MyHeritage Privacy Policy
If you have not reviewed it since that date, please do so now.
PRIVACY POLICY SUMMARY
Who Are We?
MyHeritage is a direct-to-consumer company headquartered in Israel. MyHeritage develops services for family history research and DNA testing.
Our Key Privacy Principles
MyHeritage was founded in 2003 and has enjoyed the trust of its users ever since. MyHeritage cares deeply about the privacy of its users and the privacy of their data and its top priority is to honor their trust.
MyHeritage has never sold or licensed personal data (like customer names, email addresses, residence addresses and family trees) and will never do so in the future.
MYHERITAGE HAS NEVER SOLD OR LICENSED GENETIC DATA OR HEALTH DATA, AND WILL NEVER DO SO IN THE FUTURE.
MyHeritage will never provide data to insurance companies under any circumstances. MyHeritage prohibits law enforcement use of its DNA Services.
Users can delete their data from MyHeritage at any time. Deletion is permanent and irreversible.
If anything material ever changes in this privacy policy, we will notify you by email.
Capitalized terms used but not defined in this Privacy Policy shall have the meaning ascribed to them in our Terms and Conditions.
What Information Do We Collect About You?
We collect the information that we need to provide our Service (as defined in our Terms and Conditions), as described below:
Information you share directly with us. For example, information that you enter when you sign up for the Service, create a family tree or do your family history research using the Service, communicate with our customer support staff and our automated virtual assistant, fill in a questionnaire or survey on our Website, and so on.
Information from Public and Historical Records. We digitize such records ourselves or license them from archives and other sources, to create content needed by genealogists. These records may include public information about you.
Information from our DNA Services. If you purchase our DNA test or upload your DNA data to our Website, we extract your DNA from your DNA sample or use your uploaded DNA Results, process them and conduct genetic analysis in order to provide you with our DNA Services. DNA Services are not available in Russia, Israel, and a number of other countries.
Information from our Photo Tagger feature. If you choose to use our Photo Tagger feature, it identifies faces in your photos and creates facial recognition models (i.e., biometric information). The Photo Tagger clusters faces of the same person appearing in multiple photos, and lets you tag them in all photos in one go.
Information we receive when you use our Service. We collect web-behavior information using automated means of data collection technologies (like cookies) to enhance your experience of visiting the Website and understand how our Services are being used. See our Cookie Policy for more information.
How Do We Use Your Personal Information?
To provide our Service to you. This includes displaying your family tree, comparing your family tree to other family trees to serve you Smart Matches™, comparing your family tree to historical records to serve you Record Matches, comparing your DNA data to other users to serve you DNA Matches, providing you with DNA Reports, and so on.
To communicate with you about the Service.
To market the Service to you, from which you can opt-out at any time.
For internal business purposes, to improve and develop new products and services, perform internal data analysis, analyze the use of the Website to improve the customer experience or assess our promotional campaigns.
For internal research, with your consent. If you voluntarily choose to participate in our research and agree to our DNA Informed Consent.
Will MyHeritage Disclose any of Your Personal Information to Third Parties?
PERSONAL INFORMATION PROVIDED BY YOU, INCLUDING GENETIC INFORMATION AND HEALTH INFORMATION, WILL NEVER BE SOLD OR LICENSED BY US TO THIRD PARTIES, INCLUDING INSURANCE COMPANIES, GOVERNMENT AGENCIES, OTHER CORPORATIONS OR EMPLOYERS.
We will not provide information to law enforcement unless we are required by a valid court order or subpoena for genetic information.
We will not disclose any of your personal information to any third party except in the following very limited circumstances:
(a) with our service providers (e.g., payment platforms) under the protection of appropriate agreements – to provide you with our Service; (b) with your DNA Matches (if enabled) and with your Smart Matches (if enabled); (c) when required of us by law or during legal proceedings, or to prevent fraud and cybercrime; (d) for research, if you explicitly consented to the DNA Informed Consent; and (e) in connection with the acquisition of our business.
Security of Your Personal Information
We have implemented technical, physical and administrative security measures to protect against the loss, misuse, unauthorized access, alteration or disclosure of users' personal information under our control. For example: we periodically review and enhance our security and privacy practices as necessary, we commission periodic penetration tests to test the robustness of the security of our Service, only authorized personnel have access to personal information, and we only work with labs and third parties who meet and commit to our security standards.
Managing Your Privacy
We give you the ability to share information in a variety of ways. You can choose when and with whom you share your information outside of the Service. You can disable DNA Matching or Smart Matching™, choose not to use AI Record Finder™ or AI Biographer™, opt out of viewing results for certain incurable conditions within the DNA Health Reports, give or decline consent for research, manage cookies, request to destroy your DNA sample/s, and delete your account and data, at any time.
FULL PRIVACY POLICY
In this document (the "Privacy Policy") we provide information on what personal information is collected and why, as well as how we use the personal information to provide you with a personalized, user-friendly experience on the Website. We also explain how you can view this personal information, control the way it is shared, or delete it.
1. CHANGES TO THIS PRIVACY POLICY
2. WHAT PERSONAL INFORMATION IS COLLECTED FROM YOU OR ABOUT YOU?
3. HOW DO WE USE YOUR PERSONAL INFORMATION?
4. LEGAL GROUNDS FOR THE PROCESSING OF PERSONAL INFORMATION
5. WILL MYHERITAGE DISCLOSE ANY OF YOUR PERSONAL INFORMATION TO THIRD PARTIES?
6. HOW DO YOU DELETE INFORMATION ABOUT YOURSELF OR YOUR FAMILY, OR REPORT IT TO US?
7. COOKIES AND NON-PERSONAL INFORMATION
8. SECURITY AND TRANSFER OF INFORMATION
9. DATA RETENTION
10. MANAGING YOUR PRIVACY
11. YOUR RIGHTS
12. DATA SUBJECT RIGHTS
13. GDPR
14. US STATE PRIVACY NOTICE
15. BRAZIL'S DATA PROTECTION LAW
16. SOUTH AFRICA'S DATA PROTECTION LAW
17. CHILDREN
18. New Jersey's Daniel’s Law
19. CONTACTING US ABOUT PRIVACY
1. CHANGES TO THIS PRIVACY POLICY
If we decide to modify our Privacy Policy, we will issue an updated version of this Privacy Policy with an updated date legend and if the changes are material, we will also notify you via email or on our Website.
Use of the Website or the Service following any changes constitutes your acceptance of the revised privacy policy then in effect. If you would like us to cease using or storing your information in accordance with the revised policy, then delete your account or contact us at privacy@myheritage.com and ask us to do it for you.
Whenever this Privacy Policy is modified in substance, the label "updated" will be displayed prominently next to the "Privacy Policy" link in the footer of the Website pages. The "updated" label will be removed after 30 days. Please make sure you read our updated Privacy Policy before using our Website or Services. If you have questions about our changes, contact us at privacy@myheritage.com.
2. WHAT PERSONAL INFORMATION IS COLLECTED FROM YOU OR ABOUT YOU?
We collect information we believe is necessary to provide you with the Service. The amount of other personal information you decide to submit to MyHeritage is up to you.
Here are the types of personal information we request, collect or you provide:
1) Name, Contact Information and Payment Details: When you sign up for the Service, we ask for your name, gender and email address, as well as birth year and country. The birth year is collected to ensure that you comply with the Terms and Conditions with regards to underage and minor users. If you purchase a subscription or another product, we will need to know your postal address, phone number and payment details to facilitate payment and fulfillment.
2) Information on Your Family and Others: You may also enter additional personal information about yourself and others in the course of building your family tree, doing your family research on the Website or otherwise using our Services, e.g., names, relationships, dates and places of birth and death, contact information such as email address, and photos. Such information may also be entered if you choose to use the AI Record Finder™ feature.
If you choose to invite a family member or another person to view or edit your family tree, we will ask you for the individual's email address and name. You must first make certain that you have obtained their consent to pass on their details to MyHeritage, before you invite them.
When building a family tree, you decide which relatives to add to the family tree, whether to add deceased relatives, living relatives or both, and which information to include about them. Adding living relatives to the family tree requires you to obtain their prior consent. Before adding living relatives below legal age to the family tree, you must obtain the consent of their parent or guardian.
If you choose to add an audio recording to a photo or a profile in your family tree, such recordings will be stored and made available for listening only to you and to members in your family site. You can delete them at any time.
3) Information from Public and Historical Records: We digitize, license and procure records from various sources, including birth, marriage and death certificates, census records, immigration lists, newspapers and other records. Such records may contain personal information relating to you.
4) DNA Information: DNA-related information is generated and stored when you use our DNA Services, i.e., when you purchase our DNA test kit, or upload your DNA data that was generated by another DNA testing service. Our DNA Services will extract your DNA from your DNA sample or use your uploaded DNA Results, process them and conduct genetic analysis in order to provide you with our DNA Reports.
5) Biometric Information: If you choose to use our Photo Tagger feature, it uses facial recognition technology, to create facial recognition models (i.e., biometric information) of you and your deceased relatives, in order to help you tag people in your photos quickly and easily.
6) Your Comments and Opinions: If you post messages or comments on our blogs or Facebook accounts, or our message boards, we may capture that information.
7) Your Use of the Service: While you use our Service, we may collect information based on your interaction with our Website or from the devices or computers you use to access the Website, to enhance your experience of visiting the Website and understand how our Services are being used. This may include web log information, “clickstream” data (for example, the type of computer and browser you use, the address of the website from which you linked to the Website), page views and IP addresses.
8) Your Communications: Your communications with other users through the Service’s features (e.g., MyHeritage Inbox), as well as information you provide us in communications with our customer support team (e.g., support tickets), other representatives and/or information you provide while interacting and communicating with our automated virtual assistant, will be collected and recorded by us and, with respect to our automated virtual assistant, recorded by our service providers Cognigy.AI or OpenAI.
9) Your Survey Answers: If you voluntarily participate in any Surveys or questionnaires on the Service, we will collect the information you provide.
10) Your Health Questionnaire Information: Before providing you with the DNA Health Reports, we collect certain self-reported family health history information from you, about you and your family members using a questionnaire (the “Health Questionnaire Information” and the “Health Questionnaire”, respectively). In the USA, we are obligated to collect this information to comply with health regulations. Outside the USA, we are not obligated but we collect it for data consistency.
11) Third Party Account Authentication Services: You may link an account from Google to your account on our Service, for authentication. This will allow you to use your credentials from the other service to create a MyHeritage account or to sign in to MyHeritage, without having to enter details manually such as your email address. If you choose to do so, we will collect and use the information you authorized to share with us via that service, (for example, the email address for a connected Google or Apple account), in accordance with this Privacy Policy.
12) Information from Integration with Genealogy Partners: Our genealogy partners such as Roots Magic and Family Historian (the "Genealogy Partners") may pass genealogical information from family trees of their users to us via an integration for matching with our family trees and records. We do not receive a license to this information sent by Genealogy Partners, it is not collected by us, and it is deleted automatically after matches are calculated.
13) Your Image Data: If you use our photo features such as Deep Nostalgia™, DeepStory, MyHeritage In Color™, MyHeritage Photo Enhancer, AI Time Machine™, PhotoDater™ and/or Photo Scanner, we will process information obtained from photos you upload ("Image Data"), in order to provide the applicable service to you. These photo features do not collect or retain any biometric information or biometric identifiers from your photos. Uploading photos, or any other personal information, of living individuals to our Services, requires you to obtain their prior consent. Before uploading photos or any other personal information of minors or underage children to the Service, you must obtain the consent of their parent or guardian.
3. HOW DO WE USE YOUR PERSONAL INFORMATION?
1) To provide the Service to You: We primarily use your personal information to fulfill the purpose(s) for which you have provided the personal information to us. These purpose(s) include displaying your family tree, re-running family history searches you made on MyHeritage to find more records for you, processing your subscription and providing you with customer support. We also use your personal information to serve you Smart Matches™ and Record Matches for your family tree, to provide the AI Record Finder™ or AI Biographer™ features or to enable you and other members of the MyHeritage community to contact each other, and so on.
If you are using our DNA Services: We will process and store your DNA samples, conduct genetic analysis and provide you with the DNA Results and DNA Reports. If DNA Matching is enabled, we will compare your DNA data to other users to serve you DNA Matches. If you are interested in the DNA Health Reports, the Health Questionnaire Information will allow us to determine your eligibility to receive them. For U.S. customers, the DNA Health Reports are provided pursuant to a physician’s order. We may add new DNA Health Reports for you as they become available.
If you use our photo features which are based on Artificial Intelligence (AI) algorithms, such as Deep Nostalgia™, DeepStory, MyHeritage In Color™, MyHeritage Photo Enhancer, PhotoDater™ and/or AI Time Machine™, we will process Image Data to animate your photos, colorize them or restore their original colors, enhance them, estimate when they were taken, or create conceptual theme images from your photos.
If you use our AI Time Machine™ feature: Photos uploaded to the AI Time Machine™ feature are not shared with any third party. Uploaded photos are not used to train or improve the AI algorithms; they are only used to generate the user's AI images and not for any other purpose. MyHeritage does not keep or store the uploaded photos. They are deleted immediately after an AI Time Machine™ model has been generated. If a model has not been generated successfully, the photos are kept for a maximum period of 24 hours for retries, and are then deleted.
If you use our Photo Tagger feature, note that it uses facial recognition technology powered by Amazon. When enabled, this feature identifies faces in your photos and creates facial recognition models. It clusters faces of the same person appearing in multiple photos, and allows you to tag them in all photos in one go. The Photo Tagger learns the appearance of deceased people you tag, and makes tagging suggestions when you upload new photos to MyHeritage. Tagging is never automatic and always requires your confirmation.This feature is not enabled by default and requires your explicit consent to start working and create facial recognition models (i.e., biometric information) of you and your deceased relatives. Facial recognition name tagging suggestions are provided only for individuals known from your family tree to be deceased. Any facial recognition models are used only for the photos in your family site and are never used to create tagging suggestions for photos uploaded by other users who are not members in your family site.
MyHeritage will never sell or license Photo Tagger information to third parties.
If you use our AI Record Finder™ or AI Biographer™ features: AI Record Finder™ allows you to search for ancestors and relatives in a chat interface, and AI Biographer™ allows you to create a biography about an individual. Information that you enter while using the AI Record Finder™ will be shared with OpenAI and processed to provide you with the search results. The AI Biographer™ feature creates a biography based on information contained in MyHeritage’s database and external public sources (the accuracy of which we cannot guarantee).
When you engage with our automated virtual assistant, we and our service provider Cognigy.AI will process personal information, record your chat communications, and use AI technology to analyze your request, all in order to provide you with a suitable response and to improve your experience. Information that the automated virtual assistant recognizes as being a credit card number (based on the unique pattern of credit card numbers), will not be captured.
2) To communicate with you: We may communicate with you for the purpose of informing you of updates or additions to the Service, or to seek feedback from you about the Service. Our communications with you will be conducted primarily via email, but may also be made via telephone, direct mail or another method of communication in some circumstances. If you do not want to continue to receive emails from us, you may opt out at any time by using the unsubscribe link listed in the email or by setting your Email Preferences. If you wish to opt out of other methods of communication, please contact us at privacy@myheritage.com.
3) To market our services: By signing up to the Service, you agree that we may use your contact information as well as information about your use of the Service, to offer you complementary MyHeritage products or services. Such promotional offers may be made via email, telephone or direct mail. We will never send you promotional offers by Text Message (SMS). The only Text Messages (SMS) you may receive from us are messages about upcoming birthdays and wedding anniversaries of close family members in your family if you opted-in to that specific feature.
If you do not want to receive marketing offers via email, you may opt out at any time by using the unsubscribe link listed in the email or by setting your Email and Communication Preferences. See the section on Email Preferences below. If you do not want to receive marketing offers via telephone, you can also do that via the Email and Communication Preferences. You can also instruct us to stop communicating with you by contacting us at privacy@myheritage.com or request this whenever you are speaking with any representative of MyHeritage.
The aggregated information gathered from you and other users through the Surveys may be used in our marketing, and such emails or promotional offers may be presented to you.
4) For internal business purposes: In order to improve the Service and to develop new products and services, we may use your personal information for internal data analysis, for studying how the Website is used, to help us diagnose problems and secure the Service, identifying usage trends and determining the effectiveness of promotional campaigns. For example, we may examine how much time visitors spend on each page of the Website and how they navigate through the Website, and use this information to improve the Website.
We use your IP address to deliver the Website and our Service to you and to help diagnose problems with our servers. Your IP address is also used to gather broad demographic information such as geographic distribution of our members. When you visit the Service for the first time, we use your IP address to suggest the Service to you in the language deemed most appropriate for the geographical region from which it originates.
5) To perform research: If you voluntarily agreed to the DNA Informed Consent, we may use your information (such as DNA Results and other DNA information) for the purposes of research as specified therein. Your informed consent may be revoked at any time through the Website. Your identity and the identity of your family members will never be disclosed by us in any publication of any research results. Read our DNA Informed Consent to learn more about the MyHeritage DNA Research Project.
4. LEGAL GROUNDS FOR THE PROCESSING OF PERSONAL INFORMATION
We are required to specify the purposes for which we process your personal information and the legal grounds upon which we rely when doing so. Please review the table elaborating our processing activities and the legal grounds for each activity.
5. WILL MYHERITAGE DISCLOSE ANY OF YOUR PERSONAL INFORMATION TO THIRD PARTIES?
PERSONAL INFORMATION PROVIDED BY YOU, INCLUDING GENETIC INFORMATION AND HEALTH INFORMATION, WILL NEVER BE SOLD OR LICENSED BY US TO THIRD PARTIES, INCLUDING INSURANCE COMPANIES, GOVERNMENT AGENCIES, OTHER CORPORATIONS OR EMPLOYERS.
These protections cover everything related to DNA, including DNA samples, DNA Results, DNA Reports, DNA Health Reports, facial recognition models (i.e., biometric information), and so on.
We will not provide information to law enforcement unless required by a valid court order or subpoena for genetic information.
MyHeritage will not disclose any of your personal information to any third party except in the limited circumstances listed below:
1) With our service providers: We use several reputable third parties to perform various tasks for us, under the protection of appropriate agreements. For example, we use leading third party platforms to process payments from you (mainly Adyen, Stripe, BlueSnap and PayPal), to provide us with cloud storage services (mainly Amazon and Google Cloud), to assist us in marketing and advertising, consumer research analytics, development of new algorithms and services, fraud prevention, security and the processing of customer support requests. We use an automatic tool called Google Dialogflow to semantically analyze incoming customer support tickets in order to classify them according to their intent, for purposes of expediting and optimizing the processing of those tickets. Before any tickets are passed to Dialogflow, we remove identifiable information (such as names and email addresses), and all tickets are deleted from Dialogflow immediately after their intent is classified. For purposes of expediting and optimizing the processing of incoming customer support calls, we use a text-to-speech conversion service by Microsoft Azure, which helps us transcribe the content of incoming support calls. The calls are automatically deleted after conversion to text and are not saved by Microsoft.
Our automated virtual assistant is enabled by Cognigy.AI. Cognigy.AI operates as our service provider and will not use your personal information for any purpose but to provide us with the service and improve it.
If you choose to use the AI Record Finder™ feature, the information that you provide in the chat interface when using the feature will be shared with OpenAI and processed to provide you with the search results. If you choose to use the AI Biographer™ feature, it will use OpenAI to summarize information contained in MyHeritage’s database and external public sources to create a biography of an individual.
If you choose to use our DeepStory feature, note that we use text-to-speech conversion services provided by Microsoft Azure and Amazon Polly to facilitate the DeepStory feature. The text is promptly deleted after it is converted to a voice file and is not stored by these services.
We use Google Customer Reviews to collect feedback about our services. If you approve Google sending you a survey, please note that your email, order delivery date, your country and the content of your review will be processed by Google as a Controller and therefore will be subject to Google’s privacy policy.
If you choose to use our Photo Tagger feature, note that it uses facial recognition technology powered by Amazon. This feature is not enabled by default and requires your explicit consent.
In the case of DNA Services, we use fulfillment and shipping companies (mainly Jay Group and Shipwire) as well as the specialized DNA lab Gene by Gene, located in Texas, USA to process, extract and store DNA samples. These third-parties are only given access to the minimal information needed to perform their auxiliary functions and are prohibited from using it for other purposes.
For processing orders for MyHeritage DNA Health Upgrades from customers residing in the United States, we work with an independent network of fully licensed, board certified physicians and genetic counselors, PWNHealth, LLC (www.pwnhealth.com) ("PWNHealth"). PWNHealth provides physician oversight and genetic counselling, as required for compliance. For the purpose of PWNHealth's review by a physician and genetic counselor, your personal information, including the Health Questionnaire Information, the DNA Results and the DNA Health Reports will be confidentially shared with PWNHealth.
For the processing of customer support requests, we utilize, in addition to our own employees, the customer support firm TELUS International Services Limited which operates customer support teams on our behalf in Ireland (as of November 2017) and in Guatemala (as of January 2020).
With respect to third-parties outside the European Economic Area, we have taken steps to ensure your personal information is adequately protected, as required by applicable law.
2) With members of your family site, your Smart Matches™ (if enabled), and your DNA Matches (if enabled):
Information you upload to your family site will be available to all members of your family site.
Smart Matches™ is a technology developed and owned by MyHeritage to find matches between family trees, by looking for individuals that they have in common. Smart Matches™ are very useful in that they facilitate discoveries of unknown relatives and reuniting families whose ties have been disconnected over time. Other MyHeritage users may receive notifications regarding Smart Matches™ between individuals in their family tree and individuals in your family tree. Smart Matches™ may also be found on living individuals in your tree. If you are concerned about the privacy of your family tree, to the extent that you do not wish to allow potential relatives to find and view parts of it, you can disable Smart Matches™ for your family tree(s). By default, Smart Matches™ are enabled. If Smart Matches™ are enabled, users of MyHeritage’s Genealogy Partners may receive Smart Matches with your family tree. Such matches are not bi-directional: you will not receive Smart Matches™ with the users of MyHeritage’s Genealogy Partners. Visit our Help Center to learn more about Smart Matches.
DNA Matches are a key feature of our DNA Services, across MyHeritage DNA kits and DNA data uploads.
If you use our DNA Services, when DNA Matches are enabled, your DNA Results will be matched with other users and may be linked to your profile page, and the DNA Genealogy Reports will include a list of your potential relatives, based on DNA. Each one of the people who match your DNA will be able to see the amount of DNA they have in common with you, the predicted family relationship between you, and some of your personal information such as your display name, your country of residence, your ethnicity estimate and genetic groups, and other profile information, depending on your privacy settings (but none of your DNA Matches will be able to see your DNA Health Reports). If a DNA Match is found between you (or any other person of which you are the DNA manager), and another individual whose DNA Results are stored in our database, both you and such individual will be notified of the match, provided, that, both of you have DNA Matching enabled in your privacy settings. DNA Matches may have significant personal implications because they may reveal unexpected family connections. This may expose relationships that are not supported by DNA, or DNA may indicate relationships that contradict existing relationships in your family tree. If you use the DNA Services and are concerned about the implications of DNA Matches, you can disable DNA Matches for your profile and for any other profile of which you are the DNA manager. When DNA Matches are disabled, your DNA will not be matched with other people, no DNA Matches will be found, and any DNA Matches found previously will be deleted. If you are unable or unwilling to contend with the consequences and any possible negative impact of such inferences you should not submit DNA samples and/or DNA Results to us, and you should delete your DNA Results and DNA Reports. Visit our Help Center to learn more about DNA Matches.
3) In legal or privacy circumstances: if required of us by law or during legal proceedings, or to prevent fraud and cybercrime.
4) For research: If you explicitly agreed to the DNA Informed Consent, for the research purposes indicated therein, your information may be aggregated and used in research studies published by MyHeritage, always without identifying information such as your name, email address, etc. Personal information provided by you, including genetic information and health information, will never be sold or licensed by us to third parties. Read our DNA Informed Consent to learn more about the MyHeritage DNA Research Project.
5) In an acquisition of MyHeritage: in the event that MyHeritage, or substantially all of its assets or stock are acquired the processing and transfer of personal information may be needed. Note that this situation is not unique to MyHeritage and applies to most companies.
6. HOW DO YOU DELETE INFORMATION ABOUT YOURSELF OR YOUR FAMILY, OR REPORT IT TO US?
Deleting your account: See instructions for deleting your account. This will irreversibly delete not only your account and the personal data you’ve entered but also your family sites, family trees, DNA data and health data.
Deleting your DNA Results and DNA Reports, and Destroying your DNA sample: Your DNA Results and DNA Reports are controlled by you and can be deleted by you at any time by using the delete function from the "Manage DNA kits" page on the Website. You can also request our Customer Support to do this for you. We will, if requested by you, destroy the DNA sample provided by you or your DNA sample which was provided to us by another person with your permission, at any time. To request destruction of your DNA sample, contact us at privacy@myheritage.com.
Deleting your Health Questionnaire Information: you may delete your Health Questionnaire Information by deleting your account or contacting our Customer Support.
Deleting facial recognition models: All facial recognition models are automatically deleted 3 months after your last use of the Photo Tagger feature. You can delete all facial recognition models at any time by turning off the Photo Tagger feature in your privacy settings, or by turning off the Photo Tagger feature in App Settings > Photos.
Deleting AI Record Finder™ chat history: You can delete your chat history in the AI Record Finder™ feature by using the ‘Delete Chat’ button in the feature or by contacting our Customer Support.
Deleting or amending information that others have posted about you or your family: If the information was posted in a family site where you are a member, you may delete it. Otherwise, if you are not able to delete or amend such information posted by another member, contact us at privacy@myheritage.com. We will then correspond with you to understand the specific information that you want to have deleted and will then proceed to delete it for you and resolve the matter promptly.
For disputes or issues with other personal information on the Website about you: You may contact us at privacy@myheritage.com. If you are a registered member of the Website, and you contact us with a request pertaining to information that you entered into the Website, we ask that you communicate to us from the same email address that you used to register to the Website. Otherwise, we may need to verify your identity before considering your request.
In case you need extra assistance, you may email us at privacy@myheritage.com to request us to help delete any information that you wish to have deleted, and your request shall be carried out promptly by our staff unless it is examined and believed to be illegitimate.
You can also contact our legal EU/EEA representative, Evgeny Inberg, via email at: eurepresentative@myheritage.com.
7. COOKIES AND NON-PERSONAL INFORMATION
Cookies
We make use of browser cookies and similar automated means of data collection technologies to enhance your experience of visiting the Website, for example, to avoid displaying certain messages to you more than once, to save your login details so you won’t need to re-enter them each time you wish to log in, or to remember the display language you previously selected so you won't need to select it each time you visit the Website. You can disable or delete cookies from your computer if you wish, but certain parts of our service may not work correctly or at all if you do so. For more information about our use of cookies and similar automated means of data collection, and how you can choose to disable or delete them, please see our Cookie Policy. For more information about cookies including how to set your internet browser to reject cookies please go to www.allaboutcookies.org
Other non-personal information
When you visit our Website, we may automatically collect non-personal information about you, such as the website from which you have come to our Website, your computer type, screen resolution, Operating System version, mobile device details (if applicable) and Internet browser. We may also collect non-personal information such as demographic data, for example your geographic area. Non-personal information also includes personal information that has been aggregated in a manner such that the end-product does not personally identify you or any other user of the Website, for example, by using personal information to calculate the percentage of our users from a particular country or who are female. Because non-personal information does not personally identify you, we may use such non-personal information for any purpose. In addition, we reserve the right to share such non-personal information.
Some web browsers and devices permit you to broadcast a preference that you not be “tracked” online. We do not modify your online experience based upon whether such a signal is broadcast.
8. SECURITY AND TRANSFER OF INFORMATION
When you provide us with any personal information, that personal information may be transferred to and stored by us in our secure data centers which may provide a different level of protection for personal information than in your country of residence. By providing us with personal or genetic information, you should be aware that it will be transferred, processed and stored in our data centers, located in the United States. You understand that DNA samples will be stored in the United States as provided in the Terms and Conditions.
MyHeritage takes appropriate steps to ensure that transfers of personal information are done in accordance with applicable law and carefully managed to protect your privacy rights and interests. Accordingly, transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative safeguards are in place to protect your privacy rights. In particular, we rely on the EU Commission standard contractual clauses. You have a right to contact us for more information about the safeguards we have put in place.
You acknowledge that in the event that you download your DNA Results: 1) such download will create a copy that is not protected by MyHeritage’s security and privacy settings; 2) such download and the storage of your DNA Results after you have downloaded it, shall all be made at your own risk; and 3) MyHeritage will not have any control over the downloaded DNA Results and shall not be liable to you or to any third party in connection with such download and/or storage.
We implement and maintain reasonable security, appropriate to the nature of the personal information that we collect, use, retain, transfer or otherwise process. We are committed to developing, implementing, maintaining, monitoring, and updating a reasonable information security program, but no such program can be perfect; in other words, all risks cannot reasonably be eliminated. Data security incidents and breaches can occur due to vulnerabilities, criminal exploits or other factors that cannot reasonably be prevented. Accordingly, while our reasonable security program is designed to manage data security risks and thus help prevent data security incidents and breaches, it cannot be assumed that the occurrence of any given incident or breach results from our failure to implement and maintain reasonable security.
You are responsible for keeping your password for the Service confidential. MyHeritage requires you to not share your password with anyone. MyHeritage requires you to not use the same password that you use on MyHeritage on any other service.
MyHeritage will comply with applicable laws in the event of any breach of the security, confidentiality, or integrity of your personal information and, where we consider appropriate or where required by applicable law, notify you via email, in the most expedient time possible and without unreasonable delay, insofar as it is consistent with any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
9. DATA RETENTION
We will retain your personal information only for as long as necessary to fulfil the purpose(s) for which it was collected and to comply with applicable laws. This means that we store your personal information for as long as it is required to deliver our services, except where we have a lawful basis for saving it for an extended period of time (for instance, after your subscription expires, we may still have a legitimate interest in using your contact details for marketing our service to you). We also retain the personal information we need for the execution of pending tasks and to realize our legal rights and our claims, as well as retain certain personal information that we must store for a legally mandatory period of time (in that latter case, the processing of such information by us is limited). If you agreed to the DNA Informed Consent, we may retain the information provided thereunder for as long as we determine required for the research purposes disclosed therein.
In some cases, where you or we delete your content, copies of that information may remain viewable elsewhere to the extent any such copy has been shared with others, was otherwise distributed pursuant to your privacy settings, or was copied or stored by other users. For example, a part of your family tree may have been copied by other users into their own family tree. Removed and deleted information may persist in backup copies for a limited time for our internal business purposes, but it will not be available to you or other users.
DNA Sample Retention
All DNA samples are stored at our testing lab in the United States. A DNA sample may be kept by us unless or until circumstances require us to destroy the DNA sample, which you can request at any time by contacting us using the contact details below, or it is no longer suitable for testing purposes. We may store the DNA samples for a period of ten (10) years for additional genetic testing, always subject to obtaining your explicit approval in advance for such additional testing.
Facial Recognition Models
If you use our Photo Tagger feature, all facial recognition models are automatically deleted 3 months after your last use of the Photo Tagger feature. In addition, you can delete all facial recognition models at any time.
10. MANAGING YOUR PRIVACY
You can control how you share personal information by changing your privacy settings in the following areas:
- Email Preferences: this allows you to control what marketing emails and other emails we may send you. All non-transactional emails sent to you by MyHeritage have a footer link that leads directly to the Email Preferences page in which you can conveniently turn off any particular email type you do not wish to receive any longer, or re-enable some emails that you have turned off in the past. Family site emails have a link at their footer to the site preferences page which allows you to unsubscribe from or re-subscribe to event reminder emails and family site activity newsletter emails.
MyHeritage typically refrains from sending commercial offers originating from partners, affiliates and third parties. To the extent that MyHeritage sends an offer, it is most likely about a service owned and operated by MyHeritage or integrated into the Service. - Privacy Preferences: this allows you to control the information that others can see about you and your personal information. See extended details about Privacy Preferences.
11. YOUR RIGHTS
You may revise your personal information by adjusting your account settings. You also have the right to ask MyHeritage to amend any personal information it holds about you if it is inaccurate or misleading as to any matter of fact. MyHeritage has instituted a process for verifying that the person making a request is the customer about whom we have collected information. We may ask you to provide identifying information to compare it to the personal information already maintained by us. We may require a more stringent verification process depending on the sensitivity of the personal information involved. Any request to amend personal Information in MyHeritage's records should be in writing and addressed by email to privacy@myheritage.com.
12. DATA SUBJECT RIGHTS
MyHeritage members residing in the European Union, the European Economic Area, Andorra, Argentina, Australia, Brazil, California, Canada, Faroe Islands, Guernsey, Hong Kong, Israel, Isle of Man, Japan, Jersey, Mexico, New Zealand, Singapore, South Korea, Switzerland, Uruguay, and other jurisdictions have certain data subject rights. For members located in the European Economic Area, those rights include those set out below (and related limitations). For those members residing outside of the European Economic Area, these rights vary, but they may include the following rights, which may be subject to certain exemptions: 1.1 The right to access information held about you. This right can normally be exercised free of charge. However, we reserve the right to charge an appropriate administrative fee where permitted by applicable law. 1.2 The right to object to processing which has our legitimate interests as its lawful basis (see "Legal Grounds for the Processing of Personal Information" section above). 1.3 The right to obtain a portable copy of personal information which is processed on the basis of your consent, or which is necessary for the performance of a contract between us (see "Legal Grounds for the Processing of Personal Information" section above). 1.4 The right to request rectification or restriction of the information we process about you. 1.5. The right to withdraw your consent when we rely on this legal basis to process your personal information (see "Legal Grounds for the Processing of Personal Information" section above). 1.6 The right to request deletion of your personal information. Any request should be in writing and addressed to MyHeritage by email at privacy@myheritage.com or through customer support. MyHeritage will use reasonable efforts to supply personal information about you on its files. MyHeritage shall endeavor to respond as soon as practicably possible. MyHeritage will make every effort to resolve all requests that we receive. However, if you are dissatisfied with our response to a request, you may have the right to lodge a complaint. Without limitation, in jurisdictions where the GDPR applies (i.e., the European Economic Area and the United Kingdom), you have the right to lodge a complaint with the data protection supervisory authorities.
13. GDPR
MyHeritage has taken steps to ensure compliance with all applicable privacy laws, including the general data protection regulation (GDPR).
14. US STATE PRIVACY NOTICE
For information regarding privacy rights you may have under US state laws and related disclosures, please see our US State Privacy Notice.
15. BRAZIL'S DATA PROTECTION LAW
This section addresses the legal obligations and rights laid out in the Lei Geral De Proteção De Dados ("LGPD"), which are applicable if:
- The processing operation is carried out in Brazil
- The purpose of the processing activity is to offer or provide goods or services, or the processing of data of individuals located in Brazil
- The personal data was collected in Brazil
Under the foregoing circumstances, you have the following rights:
- Confirmation of the existence of processing;
- Access to your personal information;
- Correction of incomplete, inaccurate or out-of-date information;
- Portability your personal information;
- Deletion of your personal information;
- Information about third parties with whom personal information is shared;
- Access to this Privacy Policy and the Terms and Conditions;
- To revoke your consent.
All these rights can be exercised free of charge.
To exercise any of the rights described above, please email privacy@myheritage.com.
16. SOUTH AFRICA'S DATA PROTECTION LAW
This section addresses the legal obligations and rights laid out in the Protection of Personal Information Act, 2013 ("POPIA"), which are applicable when the processing of personal information falls under the scope of POPIA, i.e., when personal information that is entered in a record is processed in South Africa.
Under the above circumstances, you have following data subject rights:
- to request access to, and information regarding the nature of personal information held and to whom it has been disclosed. Such request for access may be refused on the basis of the grounds of refusal in the Promotion of Access to Information Act, 2000;
- to request the restriction of processing of personal information in the circumstances contemplated in POPIA;
- to not have personal information processed for direct marketing purposes by means of unsolicited electronic communications, save for in the circumstances permitted by POPIA;
- to not to be subjected to a decision which is based solely on the automated processing of personal information intended to provide a profile of such person, save for in the circumstances permitted by POPIA;
- to request to rectify or correct personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully, subject to POPIA;
- to request deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully or where we are no longer authorized to retain it, subject to POPIA;
- to object to processing of personal information where the processing is on the basis that it protects the data subject’s legitimate interests; where the processing is on the basis that it is necessary for pursuing our legitimate interests or a third party to whom it is disclosed; or where the processing is for the purposes of direct marketing other than by unsolicited electronic communications;
- to lodge a complaint with the Information Regulator in South Africa using the details below:
The Information Regulator
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, South Africa
email: POPIAComplaints@inforegulator.org.za / PAIAComplaints@inforegulator.org.za - to institute civil proceedings regarding the alleged interference with the protection of personal information.
To exercise any of the rights described above, please email privacy@myheritage.com.
17. CHILDREN
Our Services are not directed or targeted to children under the age of 13, and MyHeritage does not knowingly collect personally identifiable information from children under the Minimum Age (for more information, see section "Underage Users" in our Terms and Conditions). If MyHeritage learns that a child under the Minimum Age has provided personally identifiable information to the Website, we will use reasonable efforts to remove such information from our files. If you provide information about a child, you, as parent or legal guardian, consent to the processing and use of such information by us in accordance with this Privacy Policy.
18. New Jersey's Daniel’s Law
New Jersey’s Daniel’s Law permits “active, formerly active, or retired judicial officer or law enforcement officer, [] prosecutor and any immediate family member residing in the same household as the judicial officer, law enforcement officer, or prosecutor” (“Covered Persons”) to make requests for removal or redaction of protected information about them from public records. “Immediate family member” means “a spouse, child, or parent of, or any other family member related by blood or by law to, an active, formerly active, or retired judicial officer or law enforcement officer, [] or prosecutor and who resides in the same household as the judicial officer, law enforcement officer, or prosecutor.” Specifically, Covered Persons may request to have their home address non-disclosed, removed, or redacted from publicly available records.
If you are a “Covered Person” under the New Jersey’s Daniel’s Law and want to remove your protected information from public records appearing on the Website, please email us at following email address: NJDanielsLawRequest@myheritage.com with the following information: (i) a statement that you are resident of New Jersey and a Covered Person, or a Covered Person’s designee under Daniel’s Law, identifying how you are a covered person, (ii) the name and address you are requesting to have removed, (iii) the corresponding screenshot/s or URL addresses directing to the information you would like removed. Upon receiving a request, MyHeritage will send a confirmation email to the email address that was used to submit the request notifying the requestor that the request has been duly received and is being processed. Complete requests submitted to this email address will be placed in a priority queue and handled by removing information in accordance with the provisions of Daniel’s Law within seven (7) business days from actual receipt of the email by MyHeritage.
19. CONTACTING US ABOUT PRIVACY
If you have any questions about this Privacy Policy, the practices of this Website, or your dealings with this Website, you can contact our Data Protection Officer (DPO) via email at dpo@myheritage.com, our dedicated privacy email address at privacy@myheritage.com or our legal EU representative, Evgeny Inberg, via email at: eurepresentative@myheritage.com.
You can also contact the DPO if you wish to request access to or receive information about the personal information that we maintain about you, and have such information deleted. If you have legitimate reason, you can oppose the processing that was carried out with your personal information. Note that the right to access certain personal information may be limited in some circumstances.