⚠ Data Sensitivity Tier 1: Genetic Data

Genetic data requires the highest privacy protections - it cannot be changed, reveals information about biological relatives who never consented, and may have implications for employment and insurance. This review focuses on documented policy language with exact citations.

📊 Data Collection Scope

Genetic Information

Living DNA collects your DNA sample and derives genetic data from it:

"Your DNA sample which is extracted from your mouth swab" and "Your genetic data"
Source: Privacy Policy - "Genetic data, and other information related to DNA tests or data uploads" section

Biological Information

Living DNA collects biological sex and age information for quality control:

"Your age" and "Your biological sex"
Source: Privacy Policy - Part A, Information We Collect

Pseudonymization via Barcode

Living DNA uses barcodes to separate your identity from genetic data:

"A barcode" used to "identify your account as part of our processes for protecting your privacy"
Source: Privacy Policy - Part A, Information We Collect

Research Survey Data

If participating in research, additional information is collected:

"We may use your bar code, genetic data, account information (including name, biological sex, place of birth, parent's place of birth), and any information you provide in response to our surveys for our research."
Source: Privacy Policy - "Information related to our research" section

👥 Third-Party Sharing

Laboratory Partners

Your DNA sample is processed by third-party laboratories:

"We use fully accredited professional laboratories to receive your mouth swab sample, to extract your DNA from the sample and to provide your genetic data."
Source: Privacy Policy - Part C, "Our laboratories & biological storage facilities"

Laboratory Locations (US and EU)

Samples may be processed in either the US or EU depending on your location:

"We have laboratories based in the US and in Europe. Generally, samples sent to us from the USA will be received and processed by our laboratory in the US, and samples sent to Us from the rest of the world will be processed in the EU."
Source: Privacy Policy - Part C, Laboratory section

Service Providers

Various third parties assist in providing the service:

"We use a range of service providers and consultants in order to help run our businesses and to provide our services."
Source: Privacy Policy - Part C, "Sharing Your Information"

Partner Sharing (With Consent)

If you purchase through partners, information may be shared:

"If you buy our services through one of our partners, we will provide to that partner the information that you consent to them receiving."
Source: Privacy Policy - Part C, "Partners"

Law Enforcement Access

Living DNA's policy on law enforcement cooperation:

"We will not share your personal information with law enforcement agencies unless we believe that we are legally compelled to do so."
Source: Privacy Policy - Part C, "The Legal Process"

Business Transfers

Your data may be transferred in corporate transactions:

"We may share your information with third parties to whom we may sell, transfer or merge parts of our business or our assets."
Source: Privacy Policy - Part C, "Change in Control"

✓ No Data Sales Policy

Living DNA explicitly states they do not sell customer data:

"We do not sell customer data, ever."
Source: Privacy Policy - Part C, "Data Sharing"

🕐 Data Retention

Genetic Data Retention

Your genetic data is retained for the duration of your account plus 6 months:

"We will retain personal information related to your account, biological sex and genetic data for so long as you retain...account with us, and for 6 months after that time."
Source: Privacy Policy - Part D, "How long we keep your personal information"

DNA Sample Retention

Your physical DNA sample is retained for 6 months unless you request earlier destruction:

"We will retain your DNA sample for 6 months after you provide it to us unless you close your account or ask us to destroy it sooner."
Source: Privacy Policy - Part D, DNA Sample Retention

Account Contact Information

Contact information is retained for 7 years after account closure:

"Account contact info: 7 years after account closure"
Source: Privacy Policy - Part D, Retention Timeframes

Research Data - Indefinite Retention

Research data may be retained indefinitely:

"We will retain information collected or used to assist us with our research work (including genetic data and responses to our surveys) for so long as is required by our research work, which may be indefinitely."
Source: Privacy Policy - "Information related to our research" section

Backup Data Retention

Backup systems may retain data for an additional 6 months beyond stated periods:

"It takes up to a further 6 months from the dates specified in this section for information that is no longer required to be fully removed from our systems because we retain backup and archive files."
Source: Privacy Policy - Part D, Backup retention

☑ User Control and Consent

Right to Erasure (Deletion)

Users can request deletion of their personal information:

"Request erasure of your personal information. This enables you to ask us to delete or remove personal information."
Source: Privacy Policy - Part F, "Your Rights"

Sample Destruction Option

You can request destruction of your DNA sample while keeping your account:

"You can ask us to destroy your sample, and can still maintain an account and receive updates to your results."
Source: Privacy Policy - DNA Sample section

Consent Withdrawal

You can withdraw consent, but prior processing remains lawful:

"Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent."
Source: Privacy Policy - Part F, "Your Rights"

Marketing Opt-Out

Users can opt out of marketing communications:

"You can ask us to stop sending you marketing messages at any time through your Living DNA account, or by contacting us, OR by following the opt-out links on any marketing message sent to you."
Source: Privacy Policy - Marketing Communications section

Account and Results Deletion

Users can delete their account and genetic results:

"If you also ask us to delete your results, we will delete your account information and shut your account."
Source: Privacy Policy - Account Deletion section

🔒 Security Measures

ISO Certifications

Living DNA holds both quality and information security certifications:

"We are certified to ISO:9001 for quality controls and ISO:27001 for information security."
Source: Privacy Policy - Part E, Security

Data Encryption

Data is encrypted both in transit and at rest:

"Data is scrambled so it is unreadable by humans or computers without a unique decryption key which is kept separate and secure."
Source: Privacy Policy - Part E, Encryption

Encryption at Rest

Stored data is also encrypted:

"Encryption of data occurs as it flows through our system...and while it is stored by ourselves (Encrypt at Rest)."
Source: Privacy Policy - Part E, Encryption

Pseudonymization

Personal identifiers are separated from genetic data:

"Personally identifiable information, such as name and address, are only accessed in isolation and are not routinely stored alongside information."
Source: Privacy Policy - Part E, Pseudonymization

🌎 GDPR Compliance (UK-Based Company)

Lawful Bases for Processing

Living DNA processes data under multiple lawful bases:

"The lawful bases on which we may process your personal information include: 1. Where you have given your consent... 2. Where necessary to carry out the terms of a contract... 3. Where necessary to comply with a legal obligation... 4. Where we or someone else has a legitimate interest..."
Source: Privacy Policy - Regulatory Background section

Legitimate Interests Balancing

Living DNA acknowledges the need to balance interests:

"Where we or someone else has a legitimate interest which is not overridden by your interests. We must always balance your interests and rights with our interests if we are to process your information on this basis."
Source: Privacy Policy - Lawful Bases section

GDPR Data Subject Rights

Living DNA lists the following GDPR rights:

"Request access to your personal data"; "Request correction of your personal data"; "Request erasure of your personal data"; "Object to processing of your personal data"; "Request restriction of processing your personal data"; "Request transfer of your personal data"; "Right to withdraw consent"
Source: Privacy Policy - Part F, "Your Rights"

ICO Complaints

Users can complain to the UK data protection authority:

"You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk)."
Source: Privacy Policy - Part F, Complaints

Data Protection Manager Contact

Living DNA has a dedicated privacy contact:

"We also have a Data Protection Manager who can be contacted at: privacy@livingdna.com"
Source: Privacy Policy - Contact Information

🔬 Research Participation

Consent-Based Research

Research participation requires your consent:

"If you choose to participate in our research initiatives...we will contact you through your account with us to ask you to take part in surveys."
Source: Privacy Policy - "Information related to our research" section

Research Data Anonymization

Living DNA states they attempt to anonymize research data:

"Wherever practicable your information will be anonymised before it is used."
Source: Privacy Policy - Research section

Anonymized Data Creation

Living DNA creates anonymized data by removing identifying information:

"We also create anonymised data (meaning that we remove your name and any other information which can link you to the data)."
Source: Privacy Policy - Part A, General

👪 Family Matching

Sharing With Genetic Matches

Participating in Family Matching means sharing data with relatives:

"We will share your personal information with other users of the Family Matching in order to alert them that they share genetic data with you."
Source: Privacy Policy - "Family Matching" section

International Data Transfers via Family Matching

Your data may be shared with matches outside the EU:

"Your matches may live in or outside the EU, for example you may 'match' with someone who lives in Australia...If you do not wish your information to be passed outside of the EU to your matches, you should not participate in Family Networks."
Source: Privacy Policy - "Family Matching" section

Loss of EU Protections Warning

Living DNA warns that international transfers may reduce protections:

"If your information is transferred outside the EU...you will not have the benefit of the protections of regulatory regime in the EU."
Source: Privacy Policy - Family Matching section

Compare With Other DNA Testing Services

23andMe
Review
Ancestry
Review
MyHeritage
Review