necessary to provide our services. We will not disclose your Confidential Information without first obtaining your written consent.
Security Measures
We implement appropriate technical and organizational measures to maintain the security of your personal information, including:
• Using AES-256 encryption for stored data
• Employing TLS encryption for data in transit
• Implementing access controls and authentication requirements
• Conducting regular security assessments
• Training staff on data protection practices
However, due to the nature of the Internet, we cannot completely ensure or warrant the security of your Confidential Information or any other data or information transmitted to us or through our services; therefore, submitting Confidential Information, data or other information to us is done at your own risk. If you submit Confidential Information to us, you agree to indemnify GeneLean against any damages, losses, liabilities, judgments, costs, or expenses arising out of such use, provision, transmission, storage, or disclosure of Confidential Information.
GENETIC TESTING DATA HANDLING
Given the sensitive nature of genetic information, we want to be transparent about how this data is processed and stored:
1. Collection Process: Your genetic sample is collected using a testing kit and sent to
our partner lab, GeneMetrics, for processing. 2. Data Storage: Raw genetic data is stored in a fully anonymized form with an ID number that doesn't directly identify you. GeneMetrics maintains this data with multiple layers of encryption. 3. Who Has Access:
o GeneMetrics maintains the raw genetic data in anonymized form o GeneLean receives processed reports and interpretations o Neither GeneMetrics nor GeneLean share your genetic information with third
parties without your express consent 4. Data Retention: Genetic data is retained only as long as necessary to provide services, comply with legal obligations, or fulfill authorized purposes. You have the right to request deletion or anonymization of your data. 5. Data Deletion: If you wish to delete or anonymize your genetic data, you can submit a request through our customer service. Our team will process the request in accordance with applicable laws, including the Health Insurance Portability and Accountability Act (“HIPAA”) and GDPR.
DISCLOSURE OF INFORMATION
All Confidential Information will be held in strict confidence and will not be disclosed to third parties, except that we may disclose Confidential Information and personally identifiable information:
1. To our genetic testing partner, GeneMetrics, to process your genetic sample and
provide testing services 2. To service providers and business partners who assist us in operating our website and conducting our business (these companies are authorized to use your personal information only as necessary to provide these services to us) 3. If we are required to do so by law 4. In the good-faith belief that such action is necessary to conform to the law 5. To comply with any legal process served on either us or our partners 6. To protect and defend our rights or our property or those of our users or purchasers 7. To act as immediately necessary in order to protect the personal safety of our users,
purchasers, or the public
We will not sell, distribute, or lease your Confidential Information to third parties unless we have your express permission or are required by law to disclose such information.
Consistent with the California Consumer Privacy Act (CCPA), We do not sell your personal information for monetary consideration, We do not share your personal information with third parties for cross-context behavioral advertising purposes, andWe do not use de-identified genetic data for research purposes without explicit consent. The only transfers of your data are to service providers like GeneMetrics who process data on our behalf and are contractually restricted from using your data for their own purposes.
THIRD-PARTY WEBSITES
Our website may contain links to other websites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
COMPLIANCE WITH PRIVACY LAWS
Canadian Privacy Laws
As an organization that collects and handles personal health information in Ontario, GeneLean is committed to complying with:
• Personal Health Information Protection Act (PHIPA): We adhere to PHIPA's principles and requirements regarding the collection, use, and disclosure of personal health information.
• Personal Information Protection and Electronic Documents Act (PIPEDA): We follow PIPEDA's principles for the collection, use, and disclosure of personal information in the course of commercial activities.
We adhere to these principles, including:
• Obtaining informed consent before collecting personal information
• Using and disclosing personal information only for the purposes for which it was collected
• Taking reasonable steps to ensure personal information is accurate and complete
• Implementing appropriate safeguards to protect personal information
• Providing individuals with access to their personal information
• Responding to requests to correct inaccurate personal information
Genetic Information Protection
For users in the United States, we acknowledge the Genetic Information Nondiscrimination Act (GINA), which prohibits discrimination on the basis of genetic information with respect to health insurance and employment. GeneLean is committed to:
• Never sharing your genetic information with employers or health insurers
• Protecting your genetic information from unauthorized disclosure
• Only using your genetic information for the specific purposes outlined in this Privacy Policy
International and U.S. State Privacy Laws
We respect and comply with applicable privacy laws in jurisdictions where our users reside. This includes, where applicable:
• The General Data Protection Regulation (GDPR) for users from the European Economic Area
• The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents
• Other U.S. state privacy laws in Virginia, Colorado, Connecticut, Utah, and other jurisdictions
If you reside in a jurisdiction with specific privacy rights not detailed in this policy, we will honor those rights to the extent required by applicable law. Please contact our Privacy Officer for specific questions about your rights under your local laws.
YOUR RIGHTS REGARDING YOUR INFORMATION
Depending on your location, you may have certain rights regarding your personal information, including:
1. Right to Access: You can request copies of your personal information. 2. Right to Know: You can request that we disclose the information we collected about
you and how we use that information 3. Right to Rectification: You can request that we correct any information you believe
is inaccurate or complete information you believe is incomplete. 4. Right to Erasure: You can request that we erase your personal information under
certain conditions. 5. Right to Restrict Processing: You can request that we restrict the processing of
your personal information under certain conditions. 6. Right to Opt-out: You may request that we stop sharing your information. 7. Right to Correct: You may request that we correct inaccurate information about you. 8. Right to Limit: You may request that we use your Confidential Information for limited
purposes. 9. Right to Data Portability: You can request that we transfer the data we have
collected to another organization, or directly to you, under certain conditions. 10. Right to Object: You can object to our processing of your personal information
under certain conditions.
If you wish to exercise any of these rights, please contact our Privacy Officer at the email address provided below.
DATA RETENTION
We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
CHILDREN'S PRIVACY
Our Services are not intended for individuals under the age of 18. We do not knowingly collect personally identifiable information from children under 18. We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and similar laws worldwide. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we can take necessary actions.
CHANGES TO THIS PRIVACY POLICY
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
VIEWING BY OTHERS
Note that whenever you make your Confidential Information or other information available for viewing by others such as through our products or services, website, or social media, the Confidential Information or other information that you share can also be seen, collected, and used by others. Therefore, we cannot be responsible for any unauthorized use by others of such Confidential Information or other information that you voluntarily share online or in any other manner.
MARKETING COMMUNICATIONS
If you have opted in to receive marketing communications from us, we may use your personal information to send you promotional content and updates about our products and services.
You can opt out of receiving marketing communications from us at any time by:
• Clicking the "unsubscribe" link in any marketing email we send
• Emailing our Privacy Officer with the subject line "Opt-Out of Marketing"
• Contacting our customer service team
We comply with the CAN-SPAM Act and other applicable laws governing marketing communications. All marketing emails from us will include an easy way to opt out of future communications.
DATA SECURITY AND BREACH NOTIFICATION
We implement reasonable security measures to protect your personal information. In the event of a data breach that compromises your personal information, we will:
1. Investigate the incident promptly 2. Take steps to mitigate potential harm 3. Notify affected individuals in accordance with applicable laws 4. Provide guidance on steps you can take to protect yourself
Notification timelines and procedures will comply with relevant laws in the jurisdictions where we operate, including PIPEDA breach notification requirements, HIPAA and other applicable U.S. state breach notification laws.
CONTACT US
If you have any questions about this Privacy Policy, wish to exercise your rights regarding your data, or want to obtain a copy of the information we have collected about you, please contact our Privacy Officer:
Privacy Officer: Dr. Phyllis Pobee Email: operations@genelean360.com
If you believe that any of your Confidential Information is incorrect or incomplete, please contact us as soon as possible. We will promptly correct any Confidential Information found to be incorrect.
To verify your identity when making requests about your personal information, we may ask for information that allows us to reasonably verify you are the person about whom we collected personal information.
