GENERAL GENETICS CORPORATION (GGC DNA) Privacy Policy

GENERAL GENETICS CORPORATION (“GGC DNA,” “we,” “us,” “our”) is a genetic and clinical laboratory based in the United States that provides DNA and genetic testing services to patients, healthcare providers, hospitals, and partners in the U.S. and internationally. This Privacy Policy explains how we collect, use, store, share, and protect personal, medical, and genetic information, and what rights you have in relation to that information. It is designed to align with applicable U.S. laws and, where relevant, other international data protection standards, but it is not legal advice.

Contact details

General Genetic Corporation
3655 Research Drive, Las Cruces, NM 88003, United States
Phone: +1 267 388 9828
Email: info@ggcdna.com

Information we collect and how we obtain consent

We collect only the information needed to provide and support our laboratory and related services.

Personal and contact details: Name, date of birth, sex, contact information, address, country/region, government ID where required by law or for medical, billing, or chain‑of‑custody purposes.

Medical and health information: Referring physician or hospital details, medical history relevant to the test, family history where clinically indicated, current medications or pregnancy status for certain tests, and other clinical notes needed to interpret results; under U.S. law this is considered health information and may be protected health information (PHI) when handled in a clinical context.

Genetic and laboratory data: Sample identifiers, barcodes, raw and processed genetic data (such as sequence or genotyping data), interpreted results, variant classifications, quality‑control metrics, and associated laboratory documentation.

Family and relationship data: Information about biological relatives when relevant to the requested test (e.g., paternity, kinship, inherited disease), which may itself qualify as genetic information about those relatives.

Technical and usage data: IP address, device information, browser type, and usage patterns on our websites or portals, collected via standard logging and analytics tools to secure and improve our services.

We obtain your consent in a granular, test‑specific manner:

Consent for testing: Before performing any genetic or DNA test, we obtain a signed or electronically recorded informed consent from the patient, legal guardian, or authorized representative; for hospital referrals, we rely on documentation provided by the healthcare facility that consent has been obtained in accordance with local regulations.

Consent for data storage and re‑contact: You are informed that we will store your test data and reports for periods required by medical, legal, and accreditation standards, and may contact you or your provider if clinically important new information arises.

Separate consent for research and secondary use: Any use of your identifiable or coded genetic information for research, clinical studies, or product development beyond your direct care is subject to specific additional consent; where possible, we use de‑identified or aggregated data.

Using services with limited personal details: For some non‑clinical or informational services, you may use initials or partial information; however, for medically actionable tests, legal chain‑of‑custody, billing, and accurate result attribution, we may be required to collect full identifiers and documentation and may not be able to process your test without them.

We retain personal and genetic data only as long as necessary to provide services, comply with CLIA/CAP, HIPAA and state record‑keeping rules, resolve disputes, and meet audit or accreditation requirements; retention periods may therefore extend for several years or longer where clinical, legal, or quality obligations require it.

How we use, share, and protect your data

We use your information primarily to provide accurate laboratory results and support your care:

Core uses: Receiving and processing samples, performing laboratory and quality‑control procedures, generating and reviewing genetic and clinical reports, and delivering results to you and/or your authorized healthcare provider.

Operational uses: Internal quality assurance, method validation, staff training with appropriate safeguards, regulatory reporting where required, billing and payment, customer support, and improvement of our testing processes and platforms.

Research and innovation: With your specific consent or under an applicable ethics or IRB framework, de‑identified or coded data may be used for research, clinical validation, algorithm development, or improvement of interpretation databases; we do not treat such consent as a condition for receiving core diagnostic services.

We share information only where necessary and under strict conditions:

Healthcare providers and hospitals: Test results and necessary clinical information are shared with your ordering physician, hospital, or authorized healthcare team for diagnosis, counseling, and treatment; such disclosures are generally permitted for treatment and healthcare operations under U.S. health privacy rules.

Partner and reference laboratories: If part of your testing is performed by a trusted partner lab (for example, for specialized assays or confirmatory testing), we share only the data required to perform that work, under contractual confidentiality and data‑protection obligations.

No sale to insurers or employers: We do not sell your identifiable genetic or medical data to health insurers, employers, or pharmaceutical companies, nor do we allow them access to your results for underwriting or employment decisions.

Research collaborators: When data is shared for research or product development, it is typically de‑identified or coded, and governed by data‑use agreements, ethics approvals, and your prior consent where required.

Legal, regulatory, and government authorities: We may disclose information when required to do so by law or valid legal process (such as a subpoena, court order, or government request), or to comply with reportable disease regulations, accreditation audits, or inspections; we limit such disclosures to what is legally necessary and challenge overbroad requests where appropriate.

Fraud prevention and safety: We may use or disclose information where reasonably necessary to detect or prevent fraud, security incidents, or imminent threats to life or serious harm, consistent with applicable law.

We implement multiple safeguards to reduce privacy risks:

De‑identification and coding: For research, analytics, and quality improvement, we preferentially use data that has been de‑identified, coded, or pseudonymized by removing direct identifiers and replacing them with internal codes; access to the key that links codes back to individuals is restricted to a small, authorized team.

Recognizing limits of anonymity: Because genetic information is inherently unique, there is always some residual risk that de‑identified genetic data could, in theory, be re‑linked to an individual or family when combined with other data sets; we design processes to minimize this risk and evaluate proposed uses accordingly.

We protect data through technical, organizational, and physical controls:

Technical measures: Encryption in transit and at rest where appropriate, network security controls, access logs, intrusion‑detection tools, and regular security testing aligned with healthcare privacy practices.

Organizational measures: Role‑based access so that employees see only the data required for their duties, confidentiality agreements, mandatory privacy and security training, and disciplinary consequences for misuse.

Physical safeguards: Secured laboratory and office facilities, controlled access to sample storage areas, and procedures to prevent unauthorized handling of physical records and specimens.

Data may be stored on secure servers located in the United States and, where necessary, in other jurisdictions where GGC DNA or trusted cloud or infrastructure providers operate; when data of individuals from the European Union or other regions with specific requirements is processed, we strive to implement appropriate safeguards such as contractual clauses and risk assessments consistent with those legal frameworks.

Your rights, choices, and control over your data

Subject to applicable law and the context in which your test was ordered (for example, through a hospital, government program, or direct service), you may have the following rights:

Access and copies: You can request access to your personal information, genetic reports, and—in many cases—your raw genetic data; where permitted, we will provide copies in a commonly used format within a reasonable timeframe and may need to verify your identity or work through your healthcare provider.

Correction and updates: If your contact details or other personal information are inaccurate or incomplete, you may request correction; in some settings, demographic corrections may need to come from the ordering clinic or hospital to keep medical records synchronized.

Deletion and account closure: You may ask us to delete certain personal data, your online account, and, where allowed by law and medical record rules, your stored genetic data and reports; however, we may retain limited information where required for legal, regulatory, quality‑control, accreditation, or billing purposes.

Sample destruction: Where not prohibited by clinical or legal requirements, you may request destruction of stored biological samples (such as blood, saliva, or swabs) after testing is complete; we will document destruction according to our laboratory protocols and, where applicable, notify your provider.

Withdrawal of research or secondary‑use consent: You may withdraw your consent for use of your identifiable or coded data in future research, analytics, or product‑development activities; withdrawal does not affect uses that have already occurred or analyses that have been completed, but we will cease new secondary uses that rely on your consent.

Marketing and non‑essential communications: You can opt out of non‑essential communications such as newsletters, promotional emails, or follow‑up marketing, while still receiving important service, safety, or result notifications that are legally or clinically necessary.

To exercise your rights, you may contact us using the details provided above; for some tests ordered through healthcare providers, certain requests (such as corrections to clinical records) may need to be initiated through your doctor or hospital in accordance with their policies and applicable health‑information laws.

Legal protections, family considerations, and samples

In the United States, several laws and policies are relevant to how your genetic information may be used and protected:

HIPAA and health privacy: When testing is ordered and processed in a healthcare context, genetic information is treated as health information and, in many cases, as protected health information (PHI); covered entities must limit uses and disclosures, implement safeguards, and provide certain patient rights of access, amendment, and accounting.

GINA and genetic nondiscrimination: The Genetic Information Nondiscrimination Act (GINA) protects individuals in the U.S. from discrimination based on genetic information in health insurance and most employment decisions; health insurers and most employers may not use genetic information to determine eligibility, premiums, or employment status, or require individuals to undergo genetic testing for these purposes.

Limits of these protections: GINA and HIPAA do not generally apply to life, long‑term care, or disability insurance, and some categories of workers and programs (such as certain military or federal plans) may fall outside full GINA protections; you should consider obtaining personalized legal or financial advice before sharing genetic information with non‑health insurance entities.

International frameworks: For individuals located in the European Economic Area or other regions with comprehensive data‑protection regimes similar to the GDPR, we endeavor to respect principles such as lawfulness, fairness, transparency, purpose limitation, data minimization, and data subject rights when we act as a controller or processor of personal data.

Because genetic information is shared within families, your results may have implications for your relatives:

Sharing with relatives: We do not disclose your identifiable results to family members without your explicit authorization, except where permitted or required by applicable law in rare circumstances (for example, to avert a serious and imminent threat to health, as allowed by local rules); instead, we may encourage you to share relevant findings with relatives and offer materials or provider‑to‑provider communication where appropriate.

Family inference: Even when we do not test your relatives, certain results can suggest that they may carry similar variants or risks; this possibility is explained during pre‑test counseling where available.

Regarding access by insurers, employers, and other third parties:

Health, life, and other insurance: We do not proactively share your genetic test results with any insurer; if you choose to provide results to an insurer (for example, when applying for life or disability coverage), that company may make its own decisions under applicable law, and such uses may not be limited by GINA.

Employers, schools, and non‑medical organizations: We do not release your genetic information to employers, educational institutions, or other non‑medical organizations without your explicit written authorization or a legal requirement; in the U.S., most employers are prohibited from requesting or using genetic information in employment decisions.

For biological samples:

Use and storage: Your blood, saliva, swab, or other sample is used to perform the requested tests and, where consented or allowed by ethics and law, may be stored for quality control, re‑analysis, confirmation, or approved research; storage conditions and duration are defined by our laboratory policies and regulatory or accreditation obligations.

Destruction: Where permitted, you may request that any residual sample not needed for mandatory retention or ongoing clinical obligations be destroyed; we record the destruction in our laboratory information systems and, if relevant, may inform your provider.

We maintain procedures to detect, assess, and respond to potential data breaches involving genetic or medical information, and, where required by law, we will notify affected individuals, relevant healthcare partners, and regulators within the timeframes and using the methods specified by those rules.

We review this Privacy Policy periodically to reflect changes in our services, technologies, and legal requirements; material updates will be communicated through our website and, when appropriate, through direct notices, and your continued use of our services after such changes takes effect constitutes your acknowledgement of the updated policy.