US STATE PRIVACY NOTICE
This US State Privacy Notice (this "Notice") supplements the information contained in the Privacy Policy of MyHeritage ("MyHeritage", the "Company", "we", "us", or "our").
MyHeritage is an online service that allows members to create family sites and profiles in order to build and print their family trees, upload, enhance, colorize, animate and share family photos, keep in touch with family members, perform DNA testing, receive genetic genealogy and genetic health analysis, participate in scientific research and research their family history with advanced research tools (the "Service").
This US State Privacy Notice (“Notice”) describes our practices regarding the collection, use, disclosure of personal information when US residents use our MyHeritage website, and/or the MyHeritage and Reimagine mobile applications for iOS and Android (collectively, the “Website”), use or obtain our Service, or engage with us offline. It addresses legal obligations and rights that apply to "personal information" or "personal data," which is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked directly or indirectly, with a particular individual or household.
Capitalized terms used but not defined in this Notice or our Privacy Policy have the meaning ascribed to them in our Terms and Conditions.
By accessing the Website, you agree to our Terms and Conditions and our collection and use of personal information as described in this Notice and our Privacy Policy. If you do not agree to this Notice, do not use the Website or the Service and delete your account.
Notice at Collection - The Personal Information We Collect
We collect the following categories of personal information and collected the same categories in the 12 months preceding the date of this Notice:
1) Personal identifiers: names, email addresses, telephone numbers, home addresses, account password, names of relatives and their relationships to you, birth dates, marriage dates and similar information you may provide us.
2) Credit card or payment card information: credit card numbers, billing addresses and information required to facilitate payments through our payment service providers.
3) Protected class information: should you voluntarily share such with us: gender, marital status, ancestry, national origin information and, if you use the DNA Services, also genetic and genetic-health information, ethnic origin information and self-reported health history information.
4) Commercial information: records of MyHeritage products or services obtained, purchased, or considered.
5) Internet or other electronic network activity information: information relating to how you interact with our Website, the type of computer and browser you use, the address of the website from which you linked to the Website, IP address, page views.
6) Professional information we collect from vendors or other businesses: the name of your employer or entity that you represent, your job title, names of your supervisors or those who you supervise, and other information you voluntarily provide to us regarding your professional life.
7) Audio, electronic, and visual information: information provided telephonically to our customer service representatives and information provided using our automated virtual assistant; identifying information included in emails sent to us, messages or comments posted on our blogs, social media accounts, or our message boards; audio recordings you add to a photo or a profile in your family tree; photographs and videos.
8) Sensitive personal information: if you use the DNA Services: personal information that reveals ethnic origin information, genetic and genetic health information, and self-reported health history information.
9) Biometric information: in certain states, and only if you use the Photo Tagger feature, we may collect photos of your face to create facial recognition models. The Photo Tagger feature identifies faces in your photos and creates facial recognition models (i.e., biometric information) of you and your deceased relatives, in order to help you tag people in your photos quickly and easily. It clusters faces of the same person appearing in multiple photos and allows you to tag them in all photos in one go. In the United States, we do not offer Photo Tagger in California, Illinois, Texas, and Washington and do not, therefore, collect biometric information in those states.
Notice at Collection – Purposes for Which We Collect Personal Information
We collect personal information for the following purposes:
| Categories of Personal Information | Purposes for Collection |
|---|---|
| Personal identifiers: names, email addresses, telephone numbers, home addresses, account password, names of relatives and their relationships to you, birth dates, marriage dates and similar information you may provide us. Protected class information, should you voluntarily share such with us: gender, marital status, ancestry, national origin information and, if you use the DNA Services, also genetic* and genetic-health information*, ethnic origin information* and self-reported health history information*. Biometric information: in certain states, and only if you use the Photo Tagger feature, photos of your face to create facial recognition models. Internet or other electronic network activity information: information relating to how you interact with our Website, the type of computer and browser you use, the address of the website from which you linked to the Website, IP address, page views. Audio, electronic, and visual information, information provided telephonically to our customer service representatives and information provided using our automated virtual assistant; identifying information included in emails sent to us, messages or comments posted on our blogs, social media accounts, or our message boards; audio recordings you add to a photo or a profile in your family tree; photographs and videos. |
To provide our Service |
| Personal identifiers: name, email address, home or billing address, telephone numbers, account ID. Credit card or payment card information: credit card numbers, billing addresses and information required to facilitate payments through our payment service providers. Commercial information: records of MyHeritage products or services obtained or purchased. |
To process payments |
| Personal identifiers: names, email addresses, telephone numbers, home addresses, names of relatives and their relationships to you, birth dates, marriage dates, and similar information you may provide us. Commercial information: records of MyHeritage products or services obtained, purchased, or considered. Professional information we collect from vendors or other businesses: name of your employer or entity that you represent, your job title, names of your supervisors or those who you supervise, and other information you voluntarily provide to us regarding your professional life. Audio, electronic, and visual information: information provided telephonically to our customer service representatives and information provided using our automated virtual assistant; identifying information included in emails sent to us, messages or comments posted on our blogs, social media accounts, or our message boards. |
To communicate with you |
| Personal identifiers: names, email addresses, home addresses, telephone numbers. Commercial information: records of MyHeritage products or services obtained, purchased, or considered. Internet or other electronic network activity information: information relating to how you interact with our Website, the type of computer and browser you use, the address of the website from which you linked to the Website, IP address, page views. Professional information we collect from vendors or other businesses: the name of your employer or entity that you represent, your job title, names of your supervisors or those who you supervise, and other information you voluntarily provide to us regarding your professional life. |
For advertising and marketing |
| Personal identifiers: names, email addresses, telephone numbers, home addresses, account password, names of relatives and their relationships to you, birth dates, marriage dates and similar information you may provide us. Protected class information, should you voluntarily share such with us: gender, marital status, ancestry, national origin information and, if you use the DNA Services, also genetic* and genetic-health information*, ethnic origin information* and health history information*. Commercial information: records of MyHeritage products or services obtained, purchased, or considered. Internet or other electronic network activity information, information relating to how you interact with our Website, the type of computer and browser you use, the address of the website from which you linked to the Website, IP address, page views. Audio, electronic, and visual information: information provided telephonically to our customer service representatives and information provided using our automated virtual assistant; identifying information included in emails sent to us, messages or comments posted on our blogs, social media accounts, or our message boards; audio recordings you add to a photo or a profile in your family tree; photographs and videos. |
To operate, analyze, and improve our Website and Service |
| Personal identifiers: names, email addresses, telephone numbers, home addresses, account password, names of relatives and their relationships to you, birth dates, marriage dates and similar information you may provide us. Credit card or payment card information: credit card numbers, billing addresses and information required to facilitate payments through our payment service providers. Commercial and financial information: payment information and records of MyHeritage products or services obtained or purchased. Internet or other electronic network activity information: information relating to how you interact with our Website, the type of computer and browser you use, the address of the website from which you linked to the Website, IP address, page views. Audio, electronic, and visual information: information provided telephonically to our customer service representatives and information provided using our automated virtual assistant; identifying information included in emails sent to us, messages or comments posted on our blogs, social media accounts, or our message boards; audio recordings you add to a photo or a profile in your family tree; photographs and videos. |
To prevent fraud, activities that violate our Terms and Conditions or that are illegal; and to protect our rights and the rights and safety of our users or others |
| Personal identifiers: names, names of relatives and their relationships to you, birth dates, marriage dates and similar information you may provide us. Protected class information, gender, marital status, ancestry, national origin information, genetic* and genetic-health information*, ethnic origin information*, and self-reported health history information*. Visual information: photographs and videos. |
For research, provided you sign the DNA Informed Consent |
* Sensitive personal information.
Notice at Collection – Sale/Sharing/Targeted Advertising
We do not sell, share with third parties for cross-context behavioral advertising, or process for targeted advertising (as those terms are defined in the CCPA and other state data privacy laws) the personal information of residents of California, Virginia, Colorado, Connecticut, Delaware, Iowa, Montana, New Jersey, New Hampshire, Nebraska, Oregon or Texas. We have not sold or shared California residents’ personal information in the 12 months prior to the date of this Notice.
Notice at Collection - Retention Periods
We retain the categories of personal information we collect for the length of time necessary to provide our Service and to comply with legal obligations or to protect our legal rights. For more information, see section 9, “Data Retention,” in our Privacy Policy.
Categories of Sources from Which We Collect Personal Information
- when you sign up for and use any aspect of our Service; when you purchase a subscription or other product from us;
- when you use the Service to build your family tree, conduct family research on the Website, or invite others to view or edit your family tree;
- when you use our DNA Services, i.e., when you purchase our DNA test kit, or upload your DNA data that was generated by another DNA testing service;
- when you post messages or comments on our blogs, social media accounts, or our message boards;
- when you communicate with other users through the Service’s features (e.g., MyHeritage Inbox);
- when you communicate with our customer support team or other representatives;
- when you engage with our automated virtual assistant;
- when you participate in any Surveys or questionnaires on the Service;
- when you link an account from Facebook or Google to your account on our Service, for authentication;
- when you use our Service via an integration from our genealogy partners such as Roots Magic and Family Historian;
- from public and historical records;
- when you visit or interact with our Website;
- when you interact with us in your capacity as a representative of another entity or individual with whom we are doing business.
Use of Cookies and Tracking Technologies
To enable the proper functioning and security of the Website, we collect information via cookies and other trackers, including of third parties, for example, to save your login details so you won’t need to re-enter them each time you wish to log in, or to remember the display language you previously selected so you won't need to select it each time you visit the Website. For more information about our use of cookies and similar automated means of data collection, please see our Cookie Policy.
You may set your browser to notify you when you receive a cookie. Many web browsers also allow you to block cookies. You can disable cookies from your computer system by following the instructions on your browser or at www.youradchoices.com. For more information about cookies, please go to www.allaboutcookies.org.
Use or Disclosure of Sensitive Personal Information
We do not use or disclose sensitive personal information to create inferences or profiles about individuals or for any purposes other than providing our Service.
No Profiling to Facilitate Decisions with Legal or Other Significant Effects
We do not engage in the automated processing of personal information to create profiles about individuals that are used in furtherance of decisions with legal or other similarly significant effects, such as the provision or denial of financial or lending services, housing, insurance, or access to essential goods or services.
Disclosure of Personal Information for Business Purposes in the Past 12 Months
The following chart describes the categories of personal information that we disclosed for a business purpose in the 12 months prior to the date of this Notice:
| Categories of Personal Information | Categories of Entities to Which We Disclosed Personal Information for a Business Purpose |
|---|---|
| Personal identifiers: name, email addresses, telephone numbers, home addresses, names of relatives and their relationships to you, birth dates, marriage dates and similar information you may provide us. | Service providers that process payments, verify customer information, assist in providing information and search results for the Services, manage customer information and provide customer service (including through our call center and our automated virtual assistant), ship DNA kits, facilitate email communications, provide security services and cloud-based data storage, host our Website and assist with other IT-related functions, advertise and market our Service, provide analytics services, provide legal and accounting services. |
| Credit card or payment card information: credit card numbers, billing addresses and information required to facilitate payments. | Service providers that process payments. |
| Protected class information: should you share such with us, for example: gender, marital status, ancestry, national origin information. If you use the DNA Services, also genetic and genetic-health information*, ethnic origin information* and self-reported health history information.* |
Service providers that provide cloud-based data storage, host our Website, assist with customer support, provide analytics services and provide legal services. If you use the DNA Services, service providers that process the DNA sample, process the DeepAncestry Coordinates, and provide physician oversight and genetic counseling. |
| Biometric information: in certain states, and only if you use the Photo Tagger feature, photos of your face to create facial recognition models. | If you use the Photo Tagger feature, service providers that process photos of your face to create facial recognition models. |
| Commercial information: records of MyHeritage products or services obtained, purchased, or considered. | Service providers that process payments, provide accounting services, advertise and market our Service, provide analytics services. |
| Internet or other electronic network activity information: information relating to how you interact with our Website, the type of computer and browser you use, the address of the website from which you linked to the Website, IP address, page views. | Service providers that assist us in marketing to those who visit our Website, provide security services and cloud-based data storage, host our Website and assist with other IT-related functions. |
| Professional information we collect from vendors or other businesses: the name of your employer or entity that you represent, your job title, names of your supervisors or those who you supervise, and other information you voluntarily provide to us regarding your professional life. | Service providers that manage vendor information, payment processing and provide legal and accounting services. |
| Audio, electronic, and visual information: information provided telephonically to our customer service representatives and information provided using our automated virtual assistant; identifying information included in emails sent to us, messages or comments posted on our blogs, social media accounts, or our message boards; audio recordings you add to a photo or a profile in your family tree; photographs and videos. | Service providers that manage customer information and provide customer service (including through our call center or emails and our automated virtual assistant), provide cloud-based data storage services. |
* Sensitive personal information
Additionally, we may share your Personal Information to a third party in the following situations:
1) In an acquisition of MyHeritage: in the event that MyHeritage, or substantially all of its assets or stock are acquired, personal information will as a matter of course be one of the transferred assets. In such event, your information would remain subject to the promises made in the pre-existing Privacy Policy prior to the event. Note that this situation is not unique to MyHeritage and applies to most companies.
2) In legal or privacy circumstances: as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also disclose your personal information to third parties to help detect and protect against fraud or data security vulnerabilities. We will not provide information to law enforcement unless required by a valid court order or subpoena for genetic information.
Children’s Personal Information
Our Services are not directed to minors under the age of 13.
Third Party Websites and Social Media Buttons
Our Website may contain links to third party websites, including social media buttons that link to social media platforms. This Notice does not govern how those third parties or social media platforms collect or use personal information when you are redirected to their websites/apps or social media platforms, and we do not endorse or have control over their practices. The privacy policies and terms of use for those third parties websites/apps or social media platforms govern those companies’ privacy practices. We are not responsible for the content or privacy practices of any third-party websites or platforms.
How We Keep Your Personal Information Secure
We implement and maintain reasonable security appropriate to the nature of the personal information that we collect, use, retain, transfer or otherwise process. We are committed to developing, implementing, maintaining, monitoring, and updating a reasonable information security program, but no such program can be perfect; in other words, all risks cannot reasonably be eliminated. Data security incidents and breaches can occur due to factors that cannot reasonably be prevented. Accordingly, while our reasonable security program is designed to manage data security risks and thus help prevent data security incidents and breaches, it cannot be assumed that the occurrence of any given incident or breach results from our failure to implement and maintain reasonable security.
Changes to This Notice
We may update this Notice from time to time, and when we do so, we will update the date. If the changes are material, we will notify you by email or on our Website.
Use of the Website or the Service following any changes constitutes your acceptance of the revised Notice then in effect.
State Data Privacy Rights and Other State-Specific Disclosures
Laws in certain US states give residents of those states specific rights with respect to the personal information collected about them. See below for more information about those rights and other state-specific disclosures.
Alabama residents who wish to allege a violation of the Alabama Genetic Data Privacy Act of 2024 may file a complaint with the Alabama Attorney General.
Minnesota residents who wish to allege a violation of the Minnesota Genetic Information Privacy Act (GIPA) may file a complaint with the Minnesota Department of Commerce, pursuant to Minn. Stat. §45.027.
Virginia residents who wish to allege a violation of Va. Code Ann. §59.1-593 through §59.1-602 of 2023 (relative to genetic data privacy) may file a complaint with the Virginia Attorney General.
CALIFORNIA
If you are a California resident, the California Consumer Privacy Act (“CCPA”) and other California laws grant the rights described below with respect to their personal information we collect about you.
Your Right to Request Disclosure of Information We Collect and Share About You
California residents have the right to request certain information about our practices with respect to their personal information. In particular, you have the right to request that we disclose any or all of the following information to you about our processing of your personal information since January 1, 2022:
- Specific pieces of your personal information that we've collected
- The categories of personal information we have collected
- The sources from which we collected personal information
- The business or commercial purposes for which we collected personal information
- The categories of third parties with which we disclosed personal information
- The categories of personal information that we've disclosed to third parties for business purposes
We Do Not Sell or Share Your Personal Information
As defined in the CCPA, we do not sell or share California residents’ personal information to third parties, including the personal information of registered users who we are able to identify as California residents under the age of 16.
Your Right To Request The Deletion Of Personal Information We Have Collected From You
Upon your request, we will delete your personal information we have collected from you, subject to exceptions under the law.
Your Right to Request to Correct Personal Information We Hold About You
You have the right to request that we correct personal information we hold that you believe is not accurate. We will take steps to determine the accuracy of the personal information that is the subject of your request to correct, and in doing so will consider the totality of the circumstances relating to the personal information you have identified as being incorrect. We may ask that you provide documentation regarding your request to correct in order to assist us in evaluating the request.
Shine the Light
California residents with whom we have an established business relationship are entitled to ask us for a notice describing certain categories of personal customer information we shared in the immediately preceding calendar year with third parties for those third parties’ direct marketing purposes. We do not share your personal information with third parties or corporate affiliates for their direct marketing purposes.
How We Respond to Do Not Track Signals
We do not currently respond to Do Not Track (“DNT”) signals from your browser because a uniform technological standard has not yet been developed for DNT.
Exercising Your Rights
To exercise any of the rights described in this Notice, email privacy@myheritage.com, or call us at +1-844-994-1888 (toll-free number in the USA). To exercise the right to delete or the right to request information we collect and share about you, you can also complete this form for the right to request deletion or this form for the right to request information we collect and share about you. All requesters will be required to authenticate themselves before we respond to their request.
California residents who wish to allege a violation of the California Genetic Information Privacy Act (GIPA) can lodge a complaint with any of the following California prosecutorial entities: the California Attorney General’s Office, a district attorney, or authorized county counsel. Residents of cities with more than 750,000 residents may file a complaint with their city attorney, and residents of cities with full-time city prosecutors may file a complaint with their city prosecutor. California residents who believe that their Personal Information was used improperly may file a complaint with the California Privacy Protection Agency (CPPA).
Authorized Agents
You may designate an agent to submit requests on your behalf. If you do so, we will require your written authorization to release your personal information to your agent. The agent will need to provide us with your signed permission indicating the agent has been authorized to submit the request on your behalf. We will also require that you verify your identity directly with us or confirm with us that you provided the agent with permission to submit the request.
Verification Process
If you have an account with us, you may be asked to log in to your account. If you do not have an account with us, you may be asked to provide us with personal information to be matched with information we already have. The number and scope of such personal information will depend on the sensitivity of the personal information involved and the risk of harm due to any unlawful disclosure or deletion of such personal information. Such information may include your date of birth, place of birth, and information relating to the family tree you appear in. If we do not have a reasonable method by which we can verify your identity to the degree of certainty required, then your request may be denied.
Response Timeline and Additional Information
For requests for access, correction, or deletion, we will first acknowledge receipt of your request within 10 business days of receipt of your request. We provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
If you wish to receive further information or have any questions or concerns, email us at privacy@myheritage.com.
Right to Non-Discrimination
If you exercise any of the rights explained in this Notice, we will continue to treat you fairly. Consumers who exercise their rights under this Notice will not be denied or charged different prices or rates for goods or services, or provided a different level or quality of goods or services than other Consumers.
COLORADO, CONNECTICUT, DELAWARE, MONTANA, NEW JERSEY, NEW HAMPSHIRE, NEBRASKA, OREGON, TEXAS, and VIRGINIA
If you are a Colorado, Connecticut, Delaware, Montana, New Jersey, New Hampshire, Nebraska, Oregon, Texas or Virginia resident, your state privacy act as applicable grants the rights described below with respect to personal information we collect about you.
- Right to Know: You have the right to confirm whether or not we are processing their personal information and to access such data.
- Right to Access: You have the right to a portable copy of the personal information we have collected from them.
- Right to Delete: You have the right to request deletion of the personal information that we have collected about them and to have such information deleted, subject to certain exceptions.
- Right to Correct: You have the right to ask that we correct inaccuracies in their personal information, taking into account the nature of personal data and purposes of processing such information.
Please note that for purpose of this section of this Notice, we consider “personal information” to have the same meaning as “personal data” as defined under the above mentioned acts.
Exercising Your Rights and How We Will Respond
To exercise your rights please complete this form for the right to request deletion or this form for the right to know, obtain a copy or to correct. We will respond to such requests within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
Our Commitment to Honoring Your Rights
If you exercise any of the rights explained in this Notice, we will continue to treat you fairly. If you exercise your rights under this Notice, you will not be denied or charged different prices or rates for goods or services or provided a different level or quality of goods or services than others.
Verification of Identity
If you have an account with us, you may be asked to log in to your account. If you do not have an account with us, you may be asked to provide us with personal data to be matched with data we already have. The number and scope of such personal data will depend on the sensitivity of personal data involved and the risk of harm due to any unlawful disclosure or deletion of such personal data. Such information may include your date of birth, place of birth, and information relating to the family tree you appear in.
If we cannot reasonably verify your identity to the degree of certainty required, then your request may be denied.
When We Do Not Act on a Request – Appeal Process
In some cases, we may not act on your requests (e.g., if we cannot do so under other laws that apply). When this is the case, we will explain our reasons for not providing you with the information or taking the action (e.g., correcting data) you requested.
Additionally, you have the right to appeal our decision by contacting us at privacy@myheritage.com within 30 days after your receipt of our decision. Please provide us with an email address to identify your original request. We will respond to your appeal within 60 days of our receipt of the request, or within 45 days if you are a resident of New Jersey or Oregon.
NEVADA
Pursuant to Nevada law, you may direct a commercial operator of a website not to sell certain personal information a business has collected or will collect about you. MyHeritage does not sell personal information as it is described in Nevada law. For more information about how we handle and share your personal information or your rights under Nevada law, contact us at privacy@myheritage.com.
UTAH and IOWA
If you are a Utah or an Iowa resident, your state privacy act grants the rights described below with respect to personal information we collect about you.
- Right to Know: You have the right to confirm whether or not we are processing their personal information and to access such data.
- Right to a Copy: You have the right to obtain a portable and readily usable copy of the personal information that they previously provided to us that, where the processing is automated, can be transmitted to another data controller without impediment.
- Right to Delete: You have the right to request deletion of the personal information that we have collected about them and to have such information deleted, subject to certain exceptions.
While the privacy act provides the right to opt out of the sale of personal information, we do not sell personal information consistent with the definition of “sale” under the Utah and Iowa laws.
Please note that for purpose of this section of this Notice, we consider “personal information” to have the same meaning as “personal data” as defined under the applicable privacy act.
Exercising Your Rights and How We Will Respond
To exercise your rights to know, delete or correct, or to ask a question, email privacy@myheritage.com. You can also complete this form for the right to request deletion or this form for the right to know, obtain a copy or to correct. We will respond to such requests within 45 days from when we receive your request although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
Verification of Identity
If you have an account with us, you may be asked to log in to your account. If you do not have an account with us, you may be asked to provide us with personal data to be matched with data we already have. The number and scope of such personal data will depend on the sensitivity of personal data involved and the risk of harm due to any unlawful disclosure or deletion of such personal data.
If we cannot reasonably verify your identity to the degree of certainty required, then your request may be denied. We will notify you to explain the basis of the denial.
When We Do Not Act on a Request – Appeal Process
In some cases, we may not act on your requests (e.g., if we cannot do so under other laws that apply). When this is the case, we will explain our reasons for not providing you with the information or taking the action (e.g., correcting data) you requested.
Additionally, if you are an Iowa resident you have the right to appeal our decision by contacting us at privacy@myheritage.com within 30 days after your receipt of our decision. Please provide us with an email address to identify your original request. We will respond to your appeal within 60 days of our receipt of the request.
VIRGINIA
If you are a Virginia resident, the Virginia Consumer Data Privacy Act (“VCDPA”) grants you the following rights with respect to the personal data we collect about you:
- Right to Know: Virginia residents have the right to confirm whether or not we are processing their personal data and to access such data, including by obtaining a copy of data that they previously provided to us.
- Right to Delete: Virginia residents have the right to request deletion of their personal data that we have collected about them and to have such personal data deleted, subject to certain exceptions.
- Right to Correct: Virginia residents have the right to ask that we correct inaccuracies in their personal data, taking into account the nature of personal data and purposes of processing such information.
To exercise any of the rights described in this Notice, or for additional information about how to exercise your rights, email privacy@myheritage.com or call us at +1-844-994-1888 (toll-free number in the USA). You can also complete this form for the right to request deletion or this form for the right to know and to correct. All requesters will be required to authenticate themselves before we respond to their request.
Verification of Identity
If you have an account with us, you will be asked to log in to your account. If you do not have an account with us, you may be asked to provide us with personal data to be matched with data we already have. The number and scope of such personal data will depend on the sensitivity of personal data involved and the risk of harm due to any unlawful disclosure or deletion of such personal data. Such information may include your date of birth, place of birth, and information relating to the family tree you appear in.
If we do not have a reasonable method by which we can verify your identity to the degree of certainty required, then your request may be denied.
Response Timeline and Additional Information
For requests to know, delete or correct personal data, we will provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know. We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why. If you wish to receive further information or have any questions or concerns, email us at privacy@myheritage.com.
When We Do Not Act on a Request – Appeal Process
In some cases, we may not act on your requests (e.g., if we cannot do so under other laws that apply). When this is the case, we will explain our reasons for not providing you with the information or taking the action (e.g., correcting data) you requested.
Additionally, you have the right to appeal our decision by contacting us at privacy@myheritage.com within 30 days after your receipt of our decision. Please provide us with an email address to identify your original request. We will respond to your appeal within 60 days of our receipt of the request.