Save 20% on all sexual health tests with LOVE20

View cart 0

myLAB Box App Privacy Policy

Effective Date:  12/1/2021

Thank you for doing business with myLAB Box, Inc., a Delaware Corporation (“myLAB Box,” “Company,” “we,” “our,” or “us”).  We welcome you and hope you find our COVID-19 screening tool (the “Services”) helpful and useful.  We have adopted this privacy policy (“Privacy Policy”) to help our users  (“you” or “your,”)  understand what Data we collect, store, share, and use, how and why we do so, and what your rights are in regards to that Data.

We always seek to improve our Services to our users, and that requires that we collect, store, share, and use information about you and your usage preferences.  As we do so, we are absolutely committed to protecting your privacy and the security of your personal information.

In this Privacy Policy, we use the word “Data” to describe all the information we collect that relates to you and your use of our Services.  “Data” is broken into different categories, which are defined in the “Data We Collect and How We Use It” section of this Privacy Policy.  We may refer to the different categories separately, but when we use the word “Data,” we mean all the different categories described in this Privacy Policy.  The term “Data” does not apply to de-identified and aggregated data that may be derived from Data that cannot be reasonably connected with any individual (“De-identified Data”).  We may use De-identified Data for our own purposes in any manner and without attribution or compensation to any person.

If you have any questions about this Privacy Policy or how we handle your Data, please e-mail us at support@mylabbox.com.

1. DESCRIPTION OF SERVICES

We provide an online platform and tool for COVID-19 testing and proctoring, all as described in the Platform License and Terms of Service you have entered with Company (the “Agreement”).  In this Privacy Policy, all the tools and services made available in connection with the Services are included in the term “Services.”  However, the term “Services” does not include “Professional Services,” such as human resources consultations that may be provided by employees or agents of myLAB Box after the initial screening is complete, even if those professional services are provided via the myLAB Box Platform.  These will be governed by a separate agreement.

2. LAWFUL BASIS FOR PROCESSING

Many jurisdictions require that we disclose to you the lawful basis for our processing of your Data.  We do that in Section 4 and throughout this Privacy Policy.  In general, our lawful basis for processing your Data is based on your specific consent or your or your employer’s contract with us.
By accessing or using any of the Services or by otherwise interacting with us online, you consent to our use of your Data as described in this Privacy Policy.  If our processing of your Data is based on your consent, you may withdraw your consent at any time, and we will cease collecting your Data.  However, in some cases, this may result in your inability to receive partial or full access to the Services, and your withdrawal of consent does not limit our ability to use the Data that has been aggregated and anonymized for use by us in connection with our legitimate business efforts in the future.  In addition, your withdrawal of consent does not prevent us from retaining and processing Data if we are required to do so by applicable law or in order to preserve legal claims.  It also does not prevent us from processing Data that has been gathered pursuant to a different lawful basis.  For example, if you give your consent for us to process your Data, but we are also required by law to keep your Data, that separate “lawful basis” will still apply, even if you withdraw your consent.


When you enter into an agreement with us, either by accessing the Services or by clicking “I Accept” or similar language online, we will process your Data for the purposes of fulfilling the terms of the Agreement.  In that case, our processing of your Data is based on the Agreement, so your withdrawal of consent will only be effective after the purposes for processing that Data have been fulfilled and after we no longer have a legal obligation or lawful basis to keep that Data.
In all cases, we will comply with applicable law and we will cease processing your Data after the legal right, obligation, or other lawful basis expires

3. INTENDED USERS

The Services are directed solely to persons 18 years of age or older or of children under 18 who are supervised by a parent, guardian, or other caregiver.  Other than for Data collected for the specific purpose of providing the Services to users, we do not knowingly collect Data from users who are under 13. If we become aware that we have gathered Data from a person under 13, except to provide the Services to such person, then we will attempt to delete such Data as soon as possible, subject to our obligations under applicable law. If you believe that we have gathered Data from a person under 13 in contravention of this policy, please contact us at support@mylabbox.com.

4. DATA WE COLLECT AND HOW WE USE IT

Listed below are the categories of Data we collect when you use our Services. We never sell your Data, and we always have a lawful basis for gathering the Data, but that lawful basis might be different for different categories, and we describe those uses below.  Regardless, we never use the Data for any purpose other than the purpose for which we gathered the Data in the first place, unless we get your prior explicit consent.

  • Registration Data
    • Data Description:  Registration Data consists of the name, e-mail address, phone number, and other contact information you provide us using the Services, both when you register your account and thereafter.  Registration Data also includes your username.
    • Lawful Basis for Processing:  Our lawful basis for processing Registration Data is our contract with you and your consent.  We can only provide certain of the Services to you if we have the Registration Data, so we need to store and access that Registration Data during the term of our contract.  Even when the Registration Data is not critically necessary to the provision of the Services, we may still process that Registration Data to facilitate our contractual interactions with you.
    • How We Use It and Who We Share It With:  As disclosed in the Agreement, we convey Registration Data about you only to your employer and to third-party data processors such as Novosi, PureCloud, and Amazon Web Services who help us provide the Services.  We use Registration Data only to provide the Services to you and to contact you.
  • Engagement Data
    • Data Description:  Engagement Data consists of all the information you input or record using the Services, other than the Registration Data.  Engagement Data includes your responses to questions in the screening tool.  It also includes all information that is proprietary to you regarding your use of the Services (other than the data that qualifies as “Usage Data” below) that is collected or processed by the Services.  For example, Engagement Data may include the portions of our Services that you use, when you access them, and survey responses, among other things.
    • Lawful Basis for Processing:  Our lawful basis for processing Engagement Data is (1) our contract with you and (2) our legitimate interest in improving our Services based on the Engagement Data we receive from you.
    • How We Use It and Who We Share It With: Your Engagement Data is accessible only to us, to you, and to your employer and third-party processors such as Novosi, PureCloud, and Amazon Web Services, and then only as necessary to provide the Services.  We do not share Engagement Data with other third parties, except at your specific request, but we may use Engagement Data to make inferences that help us provide and improve the Services and communicate offers to you for our own goods and services.  Both during the term of the Agreement with you and thereafter, we may also use Engagement Data in an anonymized and aggregated format that is not identifiable to any individual, and that anonymized and aggregated information belongs solely to us to use in our sole discretion (including to sell anonymized and aggregated information, which is not Data).  To the extent we are required to delete any Engagement Data about you, we may still retain aggregated and anonymized information that may have originated as your Engagement Data.
  • Usage Data
    • Data Description:  Usage Data consists of the following and similar information:
      • Information about your interactions with the Services, which includes the date and time of any requests you make.
        • The timing of the information you post to the Services including messages you send and/or receive via the Services and your interactions with our customer service team, but not including the content of those interactions and messages, which would be included as Engagement Data.
        • Technical data which may include URL information, cookie data, your IP address, the types of devices you are using to access or connect to the Services, unique device IDs, device attributes, network connection type (e.g. WiFi, 4G, LTE, Bluetooth) and provider, network and device performance, browser type, language, information enabling digital rights management, operating system, and application version.
    • Lawful Basis for Processing:  Our lawful basis for processing Usage Data is (1) our contract with you and (2) our legitimate interest in improving our Services based on the Usage Data we receive from you.
    • How We Use It and Who We Share It With:  Usage Data is accessible only to us, to you, and to third-party processors such as Novosi, PureCloud, and Amazon Web Services, and then only as necessary to provide the Services.  We do not share it with other third parties, except at your specific request, but we may use Usage Data to make improvements to the Services.  Both during the term of our agreement with you and thereafter, we may also use Usage Data in an anonymized and aggregated format that is not identifiable to any individual, and that anonymized and aggregated information belongs solely to us to use in our sole discretion (including to sell anonymized and aggregated information, which is not Data).  To the extent we are required to delete any Usage Data about you, we may still retain aggregated and anonymized information that may have originated as your Usage Data.

5. SHARING YOUR INFORMATION

Except where a specific limitation is noted above, we may share your Data as follows:

  • At Your Instruction. If you request us to make your Data available to a third party, and such request furthers the purposes of our Services, we will do so.
  • With your Employer. As part of providing the Services, we make Data available to your employer to facilitate the screening and approval processes.
  • Sharing with Vendors.  In certain cases, we use the services of third-party vendors, to assist us in providing the Services.  We may share your Data with such vendors solely for that purpose, and we will require those parties to abide by our privacy policies or privacy policies substantially in consonance with ours.
  • Service Providers. We may sometimes use a third party to provide specific Services on our behalf, including sending e-mails to our members, conducting member surveys, processing transactions or performing statistical analysis of our Services. In these cases, we may provide certain personal information, such as your name and e-mail address and other financial information necessary for the service to be provided. However, these third parties are required to maintain the confidentiality of this information and are prohibited from retaining, sharing, storing or using this information for any other purposes.
  • Internet Service Providers. We may provide certain portions of your Data, such as your email address or name, back to your internet service provider if we have an existing advertising relationship with them. This is done to allow them to target or discontinue your exposure to our advertisements, once you have become a participating member of our Services. As part of our agreement with your internet service provider, they will be required to maintain this information in a confidential manner and use it solely for the purpose described in this Privacy Policy.
  • Business Transitions. In the event that we go through a business transition, such as a merger, acquisition, liquidation or sale of all or a portion of our assets, the information we have about you will, in most instances, be part of the assets transferred. We reserve the right to transfer that information in connection with such transactions without notice to you.  We will not be required to obtain your consent for such a transfer.
  • Legal Disclosure. We may disclose your Information if required to do so by law or in the good faith belief that such action is necessary to conform to applicable law, comply with a judicial proceeding, court order or legal process served on us, protect and defend our rights or property, or investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our terms of service.

If we ever plan to use any Data in the future for any other purposes not identified above and we do not have a separate lawful basis for that new purpose for processing, we will only do so after obtaining your specific consent.

6. TECHNOLOGIES WE USE

The technologies we use for automatic Data collection may include the following:

  • Cookies (or browser cookies).  A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Services.
  • Flash Cookies. Certain features of our Services may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from and on our Services. Flash cookies are not managed by the same browser settings as are used for browser cookies.
  • Web Beacons. Pages of the Services and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs. pixel tags and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
  • Other Technologies.  We may also use device identifiers, local storage, html modifiers, and different types of caching to help us understand the devices and users who access the Services.  Those methods include device identifiers that are either hardware-based or software-based, persistent or non-persistent, and which may identify either a device or a software module within a device (such as a web browser).

7. YOUR CHOICES REGARDING OUR USE AND DISCLOSURE OF YOUR DATA

Except as provided in this Privacy Policy regarding anonymized and aggregated Data and except for Data that is processed by us pursuant to a lawful basis other than your consent, you may instruct us to cease disclosure or use of your Data by contacting us at support@mylabbox.com. We will comply with your request(s) as soon as reasonably practicable.

8. PRIVACY FOR CALIFORNIA RESIDENTS

California has adopted the California Consumer Privacy Act (“CCPA”), which took effect at the beginning of 2020.  We comply with the requirements of the CCPA to the extent they apply to us.
If you are a California resident and we qualify as a “business” under the terms of that law, you will have the following rights:

  • You have the right to request that we disclose the categories and the specific items of Data about you that we collect, use, disclose, and/or sell and that Data about you that we have collected, used, disclosed, and/or sold during the 12 months prior to your request.
  • You also have the right to have the Data we collect about you deleted.  We use a two-step process to verify your identity and to have the information deleted. Your rights to have Data deleted are subject to several exceptions, specifically the Data that is necessary for us to:
    • complete your transaction;
    • provide you a good or service;
    • perform a contract between us and you;
    • protect your security and prosecute those responsible for breaching it;
    • fix our system in the case of a bug;
    • protect the free speech rights of you or other users;
    • comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);
    • engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;
    • comply with a legal obligation; or
    • make other internal and lawful uses of the information that are compatible with the context in which you provided it.
  • To make any request under the CCPA, you must complete the Data Request Form found here .  You will be asked to give us your name, e-mail address, telephone number, and any other information we request to reasonably verify your identity.  We will respond to your request within 10 days after receipt of your request, and we will then take action to verify your identity and fulfill your request, as required by the CCPA.
  • We will provide you with a CSV copy of your stored data within 45 days of your request, assuming we are able to verify your identity in that period and so long as you provide a correct email address for successful correspondence.
  • You have the right not to receive discriminatory treatment by us for the exercise of any privacy rights conferred by the CCPA, which means that we will not take any action to hurt or punish you for exercising your rights under the CCPA.
  • You may designate an authorized agent to make a request under the CCPA on your behalf by writing us at support@myLAB Box.com.  Upon receipt of your request, we will provide you with the information you will need to designate that agent.

Note that we are not allowed by law to at any time disclose your Social Security number, driver’s license number, or other government-issued identification number, financial account number, any health insurance or medical identification number, or any account password or security questions or answers.

We have listed the specific and general categories of information we have collected, disclosed, or sold in the last 12 months in the section above entitled “Data We Collect and How We Use It.”  That section also lists the specific and general categories of Data we have disclosed to third parties for our business purposes.

We do not sell your Data to any third parties, but we do make some of your Data available to your employer and our third-party service providers for the business purpose of providing the Services to you.

We do not sell the personal information of minors under 16 years of age.
For more information, please direct your questions to us at support@mylabbox.com.  You can also direct questions to our toll free number 800.856.9522

9. SECURITY

The security of your Data is important to us. We use commercially reasonable efforts to store and maintain your Data in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Data that you provide to us. We have implemented procedures designed to limit the dissemination of your Data to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.

10. THIRD-PARTY POLICIES

You may be able to access third-party websites and other tools and services or products via a link, or via our other tools. The privacy policies of these third parties are not under our control and may differ from ours. The use of any Data that you may provide to any third parties will be governed by the privacy policy of such third party or by your independent agreement with such third party, as the case may be. If you have any doubts about the privacy of the information you are providing to a third party, we recommend that you contact that third party directly for more information or to review its privacy policy.
This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any offering, site or other products and Services used in connection with the Services.  The inclusion of a link does not imply endorsement of the linked site or service by us or by our affiliates.

11. RETENTION

We will keep your information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if required by law. All retained information will remain subject to the terms of this Privacy Policy. Please note that if you request that your information be removed from our databases, it may not be possible to completely delete all of your information due to technological and legal constraints.

12. AMENDMENT OF THIS PRIVACY POLICY

We reserve the right to change this Privacy Policy at any time. If we decide to change this Privacy Policy in the future, we will post or provide appropriate notice. Any change to this Privacy Policy will become effective on the date of posting on the Services or sent via email to your listed email address. Unless stated otherwise, our current Privacy Policy applies to all Data that we have about you and your account. The date on which the latest update was made is indicated at the top of this document. We recommend that you print a copy of this Privacy Policy for your reference and revisit this policy from time to time to ensure you are aware of any changes. Your continued use of the Services signifies your acceptance of any changes.

13. ACCESS AND ACCURACY

You have the right to access the information we hold about you in order to verify the information we have collected in respect to you and to have a general account of our uses of that information. Upon receipt of your written request, we will provide you with a copy of your information, although in certain limited circumstances we may not be able to make all relevant information available to you, such as where that information also pertains to another user. In such circumstances, we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.

We will make every reasonable effort to keep your information accurate and up-to-date, and we will provide you with mechanisms to update, correct, delete or add to your information as appropriate. As appropriate, this amended information will be transmitted to those parties to which we are permitted to disclose your information. Having accurate information about you enables us to give you the best possible service.

14. PROTECTED HEALTH INFORMATION (PHI)

Any information that you enter on the myLAB Box web site or mobile application concerning your screening results, lab results or health status will be held in strict confidence.  Your Protected Health Information (PHI) are only used by myLAB Box and myLAB Box affiliated partners to perform Services.  If you provided consent as part of an employer testing program, your test results and information will be shared with your employer. We will never share your information with third parties, unless legally required to do so.

For samples that are sent in via mail for laboratory testing, it is a requirement by law  for the laboratory that receives and processes samples to report positive test results for ‘reportable diseases’, including COVID-19.   The information is primarily used for aggregated statistical reporting for state and national disease tracking.  All information is reported and held confidentially with the Departments of Health as they are not allowed by law to share your personal information or results with third parties. 

15. CONTACT US

You can help by keeping us informed of any changes such as a change of your personal contact information. If you would like to access your information, if you have any questions, comments or suggestions of if you find any errors in our information about you, please contact us at support@mylabbox.com. If you have a complaint concerning our compliance with applicable privacy laws, we will investigate your complaint and if it is justified, we will take appropriate measures.