We are HIPAA-compliant, GDPR-compliant, and CCPA-compliant. In general, the Legacy team believes deeply that privacy is a fundamental human right, and we make every attempt to anonymize and encrypt your data wherever possible. You can learn more below about your rights as a consumer under CCPA and GDPR, and we will facilitate this process to the greatest extent possible.

We clearly outline in this Privacy Policy exactly what data we may be collecting, and seek to provide as many examples as possible for you to understand how we may use your data.

What Data We Collect, Why, and How it’s Shared

Personal Data or Personal Information (PI) is information that relates to you, your household, or one of your devices.

Legacy collects personal information about you from various sources to provide our service and to manage our site. Some data is provided by you. Other data is collected automatically.

Contact Information

We collect your contact information (name, email, phone number, address) when you purchase our service or contact us by email or through our website. We use the information you provide to respond to your questions, to provide our service, and to provide customer support. We also send emails to market our own services.

We share this information for business purposes with third parties and service providers in the following categories:

  • Core providers to deliver our service (such as a identity verification and medical providers)

  • Sales and marketing tools (for sending marketing emails)

  • Internal business operations (such as email providers and data storage)

  • Customer support (such as our phone provider)

Payment Information

When you pay for our service, you directly provide payment information to a payment processor who processes the transaction on our behalf.

Commercial Information

Commercial information consists of your buying habits and purchases. When you purchase our products, we retain records of your purchasing history through our payment processor. This information is also shared with third parties and service providers in the following categories:

  • Internal business operations (such as our email provider and contract storage)

  • Sales and marketing tools (such as referral marketing tracking)

Electronic Activity, Device Information, and IP Information

We collect IP address and electronic activity (i.e. how you use our website or application), along with information about your device type and operating system when you visit our website and purchase our products. This information is collected on our behalf by third parties that provide services for:

  • Sales and marketing tools (such as our client relationship management [CRM] system and digital advertising publishers)

  • Data analytics (to understand how you use our website)

  • Core providers to deliver our service (such as identity verification)

We use this information to operate and improve our website, products, and marketing efforts.

Behavioral Profile

We use electronic activity data to determine what service you’re most interested in. This information is a feature for our CRM.

Biometric Information, Medical Data, and Protected Class

We collect biometric and medical information in order to provide services such as sperm analysis, freezing, and storage. During this process, we necessarily collect protected class information (such as biological sex).

This information is shared with core providers critical to delivering our service, such as medical clinics.

Audio Information and Visual Information We collect audio information if you leave a voicemail and visual information if have a visible profile picture uploaded through email. This information is disclosed to service providers, such as our email and phone providers.

Data Retention

We retain all customer records such as purchases and support tickets indefinitely. Requests to fulfill rights as described below will be retained for at least 24 months.

Children’s Privacy

We will never knowingly collect the personal information of children under 18. Our website is not intended or developed for children or minors.

Cookie Policy

This website uses cookies to recognize you when you visit our website.

Cookies are small text files that are stored on your computer. They are designed to hold a small amount of data specific to a website or server that can be accessed either by the website or your computer. We use cookies to capture information described in the What Data We Collect, Why, How It’s Shared section, such as IP address and electronic activity data.

We use this information to remember your site preferences. Additionally, we use this data to analyze site traffic, provide targeted advertising, and to understand the effectiveness of our marketing efforts.

Contact

Our Data Protection Officer is Khaled Kteily can be contacted at privacy@givelegacy.com if you have any questions or concerns.

You may also send mail to:

Legacy Attention: Data Privacy Officer Harvard Innovation Lab Batten Hall, 125 Western Ave Allston Cambridge, MA 02134

CCPA Notice

You may exercise certain consumer rights under the California Consumer Privacy Act (CCPA) by filling in this form. Your CCPA rights are described below.

Right to Know

You have the right to request information regarding the categories and specific pieces of personal information we have collected about you, as well as the sources of that information, the business purpose for collecting it, and what types of third parties we share or sell it with.

If you make a request more than twice in a 12-month period, you may be required to pay a small fee for this service.

Right to Deletion

You may exercise your right to deletion. We will delete any personal information that is not critical to the normal business operation of Legacy from our records and direct all of our service providers to do the same.

We consider data to be critical to our business operation if they are used to:

  • Provide goods or services to you
  • Detect and resolve issues related to security or functionality
  • Comply with legal obligations

Right to Non-Discrimination

If you exercise your consumer rights:

  • We will not deny goods or services to you
  • We will not charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties
  • We will not provide a different level or quality of goods or services to you

Do Not Sell My Info

We do not sell any information that identifies you, such as your name or contact information. However, we do allow Ad Networks such as Facebook and Google to collect your electronic activity while on our website. Ad Networks may also collect IP address and information about your device and browser (such as the name and model number of your device) through cookies and similar tracking technologies on our website. They use this information to advertise to you after you leave our website. This is called “retargeted advertising.” Under the CCPA’s broad definition of what it means to “sell” personal information, this form of advertising may be considered a “sale” of your information.

If you do not want us to provide this information to our advertisers, you may opt out here:

[https://optout.aboutads.info/(https://optout.aboutads.info/)

Authorized Agent

You may designate someone as an authorized agent to make a request under CCPA on your behalf. You can do this by providing written permission to authorize an agent to act on your behalf; the agent will need to verify their identity with us. Agents authorized by power of attorney are exempt from having to provide written permission, but must show documentation that power of attorney has been granted.

We will deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.

Request Verification

Before we can respond to any CCPA requests, we will need to verify that you are who you say you are. Verification is important for preventing fraudulent requests and identity theft.

The verification process depends on which type of request you make. For requests to access specific information or requests to delete information, we may require a higher level of verification. Typically, identity verification will require you to confirm certain information about yourself based on information we have already collected. For example, we may ask you to reply from the email address we have on file for you that is associated with your name. If we cannot verify your identity, we cannot fulfill requests to exercise any rights accorded to you by CCPA.

In some cases, we may have no reasonable method by which we can verify a consumer’s identity. For example:

  • If a consumer submits a request but we have not collected information about them, we cannot verify the request.
  • If the only data we have collected about a consumer is gathered through website cookies (i.e., the consumer has visited our website and had no other interaction with us), we are unable to associate a requester with the data collected; therefore, we cannot verify the request.

This section of the Privacy Policy applies only if you use our website or Services covered by this Privacy Policy from a country that is a Member State of the European Union, and supplements the information in this Privacy Policy.

Legal Basis for Data Processing

We process Personal Data for the purposes set out in this Privacy Policy:

  • As necessary for the performance of the contract between you and Legacy (for example, to provide you with the Services you request and to identify and authenticate you so you may use the website)

  • As necessary to comply with legal requirements (for example, to comply with regional rules and best practices for the distribution of donor sperm);

  • As necessary for our legitimate interests (for example, to manage our relationship with you and to improve the website and our Services)

  • Based on consent by our customers (for example, to communicate with you about our products and services and provide you with marketing information), which may subsequently be withdrawn at any time (by emailing info@givelegacy.com) without affecting the lawfulness of processing based on consent before its withdrawal.

Your Rights

You may be entitled, in accordance with applicable law, to object to or request the restriction of processing of your Personal Data, and to request access to, rectification, erasure and portability of your own Personal Data. Requests should be submitted by contacting us by emailing privacy@givelegacy.com or this Web Form.

Contact

If you need to contact the authority for GDPR-related concerns, contact The Information Commissioner’s Office at https://ico.org.uk/global/contact-us/