PRIVACY POLICY
- Overview
- What information we collect
- How we use your information
- Children’s privacy
- Where we store your information
- How we secure your information
- Disclosure of your information
- How long do we keep your information?
- Your rights
- Changes to our Privacy Policy
- Contact us
Overview
CariGenetics (“we”, “us” or “our”) is committed to protecting and respecting your privacy. This privacy policy (“Privacy Policy”), together with our Cookies Policy, describes the types of Personal information collected and created in connection with your use of our Products and Services, how and why we use such Personal information, who we share it with, and your legal rights. Please read the following carefully to ascertain how we process your Personal information (or “information”).
We may, from time to time, provide links on www.carigenetics.com (the “Site”) to the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy statements and that we do not accept any responsibility or liability for their privacy or security practices. Please check these privacy statements before you submit any Personal information to these websites.
The service provider is CariGenetics Limited, a Bermuda local company, with a registered office at Clarendon House, 2 Church Street, Hamilton, HM11, Bermuda.
Any defined terms in the Terms of Use (which govern your access to and use of our Site) shall have the same meaning when used in this Privacy Policy.
What information we collect
When you access the Site or use our Products and Services, we collect, receive or otherwise process information in several different ways. In many cases, you choose what information to provide. Some information is required in order for us to provide our Products and Services. We use your information for the purposes described further below.
We may collect and process the following types of information about you:
- Purchase and assistance information. We collect information when you purchase our Products and Services, including when you phone our Support Team, or otherwise contact us for support. This information will include name, gender, contact information, billing address, delivery address and any further information you volunteer to provide to us.
- Health-related data. When you purchase or use our Products and Services, we will collect and process data concerning your health. This could include information about your health-related conditions, symptoms, status, diagnoses, testing, or treatments…
- Genetic and Genetic-Related Data. This is data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample…
- Identity Verification Data. In connection with certain Products and Services, we may collect documentation (such as a government issued ID) for the purposes of verifying your identity…
- Correspondence. We will collect and maintain your contact details when you communicate with us, sign up for promotional material, participate in special promotions, or connect with us through social media…
- Website and device information. We collect information about your browser or device, including, where available, your IP address or device ID, operating system, and browser type…
- Survey information. If you respond to any surveys that we might request, which are completely voluntary, we will process your responses.
- “Sensitive” Information. “Sensitive” personal information may be collected as defined by Bermuda laws and other applicable privacy laws. This could include information already mentioned above but can include: government identification for identity verification purposes such as your social insurance; your precise geolocation; your racial or ethnic origin; your Genetic Data; personal information collected and analysed concerning your health.
How we use your information
We use the information we have to help us provide, operate, improve, understand, customize, support, and market our Products and Services, and for purposes described in this Privacy Policy. The broad uses of your information are described below.
We may use your information for the following purposes:
- To provide you with our Products and Services.
- To collect, store, and process relevant health-related data and Genetic Data…
- To receive, store and analyse your Samples at accredited laboratories.
- To receive, review, store and communicate your Test Information to you…
- In some cases, to verify your identity.
- To communicate with you via various channels including by phone, SMS text message, email, and physical mail…
- To provide you with your results.
- To de-identify your information for use for service improvement…
- To contact you with offers, updates and news related to Services and Products you have purchased…
- We may use your Personal information for research purposes where we have a legal basis to do so…
Where we are relying on your consent to use your Personal Information, you can withdraw your consent to this processing at any time…
Children’s privacy
We will not knowingly collect Personal information from Site users that are under 18 years of age. We are relying on your representations in the Product and Services Terms and Conditions that you are over 18 years of age. You should not use the Site or its Services, including purchasing Products, if you are not 18 years of age or older. If you believe we might have information from or about an individual under 18 years of age, please contact us at [email protected].
How we secure your information
All information you provide to us in purchasing or availing of our Products or Services is protected by our privacy and security programs, which include a range of technical, organisational, and administrative privacy and security safeguards to protect your information from unauthorised use and disclosure. Any payment transactions effected by us are processed by Authorize.net. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. You must not share a password with anyone.
Once we have received your Personal Information, we will impose obligations of confidentiality and security on any of our service providers who process the Personal Information, sufficient to comply with applicable laws and regulations.
We maintain appropriate physical and electronic industry standard security practices, including encryption, passwords, access control, physical security measures, and managerial procedures to protect the security and confidentiality of your personal data.
Disclosure of your information
We share Personal Information with service providers, healthcare providers, affiliates, partners, and other third parties where it is necessary to provide the Products and Services, or for any other purposes described in this Privacy Policy. Your Personal Information may be provided as necessary to the following categories of recipients:
- Accredited Laboratories:We may disclose and transfer your Personal Information to our Accredited Laboratory for the purpose of:
- accepting and processing an accepted order by us;
- in order to ensure the Product is delivered to you by it; and
- to test any Sample provided and make your Test Information available to you on our secure account on our Site and Apps.
To process a request for a Product and for our Accredited Laboratory to test the Sample and send you the Test Information, we need to disclose Personal Information within and outside our company including to healthcare providers, to our Accredited Laboratory and our IT services providers.
- Healthcare providers:We may disclose and transfer your Personal Information to healthcare providers, such as contracted or other medical practitioners for purposes of review, quality assurance, prescribing of tests, review of results and other purposes.
- Service providers: (such as couriers, communications and marketing service providers, IT-related service providers, analytics providers, legal or financial advisors, contractors and vendors)We may share your Personal Information with certain third party suppliers and service providers to help us operate, provide, improve, understand, customise, support, and market our Products and Services. We will take all steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Privacy Policy by imposing obligations of security and confidentiality on such service providers. For research, development, publications, and analytics purposes, we may also share Personal Information where we have your consent or some other legal basis to do so.
- Other trusted third parties with whom we have an agreement for the protection of your information:We may engage in collaborative research with third parties (for example, health, educational, or government institutions, or private companies) related to the development of new tests, validation of existing testing processes or technologies, or to improve existing products and services. We may also disclose de-identified Genetic Data to public databases for the advancement of medical research; this enables improved understanding of how genetics may impact the risk of certain diseases or health conditions. We may include de-identified Genetic Data in our research databases, which may be accessible, searchable, and downloadable by third parties (including researchers and the public). More information about this will be available on any consent forms provided to you if you are using Products and Services that involve genetic testing, genetic sequencing, or processing of your Genetic Data. We and/or our workforce members may be involved in the creation of publications, and this may include collaborating with third parties. Where this is done, it will involve only de-identified Personal Information.
- Government/regulatory/law enforcement/local health agencies:pursuant to legally binding order or where legally required, for example where we are required to report positive test results of certain communicable diseases to local health authorities.
- Accredited Laboratories:We may disclose and transfer your Personal Information to our Accredited Laboratory for the purpose of:
If any third party has provided, subsidized or paid for the Products and Services you are using, your Personal Information may be shared with them as required by the contract between us and that third party. This may include identifiable results reporting (for example, reporting COVID-19 testing results to your employer, if they are performing a testing program for health and safety in the workplace). If you are a participant in such a program, you will be provided with a program specific privacy notice and/or consent form as required.
In instances where our business is subject to a re-organization, such as a merger or acquisition of some or all of its assets, we may, in accordance with our legitimate interests, share information in the course of the transaction. In such circumstances, your Personal Information may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status of CariGenetics.
If you send offensive or objectionable content or otherwise engage in any disruptive behaviour on the Site, we can use your Personal Information to stop such behaviour and pursue our legitimate interest to prevent such behaviour on our Site. This may involve informing relevant third parties, such as law enforcement agencies, about the content and your behaviour.
Equally, we may retain, preserve, or disclose your Personal Information if we have a good-faith belief that it is reasonably necessary to (i) respond, based on applicable law, to a legal request (such as a subpoena, a search warrant, court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce the agreements we have with you; (e) prevent physical injury or other harm to any person or entity, including yourself and members of the general public. For example, your IP address may be supplied to regulatory authorities in connection with fraud or other formal investigations.
We may share information with advertising partners or service providers to contact you with offers, updates and news related to Services and Products you have purchased, unless you choose not to receive these. With your consent or another applicable legal basis, we may also share Personal Information with third parties for advertising purposes. This excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.
We may pass aggregate information on the usage of our Site and Apps to third parties.
How long do we keep your information?
We retain your information in our server logs, our databases, and our records for as long as necessary to provide the Products and Services. In some cases we may retain some of your information for a longer period, where we have a legitimate business interest to do so (such as to contact you to provide you with relevant information about our Products and Services or to maintain your account with us), in order to comply with our legal or regulatory obligations, to resolve disputes or defend against legal claims, or to enforce our policies and terms and conditions.
Samples are securely destroyed 30 days after they are processed, to the extent we do not have a legal basis to retain the Sample, and your information is deleted using industry standard data deletion methods once no longer retained.
Your rights
You may have certain rights in relation to your information that we process. While some of these rights apply generally, others apply only in certain circumstances. To exercise your rights or to submit a question, you can email us at [email protected].
- Access. You have the right to request a copy of your information that we process. You may exercise this right by emailing us at [email protected].
- Correction. If you discover that we hold inaccurate information about you, you have a right to ask us to correct that information. For other corrections, please email us.
- Erasure. You have the right to request that we delete your information. We may refuse this request if (a) the information is still necessary for the purposes that we collected or processed it or (b) we still have a legal basis to process it, even after you’ve withdrawn consent. You can exercise this right by emailing us.
- Restriction. You have the right, in some cases, to restrict the processing of your information, such as where you have exercised your right to object and we are reviewing your objection. For more information, please email us.
- Objection. You have the right to object to us using your information based on our legitimate interests described above. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing, you can always object by using the unsubscribe link in such communications or you can email us.
- Portability. You have the right in some cases to port your information from us to a new data controller. We can refuse this request if (a) our processing is not based on your consent or our contract with you, or (b) the data are not stored electronically. You can exercise this right by emailing us.
- Withdraw consent. You can withdraw your consent to processing at any time by e-mailing [email protected] Withdrawing your consent does not affect processing that has already occurred. Where you withdraw your consent, we will no longer process your information based on your consent. We may process your information if another legal basis applies, for example, if we are legally obligated to store certain records or if your withdrawal of consent was limited to certain processing activities.
- Complain. If you are considering lodging a complaint, we would appreciate the opportunity to try and resolve your issue before you submit your complaint.
Changes to our Privacy Policy
From time to time, we will make changes to this Privacy Policy. Any changes we may make in future will be posted on our website. If we materially change our Privacy Policy, we will take steps to notify you, for example by emailing you or by posting a notice on the Site.
Contact us
Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to our Data Protection Officer (DPO) at [email protected].
This Privacy Policy was last updated on 20 October 2024