Lumi Privacy Policy

Thank you for visiting Lumi Heath. In this policy, “Lumi Health”, “we”, “us”, or “our” refer to the Lumi Health Pty Ltd, together with its related bodies corporate, including the Victorian Clinical Genetic Service (VCGS), Genseq Labs Pty Ltd (Genseq), MyDNA Life Australia Pty Ltd (myDNA) and Gene by Gene Ltd (GBG).

We recognise the utmost importance of protecting the privacy and rights of individuals in relation to their personal information. This Privacy Policy has been developed in accordance with the privacy laws and regulations that are applicable to us, including the Privacy Act 1988 (Cth) (Privacy Act) and the Health Records Act 2001 (Vic), and the General Data Protection Regulation (GDPR) in Europe, as amended from time to time.

We treat your information with the importance it deserves. We are committed to protecting your information, handling it responsibly and securing it with administrative, technical and physical measures and safeguards. All genetic test results and any Personal Information are maintained under a strict policy of confidentiality.

• Your DNA sample and data remain your property, are stored on secure encrypted services, can be destroyed anytime at your request, and will never be shared without your consent.
• Our analysis is limited to the DNA markers we report on. Your results won’t include diseases, can’t be used to identify you, nor will they have any bearing towards health insurance policies.

Our Privacy Policy is designed to help you better understand how we collect, use, store, process, and transfer your information when using our Services. Please carefully review this Privacy Policy and our Terms of Use. By using our Services, you acknowledge all of the policies and procedures described in the foregoing documents. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy or our Terms of Use, you should immediately discontinue use of our Services.

Information We Collect

We generally collect the following information:

Information you share directly with us. We collect and process your information when you place an order, create an account, register your Lumi Heath Collection Kit and contact Customer Support.

We only collect personal information if it is reasonably necessary for one or more of our functions or activities. Depending on the nature of your interactions with us, we may collect the following types of personal information;

• Name;
• Date of birth;
• Contact details such as mailing or street address, email address, and telephone;
• Health and medical history or information;
• Information about your dependents, partner, or your pregnancy (where reasonably necessary);
• Bank account or credit card details if you are making a payment;
• Medicare details for billing purposes;
• Sample information of the cheek swab sample that you submit to us to process and analyse;
• Kit activation information when you activate a DNA test kit, we collect the kit number which is a 10-digit barcode;
• Information collected through the use of cookies on our websites; and
• Other information as required to carry out our functions and activities as an organisation.

Lumi Health will use the services of our related companies to process, analyse and report on your results. The DNA Laboratory collects information to identify you which is required to maintain laboratory standards and requirements.  These details include your sample number, date of birth and in most cases your name. The DNA Laboratory processes your sample, produces genetic data and sends it securely and confidentially to Victorian Clinical Genetics Service (VCGS) for interpretation.

When you contact Lumi Health Customer Support or correspond with us about our Service, we collect information to: track and respond to your inquiry; investigate any breach of our Terms of Use, Privacy Statement or applicable laws or regulations; and analyse and improve our Services.

How We Use Information

We generally process Personal Information for the following reasons:

To provide our Services. We process Personal Information in order to provide our Service, which includes processing payments, shipping kits to customers, creating customer accounts and authenticating logins, analysing DNA samples and delivering results, and powering tools that benefit our customers. Where third-party platforms are used to perform these functions, all data is anonymised and only accessed by Lumi Health representatives to perform essential services in accordance with our Terms of Use.

To analyse and improve our Services. We constantly work to improve and provide new insights, plans and Services. We may also need to fix bugs or issues, analyse the use of our website to improve the customer experience or assess our marketing campaigns.

By creating a Lumi Health account, you are agreeing that we may send you product emails or notifications about our Services and offers on new products and services. You can unsubscribe from receiving these marketing communications at any time. To unsubscribe, click the email footer “unsubscribe” link. You may not opt out of receiving non-promotional messages regarding your account, such as technical notices, purchase confirmations, or Service-related emails.

Control: Your Choices

Lumi Health and its DNA Laboratory give you the ability to share information in a variety of ways.

The DNA Laboratory will store your DNA in the laboratory that is certified and has internal quality and access control procedures as required by international standards.

You choose:

• When and with whom you share your information, including friends, family members, health care professionals, or other individuals outside our Services.
• To request that we correct or rectify inaccurate Personal Information about you.
• When you have consented to processing for a specific purpose, you may withdraw your consent at any time, and we will cease any further processing for that purpose.
• To delete your Lumi Health account and data, at any time.
• You have the right to make a complaint about how your data is handled.

Cookies and other analytics tools

Like most websites, our websites use 'cookies' to improve your online experience and to help us monitor and improve our websites and services for future visitors. A cookie is a small text file that is placed on your device when you visit a website. Cookies can collect information such as your Internet Protocol (IP) address, the URLs of sites you have visited before or after accessing the website, and how long you have spent on a particular site.  Cookies cannot execute programs or be used to access other information on your device.

For example, our websites use Google Analytics, a service that uses cookies in order to collect data and generate reports that help us understand website traffic and webpage usage.  Google Analytics transmits the website traffic data to Google servers in the United States but does not associate your IP address with any other data held by Google.

By using our websites, you give us your permission to the placement of cookies on your device. If you would like to limit the use of cookies, you can do so by changing your internet browser settings.  This means that you can set your preferences regarding the use of cookies before you start browsing, or you can delete cookies once you have finished visiting a website. 

Disclosure of Your Information

Your Personal Information will never be shared without your consent:

• We will not sell, lease, or rent your individual-level protected health information to any third party without your consent.
• We do not share customer data with any public databases.
• We will not provide any Personal Information to an insurance company or employer.
• We will not provide information to law enforcement or regulatory authorities unless required by law to comply with a valid court order, subpoena, or search warrant for genetic or Personal Information.

Your personal information will be shared with Medmate Australia, our external medical telehealth provider for the sole purpose of completing a health consultation and providing doctor approval for the genetic screening test.

For comprehensive DNA testing, we may disclose your personal information to our international related partner located in Houston Texas. Where we transfer your information to the United States, we will take such steps as are reasonable in the circumstances to protect your information and to comply with applicable laws, including those relating to cross-border transfers. To the extent that it is reasonable and practical for us to do so, we will de-identify and encrypt any such information prior to overseas disclosure. 

How We Secure Information

Lumi Health implements measures and systems to ensure the confidentiality, integrity, and availability of Lumi Health data.

Anonymisation, encryption, and data segmentation. Registration Information is stripped from Sensitive Information, including genetic and phenotypic data. This data is then assigned a random ID so the person who provided the data cannot reasonably be identified. Additionally, data are segmented across logical database systems to further prevent re-identifiability.

Limiting access to essential personnel. We limit access of information to authorised personnel, based on job function and role.

Detecting threats and managing vulnerabilities. Lumi Health uses state-of-the-art intrusion detection and prevention measures to stop any potential attacks against its networks.

Your access to the information

You may have access to this information directly through your Lumi Health portal. Your designated Health professional can also obtain access. Other people will not have access to this information however you can choose to release your information to others.

We will not sell, lease, or rent your individual-level protected health information to any third party without your consent.

We do not share customer data with any public databases.

We will not provide any Personal Information to an insurance company or employer.

We will not provide information to law enforcement or regulatory authorities unless required by law to comply with a valid court order, subpoena, or search warrant for genetic or Personal Information.

Changes to this Privacy Policy

Whenever this Privacy Policy is changed in a material way, a notice will be posted as part of this Privacy Policy and on our website for 30 days. After 30 days the changes will become effective. In addition, all customers will receive an email with a notification of the changes prior to the change becoming effective. Lumi Health may provide additional “just-in-time” disclosures or additional information about the data collection, use and sharing practices of specific Services. Such notices may supplement or clarify our privacy practices or may provide you with additional choices about how we process your Personal Information.

Contact Information

If you have questions about this Privacy Policy or wish to submit a complaint, please email Lumi Health Privacy Officer at support@lumihealth.com.au

We will treat your enquiry or complaint confidentially. One of our staff will contact you within a reasonable time after you have made contact to discuss your enquiry or complaint and outline options regarding how it may be dealt with. We will aim to ensure that any complaint is resolved in a timely and appropriate manner.