Effective Date of our Revised Privacy Statement: 15 Oct 2019
At Ancestry®, your privacy is a top priority. Ancestry is committed to being a good steward of your Personal Information, handling it in a responsible manner, and securing it with administrative, technical, and physical safeguards.
We also believe in being honest, direct and transparent when it comes to your data. Ancestry follows three guiding principles when it comes to your privacy:
Other Important Things for You to Understand When You Use Our Services
You always maintain ownership of your DNA and DNA Data—you can manage and delete it as described in this Statement.
You may discover unexpected facts about yourself or your family when using our services. Once discoveries are made, we can’t undo them.
When you make new discoveries with us, you should feel confident and informed about how we use your Personal Information. Our full Privacy Statement is below and we encourage you to read it. It covers the following Ancestry and related brands: Ancestry®, AncestryDNA®, Fold3®, Newspapers.com, Archives®, We Remember™, and Find A Grave®.
For information relating to AncestryHealth®, please read the AncestryHealth® Supplemental Privacy Statement in addition to our Privacy Statement.
2. Account Creation and Your Engagement with Ancestry Services
The Personal Information required to create an account with Ancestry is limited to your name, an email address, and a password. Access to Ancestry records to help you build a family tree, or to our DNA features (ethnicity estimate, etc.) requires additional personal information, including payment details, and, for the DNA test, the test code (when you activate your DNA test kit) and a saliva sample from which we can extract Genetic Information.
Account creation also requires you to agree to the Ancestry Terms and Conditions and this Privacy Statement.
By creating an account you are telling us that you understand Ancestry will collect, process, and share your Personal Information (including your Genetic Information if you have taken the AncestryDNA test) as described in this Privacy Statement and in any other documents referenced in this Privacy Statement.
At any time, you can request Ancestry delete information you have uploaded into your account, such as a family tree or your Genetic Information. You can also delete your entire account. Please see Section 10 for specific details about deleting your data.
3. What Information Does Ancestry Collect From You?
The table below describes the information we collect from you to provide the Services. In this Privacy Statement, we refer to data that relates to you as “Personal Information.”
|Credit Card/Payment Information||
|DNA Kit Activation Information||When you activate a DNA test kit, we collect
|User Provided Content||
|Social Media Information||If you use Facebook to log into Ancestry Services, we collect information from your Facebook profile that you choose to provide to us (for example your Facebook profile information).|
|Additional User Information||Information that you provide to us when you answer surveys or questionnaires.|
|Note about health-related information||Ancestry is not a covered entity under the Health Insurance Portability and Accountability Act (“HIPAA”), and as a result no Additional User Information provided by you is subject to or protected by HIPAA.|
|Your Communications||Your communications with other Users through our communications features, as well as information you provide in communications with Ancestry Member Services and support teams for our other Services.|
|Contests and Promotions||Personal Information when you voluntarily participate in contests and special promotions we run or sponsor.|
|Find A Grave® Photos and Photo Volunteers||Metadata associated with digital photographs uploaded to Find A Grave®, including location, date and time the photo was taken. If you choose to be a photo volunteer for Find A Grave®, you provide your location to us which you can change or remove at any time.|
4. What Information Does Ancestry Collect Through Your Use of the Services?
|Computer and Mobile Device Information||
Information about how you access our Services, including the website you visited before and after Ancestry’s site.
The Internet protocol (“IP”) address of your computer, mobile device, or the proxy server that you use to access the Internet, in addition to other technical information, such as:
|Information shared through social media features||
If you interact with social media through the Services, for example “Like,” “Tweet,” “Pin,” or “Follow Us” links to sites such as Facebook, Twitter, Pinterest, Instagram, and YouTube, Ancestry will collect these interactions and whatever account information these services make available to us.
Your interactions with these features are governed by the privacy statement of the applicable third-party company.
|Information from your use of the Services||Information about your use of the Services, such as when you search or access records or public family trees, which pages you view or links you click on, or when you add people to your tree, etc.|
5. Information We Collect From Other Sources
|Information category||Use Description|
|Information from Public and Historical Records||Ancestry collects records from various sources, usually from official record sources, including newspapers, as well as birth, death, and marriage records, which may contain Personal Information relating to you. These records are usually made available to Users as part of the Ancestry subscription Services.|
|Information from Third Parties||
We may also receive information about you from third parties. For example, we may supplement the data we collect with demographic information licensed from third parties in order to personalize the Services and our offers to you.
If you purchase a gift subscription, we will collect Personal Information to complete the gift and notify the recipient, such as the recipient’s name and email address.
6. How does Ancestry use your Personal Information?
|Information category||Use Description|
|Personal Information (generally)||We use your Personal Information to provide, personalize, improve, update and expand our Services. This includes:
|Communications||We use your Personal Information to communicate with you about the Services, such as when we:
|Market new products and offers from us or our business partners.||We use your Personal Information to market new products and offers from us or our business partners. This includes advertising personalized to you based on your interests.
|Genetic Information||Ancestry uses your Genetic Information for the following primary purposes:
We will seek additional consent from you before we collect and process additional sensitive Personal Information (for example, health history) as part of your interaction with the Services.
7. When Do We Share Your Information and Who are the Recipients?
Ancestry does not share your individual Personal Information (including your Genetic Information) with third-parties without your additional consent other than as described in this Privacy Statement. In particular, we will not share your Genetic Information with insurance companies, employers, or third-party marketers without your express consent. The circumstances described below explain when sharing might occur:
|People with whom your Information may be shared / Circumstances in which sharing might occur||Description|
|Other Users or others you may choose to share with||
As part of your use of the Services, you have the option to add or share information with all Users of the Service or through sharing features with individual Users and non-Users. You may have additional sharing options in some Services, for example AncestryDNA (see below).
Information in your public profile may be seen by all other Users, as will public family tree details (we do not show living people in your tree to other Users without your permission). To see what is visible, go to your public profile.
If you choose to participate in DNA matches (when you choose to see and be seen by your DNA matches), your DNA matches can see certain information, such as your username, how they might be related to you, whether you have linked a family tree to your DNA, and either all or only shared (at your option) ethnicity regions and communities.
You can share other DNA information, such as Traits, through compare and other one-to-one sharing features.
If you share details of your family history or DNA experience outside the Services, you do so at your own risk.
We work with other companies when providing and marketing the Services. As a result, these companies will have some of your information in their systems. These companies are subject to contractual obligations governing data security and confidentiality consistent with applicable laws.
These companies include our:
|Research Partners||We share your Genetic Information with research partners only when you provide us with your express consent to do so through our Informed Consent to Research.
Research partners may include commercial or non-profit organizations that conduct or support scientific research, the development of therapeutics, medical devices or related material to treat, diagnose or predict health conditions. In some circumstances, a research partner or Ancestry may have a financial interest in the research arrangement. A list of our research partners can be found here.
Ancestry does not voluntarily cooperate with law enforcement. To provide our Users with the greatest protection under the law, we require all government agencies follow valid legal process.
If we are compelled to disclose your Personal Information to law enforcement, we will do our best to provide you with advance notice, unless we are prohibited under the law from doing so. In the interest of transparency, Ancestry produces a Transparency Report where we list the number of valid law enforcement requests for user data across all our sites.
|Other Legal or Regulatory Process||We may share your Personal Information if we believe it is reasonably necessary to:
|If Ancestry is Acquired||If Ancestry or its businesses are acquired or transferred (including in connection with bankruptcy or similar proceedings), we will share your Personal Information with the acquiring or receiving entity. The promises in this Privacy Statement will continue to apply to your Personal Information that is transferred to the new entity.|
|A note about aggregated data||Ancestry may disclose user information in an aggregated form as part of the Services or our marketing, or in scientific publications published by us or our research partners. For example, we might note the percentage of immigrants in a State that are from a particular geographic region or country. Such disclosure will never include Personal Information.|
|Third-Party Advertisers only on Find A Grave®||When accessing English versions of the Find A Grave® website, your IP address is shared with third parties in order to tailor advertisements to your geographic location. This is only applicable to Users of Find A Grave®.|
Subject to certain exceptions, you have a right to request access to your Personal Information and to be provided with a copy of certain information you provided in a portable form, as well as to seek to update, delete or correct this information by using the tools described below or by contacting Ancestry. Details and options for accessing this information are listed below.
|Ancestry||You can access and update the Personal Information (such as your email address, username, profile information, etc.) that you provide to Ancestry at any time in the following sections of the privacy settings: here.|
|Related Brands||Ancestry strives to make it simple for you to manage your privacy across the Services. You can manage your privacy settings for our related brands by clicking on the following links:|
|Mobile||You can also control your information using the settings available in our mobile applications, such as Ancestry®, AncestryDNA®, Find A Grave® and We Remember® apps.|
|Family Tree Information Download||Ancestry allows you to download your family tree information in the standard GEDCOM family tree file format in your Family Tree Settings.|
|Genetic Information Download||Your DNA Data belongs to you. You always have the option of downloading a file with your DNA Data. If you download your DNA Data, you do so at your own risk. Learn how here. For more information on what is included in your DNA Data download, go here.|
9. What are our retention practices?
Ancestry Services are fundamentally premised on the notion that the personal voyage of self-discovery is not a one-time event and continues over lengthy periods of time—possibly lifetimes. Additionally, and with particular regard to our subscribers and DNA customers who pay fees or purchase subscriptions, the ongoing enhancement of our collections of historical records and DNA features provide benefits and insights to our Users over time. As a result, Ancestry’s retention practices reflect this ongoing value by retaining user accounts on our system until our Users inform us of their desire to delete their data or close their accounts.
|Category of Information||Retention Period|
|Account and Profile||Ancestry will retain the Personal Information you provide while creating your account and your profile until such time as you ask us to delete it.|
|Family Tree||Due to the multi-generational significance of family trees, Ancestry will retain your family tree data as needed to provide you with continuous access, updated features, and the ability to enhance your family tree.|
|DNA||Ancestry retains your DNA Data as needed to provide you with the features and functionality you purchased (or were gifted), including continuously updated features such as DNA matches, increasingly granular ethnicity estimates and improved regions and communities, as well as new other features based on your DNA Data.|
|Related Brands||Ancestry’s related brands (Fold3®, Newspapers.com, Find A Grave®, We Remember® or Archives®) have their own account logins and will retain the Personal Information you provide while creating your account and your profile as needed to provide you with continuous and updated Services until such time as you ask us to delete it. You can delete these accounts at any time.|
|Usage Information||In some cases we choose to retain usage information (e.g., visits to sites) in a depersonalized or aggregated form. Once aggregated, this information ceases to be personal and will not be subject to user deletion requests.|
You can delete your Personal Information from Ancestry in a number of ways.
|Information Category||How to delete|
You can delete your Personal Information from Ancestry by logging into your Account Settings.
To the extent you have shared information through the Services (for example, by making your family trees public, or by sharing your DNA Results directly with other users), Ancestry will not be able to remove any copies of information that other Users may have retained.
Please direct any request to remove information from linked archival records to the responsible archival entity.
We will consider requests for removal of Personal Information from the searchable indexes of the records we hold on a case-by-case basis in accordance with law.
If you have shared content with others either directly or by making your family tree details available to other Users, some of your Personal Information may have been copied to other Users’ family trees, which can only be removed by contacting the other User and asking them to delete it.
|Genetic||Note: If you request that Ancestry delete your DNA Data, we will delete all Genetic Information, including any derivative Genetic Information (ethnicity estimates, genetic relative matches, etc.) from our production, development, analytics, and research systems within 30 days.
To request the destruction of your biological samples, you must contact Member Services. Please note that if you have agreed to our Informed Consent to Research, we will not be able to remove your Genetic Information from active or completed research projects, but we will not use it for any new research projects.
|General||Please note that there may be some latency in deleting your Personal Information from our backup systems after it has been deleted from our production, development, analytics, and research systems. Also, our laboratory partners may retain information they receive from us in order to comply with laws or regulations that may require them to do so, such as the Clinical Laboratory Improvements Amendments regulations administered by the U.S. Food and Drug Administration. Ancestry may also retain certain information as reasonably necessary to comply with our legal obligations (including law enforcement requests), resolve disputes, maintain security, prevent fraud and abuse, as well as to comply with tax, payment industry, securities, and clinical regulatory compliance requirements.|
|Related Brands||To delete information from our related brands (Fold3®, Newspapers.com, Find A Grave®, We Remember® or Archives®), you can always contact us at the related brand and request that your Personal Information be deleted from that service. Some Services may also have an online request form accessible from that service’s account settings menu.|
Ancestry maintains a comprehensive information security program designed to protect our customers’ Personal Information using administrative, physical, and technical safeguards.
The specific security measures used are based on the sensitivity of the Personal Information collected. We have measures in place to protect against inappropriate access, loss, misuse, or alteration of Personal Information (including Genetic Information) under our control.
The Ancestry Security Team regularly reviews our security and privacy practices and enhances them as necessary to help ensure the integrity of our systems and your Personal Information.
We use secure server software to encrypt Personal Information (including Genetic Information), and we only partner with security companies that meet and commit to our security standards. While we cannot guarantee that loss, misuse or alteration of data will not occur, we use reasonable efforts to prevent this.
It is also important for you to guard against unauthorized access to your Personal Information by maintaining strong passwords and protecting against the unauthorized use of your own computer or device.
12. Data Transfer and Privacy Shield Notice
Any transfer of your Personal and Genetic Information between Ancestry’s Ireland-based company and Ancestry’s U.S.-based company for processing in the United States is conducted pursuant to established transfer mechanisms such as Standard Contractual or Privacy Shield.
You can request a copy of any standard contractual clauses relating to your Personal Information that we may have executed by contacting us using the details below.
Ancestry and its subsidiaries (namely Ancestry.com Operations Inc, Ancestry.com DNA LLC, Ancestry International DNA LLC) listed in its certification on the Privacy Shield website comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, or Switzerland to the United States. Ancestry has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and that it complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. To learn more about the Privacy Shield program and to view our certification, please visit: https://www.privacyshield.gov/. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
Ancestry’s participation in the Privacy Shield applies to all personal data that is subject to the Ancestry Privacy Statement and is received from the European Union, European Economic Area, or Switzerland. Ancestry will comply with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability in respect of such personal data. Ancestry’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Ancestry remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf (1) do so in a manner inconsistent with the Principles and (2) Ancestry is responsible for the event giving rise to the damage.
We encourage you to contact us as detailed below should you have a Privacy Shield-related (or general privacy-related) complaint. If you are a resident of the European Union, or Switzerland and are dissatisfied with the manner in which we have addressed your concerns about our privacy practices, you may seek further assistance, at no cost to you, from JAMS, our designated Privacy Shield alternative dispute resolution provider based in the United States through the JAMS website at: https://www.jamsadr.com/eu-us-privacy-shield. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. You can learn more about this option through the Privacy Shield website at: https://www.privacyshield.gov/article?id=ANNEX-I-introduction. Ancestry is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
13. Changes to this Statement
We may modify this Privacy Statement at any time, but we will provide prominent advance notice of any material changes to this Statement, such as posting a notice through the Services, on our websites, or sending you an email, to provide you the opportunity to review the changes and choose whether to continue using the Services.
We will also notify you of non-material changes to this Statement as of their effective date by posting a notice through the Services, on our websites, or sending you an email. Your continued use of our Services after notice of non-material changes means that you consent to the updated Privacy Statement.
If you object to any changes, you may delete your account as described in Section 10.
14. California’s Shine the Light Law
California Civil Code Section 1798.83, known as the “Shine the Light” law, permits Users who are California residents to request and obtain from us a list of what Personal Information (if any) we disclosed to third parties for their direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, Ancestry currently does not share any Personal Information with third parties for their own direct marketing purposes.
15. Legal basis under EU General Data Protection Regulation for processing personal information of EU residents.
Where you have consented to data processing, your consent provides the legal basis to process your Personal Information. We rely on your explicit consent to process your Genetic Information. You have the right to withdraw consent at any time. Please note that your withdrawal of consent to collect and process your Personal Information will not affect the lawfulness of processing your Personal Information based on your consent before you withdrew your consent.
We may also process your Personal Information on the basis of contractual necessity to perform a contract we have with you. For example, we process your credit card details when you provide them in order to use our Services or purchase access to premium features such as our DNA testing services.
We may also process your Personal Information on the basis of our legitimate interests, including in providing and improving the Services. For example, Ancestry has a legitimate interest in understanding your login history so we can assess your interaction with our Services. We also have a legitimate interest in providing and developing interesting features to provide to our Users. We use your Personal Information to keep our Services safe and secure and we do so as it necessary to pursue your and our legitimate interests in ensuring that our Services are secure, and to protect against fraud, spam and abuse.
Where we rely on legitimate interests to process your Personal Information, you have the right to object to such processing (meaning that you can ask us to stop). You can use your Privacy Settings to control certain ways in which we process your data. You can also contact us, using the details below, to object to other forms of processing.
16. Identity and Contact Details of the Data
If you reside in the United States, Ancestry.com Operations Inc. and Ancestry.com DNA, LLC are responsible for the use of your data and for responding to any requests related to your Personal Information.
If you reside outside the United States, Ancestry Ireland Unlimited Company is your data controller.
Contact information for these entities is listed at the bottom of this Statement.
Users outside of the United States may contact the Irish Data Protection Commission, or your local Data Protection Authority.
Contact Details of the
Official correspondence must be sent via postal mail to:
|For Users located in the United States||For Users located outside of the United States|
Ancestry.com Operations Inc.
Attn: Privacy Office
Ancestry Ireland Unlimited Company
Attn: Privacy Office
The Ancestry Privacy Statement describes the general privacy practices of Ancestry’s Services including the AncestryHealth® Service. More information specific to the AncestryHealth® Service is provided below. You can also access Ancestry’s Privacy Center for additional details on Ancestry’s privacy practices here.
1. What information does Ancestry collect through your use of the Ancestry Health Service?
We collect the following information from you to provide the AncestryHealth® Service, which includes Health Activation Information, Your Health History, Family Health History and DNA Data, as defined below. This information is collectively referred to as your “Personal Information”.
Health Activation Information
When you activate your Health DNA kit, we may collect:
Family Health History
2. How does Ancestry use your Personal Information?
Health Activation Information
Ancestry uses your Health Activation Information to:
Your Health History
Ancestry uses Your Health History information to:
Ancestry may also use Your Health History information in a de-identified format to improve, update and expand the AncestryHealth® Service.
Family Health History
Ancestry may use your Family Health History information to deliver a personalized experience. Ancestry may also use your Family Health History information in a de-identified format to improve our AncestryHealth® Service and identify new product offerings.
Genetic Information and Health Reports
If the independent physician network partner approves your laboratory test, and, depending on which AncestryHealth® product you buy and whether we have your DNA Data from prior testing, Ancestry will either share your DNA Data, or collect and/or send your sample for processing to our independent laboratory partner. Using your DNA Data, our independent laboratory partner will generate a test result, which Ancestry, in turn, will use to provide your health report.
Ancestry's independent physician network will also have access to your test result and health report.
Please note: As addressed in our Privacy Statement, Ancestry commits not to share any personal information of AncestryHealth® customers with insurance companies, employers, or third party marketers. Also, Ancestry requires valid, compulsory legal process to turn over any personal data by government agencies such as law enforcement.
3. When do we share your information and who are the recipients?
Ancestry will share your Health Activation Information, Your Health History, test results, health report, and any questions you submit through the “Submit a Question” feature with the independent physician network who has been appointed as part of the AncestryHealth® Service. The independent physician network will use this information to determine your eligibility for the test, reviewing and providing oversight of the health reports, as well as to assist in providing genetic counseling services to you.
4. Your Choices and Access to your Personal Information?
You may access your AncestryHealth® Core or Plus test results and reports at any time, through the AncestryHealth® product. You may also download your DNA data obtained from the micro-array technology used to provide you AncestryHealth® test results free of charge from your DNA test settings page. If you are a AncestryHealth® Plus customer, there may be additional charges to download your full next generation sequencing (NGS) DNA Data once the download feature becomes available.
5. What are Ancestry’s retention practices for the AncestryHealth® Service?
Ancestry will retain the Personal Information you provided to the AncestryHealth® Service until you tell us to delete it. This is to ensure that you always have access to your test results, health reports, and to the physician network service which is included as part of the AncestryHealth® Service. In addition, if you have purchased the AncestryHealth® subscription, you will be entitled to receive results to new tests as they become available, and Ancestry will need access to your Personal Information in order to provide this service.