Esteettömyys

US STATE PRIVACY NOTICE

Last Updated: July 1, 2023

This US State Privacy Notice (this "Notice") supplements the information contained in the Privacy Policy of MyHeritage ("MyHeritage", the "Company", "we", "us", or "our").

MyHeritage is an online service that allows members to create family sites and profiles in order to build and print their family trees, upload, enhance, colorize, animate and share family photos, keep in touch with family members, perform DNA testing, receive genetic genealogy and genetic health analysis, participate in scientific research and research their family history with advanced research tools (the "Service").

This US State Privacy Notice (“Notice”) describes our practices regarding the collection, use, disclosure of personal information when US residents use our MyHeritage website, and/or the MyHeritage and Reimagine mobile applications for iOS and Android (collectively, the “Website”), use or obtain our Service, or engage with us offline. It addresses legal obligations and rights that apply to "personal information" or "personal data," which is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked directly or indirectly, with a particular individual or household.

Capitalized terms used but not defined in this Notice or our Privacy Policy have the meaning ascribed to them in our Terms and Conditions.

By accessing the Website, you agree to our Terms and Conditions and our collection and use of personal information as described in this Notice and our Privacy Policy. If you do not agree to this Notice, do not use the Website or the Service and delete your account.

Notice at Collection - The Personal Information We Collect

We collect the following categories of personal information and collected the same categories in the 12 months preceding the date of this Notice:

1) Personal identifiers: names, email addresses, telephone numbers, home addresses, account password, names of relatives and their relationships to you, birth dates, marriage dates and similar information you may provide us.

2) Credit card or payment card information: credit card numbers, billing addresses and information required to facilitate payments through our payment service providers.

3) Protected class information: should you voluntarily share such with us: gender, marital status, ancestry, national origin information and, if you use the DNA Services, also genetic and genetic-health information, ethnic origin information and self-reported health history information.

4) Commercial information: records of MyHeritage products or services obtained, purchased, or considered.

5) Internet or other electronic network activity information: information relating to how you interact with our Website and advertisements, the type of computer and browser you use, the address of the website from which you linked to the Website, IP address, page views.

6) Professional information we collect from vendors or other businesses: the name of your employer or entity that you represent, your job title, names of your supervisors or those who you supervise, and other information you voluntarily provide to us regarding your professional life.

7) Audio, electronic, and visual information: information provided telephonically to our customer service representatives and information provided using our automated virtual assistant; identifying information included in emails sent to us, messages or comments posted on our blogs, social media accounts, or our message boards; audio recordings you add to a photo or a profile in your family tree; photographs and videos.

8) Sensitive personal information: if you use the DNA Services: personal information that reveals ethnic origin information, genetic and genetic health information, and self-reported health history information.

9) Biometric information: in certain states, and only if you use the Photo Tagger feature, we may collect photos of your face to create facial recognition models. The Photo Tagger feature identifies faces in your photos and creates facial recognition models (i.e., biometric information) of you and your deceased relatives, in order to help you tag people in your photos quickly and easily. It clusters faces of the same person appearing in multiple photos and allows you to tag them in all photos in one go. In the United States, we do not offer Photo Tagger in California, Illinois, Texas, and Washington and do not, therefore, collect biometric information in those states.

Notice at Collection – Purposes for Which We Collect Personal Information

We collect personal information for the following purposes:

Categories of Personal Information Purposes for Collection
Personal identifiers: names, email addresses, telephone numbers, home addresses, account password, names of relatives and their relationships to you, birth dates, marriage dates and similar information you may provide us.

Protected class information, should you voluntarily share such with us: gender, marital status, ancestry, national origin information and, if you use the DNA Services, also genetic* and genetic-health information*, ethnic origin information* and self-reported health history information*.

Biometric information: in certain states, and only if you use the Photo Tagger feature, photos of your face to create facial recognition models.

Internet or other electronic network activity information: information relating to how you interact with our Website, the type of computer and browser you use, the address of the website from which you linked to the Website, IP address, page views.

Audio, electronic, and visual information, information provided telephonically to our customer service representatives and information provided using our automated virtual assistant; identifying information included in emails sent to us, messages or comments posted on our blogs, social media accounts, or our message boards; audio recordings you add to a photo or a profile in your family tree; photographs and videos.		 To provide our Service
Personal identifiers: name, email address, home or billing address, telephone numbers, account ID.

Credit card or payment card information: credit card numbers, billing addresses and information required to facilitate payments through our payment service providers.

Commercial information: records of MyHeritage products or services obtained or purchased.		 To process payments
Personal identifiers: names, email addresses, telephone numbers, home addresses, names of relatives and their relationships to you, birth dates, marriage dates, and similar information you may provide us.

Commercial information: records of MyHeritage products or services obtained, purchased, or considered.

Professional information we collect from vendors or other businesses: name of your employer or entity that you represent, your job title, names of your supervisors or those who you supervise, and other information you voluntarily provide to us regarding your professional life.

Audio, electronic, and visual information: information provided telephonically to our customer service representatives and information provided using our automated virtual assistant; identifying information included in emails sent to us, messages or comments posted on our blogs, social media accounts, or our message boards.		 To communicate with you
Personal identifiers: names, email addresses, home addresses, telephone numbers.

Commercial information: records of MyHeritage products or services obtained, purchased, or considered.

Internet or other electronic network activity information: information relating to how you interact with our Website and advertisements, the type of computer and browser you use, the address of the website from which you linked to the Website, IP address, page views.

Professional information we collect from vendors or other businesses: the name of your employer or entity that you represent, your job title, names of your supervisors or those who you supervise, and other information you voluntarily provide to us regarding your professional life.		 For advertising and marketing
Personal identifiers: names, email addresses, telephone numbers, home addresses, account password, names of relatives and their relationships to you, birth dates, marriage dates and similar information you may provide us.

Protected class information, should you voluntarily share such with us: gender, marital status, ancestry, national origin information and, if you use the DNA Services, also genetic* and genetic-health information*, ethnic origin information* and health history information*.

Commercial information: records of MyHeritage products or services obtained, purchased, or considered.

Internet or other electronic network activity information, information relating to how you interact with our Website and advertisements, the type of computer and browser you use, the address of the website from which you linked to the Website, IP address, page views.

Audio, electronic, and visual information: information provided telephonically to our customer service representatives and information provided using our automated virtual assistant; identifying information included in emails sent to us, messages or comments posted on our blogs, social media accounts, or our message boards; audio recordings you add to a photo or a profile in your family tree; photographs and videos.		 To operate, analyze, and improve our Website and Service
Personal identifiers: names, email addresses, telephone numbers, home addresses, account password, names of relatives and their relationships to you, birth dates, marriage dates and similar information you may provide us.

Credit card or payment card information: credit card numbers, billing addresses and information required to facilitate payments through our payment service providers.

Commercial and financial information: payment information and records of MyHeritage products or services obtained or purchased.

Internet or other electronic network activity information: information relating to how you interact with our Website and advertisements, the type of computer and browser you use, the address of the website from which you linked to the Website, IP address, page views.

Audio, electronic, and visual information: information provided telephonically to our customer service representatives and information provided using our automated virtual assistant; identifying information included in emails sent to us, messages or comments posted on our blogs, social media accounts, or our message boards; audio recordings you add to a photo or a profile in your family tree; photographs and videos.		 To prevent fraud, activities that violate our Terms and Conditions or that are illegal; and to protect our rights and the rights and safety of our users or others
Personal identifiers: names, names of relatives and their relationships to you, birth dates, marriage dates and similar information you may provide us.

Protected class information, gender, marital status, ancestry, national origin information, genetic* and genetic-health information*, ethnic origin information*, and self-reported health history information*.

Visual information: photographs and videos.		 For research, provided you sign the DNA Informed Consent

* Sensitive personal information.

Notice at Collection – Sale/Sharing/Targeted Advertising

We do not sell, share with third parties for cross-context behavioral advertising, or process for targeted advertising (as those terms are defined in the CCPA and other state data privacy laws) the personal information of residents of California, Virginia, Colorado, or Connecticut We have not sold or shared California residents’ personal information in the 12 months prior to the date of this Notice.

Notice at Collection - Retention Periods

We retain the categories of personal information we collect for the length of time necessary to provide our Service and to comply with legal obligations or to protect our legal rights. For more information, see section 9, “Data Retention,” in our Privacy Policy.

Categories of Sources from Which We Collect Personal Information

Use of Cookies and Tracking Technologies

We make use of browser cookies and similar automated means of data collection technologies to enhance your experience of visiting the Website, for example, to avoid displaying certain messages to you more than once, to save your login details so you won’t need to re-enter them each time you wish to log in, or to remember the display language you previously selected so you won't need to select it each time you visit the Website. You can change your cookie settings with regards to analytics and advertising cookies at any time by clicking the ''cookie settings'' link in the footer.

We also allow third parties to use tracking technologies on our Website for analytics and for advertising (in some states subject to your consent). They allow us to count visits and traffic sources to measure and improve our site's performance, to improve our website performance, to understand what interests our users, and measure how effective our content is. They are also used to better understand your interests, including which sites and ads you click on, and assist in delivering personalized ads that may be of interest to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our advertising campaigns. Some of these third parties use the tracking technologies to collect information about how you interact with other websites and advertisements across the Internet in order to provide advertising that is tailored to your interests, and which may appear on our Website or on other websites or platforms.

You may set your browser to notify you when you receive a cookie. Many web browsers also allow you to block cookies. You can disable cookies from your computer system by following the instructions on your browser or at www.youradchoices.com. For more information about cookies, please go to www.allaboutcookies.org.

Use or Disclosure of Sensitive Personal Information
We do not use or disclose sensitive personal information to create inferences or profiles about individuals or for any purposes other than providing our Service.

No Profiling to Facilitate Decisions with Legal or Other Significant Effects
We do not engage in the automated processing of personal information to create profiles about individuals that are used in furtherance of decisions with legal or other similarly significant effects, such as the provision or denial of financial or lending services, housing, insurance, or access to essential goods or services.

Disclosure of Personal Information for Business Purposes in the Past 12 Months

The following chart describes the categories of personal information that we disclosed to third parties for a business purpose in the 12 months prior to the date of this Notice:

Categories of Personal Information Categories of Third Parties With Which We Shared Personal Information for a Business Purpose
Personal identifiers: name, email addresses, telephone numbers, home addresses, names of relatives and their relationships to you, birth dates, marriage dates and similar information you may provide us. Service providers that process payments, verify customer information, manage customer information and provide customer service (including through our call center and our automated virtual assistant), ship DNA kits, facilitate email communications, provide security services and cloud-based data storage, host our Website and assist with other IT-related functions, advertise and market our Service, provide analytics services, provide legal and accounting services.
Credit card or payment card information: credit card numbers, billing addresses and information required to facilitate payments. Service providers that process payments.
Protected class information: should you share such with us, for example: gender, marital status, ancestry, national origin information.

If you use the DNA Services, also genetic and genetic-health information*, ethnic origin information* and self-reported health history information.*		 Service providers that provide cloud-based data storage, host our Website, assist with customer support, provide analytics services and provide legal services.

If you use the DNA Services, service providers that process the DNA sample and provide physician oversight and genetic counseling.
Biometric information: in certain states, and only if you use the Photo Tagger feature, photos of your face to create facial recognition models. If you use the Photo Tagger feature, service providers that process photos of your face to create facial recognition models.
Commercial information: records of MyHeritage products or services obtained, purchased, or considered. Service providers that process payments, provide accounting services, advertise and market our Service, provide analytics services.
Internet or other electronic network activity information: information relating to how you interact with our Website and advertisements, the type of computer and browser you use, the address of the website from which you linked to the Website, IP address, page views. Service providers that assist us in marketing to those who visit our Website, provide security services and cloud-based data storage, host our Website and assist with other IT-related functions.
Professional information we collect from vendors or other businesses: the name of your employer or entity that you represent, your job title, names of your supervisors or those who you supervise, and other information you voluntarily provide to us regarding your professional life. Service providers that manage vendor information, payment processing and provide legal and accounting services.
Audio, electronic, and visual information: information provided telephonically to our customer service representatives and information provided using our automated virtual assistant; identifying information included in emails sent to us, messages or comments posted on our blogs, social media accounts, or our message boards; audio recordings you add to a photo or a profile in your family tree; photographs and videos. Service providers that manage customer information and provide customer service (including through our call center or emails and our automated virtual assistant), provide cloud-based data storage services.

* Sensitive personal information

Additionally, we may share your Personal Information to a third party in the following situations:

1) In an acquisition of MyHeritage: in the event that MyHeritage, or substantially all of its assets or stock are acquired, personal information will as a matter of course be one of the transferred assets. In such event, your information would remain subject to the promises made in the pre-existing Privacy Policy prior to the event. Note that this situation is not unique to MyHeritage and applies to most companies.

2) In legal or privacy circumstances: as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also disclose your personal information to third parties to help detect and protect against fraud or data security vulnerabilities. We will not provide information to law enforcement unless required by a valid court order or subpoena for genetic information.

Children’s Personal Information
Our Services are not directed to minors under the age of 13.

Third Party Websites and Social Media Buttons
Our Website may contain links to third party websites, including social media buttons that link to social media platforms. This Notice does not govern how those third parties or social media platforms collect or use personal information when you are redirected to their websites/apps or social media platforms, and we do not endorse or have control over their practices. The privacy policies and terms of use for those third parties websites/apps or social media platforms govern those companies’ privacy practices. We are not responsible for the content or privacy practices of any third-party websites or platforms.

How We Keep Your Personal Information Secure
We implement and maintain reasonable security appropriate to the nature of the personal information that we collect, use, retain, transfer or otherwise process. We are committed to developing, implementing, maintaining, monitoring, and updating a reasonable information security program, but no such program can be perfect; in other words, all risks cannot reasonably be eliminated. Data security incidents and breaches can occur due to factors that cannot reasonably be prevented. Accordingly, while our reasonable security program is designed to manage data security risks and thus help prevent data security incidents and breaches, it cannot be assumed that the occurrence of any given incident or breach results from our failure to implement and maintain reasonable security.

Changes to This Notice
We may update this Notice from time to time, and when we do so, we will update the date. If the changes are material, we will notify you by email or on our Website.

Use of the Website or the Service following any changes constitutes your acceptance of the revised Notice then in effect.

State Data Privacy Rights and Other State-Specific Disclosures
Laws in certain US states give residents of those states specific rights with respect to the personal information collected about them. See below for more information about those rights and other state-specific disclosures.

CALIFORNIA

If you are a California resident, the California Consumer Privacy Act (“CCPA”) and other California laws grant the rights described below with respect to their personal information we collect about you.

Your Right to Request Disclosure of Information We Collect and Share About You

California residents have the right to request certain information about our practices with respect to their personal information. In particular, you have the right to request that we disclose any or all of the following information to you about our processing of your personal information since January 1, 2022:

We Do Not Sell or Share Your Personal Information

As defined in the CCPA, we do not sell or share California residents’ personal information to third parties, including the personal information of California residents under the age of 16.

Your Right To Request The Deletion Of Personal Information We Have Collected From You

Upon your request, we will delete your personal information we have collected from you, subject to exceptions under the law.

Your Right to Request to Correct Personal Information We Hold About You

You have the right to request that we correct personal information we hold that you believe is not accurate. We will take steps to determine the accuracy of the personal information that is the subject of your request to correct, and in doing so will consider the totality of the circumstances relating to the personal information you have identified as being incorrect. We may ask that you provide documentation regarding your request to correct in order to assist us in evaluating the request.

Shine the Light

California residents are entitled to ask us for a notice describing what categories of personal customer information we share with third parties or corporate affiliates for those third parties or corporate affiliates’ direct marketing purposes. We do not share your personal information with third parties or corporate affiliates for their direct marketing purposes.

How We Respond to Do Not Track Signals

We do not currently respond to Do Not Track (“DNT”) signals from your browser because a uniform technological standard has not yet been developed for DNT.

Exercising Your Rights

To exercise any of the rights described in this Notice, email privacy@myheritage.com, or call us at +1-844-994-1888 (toll-free number in the USA). To exercise the right to delete or the right to request information we collect and share about you, you can also complete this form for the right to request deletion or this form for the right to request information we collect and share about you. All requesters will be required to authenticate themselves before we respond to their request.

California residents can lodge a complaint for violation of the California Genetic Information Privacy Act with any of the following California prosecutorial entities: the California Attorney General’s Office, a district attorney, authorized county counsel, a city attorney or an authorized city prosecutor.

Authorized Agents

You may designate an agent to submit requests on your behalf. If you do so, we will require your written authorization to release your personal information to your agent. The agent will need to provide us with your signed permission indicating the agent has been authorized to submit the request on your behalf. We will also require that you verify your identity directly with us or confirm with us that you provided the agent with permission to submit the request.

Verification Process

If you have an account with us, you may be asked to log in to your account. If you do not have an account with us, you may be asked to provide us with personal information to be matched with information we already have. The number and scope of such personal information will depend on the sensitivity of the personal information involved and the risk of harm due to any unlawful disclosure or deletion of such personal information. Such information may include your date of birth, place of birth, and information relating to the family tree you appear in. If we do not have a reasonable method by which we can verify your identity to the degree of certainty required, then your request may be denied.

Response Timeline and Additional Information

For requests for access, correction, or deletion, we will first acknowledge receipt of your request within 10 business days of receipt of your request. We provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.

We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.

If you wish to receive further information or have any questions or concerns, email us at privacy@myheritage.com.

Right to Non-Discrimination

If you exercise any of the rights explained in this Notice, we will continue to treat you fairly. Consumers who exercise their rights under this Notice will not be denied or charged different prices or rates for goods or services, or provided a different level or quality of goods or services than other Consumers.

COLORADO

If you are a Colorado resident, the Colorado Privacy Act (“CPA”) grants the rights described below with respect to personal information we collect about you.



Please note that for purpose of this section of this Notice, we consider “personal information” to have the same meaning as “personal data” as defined under the CPA.

Exercising Your Rights and How We Will Respond

To exercise your rights to know, delete or correct, or to ask a question, email privacy@myheritage.com. We will respond to such requests within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.

Our Commitment to Honoring Your Rights

If you exercise any of the rights explained in this Notice, we will continue to treat you fairly. If you exercise your rights under this Notice, you will not be denied or charged different prices or rates for goods or services or provided a different level or quality of goods or services than others.

Verification of Identity – Requests to Know, Delete, Correct

If you have an account with us, you may be asked to log in to your account. If you do not have an account with us, you may be asked to provide us with personal data to be matched with data we already have. The number and scope of such personal data will depend on the sensitivity of personal data involved and the risk of harm due to any unlawful disclosure or deletion of such personal data. Such information may include your date of birth, place of birth, and information relating to the family tree you appear in.
If we cannot reasonably verify your identity to the degree of certainty required, then your request may be denied.

When We Do Not Act on a Request – Appeal Process
In some cases, we may not act on your requests (e.g., if we cannot do so under other laws that apply). When this is the case, we will explain our reasons for not providing you with the information or taking the action (e.g., correcting data) you requested.

Additionally, you have the right to appeal our decision by contacting us at privacy@myheritage.com within 30 days after your receipt of our decision. Please provide us with an email address to identify your original request. We will respond to your appeal within 60 days of our receipt of the request.

CONNECTICUT

If you are a Connecticut resident, the Connecticut Data Privacy Act (“CTDPA”) grants the rights described below with respect to personal information we collect about you.



Please note that for purpose of this section of this Notice, we consider “personal information” to have the same meaning as “personal data” as defined under the CTDPA.

Exercising Your Rights and How We Will Respond

To exercise your rights to know, delete or correct, or to ask a question, email privacy@myheritage.com. We will respond to such requests within 45 days from when we receive your request. If we expect your request is going to take us longer than normal to fulfill, we will extend the response period by another 45 days and will inform you of such extension.

We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.

Our Commitment to Honoring Your Rights

If you exercise any of the rights explained in this Notice, we will continue to treat you fairly. If you exercise your rights under this Notice, you will not be denied or charged different prices or rates for goods or services or provided a different level or quality of goods or services than others.

Verification of Identity – Requests to Know, Delete, Correct

If you have an account with us, you may be asked to log in to your account. If you do not have an account with us, you may be asked to provide us with personal data to be matched with data we already have. The number and scope of such personal data will depend on the sensitivity of personal data involved and the risk of harm due to any unlawful disclosure or deletion of such personal data.

If we cannot reasonably verify your identity to the degree of certainty required, then your request may be denied.

When We Do Not Act on a Request – Appeal Process

In some cases, we may not act on your requests (e.g., if we cannot do so under other laws that apply). When this is the case, we will explain our reasons for not providing you with the information or taking the action (e.g., correcting data) you requested.

Additionally, you have the right to appeal our decision by contacting us at privacy@myheritage.com within 30 days after your receipt of our decision. Please provide us with an email address to identify your original request. We will respond to your appeal within 60 days of our receipt of the request.

NEVADA

Pursuant to Nevada law, you may direct a commercial operator of a website not to sell certain personal information a business has collected or will collect about you. MyHeritage does not sell personal information as it is described in Nevada law. For more information about how we handle and share your personal information or your rights under Nevada law, contact us at privacy@myheritage.com.

VIRGINIA

If you are a Virginia resident, the Virginia Consumer Data Privacy Act (“VCDPA”) grants you the following rights with respect to the personal data we collect about you:

To exercise any of the rights described in this Notice, or for additional information about how to exercise your rights, email privacy@myheritage.com or call us at +1-844-994-1888 (toll-free number in the USA). To exercise the right to delete or the right to request information we collect and share about you, you can also complete this form for the right to request deletion or this form for the right to request information we collect and share about you. All requesters will be required to authenticate themselves before we respond to their request.

Verification Process

If you have an account with us, you will be asked to log in to your account. If you do not have an account with us, you may be asked to provide us with personal data to be matched with data we already have. The number and scope of such personal data will depend on the sensitivity of personal data involved and the risk of harm due to any unlawful disclosure or deletion of such personal data. Such information may include your date of birth, place of birth, and information relating to the family tree you appear in.

If we do not have a reasonable method by which we can verify your identity to the degree of certainty required, then your request may be denied.

Response Timeline and Additional Information

For requests to know, delete or correct personal data, we will provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know. We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why. If you wish to receive further information or have any questions or concerns, email us at privacy@myheritage.com.

When We Do Not Act on a Request – Appeal Process
In some cases, we may not act on your requests (e.g., if we cannot do so under other laws that apply). When this is the case, we will explain our reasons for not providing you with the information or taking the action (e.g., correcting data) you requested.

Additionally, you have the right to appeal our decision by contacting us at privacy@myheritage.com within 30 days after your receipt of our decision. Please provide us with an email address to identify your original request. We will respond to your appeal within 60 days of our receipt of the request.