Finding the best ancestry DNA test that can meet your unique needs can be difficult. If we set the testing quality aside, we are left with the overall security of your personal data. During your testing circuit, you’ll provide your company of choice with all kinds of private and sensitive information and you want to make sure it doesn’t share it with third parties or use it without your explicit consent.
What Information Does 23andMe Collect?
Once you decide to place an order with 23andMe, the data collection process begins. Here, we’ll take a look at all the information you’ll provide during the course of your ancestry testing.
The information you provide directly includes:
- Registration info – When you create your personal 23andMe account, you’ll provide your name, birth date, shipping and billing address, payment details, and contact information (phone number, email, license number, etc.).
- Self-reported info – You can provide additional information about yourself through forms, surveys, features, and applications.
- User content – Some of 23andMe’s services allow you to create and post or upload content (messages in community forums, for example).
- Social media features and widgets – 23andMe’s social media features (Facebook Like/Share and the LinkedIn Open ID app) can record your IP address and the pages you visited on the company’s site.
- Referral information and sharing – If you refer a person to 23andMe or share your results, the company will request that person’s email address.
- Address books – If you use your PC or mobile address books in connection to 23andMe, the company can collect the contact information of the people you want to refer or have them communicate with the company.
- Third-party services – If you use third-party sites (Facebook, Twitter…) in connection with 23andMe to communicate with another person, the company will collect that person’s name and contact info but can also store your profile picture, gender, network, used ID, username, language and country, age range, friend or follower lists, etc.
- Gifts – If you order a testing kit as a gift through 23andMe, the company will collect information about the recipient. This info will not be shared with you, however.
- Customer service – When your contact 23andMe’s customer service, it’ll collect certain info in order to track and respond to your inquiry and improve its service.
Information related to genetic testing includes:
- Saliva sample and bio-banking – In order to take the test with 23andMe, you’ll have to send your saliva sample for genetic processing. Your unique test kit code will make you identifiable to the company itself, but not its third-party laboratory. Unless you opt to bio-bank (store) your saliva sample with 23andMe, it’ll be destroyed after the testing is complete.
- Genetic information – Your genetic information is located within your final report.
Information obtained through tracking technologies (cookies, web beacons, device identifiers, and similar programs) includes:
- Web behavior – The company monitors your interaction with its website, your results, and the overall success of its marketing program. It’ll also use this info to gather demographic data about its user base. The programs automatically collect and store information about your browser type, IP address, ISP, operating system, referring/exit pages, time stamps, and clickstream data.
- Google analytics – 23andMe uses the User-ID feature to combine behavioral data across devices and sessions.
How 23andMe Uses/Shares Your Information?
Providing, analyzing, and improving the service:
- Opening your personal account, enabling purchases, processing statements, communicating with you, and implementing your specific requests (referrals, for example).
- Hosting the official website, running on mobile apps, authenticating your visits, providing personalized content, and tracking your service usage.
- Conducting analytics.
- Offering new products and services.
- Implementing online marketing campaigns/targeted marketing.
- Conducting polls and surveys and obtaining testimonials.
- Processing and delivering your results.
- Performing R&D activities.
23andMe can use your personal data for research purposes only with your explicit consent. Once given, it can be withdrawn at any moment. If you deny your consent, the company will not use your data for research purposes, except for genetic and self-reported information.
Information shared with third parties includes:
- General service providers – Your name, email, address, and other contact information. Your saliva sample is given to a third-party laboratory.
- Providers of targeted advertising – These third-party service providers use proprietary cookies and collect the aforementioned information.
- Aggregate information – The company may share aggregated information with third parties. This data is stripped of your registration info and cannot be used to identify you as an individual.
- Information shared with commonly owned entities – 23andMe can share some or all of your data with other companies under common ownership. This includes its subsidiaries, corporate parent, and other subsidiaries owned by the corporate parent.
23andMe will also disclose your information if required by law. This includes various government warrants, subpoenas or orders.
23andMe Security Measures
23andMe implements a wide range of technical, physical, and administrative measures to prevent unauthorized access or disclosure of your personal data. Any connection to the official website is protected with SSL technology.
The company also warns against sharing your password, secret questions/answers, and similar authentication info that can be used to access the service in your name.