We are HIPAA-compliant, GDPR-compliant, and CCPA-compliant. In general, the Legacy team believes deeply that privacy is a fundamental human right, and we make every attempt to anonymize and encrypt your data wherever possible. You can learn more below about your rights as a consumer under CCPA and GDPR, and we will facilitate this process to the greatest extent possible.
What Data We Collect, Why, and How it’s Shared
Personal Data or Personal Information (PI) is information that relates to you, your household, or one of your devices.
Legacy collects personal information about you from various sources to provide our service and to manage our site. Some data is provided by you. Other data is collected automatically.
We collect your contact information (name, email, phone number, address) when you purchase our service or contact us by email or through our website. We use the information you provide to respond to your questions, to provide our service, and to provide customer support. We also send emails to market our own services.
We share this information for business purposes with third parties and service providers in the following categories:
Core providers to deliver our service (such as a identity verification and medical providers)
Sales and marketing tools (for sending marketing emails)
Internal business operations (such as email providers and data storage)
Customer support (such as our phone provider)
When you pay for our service, you directly provide payment information to a payment processor who processes the transaction on our behalf.
Commercial information consists of your buying habits and purchases. When you purchase our products, we retain records of your purchasing history through our payment processor. This information is also shared with third parties and service providers in the following categories:
Internal business operations (such as our email provider and contract storage)
Sales and marketing tools (such as referral marketing tracking)
Electronic Activity, Device Information, and IP Information
We collect IP address and electronic activity (i.e. how you use our website or application), along with information about your device type and operating system when you visit our website and purchase our products. This information is collected on our behalf by third parties that provide services for:
Sales and marketing tools (such as our client relationship management [CRM] system and digital advertising publishers)
Data analytics (to understand how you use our website)
Core providers to deliver our service (such as identity verification)
We use this information to operate and improve our website, products, and marketing efforts.
We use electronic activity data to determine what service you’re most interested in. This information is a feature for our CRM.
Biometric Information, Medical Data, and Protected Class
We collect biometric and medical information in order to provide services such as sperm analysis, freezing, and storage. During this process, we necessarily collect protected class information (such as biological sex).
This information is shared with core providers critical to delivering our service, such as medical clinics.
Audio Information and Visual Information We collect audio information if you leave a voicemail and visual information if have a visible profile picture uploaded through email. This information is disclosed to service providers, such as our email and phone providers.
We retain all customer records such as purchases and support tickets indefinitely. Requests to fulfill rights as described below will be retained for at least 24 months.
We will never knowingly collect the personal information of children under 18. Our website is not intended or developed for children or minors.
We use this information to remember your site preferences. Additionally, we use this data to analyze site traffic, provide targeted advertising, and to understand the effectiveness of our marketing efforts.
Legal Basis for Data Processing
As necessary for the performance of the contract between you and Legacy (for example, to provide you with the Services you request and to identify and authenticate you so you may use the website)
As necessary to comply with legal requirements (for example, to comply with regional rules and best practices for the distribution of donor sperm);
As necessary for our legitimate interests (for example, to manage our relationship with you and to improve the website and our Services)
Based on consent by our customers (for example, to communicate with you about our products and services and provide you with marketing information), which may subsequently be withdrawn at any time (by emailing email@example.com) without affecting the lawfulness of processing based on consent before its withdrawal.
You may be entitled, in accordance with applicable law, to object to or request the restriction of processing of your Personal Data, and to request access to, rectification, erasure and portability of your own Personal Data. Requests should be submitted by contacting us by emailing firstname.lastname@example.org.
Information we collect
Information you provide to us
We collect the personal information you provide to us when you purchase our service. The categories of information we may collect include:
- Personal Identifiers, including name, email address, postal address, and telephone number
- Commercial and Financial Information, including purchases, other purchasing behavior, signature, credit card or debit card number, and bank or other financial account number
- Characteristics of Protected Classifications, including age, disability, sex or gender, race or color, and medical condition
- Professional, including non-public education records
- Medical, including medical information
- Physical and Audio Data, including physical characteristics or descriptions
We collect the personal information you provide to us when you visit and browse our website. The categories of information we may collect include:
- Personal Identifiers, including email address, telephone number, name, and postal address
Information collected automatically
We automatically collect internet or other electronic information about you when you visit our website, such as IP address, browsing history and interactions with our website. We also collect geolocation data. This data may be collected using browser cookies and other unique personal identifiers.
Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. When we detect a Do Not Track signal, we place a U.S. Privacy String setting in your browser so that any third party who respects that signal will not track your activity on our website. We also respect the Global Privacy Control (GPC) signal, a user-enabled global privacy control that opts you out of the sale of personal information. GPC is supported by certain internet browsers or as a browser extension.
Information from other sources
We may collect personal information about you from third-party sources, including Ad Networks, Data Analytics Providers, and Other consumers (e.g., referrals).
How long we keep your dataWe do not retain data for any longer than is necessary for the purposes described in this Policy.
How we share and disclose information
Information Disclosed for Business or Commercial Purposes in the Last 12 Months, and Categories of Parties Disclosed To
We may disclose the following personal information about you when you purchase our service:
|Personal Information Disclosed||Recipient (by Category)|
|Personal Identifiers||Service Providers, Business Operations Tool, Payment Processors, Shipping Services, and Data Analytics Providers|
|Internet Activity||Service Providers, Data Analytics Providers, and Ad Networks|
|Commercial and Financial Information||Business Operations Tool, Service Providers, Payment Processors, Data Analytics Providers, and Ad Networks|
|Characteristics of Protected Classifications||Service Providers, Shipping Services, and Business Operations Tool|
|Online Identifiers||Service Providers, Shipping Services, Business Operations Tool, Data Analytics Providers, and Ad Networks|
|Medical||Business Operations Tool and Service Providers|
|Physical and Audio Data||Service Providers|
|Geolocation Information||Service Providers, Data Analytics Providers, and Ad Networks|
We may disclose the following personal information about you when you visit and browse our website:
|Personal Information Disclosed||Recipient (by Category)|
|Personal Identifiers||Service Providers and Shipping Services|
|Online Identifiers||Service Providers, Data Analytics Providers, and Ad Networks|
|Internet Activity||Data Analytics Providers, Service Providers, and Ad Networks|
California Privacy Notice (CCPA)
This section provides additional information for California residents under the California Consumer Privacy Act (CCPA). The terms used in this section have the same meaning as in the CCPA. This section does not apply to information that is not considered "personal information," such as anonymous, deidentified, or aggregated information, nor does it apply to publicly available information as defined in the CCPA.
Collection and Disclosure of Personal Information
The personal information we collect is described above in Information we collect. The personal information we disclose for business or commercial purposes is described above in How we share and disclose information. The length of time for which we retain personal information is described above in How long we keep your data.
Business and Commercial Purposes for Collection
We collect personal information for the following business purposes:
- Advertising and Marketing
- Audit Current Interactions
- Error Management
- Internal Research
- Provide Products or Services
- Quality Assurance
We also "share" and "sell" (as defined in the CCPA) personal information for commercial purposes, including to advertise and market our products.
Information “Sharing” and “Selling”
We “share” certain personal information with third party ad networks for purposes of behavioral advertising, including: Commercial and Financial Information, Geolocation Information, Internet Activity, and Online Identifiers. This allows us to show you ads that are more relevant to you.
We use third party data analytics providers and this may be considered a “sale” of information under the CCPA.
You may opt-out of these data practices here.
Your CCPA rights are described below. You can make a Request to Know or a Request to Delete under the CCPA by submitting a Privacy Request at the top of this page, or by clicking here.
Right to Know
You have the right to request to know the following about the personal information we have collected about you in the past 12 months:
- the categories and specific pieces of personal information we have collected about you
- the categories of sources from which we collect personal information about you
- the business and commercial purposes for which we collect personal information
- the categories of third parties with whom we share the information
- the categories of personal information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose
If you make a Request to Know more than twice in a 12-month period, we may require you to pay a small fee for this service.
Right to Delete
You have the right to request that we delete any personal information about you that you have provided to us. We will permanently delete from our records any personal information that is not necessary for our business operations and direct our service providers to do the same.
We consider information to be necessary for our business operations if it is used to:
- Complete an obligation to you that you have requested
- Detect and resolve issues related to security or functionality
- Comply with legal obligations
- Enable solely internal uses
Right to Non-Discrimination
If you exercise your CCPA consumer rights:
- We will not deny goods or services to you
- We will not charge you different prices or rates for goods or services, including through the use of discounts or other benefits or penalties
- We will not provide a different level or quality of goods or services to you
Right to Opt-Out
You have the right to opt-out of any selling and sharing of your personal information.
You may exercise your right to opt-out here.
Before we can respond to a Request to Know or Request to Delete, we will need to verify that you are the consumer who is the subject of the CCPA request. Verification is important for preventing fraudulent requests and identity theft. Requests to Opt-Out do not require verification.
Typically, identity verification will require you to confirm certain information about yourself based on information we have already collected. For example, we will ask you to verify that you have access to the email address we have on file for you. If we cannot verify your identity based on our records, we cannot fulfill your CCPA request.
For a request that seeks specific personal information, we ask that you sign a declaration stating that you are the consumer whose personal information is the subject of the request, as required by the CCPA.
In some cases, we may have no reasonable method by which we can verify a consumer's identity. For example:
- If a consumer submits a request but we have not collected any personal information about that consumer, we cannot verify the request.
- If the only data we have collected about a consumer is gathered through website cookies (i.e. the consumer visited our website but had no other interaction with us), we are unable to reasonably associate a requester with any data collected; therefore, we cannot verify the request.
A California resident's authorized agent may submit a Request to Know or a Request to Delete under the CCPA by emailing us at email@example.com. Requests submitted by an authorized agent will still require verification of the person who is the subject of the request in accordance with the process described above. We will also ask for proof that the person who is the subject of the request authorized an agent to submit a privacy request on their behalf. An authorized agent that has power of attorney pursuant to California Probate Code section 4121 to 4130 must submit proof of statutory power of attorney, but consumer verification is not required.
If you have trouble accessing this notice, please contact us at firstname.lastname@example.org.
If you have any privacy-related questions, please send them to email@example.com.