Last updated: March 4th, 2020

We are HIPAA-compliant, GDPR-compliant, and CCPA-compliant. In general, the Legacy team believes deeply that privacy is a fundamental human right, and we make every attempt to anonymize and encrypt your data wherever possible. You can learn more below about your rights as a consumer under CCPA and GDPR, and we will facilitate this process to the greatest extent possible.

We clearly outline in this Privacy Policy exactly what data we may be collecting, and seek to provide as many examples as possible for you to understand how we may use your data.

We do not “sell” your personal information except as defined by CCPA for our use of targeted advertising from companies such as Google and Facebook on our website.

You can opt out of this “sale” here: https://optout.aboutads.info/.

Jump to our CCPA Notice

Jump to our GDPR Notice

What Data We Collect, Why, and How it’s Shared

Personal Data or Personal Information (PI) is information that relates to you, your household, or one of your devices.

Legacy collects personal information about you from various sources to provide our service and to manage our site. Some data is provided by you. Other data is collected automatically.

Contact Information

We collect your contact information (name, email, phone number, address) when you purchase our service or contact us by email or through our website. We use the information you provide to respond to your questions, to provide our service, and to provide customer support. We also send emails to market our own services.

We share this information for business purposes with third parties and service providers in the following categories:

  • Core providers to deliver our service (such as a identity verification and medical providers)

  • Sales and marketing tools (for sending marketing emails)

  • Internal business operations (such as email providers and data storage)

  • Customer support (such as our phone provider)

Payment Information

When you pay for our service, you directly provide payment information to a payment processor who processes the transaction on our behalf.

Commercial Information

Commercial information consists of your buying habits and purchases. When you purchase our products, we retain records of your purchasing history through our payment processor. This information is also shared with third parties and service providers in the following categories:

  • Internal business operations (such as our email provider and contract storage)

  • Sales and marketing tools (such as referral marketing tracking)

Electronic Activity, Device Information, and IP Information

We collect IP address and electronic activity (i.e. how you use our website or application), along with information about your device type and operating system when you visit our website and purchase our products. This information is collected on our behalf by third parties that provide services for:

  • Sales and marketing tools (such as our client relationship management [CRM] system and digital advertising publishers)

  • Data analytics (to understand how you use our website)

  • Core providers to deliver our service (such as identity verification)

We use this information to operate and improve our website, products, and marketing efforts.

Behavioral Profile

We use electronic activity data to determine what service you’re most interested in. This information is a feature for our CRM.

Biometric Information, Medical Data, and Protected Class

We collect biometric and medical information in order to provide services such as sperm analysis, freezing, and storage. During this process, we necessarily collect protected class information (such as biological sex).

This information is shared with core providers critical to delivering our service, such as medical clinics.

Audio Information and Visual Information We collect audio information if you leave a voicemail and visual information if have a visible profile picture uploaded through email. This information is disclosed to service providers, such as our email and phone providers.

Data Retention

We retain all customer records such as purchases and support tickets indefinitely. Requests to fulfill rights as described below will be retained for at least 24 months.

Children’s Privacy

We will never knowingly collect the personal information of children under 18. Our website is not intended or developed for children or minors.

Cookie Policy

This website uses cookies to recognize you when you visit our website.

Cookies are small text files that are stored on your computer. They are designed to hold a small amount of data specific to a website or server that can be accessed either by the website or your computer. We use cookies to capture information described in the What Data We Collect, Why, How It’s Shared section, such as IP address and electronic activity data.

We use this information to remember your site preferences. Additionally, we use this data to analyze site traffic, provide targeted advertising, and to understand the effectiveness of our marketing efforts.

We do not “sell” your personal information except as defined by CCPA for our use of targeted advertising from companies such as Google and Facebook on our website.

You can opt out of this “sale”, by opting out of these cookies here: https://optout.aboutads.info/.

Contact

Our Data Protection Officer is Khaled Kteily can be contacted at privacy@givelegacy.com if you have any questions or concerns.

You may also send mail to:

Legacy Attention: Data Privacy Officer Harvard Innovation Lab Batten Hall, 125 Western Ave Allston Cambridge, MA 02134

CCPA Notice

You may exercise certain consumer rights under the California Consumer Privacy Act (CCPA). Email us at privacy@givelegacy.com, call us at (855) 553-0222 or fill in our Web Form to exercise these rights.

Right to Know

You may request the information we have collected about you. The right to access includes disclosure of:

  1. The categories of personal information we have collected about you

  2. The categories of sources from which your personal information is collected

  3. The business or commercial purpose for collecting your personal information

  4. The categories of third parties with whom we share your personal information

  5. The specific pieces of personal information we have collected about you

We will provide this information directly to you in a portable format.

If you make a request more than twice a year, you may be required to pay a small fee for this service.

Right to Deletion

You may exercise your right to deletion. We will delete any personal information that is not critical to the normal business operation of Legacy from our records and direct all of our service providers to do the same.

We consider data to be critical to our business operation if they are used to:

  • Provide goods or services to you

  • Detect and resolve issues related to security or functionality

  • Comply with legal obligations

Right to Non-Discrimination

If you exercise your consumer rights:

  • We will not deny goods or services to you

  • We will not charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties

  • We will not provide a different level or quality of goods or services to you

Authorized Agent

You may designate someone an authorized agent to make a request under CCPA on your behalf. You can do this by providing written permission to authorize an agent to act on your behalf; the agent will need to verify their identity with us. Agents authorized by power of attorney are exempt from having to provide written permission, but must show documentation that power of attorney has been granted.

We will deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.

Request Verification

Due to the sensitive nature of the information we store, if you are a customer, we will verify your identity through a government ID which includes your picture.

If you are not a customer, we will need to verify the email address associated with the personal information we have collected about you.

If we cannot verify your identity, we cannot fulfill requests to exercise any rights accorded to you by CCPA.

Do Not Sell My Personal Information

We do not “sell” your personal information except for our use of digital advertising from companies such as Google and Facebook on our website.

CCPA expands the definition of a “sale” such that targeted advertising (in which ads are targeted based on your browsing behavior) is considered a sale of information.

You can opt out of this “sale” by opting out of these cookies by using the DAA Tool.

GDPR Notice

This section of the Privacy Policy applies only if you use our website or Services covered by this Privacy Policy from a country that is a Member State of the European Union, and supplements the information in this Privacy Policy.

Legal Basis for Data Processing

We process Personal Data for the purposes set out in this Privacy Policy:

  • As necessary for the performance of the contract between you and Legacy (for example, to provide you with the Services you request and to identify and authenticate you so you may use the website)

  • As necessary to comply with legal requirements (for example, to comply with regional rules and best practices for the distribution of donor sperm);

  • As necessary for our legitimate interests (for example, to manage our relationship with you and to improve the website and our Services)

  • Based on consent by our customers (for example, to communicate with you about our products and services and provide you with marketing information), which may subsequently be withdrawn at any time (by emailing info@givelegacy.com) without affecting the lawfulness of processing based on consent before its withdrawal.

Your Rights

You may be entitled, in accordance with applicable law, to object to or request the restriction of processing of your Personal Data, and to request access to, rectification, erasure and portability of your own Personal Data. Requests should be submitted by contacting us by emailing privacy@givelegacy.com or this Web Form.

Contact

If you need to contact the authority for GDPR-related concerns, contact The Information Commissioner’s Office at https://ico.org.uk/global/contact-us/