Privacy Policy for the Human Phenotype Project Japan
This Privacy Policy outlines how Pheno.AI Japan Ltd. ("we," "us," or "our") collects, uses, stores, and shares personal data in connection with the Human Phenotype Project Japan ("the Study"). This Policy ensures that all personal data is handled securely and transparently, and that it complies with applicable privacy regulations, including Japan's Personal Information Protection Law, and other relevant privacy laws.
By participating in the Study, you confirm that you have read, understood, and agree to the terms of this Privacy Policy.
We collect the following categories of personal data from Study participants:
This includes:
- Full name
- Contact details (e.g., phone number, email address, residential address)
- Date of birth
- Gender
- Identity verification details (e.g., driver’s license, passport number)
- Physiological measurements (e.g., blood pressure, BMI, bone density)
- Medical history (e.g., chronic diseases, medications)
- Disease manifestations and lifestyle-related health data (e.g., smoking, alcohol consumption)
- Laboratory test results (e.g., blood tests, urine and stool analysis)
- Blood samples (e.g., for genetic and biochemical analysis)
- Urine and stool samples
- Continuous Glucose Monitoring (CGM) data
- Additional samples for microbiome, proteome, and metabolome analysis
- Genomic data (e.g., whole genome sequencing)
- Proteomic, metabolomic, transcriptomic, and microbiomic profiles
- Immunological profiling (e.g., antibody repertoire analysis)
- Fitness and activity levels (e.g., data collected via wearable devices)
- Diet and sleep patterns
- Data from questionnaires on lifestyle and environment
- IP addresses and device identifiers
- Data collected from wearable devices and smartphone applications used during home monitoring
Your personal data is collected and used for the following purposes:
- To conduct a long-term observational study that aims to collect multi-omics and physiological data over a period of up to 25 years.
- To investigate the biological, social, and environmental determinants of health and disease progression.
- To establish predictive models for early diagnosis, risk stratification, and personalized treatment.
- To advance academic research in the field of precision medicine.
- To develop new diagnostic tools, personalized healthcare solutions, and treatments for various diseases.
- To enable secondary research purposes through data-sharing with authorized research organizations or commercial partners in anonymized or pseudonymized form.
- To contribute to the development of health-related technologies and products in collaboration with commercial entities.
- To comply with legal and regulatory requirements (e.g., data protection laws, health regulations).
- To respond to government or law enforcement requests, if required by law.
We may share your personal data with the following parties, always ensuring compliance with relevant privacy laws and with appropriate safeguards in place:
Your data may be shared with academic, governmental, and commercial research partners under the following conditions:
- Data will be anonymized or pseudonymized, ensuring that participants cannot be directly identified.
- Access to multi-omics and health data will be granted in secure, controlled environments such as our Trusted Research Environment (TRE), ensuring no raw data leaves the secure platform.
We may engage third-party vendors to process data or provide services (e.g., cloud service providers, laboratories). These vendors will have limited access to personal data and will be contractually bound to comply with strict confidentiality and data protection obligations.
We may be required to disclose your data to regulatory bodies or law enforcement agencies if mandated by law, or to protect the rights and safety of the public or participants.
You have the following rights concerning your personal data:
You can request access to the personal data we hold about you and receive copies of the information, free of charge, within one month of the request.
You can request that we correct any inaccuracies or incomplete data concerning you.
You can request the deletion of your personal data, subject to legal obligations and scientific research exemptions.
You may withdraw your consent for the collection, use, or sharing of your data at any time. However, data collected prior to the withdrawal will remain in the database for research purposes.
We are committed to ensuring the confidentiality, integrity, and security of your personal data. The following measures are in place to protect your data:
All data, including sensitive personal information and biological sample data, is encrypted both at rest and in transit, using industry-standard encryption protocols.
Access to personal data is restricted to authorized personnel who have undergone appropriate training and signed confidentiality agreements. Multi-factor authentication (MFA) is required for access to the systems.
Data shared for research purposes is anonymized or pseudonymized to prevent direct identification of participants. The linking table (ID Table) that can re-identify participants is stored in a secure, separate system accessible only by authorized personnel.
All data access and processing activities are logged and monitored for security breaches. Audit logs ensure transparency in data usage.
The data is hosted in a secure Trusted Research Environment (TRE) on the Amazon Web Services (AWS) platform within Japan, providing controlled access and secure data storage. No raw data is stored outside of this secure platform.
Personal identifiable data will be retained for five years after the completion or termination of the Study. After this period, personal data will be securely deleted.
Biological samples will be stored for up to 25 years after the last follow-up visit. Samples that are no longer required for research will be securely destroyed.
Data anonymized for secondary research purposes will be retained indefinitely for future research projects.
This Privacy Policy is governed by and complies with applicable Japanese data protection laws, including the Personal Information Protection Law.