Privacy Policy

Section 1 — Information We Collect

We collect personal information from and about individuals in connection with their use of our websites, products, and services. The categories of personal information we collect include, but are not limited to, the following:

1.1 Identifiers

We collect information that identifies, relates to, describes, or is reasonably capable of being associated with a particular individual. This includes real name, alias, postal address, email address, telephone number, account name, social security number, driver's license number, passport number, Internet Protocol (IP) address, unique personal identifiers, online identifiers, and other similar identifiers.

1.2 Commercial Information

We collect records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. This may include transaction records, order history, subscription data, and related commercial activity.

1.3 Internet and Network Activity Information

We collect information about browsing history, search history, and information regarding a consumer's interaction with our website, applications, or advertisements. This includes data collected via cookies, web beacons, pixels, and similar tracking technologies.

1.4 Geolocation Data

We may collect non-precise geolocation data, including approximate location information derived from your IP address or other network-based data. We do not collect precise real-time geolocation information unless expressly disclosed and consented to at the time of collection.

1.5 Inferences

We may draw inferences from any of the information described above to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Such inferences may be used for analytical and advertising purposes as described in this Privacy Policy.

1.6 Sensitive Personal Information

To the extent we collect sensitive personal information as defined under applicable law — such as social security numbers, financial account details, precise geolocation, racial or ethnic origin, or health information — we will use and disclose such information only for the purposes disclosed at the time of collection or as otherwise permitted by law.

Section 2 — How We Use Your Information

We use the personal information we collect for a range of business and commercial purposes. Specifically, we may use your information for the following purposes:

• Providing Services: To fulfill and manage orders, deliver products or services, process transactions, send related information including purchase confirmations and invoices, and provide customer support.
• Improving Products and Services: To understand how our website and services are used, conduct research and analytics, and improve the functionality, quality, and user experience of our offerings.
• Marketing and Advertising: To send promotional communications, targeted advertisements, and other information about our products and services that may be of interest to you, in accordance with applicable law and your preferences.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests; to enforce our terms, conditions, and policies; and to exercise or defend legal claims.
• Fraud Prevention and Security: To detect, investigate, and prevent fraudulent transactions and other illegal activity; to protect the rights, property, or safety of our company, our customers, and others; and to maintain the integrity of our systems.
• Analytics: To measure the effectiveness of our marketing campaigns, analyze usage trends, and develop business insights through data analytics tools and services, including third-party analytics providers.
• Personalization: To tailor content, offers, and experiences to your interests and preferences based on information we have collected about you.
• Business Operations: To conduct internal operations, including auditing, data analysis, testing, and maintaining, improving, and developing our systems, processes, and services.

Where required by applicable law, we will obtain your consent before using your personal information for purposes that are materially different from those disclosed at the time of collection.

Section 3 — How We Share Your Information

We may disclose your personal information to third parties in the following circumstances. We do not sell personal information except as described in Section 4 of this Privacy Policy.

3.1 Service Providers

We may share personal information with third-party vendors, contractors, agents, and service providers who perform services on our behalf, including payment processing, data hosting and storage, customer support, email delivery, marketing and analytics services, and similar operational functions. These service providers are contractually obligated to use your personal information only as directed by us and in a manner consistent with this Privacy Policy.

3.2 Business Partners

We may share personal information with select business partners with whom we have established co-marketing, co-branding, referral, or joint offering relationships, where such sharing is consistent with the purposes for which the information was collected and applicable law.

3.3 Affiliates

We may share personal information within our corporate family, including parent companies, subsidiaries, and other affiliated entities, for purposes consistent with this Privacy Policy and applicable law.

3.4 Legal Requirements and Protection

We may disclose personal information if we reasonably believe that such disclosure is necessary to: (a) comply with any applicable law, regulation, legal process, or government request; (b) enforce our agreements, policies, and terms; (c) protect the security or integrity of our products and services; (d) protect our rights, property, or safety or the rights, property, or safety of our employees, users, or others; or (e) detect, prevent, or otherwise address fraud, security, or technical issues.

3.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, dissolution, or sale of all or a portion of our assets, personal information may be transferred to the acquiring or successor entity. We will provide notice before your personal information is transferred and becomes subject to a materially different privacy policy.

3.6 With Your Consent

We may disclose your personal information to other parties with your consent or at your direction, including when you authorize third-party applications or services to access your account or information.

Important: We do not sell personal information to third parties for monetary compensation except as described in Section 4. We do not sell the personal information of consumers we know to be under the age of 16 without affirmative authorization.

Section 4 — Sale of Personal Information and Targeted Advertising

4.1 Sale of Personal Information to Third Parties

We may sell, license, or otherwise transfer certain categories of personal information to third parties for monetary or other valuable consideration, as those terms are defined under applicable state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Virginia Consumer Data Protection Act (VCDPA), and the Utah Consumer Privacy Act (UCPA).

Categories of Personal Information We May Sell

The following categories of personal information may be sold to third parties:

• Identifiers — including but not limited to: real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, or other similar identifiers.
• Internet or Other Electronic Network Activity Information — including browsing history, search history, and information regarding a consumer's interaction with a website, application, or advertisement.
• Commercial Information — including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
• Geolocation Data — non-precise location information derived from IP address or other signals.
• Inferences — inferences drawn from any of the above information to create a profile about a consumer reflecting preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.

4.2 Categories of Third Parties to Whom We Sell Personal Information

We may sell personal information to the following categories of third parties:

• Data Brokers and Data Aggregators — companies that purchase personal information to compile, enhance, sell, or license consumer profiles for purposes including identity verification, fraud detection, marketing analytics, and audience segmentation.
• Advertising Networks and Ad Tech Platforms — third-party digital advertising platforms and programmatic advertising networks that use personal information to deliver targeted advertisements to consumers across websites, mobile applications, and other digital platforms.
• Market Research and Analytics Firms — organizations that purchase and analyze personal information to generate consumer insights, market research reports, and trend analyses for commercial clients.
• Financial Services and Insurance Providers — companies in the financial services sector, including lenders, insurers, and credit bureaus, that use personal information to underwrite offers, assess risk, and deliver financial products.
• Retailers and Consumer Brands — commercial retailers and consumer-facing brands that use personal information to identify prospective customers, personalize marketing outreach, or measure advertising effectiveness.
• Business-to-Business (B2B) Data Consumers — commercial entities that license personal information for lead generation, account-based marketing, or business intelligence purposes.
• Pharmaceutical Companies and Drug Manufacturers — pharmaceutical manufacturers, biotechnology companies, specialty drug providers, and healthcare product companies that purchase personal information to identify potential patients or consumers for prescription drug outreach, direct-to-consumer (DTC) pharmaceutical advertising, disease awareness campaigns, clinical trial recruitment, and health-related product marketing. Personal information sold to pharmaceutical companies may include identifiers, commercial information, internet or electronic network activity information, and inferences reflecting health-related interests or behaviors. We do not sell medical records, prescription history, or information constituting Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA).

4.3 Purposes for Which We Sell Personal Information

We sell personal information to third parties for the following commercial and business purposes:

• To enable third parties to deliver personalized advertising to consumers across digital channels.
• To facilitate audience targeting and lookalike modeling by advertising partners.
• To support market research, consumer analytics, and audience segmentation.
• To generate licensing revenue from the transfer of aggregated or pseudonymous consumer data.
• To enable lead generation services for commercial partners.
• To enable pharmaceutical companies and healthcare product manufacturers to identify and reach consumers who may benefit from or have expressed interest in health-related products, prescription medications, or clinical research opportunities, consistent with applicable federal and state advertising and privacy laws.
• To support cross-channel identity resolution by third-party data brokers.

4.4 Financial Consideration

In exchange for the sale or license of personal information, we may receive monetary compensation, data enrichment services, reciprocal data licenses, credits, discounts, access to enhanced data sets, or other valuable consideration.

4.5 Limitations on Sale

Notwithstanding the foregoing, we do not:

• Sell or share the personal information of consumers under the age of 16 without affirmative opt-in authorization, consistent with CCPA/CPRA requirements;
• Sell sensitive personal information (as defined under the CPRA), including precise geolocation, health data, financial account information, racial or ethnic origin, or the contents of communications, except as expressly permitted by applicable law;
• Sell personal information to third parties that we know will use it in violation of applicable privacy law;
• Sell medical records, prescription history, or information constituting Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA);
• Retain, use, or disclose personal information sold under a data processing agreement for purposes other than those specified in such agreement.

4.6 Targeted Advertising

We engage in targeted advertising — also referred to as "cross-context behavioral advertising" under the CCPA/CPRA and "targeted advertising" under the CPA, CTDPA, VCDPA, and UCPA. This means we may use personal information collected about your online activities over time and across non-affiliated websites or online services to predict your preferences and show you advertising tailored to your interests.

Technologies and mechanisms we use for targeted advertising include:

• Cookies and tracking pixels placed by third-party advertising networks
• Social media platform pixels (e.g., Meta Pixel, LinkedIn Insight Tag)
• Interest-based advertising through Google Ads, The Trade Desk, and similar networks
• Cross-device tracking and identity graphs maintained by third-party data partners
• Real-time bidding (RTB) systems in which your behavioral data may be transmitted to multiple advertising platforms simultaneously

4.7 Your Right to Opt Out of Sale and Targeted Advertising

You have the right to opt out of the sale of your personal information and the use of your personal information for targeted advertising. To exercise this right, see Section 5 — Do Not Sell or Share My Personal Information and the applicable state-specific rights described in the State-by-State Appendix to this Privacy Policy.

Section 5 — Do Not Sell or Share My Personal Information

5.1 Your Right to Opt Out

Under applicable state privacy laws, you have the right to opt out of the sale or sharing of your personal information and the right to opt out of targeted advertising. You may exercise this right by any of the following means:

• Clicking the "Do Not Sell or Share My Personal Information" link located in the footer of our website
• Submitting a request through our Privacy Rights Portal at support@bluegeneslab.com
• Emailing us at support@bluegeneslab.com with the subject line "Opt-Out Request"
• Calling our toll-free privacy line at (888) 215-2784

We will process opt-out requests promptly and in accordance with applicable law. We may need to verify that you are authorized to make the request, but we will not require you to create an account with us as a condition of honoring your opt-out request.

5.2 Global Privacy Control (GPC)

We recognize and honor Global Privacy Control (GPC) signals. If your browser or browser extension sends a GPC signal to our website, we will treat that signal as a valid opt-out request from the sale and sharing of your personal information and from targeted advertising, to the extent required by applicable law. The GPC signal will be processed automatically without any additional action required on your part, and it will be honored for the specific browser or device from which the signal is sent. If you use multiple browsers or devices, you may need to enable GPC separately on each.

5.3 Effect of Opt-Out

If you opt out of the sale or sharing of your personal information, the following will apply:

• We will cease selling or sharing your personal information with third parties for cross-context behavioral advertising or monetary compensation within 15 business days of receipt of your verified request.
• You may still receive contextual advertising that is not based on your personal information profile.
• Opting out will not affect our ability to provide you with our services, though some features dependent on personalization may be limited.
• Your opt-out preference will be stored for at least 12 months before we may ask you to reauthorize the sale or sharing of your personal information.
• Where technically feasible, we will notify third parties with whom we have shared your personal information prior to your opt-out request and direct them to cease further use of your personal information for selling or targeting purposes, to the extent required by applicable law.

5.4 Authorized Agents

You may designate an authorized agent to submit an opt-out request on your behalf. To do so, the authorized agent must provide written proof of their authority to act on your behalf, in a form satisfactory to us, such as a signed written authorization or power of attorney. We may require you to verify your identity directly with us even when using an authorized agent. We will not deny a request solely because it was submitted by an authorized agent, provided the agent has submitted proper documentation of their authorization.

5.5 Non-Discrimination

We will not discriminate against you for exercising your opt-out rights or any other rights available to you under applicable privacy laws. Specifically, unless permitted by applicable law, we will not:

• Deny you goods or services
• Charge you different prices or rates for goods or services, including through the use of discounts, benefits, or penalties
• Provide you with a different level or quality of goods or services
• Suggest that you will receive a different price, rate, level, or quality of goods or services as a result of exercising your rights under this Section

We may, however, offer you certain financial incentives permitted by applicable law that may result in different prices, rates, or quality levels. If we offer such a program, we will provide you with notice of the program's material terms and obtain your prior opt-in consent, which may be revoked at any time.

Section 6 — Your Privacy Rights (General)

Depending on your state of residence, you may have one or more of the following privacy rights with respect to personal information we hold about you. State-specific rights are described in greater detail in Appendix A.

6.1 Right to Access and Know

You may have the right to request that we confirm whether we are processing your personal information and to access the specific pieces and categories of personal information we hold about you, the sources from which it was collected, the purposes for which it is used, and the categories of third parties with whom it has been shared.

6.2 Right to Correction

You may have the right to request that we correct inaccurate personal information we maintain about you, taking into account the nature of the data and the purposes of processing.

6.3 Right to Deletion

You may have the right to request the deletion of personal information we have collected from or about you, subject to certain exceptions permitted by applicable law, such as legal obligations, the completion of a transaction, the detection of security incidents, or other lawful uses.

6.4 Right to Data Portability

You may have the right to obtain a copy of your personal information in a portable, readily usable format that allows you to transmit the data to another controller or processor without hindrance, to the extent technically feasible.

6.5 Right to Restrict Processing

You may have the right to restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of the data or where you object to our reliance on legitimate interests as a legal basis for processing.

6.6 How to Submit a Request

You may submit a privacy rights request using any of the following methods:

• Email: support@bluegeneslab.com
• Toll-Free Number: (888) 215-2784
• Mail: TRU-1
  Attention: Privacy Officer
  14500 N. Northsight Blvd, STE 100
  Scottsdale, AZ 85260

6.7 Response Timelines

We will respond to verifiable consumer requests within 45 days of receipt. If we require additional time to respond, we will notify you within the initial 45-day period of the reason for the delay and the extended response period. Under applicable state laws, the response period may be extended by an additional 45 days (for a maximum of 90 days total) when reasonably necessary, provided we give you notice of the extension.

6.8 Identity Verification

We are required to verify the identity of individuals submitting privacy rights requests before we can fulfill those requests. We will verify your identity using reasonably reliable means commensurate with the sensitivity and nature of the request. Verification may require you to provide information we already have on file about you, such as your name, email address, and account information. We will not require you to create an account with us as a condition of processing your request.

Section 7 — Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, as required by applicable law, or as otherwise communicated to you at the time of collection. The specific retention periods we apply depend on the following criteria:

• Legal Obligations: We retain personal information to the extent required by applicable laws, regulations, court orders, or government mandates, including tax, accounting, employment, and regulatory compliance requirements.
• Business Necessity: We retain personal information as necessary to fulfill the purposes outlined in this Privacy Policy, resolve disputes, enforce agreements, and maintain the integrity of our systems and records.
• Consumer Requests: Where a consumer has requested deletion of their personal information, we will delete or de-identify such information within the timeframes required by applicable law, subject to applicable exceptions.
• Security and Fraud Prevention: We may retain certain information for extended periods to prevent fraud, maintain security, or satisfy audit and recordkeeping requirements.

When personal information is no longer required for the purposes for which it was collected or is otherwise subject to deletion, we will securely delete, destroy, or de-identify the information using commercially reasonable methods. We do not guarantee any specific retention period, and actual retention periods may vary depending on the category of information, the applicable jurisdiction, and the specific circumstances of collection.

Section 8 — Security

8.1 Technical and Organizational Measures

We implement and maintain reasonable technical and organizational security measures designed to protect personal information against unauthorized access, use, disclosure, alteration, or destruction. These measures include, but are not limited to, encryption of data in transit and at rest, access controls and authentication protocols, network firewalls and intrusion detection systems, regular security assessments and vulnerability testing, and employee training on data security practices.

8.2 No Guarantee of Absolute Security

While we take commercially reasonable steps to protect your personal information, no security system is impenetrable, and no method of data transmission or storage can be guaranteed to be 100% secure. We cannot guarantee the absolute security of our databases, nor can we guarantee that personal information you supply will not be intercepted while being transmitted to us or from us over the Internet. Any transmission of personal information is at your own risk.

8.3 Breach Notification

In the event of a security breach that is reasonably likely to result in harm to you, we will notify you and appropriate authorities as required by applicable law. Notifications will be provided in the manner and within the timeframes required by applicable breach notification laws. We encourage you to promptly update us if your contact information changes so that we can reach you if necessary.

Section 9 — Children's Privacy

Our websites, products, and services are not directed to, and we do not knowingly collect personal information from, children under the age of 13 (or under the age of 16, to the extent required by applicable state law). We do not knowingly sell or share the personal information of children under the age of 16 without affirmative authorization as required by applicable state privacy laws.

We comply with the Children's Online Privacy Protection Act (COPPA) and, to the extent applicable, with additional state law requirements governing the collection of personal information from minors. If we become aware that we have inadvertently collected personal information from a child under the applicable age threshold without appropriate consent, we will take prompt steps to delete such information from our records.

If you believe that a child under the age of 13 (or 16, where applicable) has provided personal information to us, please contact us at support@bluegeneslab.com so that we may take appropriate action.

Section 10 — Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time and at our sole discretion. When we make material changes to this Privacy Policy, we will notify you by one or more of the following means:

• Posting a revised version of the Privacy Policy on our website with an updated "Last Revised" date at the top of the document
• Providing notice through a banner or pop-up on our website at the time of your next visit
• Sending a notice to the email address associated with your account, where we have such information and where required by law

The effective date of the updated Privacy Policy will be clearly stated at the top of the document. Your continued use of our websites, products, or services after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms, to the extent permitted by applicable law. If you do not agree with the terms of the revised Privacy Policy, you should discontinue your use of our services.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting and processing your personal information. Archived versions of prior Privacy Policies are available upon request by contacting us at the address listed in Section 11.

Section 11 — Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or our privacy practices, please contact us using any of the following methods:

We are committed to working with you to resolve any concerns you may have about our privacy practices. If you are not satisfied with our response, you may have the right to lodge a complaint with the appropriate data protection or privacy authority in your jurisdiction, as described in the State-by-State Appendix below.

Appendix A — State-by-State Privacy Rights

This Appendix describes additional privacy rights available to residents of specific states under applicable state privacy laws. These rights are in addition to, and do not replace or limit, any other rights you may have under this Privacy Policy or applicable federal law. To the extent any state-specific right conflicts with another provision of this Privacy Policy, the state-specific provision controls for residents of that state.

California Residents — California Consumer Privacy Act (CCPA) as Amended by the California Privacy Rights Act (CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA (collectively, the "CCPA/CPRA"):

Right to Know

You have the right to request that we disclose: (a) the categories and specific pieces of personal information we have collected about you; (b) the categories of sources from which we collected the information; (c) the business or commercial purpose for collecting, selling, or sharing the information; and (d) the categories of third parties to whom we disclose the information.

Right to Delete

You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions permitted by the CCPA/CPRA, including completion of a transaction, detection of security incidents, protection against fraud, compliance with a legal obligation, and other lawful uses.

Right to Correct

You have the right to request that we correct inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes of the processing.

Right to Opt Out of Sale/Sharing

You have the right to opt out of the sale or sharing of your personal information. To exercise this right, see Section 5 of this Privacy Policy or click the "Do Not Sell or Share My Personal Information" link on our website.

Right to Limit Use of Sensitive Personal Information

You have the right to direct us to limit our use and disclosure of sensitive personal information (as defined under the CPRA) to uses necessary to perform the services or provide the goods you requested, or as otherwise permitted by law. Categories of sensitive personal information we may collect include: Social Security numbers, financial account details, precise geolocation, racial or ethnic origin, and health information. To exercise this right, use the methods described in Section 6.6 of this Privacy Policy.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge different prices or rates, or provide a different level or quality of goods or services as a result of exercising your rights.

Shine the Light

California Civil Code Section 1798.83 permits California residents to request a list of third parties to whom we have disclosed personal information for direct marketing purposes during the preceding calendar year. To submit such a request, please contact us at support@bluegeneslab.com with the subject line "Shine the Light Request."

Verification

We will verify your identity before processing a request using reasonably reliable means commensurate with the sensitivity of the request. We may contact you to confirm your identity using information we already have on file. We cannot fulfill your request if we cannot verify your identity.

Response Timelines

We will respond to your verifiable consumer request within 45 days of receipt. We may extend this period by an additional 45 days when reasonably necessary, provided we give you notice of the extension and reason within the first 45-day period.

Authorized Agent

You may designate an authorized agent to submit requests on your behalf. We will require written proof of the authorization, and we may also require you to directly verify your identity with us before processing the request.

Contact for California Requests

Email: support@bluegeneslab.com  Subject: "California Privacy Request"

Colorado Residents — Colorado Privacy Act (CPA)

If you are a Colorado resident, you have the following rights under the Colorado Privacy Act (Colo. Rev. Stat. § 6-1-1301 et seq.):

Right to Access

You have the right to confirm whether we are processing your personal data and to access such personal data, subject to certain exceptions.

Right to Correction

You have the right to correct inaccuracies in your personal data, taking into account the nature and purposes of the processing of your personal data.

Right to Deletion

You have the right to delete personal data provided by or obtained about you, subject to certain exceptions permitted by applicable law.

Right to Data Portability

You have the right to obtain a copy of your personal data in a portable, readily usable format that allows you to transmit the data to another controller without hindrance, where technically feasible.

Right to Opt Out

You have the right to opt out of the processing of your personal data for purposes of: (a) targeted advertising; (b) the sale of personal data; or (c) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

Appeal Process

If we decline to act on your request, you may appeal our decision by submitting a written appeal to support@bluegeneslab.com with the subject line "Privacy Rights Appeal — Colorado." We will respond to your appeal within 45 days of receipt. If your appeal is denied, you may submit a complaint to the Colorado Attorney General at coag.gov/office-sections/consumer-protection.

Global Privacy Control

We honor Global Privacy Control (GPC) signals as valid opt-out requests under the CPA for the browser or device from which the signal is sent.

Connecticut Residents — Connecticut Data Privacy Act (CTDPA)

If you are a Connecticut resident, you have the following rights under the Connecticut Data Privacy Act (Conn. Gen. Stat. § 42-515 et seq.):

Right to Access

You have the right to confirm whether we are processing your personal data and to access such personal data, subject to certain exceptions.

Right to Correction

You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing.

Right to Deletion

You have the right to delete personal data about you, including personal data you have provided to us or that we have otherwise collected in connection with our services.

Right to Data Portability

You have the right to obtain a copy of your personal data in a portable format, to the extent technically feasible, in a format that allows you to transmit the data to another controller without hindrance.

Right to Opt Out

You have the right to opt out of the processing of your personal data for purposes of: (a) targeted advertising; (b) the sale of personal data; or (c) profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning you.

Appeal Process

You may appeal our decision to deny your request by contacting support@bluegeneslab.com with the subject line "Privacy Rights Appeal — Connecticut." We will respond to your appeal within 60 days of receipt. If your appeal is denied, you may submit a complaint to the Connecticut Attorney General at portal.ct.gov/AG.

Global Privacy Control

We honor Global Privacy Control (GPC) opt-out preference signals as valid opt-out requests under the CTDPA for the browser or device from which the signal is sent.

Virginia Residents — Virginia Consumer Data Protection Act (VCDPA)

If you are a Virginia resident, you have the following rights under the Virginia Consumer Data Protection Act (Va. Code Ann. § 59.1-575 et seq.):

Right to Access

You have the right to confirm whether we are processing your personal data and to access such personal data, subject to certain exceptions.

Right to Correction

You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing.

Right to Deletion

You have the right to delete personal data about you, whether provided by you or obtained by us in connection with our services.

Right to Data Portability

You have the right to obtain a copy of your personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller without hindrance, where the processing is carried out by automated means.

Right to Opt Out

You have the right to opt out of the processing of your personal data for purposes of: (a) targeted advertising; (b) the sale of personal data; or (c) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

Appeal Process

If we decline to act on your request, you may appeal by submitting a written appeal to support@bluegeneslab.com with the subject line "Privacy Rights Appeal — Virginia." We will respond to your appeal within 60 days of receipt. If your appeal is denied, you may contact the Virginia Attorney General at oag.state.va.us.

Utah Residents — Utah Consumer Privacy Act (UCPA)

If you are a Utah resident, you have the following rights under the Utah Consumer Privacy Act (Utah Code Ann. § 13-61-101 et seq.):

Right to Access

You have the right to confirm whether we are processing your personal data and to access such personal data, subject to certain exceptions permitted by applicable law.

Right to Deletion

You have the right to delete personal data that you provided to us. Note that the UCPA does not provide a right to delete personal data that was not provided directly by you.

Right to Data Portability

You have the right to obtain a copy of your personal data in a portable, readily usable format that allows you to transmit the data to another entity without hindrance, where the processing is carried out by automated means.

Right to Opt Out

You have the right to opt out of the processing of your personal data for purposes of: (a) targeted advertising; or (b) the sale of personal data.

Note for Utah Residents: The Utah Consumer Privacy Act does not provide a right to correction of personal data, a right to opt out of profiling, or a formal appeal mechanism. Utah consumers may contact the Utah Division of Consumer Protection with complaints at consumerprotection.utah.gov.