Last Updated: Feb 2, 2019
If you are an individual, the terms “you” and “your” apply to you. If you are acting on behalf of an entity, these terms apply to that entity.
Genosity Inc., including its subsidiaries (referred to collectively as “Genosity,” “we” or “us”) is committed to protecting your privacy. This document informs you of our policies regarding the collection, use, and disclosure of personal data when you use our websites including, www.Genosity.com and services offered through our Gateway Portal, LIMS, Genome Explorer and Cortex platforms (collectively called “Services”), and the choices you have associated with that data.
Genosity may update this Policy statement from time to time. All updates will be posted on the first web page of this document. If we make any material changes, we will notify you by e-mail (sent to the e-mail address specified for your account) or by means of a notice on our websites prior to the update becoming effective. Your continued use of our websites after we have posted an update notice on the same constitutes your acceptance of such update.
Genosity may provide additional “just-in-time” disclosures or additional information about the data collection, use and sharing practices of specific Services. These notices may supplement or clarify Genosity’s privacy practices or may provide you with additional choices about how Genosity processes your information. If you have any questions, please contact us at email@example.com.
TYPES OF INFORMATION WE COLLECT
Throughout this Policy statement we use the term “personal information” to describe data that identified you or makes you identifiable. The definition of personal information depends on the applicable law based on your physical location and may include other types of information such as your IP address. Only the definition that applies to your physical location will apply to you under our Policy.
This Policy statement covers all personal information that you voluntarily submit to us, and does not apply to data that cannot be used to identify you, such as aggregated data. Except as described in this Policy statement, Genosity will not transfer, give, sell, rent or loan any personal information to any third party.
We may collect the following types of information:
Information you provide voluntarily: We collect personal information that you voluntarily provide to us, such as your inquiries through our website, information you provide about your business, suggestions for improvements, referrals, survey responses, or any other actions performed by you on our websites or in utilizing our Services.
Genomic Data: Genomic Data consists of genomic sequences, exomes, variant files, specific DN/ or RNA sequences, gene sets and variant sets, as well as associated sample information, annotations, demographic descriptions (e.g., age, gender, ethnicity, background, etc.), phenotypic descriptions (e.g., disease conditions, health-related information, personal traits, family history) and other data that might be uploaded by you in connection with any such sequence data.
Communications between you and Genosity: We collect personal information you submit when contacting us (such as your name, contact information and any other information you choose to submit). We collect communications between us, including any files or attachments we exchange. For example, we may send you Service-related e-mails such as account verification, changes/updates to features of our Services, technical and security notices.
Registration information: When you set up an account to use our Services, we collect personal information such as your name, date of birth, billing and shipping address, and contact information such as your e-mail and phone numbers. This information is combined with other personal information and protected health information that you provide to our websites in order to gain access to test results, check the status of your orders, upload relevant documents, pay your bills, manage wet-lab and bioinformatics workflows, and write result reports. Protected health information is used in accordance with the Health Information Portability and Accountability Act (“HIPAA”) and other applicable laws governing patient privacy.
Payment information. When you place an order with us or engage in transactions via our Services, we collect your payment information through our websites (such as payment card, billing, and shipping information in addition to your contact information).
Device information: When you use a mobile device (e.g., a tablet or smartphone) to access our Services, we may collect information about your device. We may collect information about your device’s hardware, operating system or software, device name, unique device identifier, your mobile network information and any other information about your device’s interaction with our Services. Some features of the Services may not function properly if use or availability of device identifiers is impaired or disabled.
Information about your use of the Services: When you browse our websites, our system automatically collects information such as your web request, Internet Protocol (“IP”) address, browser type, browser language, domain names, referring and exit pages and URLs, platform type, pages viewed and the order of these page views, the amount of time spent on particular pages, the date and time of your request and one or more cookies that may uniquely identify your browser. We may collect this information through third-party analytics tools. This information is used to analyze trends, administer our websites, improve the design of our websites, and otherwise enhance our Services.
Cookies are small pieces of text sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows us or a third party to recognize you and make your next visit easier, and make our websites more useful to you. There are different types of cookies utilized by our Services as described below:
Analytical/performance cookies: They allow us to recognize and count the number of visitors and see how visitors move around our websites. This helps us improve the way the websites work, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies: These are used to recognize you when you return to our websites, so we can remember your information and auto-populate forms for you.
Targeting cookies: These cookies record your visit to the websites, the pages you have visited, and the links you have followed. We use this information to make content displayed more relevant to your interests. We may also share this information with third parties for this purpose.
Aggregate Website data collection: On a sitewide basis, our servers automatically collect information created by use of our websites and compile anonymous aggregate website statistics.
Our websites are directed toward adults and are not designed for, intended to attract, or directed toward children under the age of 16. If you are under the age of 16, you must obtain the authorization of a responsible adult (parent or legal guardian) before using or accessing our websites. If we become aware that we have collected any personal information from children under 16, we will promptly remove such information from our databases.
HOW IS YOUR INFORMATION USED?
Your personal information may be used for the following purposes:
If in the future, we use your personal information in any way that is not described in this Policy statement, we will first disclose this to you. At that time, you can choose not to allow us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or for which we subsequently obtained your consent.
If you choose to limit the ways we can use your personal information, some or all of our Services may not be available to you.
Genosity may disclose your personal information as described below.
Affiliated businesses: We may share your personal information with affiliated businesses which may use your information to help provide, understand, and improve our Services and the affiliates’ own services.
Change of control: We may share your personal information with a subsequent owner, co-owner, or operator of our Services, or in connection with a corporate merger, consolidation, or restructuring, financing, acquisition, divestiture, or dissolution of all or some portion of our business; or other corporate change. In the event of such a change, we will notify you of any choices you may have regarding your information.
Safety and legal compliance: We may share your personal information if we believe that such disclosure is necessary to comply with any applicable laws, regulations, legal processes or requests by public authorities (e.g., law enforcement, tax authorities, etc.); protect you, us or our other users’ rights or property, or to protect our Services, agreements or policies.
Your consent or actions: We will share your personal information with companies or individuals when we have your consent to do so. Any information or content that you voluntarily disclose for posting to our Services, such as blog comments or social media posts on our social media profiles, become available to the public.
Anonymous or aggregate data: We may share anonymized or aggregated information with any third parties. Such information no longer reasonably identifies you.
USE AND DISCLOSURE OF DE-IDENTIFIED INFORMATION
“De-identified” information is data we have stripped of your personally-identifiable information, such as your name, address, or birthdate. We may use de-identified information that we have obtained from our Services for various purposes, including for example:
For quality control & validation: In accordance with regulatory requirements, we may de-identify, store and use patients’ samples and information for internal quality control, validation, and research and development. This is important for Genosity to maintain high quality genetic testing and to develop new genetic tests.
In accordance with regulatory requirements, we may also share de-identified patients’ samples and information with other laboratories for quality assurance and validation purposes. Such sharing is essential to having high-quality genetic testing within the community of testing laboratories.
For research purposes: We may contribute de-identified genetic variants that we have observed in the course of providing our Services to publicly available databases such as ClinVar. We do this to increase understanding and raise awareness of the significance of genetic variants within the medical and scientific communities.
We may use or disclose de-identified patient information for general research purposes. This may include research collaborations with third parties such as universities, hospitals or other laboratories, in which we utilize de-identified clinical cases, at the individual level or in the aggregate, in accordance with our study protocols; and we may present or publish such information. This may also include commercial collaborations with private companies for purposes such as to determine the prevalence of particular disorders or variants among the patients we have tested, or to determine whether any of the patients we have tested might be suitable for potential recruitment for research, clinical trials, or clinical care; however, we will not directly contact these patients about these opportunities without their prior written consent.
THIRD PARTY INFORMATION
You agree that you have provided notice to, and obtained consent from, each individual whose personal information you supply to us, and informed that individual of (a) the purposes for which such personal information has been collected; (b) the intended recipients or categories of recipients of such personal information; (c) which of the individual’s personal information must be provided and which information, if any, is optional; and (d) how the individual can access and, if necessary, revise the personal information provided.
Our websites may contain links to external websites. Genosity does not maintain these external sites and is not responsible for the privacy practices of sites that it does not operate. Please refer to the specific privacy policies posted on these sites.
We retain your personal information for as long as we need it to provide you our Services, to serve the purposes for which your personal information was processed, or as necessary to comply with our legal obligations, resolve disputes, or enforce our agreements to the extent permitted by law. We generally store information used for marketing purposes indefinitely until you unsubscribe. Once you unsubscribe from marketing communications, we add your contact information to our suppression list to ensure we respect your unsubscribe request.
We use reasonable technical, administrative and physical measures to protect information contained in our system against unauthorized access, misuse, loss or alteration. Information that you provide through our websites is encrypted using industry-standard Secure Sockets Layer (SSL) technology, with the exception of information you send via e-mail. Your information is processed and stored on servers with restricted access. Unfortunately, no method of electronic transmission is 100% secure, so we cannot guarantee the security of any information you transmit to our websites, and you do so at your own risk.
Protecting your personal information is also your responsibility. You should keep your username, password, ID numbers, or other access credentials secure as Genosity cannot secure personal information that you release on your own or that you request us to release. If we receive instructions using your log-in information we will consider that you have authorized the instructions.
Genosity takes reasonable steps to allow you to correct, amend, delete, or limit the use of your personal information. If you wish to be informed what personal information we have collected about you or if you want it to be removed from our systems, please contact us by phone, email, or on our websites’ “contact us” page. In certain circumstances, you have the right:
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
We may store, process and transmit personal information in locations around the world, including locations outside of the country or jurisdiction where you are located. Such countries or jurisdictions may have data protection laws that are less protective than the laws of the jurisdiction in which you reside. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use our Services.
We transfer your personal information subject to appropriate safeguards as permitted under the applicable data protection laws. Specifically, when your personal information is transferred out of the location where it was initially stored, we have the required contractual provisions for transferring personal information in place with the third parties to which your information is transferred. For such transfers, we rely on legal transfer requirements or agreements, or we work with U.S.-based third parties that are certified under the European Union-US and Swiss-US Privacy Shield Framework. With respect to personal information subject to the European Union General Data Protection Regulation (“GDPR”), transfers of such personal information outside the European Economic Area (“EEA”), which includes the European Union, are made subject to appropriate safeguards such as standard data protection clauses adopted or otherwise approved by the European Union Commission in accordance with the GDPR.
LIMITATION OF LIABILITY
EUROPEAN ECONOMIC AREA PERSONAL INFORMATION TRANSFER POLICY
Genosity complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from EEA member countries; namely the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view the Genosity certification, please visit http://www.export.gov/safeharbor/
Safe Harbor: The United States Department of Commerce and the European Commission have agreed on a set of data protection principles (the “U.S.-EU Safe Harbor Principles”) and frequently asked questions (collectively the “U.S.-EU Safe Harbor Framework”) to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the EU to the United States. The EEA also has recognized the U.S. Safe Harbor as providing adequate data protection. The United States Department of Commerce and the Federal Data Protection and Information Commissioner of Switzerland have agreed on a similar set of data protection principles (the “U.S.-Swiss Privacy Shield Principles”) and frequently asked questions (collectively the “U.S.-Swiss Privacy Shield Framework”) to enable U.S. companies to satisfy the requirement under Swiss law that adequate protection be given to personal information transferred from Switzerland to the United States. Consistent with its commitment to protect personal privacy, Genosity adheres to the U.S.-EU Safe Harbor Framework and U.S.-Swiss Privacy Shield Principles (hereinafter “Safe Harbor Principles”).
Notifications: Where Genosity collects personal information directly from individuals in the EEA, it will notify them about the purposes for which it collects and uses personal information about them and the choices and means, if any, Genosity offers them for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Genosity, or as soon as practicable thereafter, and in any event before Genosity uses or discloses the information for a purpose other than that for which it was originally collected, or to a non-agent third party.
Where Genosity receives personal information from its affiliates or other entities in the EEA, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.
“Agent” means any third party that collects or uses personal information under the instructions of, and solely for Genosity or to which Genosity discloses personal information for use on its behalf.
“Affiliate” means any individual, corporation, company, partnership, trust, limited liability company, association or other business or research entity which directly or indirectly controls, is controlled by or is under common control with Genosity.
“Personal information” means any information that identifies or is used by or on behalf of Genosity to identify an individual. Personal information does not include information that is encoded , de-identified, anonymized, or publicly available through no fault on the part of Genosity.
“Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. In addition, Genosity will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.
LIMITATION TO INTENDED USE
Genosity will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the corresponding individual; and take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current. We will only collect and store personal information that is relevant to fulfill the purpose of the request.
If you have any questions about this policy statement, please contact us via email at firstname.lastname@example.org or write to us at Genosity Inc., 485F Route 1S, Suite 110, Iselin, NJ, 08830.