Privacy Policy

1. General Disclosures

This Policy sets forth our data policies and practices for the United States. If you are outside of the United States, please also review the provisions of our International Privacy Policy. Depending on your country of residence, applicable privacy laws may provide you with a right to additional disclosures as well as certain consumer rights with regard to your personal information.

Please note that our collection or use of your personal information may be governed by separate privacy notices. Our uses and disclosures of protected health information governed by the Health Insurance Portability and Accountability Act (HIPAA) are explained in our HIPAA Notice of Privacy Practices.

2. What Information We Collect and For What Purposes

What personal information do we collect, and through what methods?

In the course of performing our Services, we collect a variety of different kinds of personal information from a variety of different people. What information we collect and the purposes for which it is collected will depend on the context of our activities or the Service that is being performed. We collect personal information about our Website visitors and actual or potential suppliers and customers. We may collect the following categories of personal information from and about you:

• Identifiers, such as your name, e-mail address, phone number, postal address, and device identifiers;
• Demographics, such as your gender or age;
• Commercial information, such as your purchase history or products you have expressed interest in;
• Internet or other electronic network activity information, such as your IP address or browsing history, subject to your device settings;
• Geolocation information, such as information we receive about your device location (based on your IP address), subject to your device settings;
• Audio, electronic, visual, thermal, olfactory, or similar information, such as photographs or voice recordings;
• Professional information, such as employer or job title;
• Job Applicant information, such as work and education history, skills and other information from your resume when you apply for a position with Exact Sciences on our Careers website; and
• Inferences drawn from the above categories.

We collect personal information about you from a variety of sources, including:

• From you: We collect information that you submit to us. For example, when you create an account, purchase a product or service, write a product review, participate in our message boards or forums, sign up to receive our electronic newsletters, participate in polls and surveys, or otherwise contact us with a question, comment, or request.
• From your devices: We, our service providers, and other third parties may collect certain technical information from your computer or mobile device over time and across different websites when you use our services, such as your IP address, your general geographic location, your browser type, your operating system, the pages you view, the pages you view immediately before and after you access our websites, and the search terms you enter. This information allows us to recognize you and personalize your experience, and to improve our services. This information is collected using cookies. For more information about how we use cookies, the types of cookies we use, and how to manage your cookie preferences, please refer to our Cookies Policy.
• From third parties: We may obtain information about you or your use of the Services from third parties and sources, such as our vendors, like web hosting providers, analytics providers, or advertisers. You may give us permission to access your information from services offered by third parties. The information we obtain from third-party services depends on your account/privacy settings with those third parties and the third parties’ privacy policies. You are responsible for reviewing the privacy policies of these third parties and adjusting your settings to meet your preferences. When you access the Services through third-party platforms, you are authorizing us to collect, store, and use such information and content in accordance with this Policy. Please keep in mind that any information provided to us by a third party may also be subject to that third party’s privacy policy.

How do we use the personal information we collect?

We may use your personal information for the following purposes:

• Identification and authentication: We use your identification information to verify your identity when you access and use our Services or otherwise engage with us, and to ensure the security of your personal information. This is necessary to provide the requested service.
• Communications: We may respond to and communicate with individuals and healthcare providers about requests, questions, comments, products, and services.
• Business operations: We process your personal information to provide the Services that you request and relationships with our actual and potential suppliers and customers. We use personal information to operate, evaluate, and improve our business, including developing new products and services; determining the effectiveness of the company’s sales, marketing and advertising; and performing accounting, auditing, billing, reconciliation, and collection activities.
• Service improvements: We analyze usage information, including site analytics, to continually improve the user experience.
• Customizing your experience: We may use your personal information to improve your experience of the Services, such as by providing interactive or personalized elements on the Services.
• Marketing: We may use your personal information in accordance with your preferences to build a profile about you, to understand your preferences, and to help determine which marketing materials would be of interest to you.
• Recruitment and Job Placement: We may use your personal information to evaluate you against roles that you have applied for using our Careers website or make recommendations to you for roles that may be of interest.
• Exercising or protecting rights: We may use your personal information to exercise or protect our legal rights, or the rights of you or a third party, where it is necessary to do so, for example, to detect, prevent, and respond to intellectual property infringement claims or violations of law.
• De-identification: In some circumstances, we may anonymize or de-identify personal information so that it may no longer be associated with an individual, and in such cases, we may use that anonymized/de-identified information without further notice to you and outside of this Policy. Where we do so, we will only maintain and use this type of information in deidentified form and we will not attempt to reidentify this information, except for the purposes of validating our deidentification process where permitted under applicable law.

Depending on the Service, we may use machine learning, artificial intelligence (“AI”), generative AI and Large Language Models (LLMs), and other automated tools, to accomplish these purposes.

3. When and With Whom We Disclose Your Information

In the course of our business we may disclose your personal information to others:

• To our auditors. We may be subject to audits from a number of entities as well as due to our own internal auditing policies. In order to accomplish an effective audit, we must provide information, which may include your personal information, to external auditors. We always ensure that your information is safely disclosed and stored and that auditors can only use your information for the purposes of completing an audit.
• To our third-party partners and service providers. We may utilize a variety of third party partners and service providers to facilitate our performance of the Services. For example, we may partner with companies to process secure payments, fulfill orders, host and support our IT infrastructure and systems, evaluate job applicants, optimize services, send newsletters and marketing messages, support email and messaging services, and analyze information. These service providers may include advertising agencies, technical support, or website analytics providers.
• To individuals or entities you authorize. We may disclose your personal information to individuals or entities at your direction.
• Our affiliates. We may share your personal information with our affiliates for the purposes of administering our business and providing our Services.
• In corporate transactions. We may share all or part of your personal information with other entities in connection with the sale, assignment, merger, or other transfer of all or a portion of our organization or assets to such entities (including due to a sale in connection with a bankruptcy).
• For legal purposes. We may disclose all or part of your personal information to courts, litigants, regulators, arbitrators, administrative bodies, or law enforcement when we have reason to believe that disclosing this information is necessary to resolve actual or suspected claims. We may also disclose your personal information in order to identify, contact, or bring legal action against someone who may be violating any agreement with us or may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of the Website, or anyone else that could be harmed by such activities. We may disclose information in response to a subpoena, or search warrant, in connection with judicial proceedings or pursuant to court orders, legal processes, or other law enforcement measures. We may disclose or access personal information when we believe in good faith that the law requires it to establish our legal rights or to defend against legal claims.

As may be required under applicable law, the chart below provides the categories of personal information that we: (1) collect and have collected in the preceding 12 months; (2) disclose for a business purpose and have disclosed for a business purpose in the preceding 12 months; or (3) “sold” or “shared” in the preceding 12 months (as those terms are defined under applicable law):

4. Personal Information Relating to Children

Exact Sciences' Services subject to this Policy are not designed for individuals under the age of 18. If we discover that a person under the age of 18 has provided us with personal information, we will take reasonable steps to remove such personal information from our files. As a result, Exact Sciences does not knowingly “sell” or “share” the personal information of individuals under the age of 16 (as those terms are defined under applicable law).

5. How Long We Retain Your Information

We retain your personal information for as long as necessary to carry out the purposes set out in this Policy unless a longer retention period is required by applicable law. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide any services to you (for example, for as long as you are using our services); (ii) whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of our relationship with you or your transactions for a certain period of time before we can delete them); and (iii) whether retention is advisable in light of our legal position (for example, in connection with applicable statutes of limitations and litigation or regulatory investigations).

6. Marketing and Promotional Communications

You may opt-out of receiving marketing and promotional messages from us if those messages are powered by us, by following the instructions in those messages. If you decide to opt-out, you will still receive non-promotional communications that are necessary for the performance of our Services.

7. Links To Other Sites

This Policy applies only to our Website and Services, and not to other companies’ or organizations’ websites, mobile applications and services to which we link. We are not responsible for the privacy practices or the content of other websites or linked websites, including any websites that may indicate a special relationship or partnership with us (such as co-branded pages or “in cooperation with” relationships). To ensure the protection of your privacy, always review the privacy policy of the websites

8. Security

We implement technical and organizational measures designed to maintain a level of security appropriate to any risks presented to the personal information we process. These measures seek to ensure the ongoing integrity and confidentiality of personal information. Please note that no security measures can be guaranteed; however, we evaluate and test our chosen measures on a regular basis to protect your personal information in accordance with this Policy and applicable law.

9. Your Data Rights

Certain U.S. states provide specific consumer rights to residents of those jurisdictions regarding personal information. This section of this Policy describes the rights that may be available to those individuals based on applicable law. For more information, or to request to exercise your data rights, please use the information provided under How To Submit A Request.

Depending on the jurisdiction in which you live and subject to certain limitations, you may have the following rights with regards to your personal information:

• Right to Confirmation and Access. You may have the right to confirm whether or not Exact Sciences is processing your personal information, to access the specific pieces of personal information that we process about you, and to obtain certain information about the third parties to whom we disclose your personal information.
• Right to Correct. You may have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.
• Right to Delete. You may have the right to request that we delete the personal information that we maintain about you.
• Right to Portability. You may have the right to request to receive your personal information in a portable and readily usable format, to the extent technically feasible.
• Right to Opt-Out of “Sales,” “Sharing,” and Targeted Advertising. You may have the right to request to opt out of “sales” and targeted advertising/“sharing” of your personal information for cross-context behavioral advertising purposes (as these terms are defined under applicable law).
• Right to Opt-Out of Profiling. You may have the right to request to opt out of automated profiling using your personal information that produces legal or similarly significant effects concerning you (e.g., denial of financial or lending services, housing, insurance, education enrollment or opportunity, criminal justice, employment opportunities, health-care services, or access to essential goods or services).
• Right to Non-Discrimination. You may have the right to be free from unlawful discrimination for exercising your rights under applicable state law.
• Right to Limit Use and Disclosure of Sensitive Personal Information. You may have the right to request to opt-out of certain uses and disclosures by us of sensitive personal information.

You may also have a right to appeal a decision we make relating to requests to exercise your rights under applicable law. If you wish to appeal, please clearly and plainly describe your basis of disagreement with our decision by responding through the same means by which we communicated our refusal or by submitting your appeal through the information provided under Contact Us.

10. How To Submit a Request

You can submit your request to exercise your data rights by: clicking here to submit a request, clicking here to submit a request as an authorized agent (California only), or calling 1-844-570-9736 (California only).

To exercise your right to opt out of “sales,” targeted advertising/“sharing” of your personal information for cross-context behavioral advertising purposes (as these terms are defined under applicable law), or certain uses and disclosures by us of sensitive personal information, you can click the “Your Privacy Choices” link in the footer. We also process requests submitted through opt-out preference signals recognized under applicable law, such as the Global Privacy Control. These signals set your opt-out preferences only for the particular browser or device you are using and any profile that we associate with that browser or device. For information about how to use the Global Privacy Control, please visit https://globalprivacycontrol.org/.

If you are submitting a request through an authorized agent, such authorized agent must provide us with your signed written permission stating that the agent is authorized to make the request on your behalf. We may also request that any authorized agents verify their identity and may reach out to you directly to confirm that you have provided the agent with your permission to submit the request on your behalf. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.

We may need to obtain additional information from you in order to verify or otherwise fulfill your request. For example, we may ask you to confirm data points we already have about you. We reserve the right to reject your request if we are unable to verify your identity to a sufficiently high level of certainty. If you fail or refuse to provide the necessary information, we may not be able to process your request. The information you provide to verify your identity will only be used for verification purposes, and a record of your request, including certain information contained within it, will be maintained by Exact Sciences for our files.

11. Changes to This Privacy Policy

We may amend this Policy at any time by posting revisions on our Website. If we make any material changes in the way we collect or process your personal information, we will notify you by prominently posting notice of the changes on our Website.

12. Contact Us

To submit questions, you can contact us by emailing us directly at privacy@exactsciences.com.

↑ Top

International Privacy Policy

The above Policy still applies to those individuals who reside outside of the United States or who have had personal information collected by Exact Sciences or its agents in a country other than the United States. However, due to various international regulations, those individuals may be entitled to additional disclosures and rights. This International Privacy Policy (the “International Policy”) supplements the above Policy, but where the provisions of the Policy and this International Policy cannot be construed consistently, this International Policy will govern.

Please note that by engaging with our Services or by visiting our Website, your personal information is being stored and processed in various countries around the world, including the United States. The countries where we store and process your personal information may not have privacy laws that are as strong or comprehensive as the privacy laws in your own country.

Depending on your country of residence, you may have data rights as provided by various laws, regulations, and codes.

This International Policy applies to all personal information about you that we collect, hold, use and disclose, regardless of the way in which we collect it (i.e., whether through the website, the services, or otherwise).

Our International Policy includes:

1. Collection Of Personal Information
2. How We Use Personal Information
3. The Basis On Which We Process Your Personal Information
4. Obtaining Consent
5. Third-Parties
6. Limitations
7. Retention Of Personal Information
8. Access And Rights To Your Personal information
9. Opt-Out And Unsubscribe
10. Accuracy
11. Safeguards
12. Contact Us

1. Collection of Personal Information

You can find specific details about the personal information that we collect about you in the sections titled What Information We Collect And For What Purposes of the Exact Sciences Privacy Policy.

Where we are the data controller with regards to the personal information that we process, you may exercise your rights as a data subject as described in this International Policy. Where we are collecting your personal information on behalf of another entity (i.e., we are not the data controller), we will provide you with the identity of the data controller so that you may exercise your rights as a data subject directly with them.

2. How We Use Personal Information

As a general matter, we collect your personal information to perform our Services and administer our Website. You can find specific details about the purposes for which we collect personal information about you in the sections titled What Information We Collect And For What Purposes.

3. The Basis On Which We Process Your Personal Information

We will only collect and process your personal information as is reasonably necessary for, or directly related to, one or more of our functions or activities, including for administering our Website or providing our Services.

Where required by law, we rely on the following legal grounds to process your personal information, namely:

• Consent: We will rely on your consent, where required by law, to use (i) technical information (including general location data) derived from cookies, as described in this International Policy and our Cookies Policy; (ii) your personal information for marketing purposes; and (iii) your personal information to evaluate you for a role with the Exact Sciences.
• Performance of a contract: We will process any of your personal information identified in this International Policy as necessary to perform our contractual obligations with customers or suppliers.
• Complying with legal obligations: We may process your personal information to carry out fraud prevention checks or comply with other legal or regulatory requirements, such as those related to information security or consumer transaction law, when required by law.
• Legitimate interests: Any personal information not processed under the other bases identified in this section will be processed in furtherance of our legitimate interests. We have legitimate interests in providing and maintaining our Services, responding to your communications, improving and customizing our Services, exercising or protecting the rights of Exact Sciences or you or a third party, and operating our business effectively. Where we rely on legitimate interests to process your personal information, we will balance our need to process that information with any risks such processing poses to your rights and freedoms.

4. Obtaining Consent

Except when otherwise permitted by law or binding regulation, we will obtain the requisite consent from you prior to collecting and, in any case, prior to using or disclosing your personal information for any purpose other than as disclosed in this International Policy. You may provide your consent to us orally, in writing, by electronic communication, through your actions, or any other means reasonably capable of conveying your consent.

Generally, we will seek to obtain your explicit consent if we collect, use, or disclose sensitive personal information about you. However, your refusal to provide consent for collection (or your withdrawal of previously given consent) or to give your personal information when requested, can have negative consequences. For example, if you do not give consent for Exact Sciences’ collection of cookies, then the Website will not remember your prior log-in information or your preferences. In another example, if you do not provide your personal information when requested we may not be able to provide you with requested materials, disclosures, or Services.

5. Third Parties

We remain responsible for all personal information communicated to other entities for processing on our behalf. As such, we ensure that other entities that are engaged to provide products or services on our behalf and are provided with personal information are required to observe the intent of this International Policy by having comparable levels of security protection or, when required, by assurances that they will not use or disclose the personal information for any purpose other than the purpose for which the personal information was communicated. You can find specific details about to whom Exact Sciences discloses your personal information in the section titled When And With Whom We Disclose Your Information.

6. Limitations

We only collect the personal information necessary to fulfill the purposes identified to you prior to or at the time of collection, or any other reasonable and legitimate purposes or as required by law.

We do not use or disclose your personal information, except for the purposes for which it was collected, new purposes to which you have consented, or as required or otherwise permitted by applicable law.

We do not, as a condition of providing the Website or performing the Services, or as an administrative or management requirement, require consent to the collection, use, or disclosure of personal information beyond what is reasonably required for such purposes, or to comply with our obligations under applicable law or regulation.

7. Retention of Personal Information

We retain your personal information for as long as necessary to carry out the purposes set out in this Policy unless a longer retention period is required by applicable law. To determine the appropriate retention time for your personal information, we consider the amount, nature, and sensitivity of personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information, and whether we can achieve these purposes through other means, as well as applicable legal requirements. In some circumstances, we may anonymize personal information so that it may no longer be associated with an individual, and in such cases, we may use that anonymized information without further notice to you and outside of this Policy.

8. Access and Rights to Your Personal Information

You may have certain rights regarding the personal information we hold about you, subject to applicable law. These may include the right to access, correct, delete, restrict or object to our use of, or receive a portable copy in a usable electronic format of your personal information.

Not all individuals about whom we possess information will have access to these rights, and we may not be able to provide these rights to everyone due to legal and jurisdictional limitations.

You can request to exercise these rights by clicking here to submit a request. We may require that you provide us with additional information to identify yourself before we provide information about the existence, use, or disclosure of your personal information in our possession. Any such information that you provide to us shall be used only for this purpose. If you fail or refuse to provide the necessary information, we may not be able to process your request.

We expect to be able to respond to your request without charge as a general matter. However, where allowed by law, we reserve the right to collect a reasonable charge when you request the transcription, reproduction, or transmission of such information. We will notify you, following your request of the appropriate amount that will be charged. You will then have the opportunity to withdraw your request.

Finally, you have the right to raise a complaint with Exact Sciences or the appropriate data protection authority of your country of residence if you feel that Exact Sciences’ processing of your personal information violates your individual rights, is not in line with this International Policy or violates the laws or regulations of your country of residence.

9. Opt-Out and Unsubscribe

You may opt-out of receiving marketing and promotional messages from us if those messages are powered by us, by following the instructions in those messages. If you decide to opt-out, you will still receive non-promotional communications that are necessary to maintain the existing business relationship between you and Exact Sciences, to the extent that there is one.

If you participate in a text messaging program with Exact Sciences, text messaging originator opt-in data and consent will not be shared with any third parties for their own purposes.

10. Accuracy

We will use reasonable efforts to ensure that your personal information is kept as accurate, complete, and up-to-date as possible. We do not routinely update your personal information in our possession unless such a process is necessary. In order to help us maintain and ensure that your personal information is accurate and up to date, you must inform us, without delay, of any change in the data that you have provided to us.

You can, at any time, challenge the accuracy or completeness of the personal information we have about you, subject to the exceptions provided by applicable law. If you demonstrate that the personal information we have on you is inaccurate or incomplete, we will amend the personal information as required. Where appropriate, we will transmit the amended data to third parties to whom we have communicated your personal information.

11. Safeguards

We use security safeguards appropriate to the sensitivity of personal information to protect it from loss or theft, as well as unauthorized access, disclosure, copying, use or modification. These safeguards include physical measures, such as restricted access to offices and equipment, organizational measures, such as training and publishing policies to appropriate personnel, and technological measures, such as the use of passwords and/or encryption.

To administer our business and provide our services, we may share your personal information with our affiliates or with third parties in locations around the world. When we transfer your personal information outside your jurisdiction, we will take steps to ensure that such data transfers comply with applicable data privacy laws. If you live in the European Economic Area (EEA) or the UK, your personal information may be stored and processed in a jurisdiction which may not provide for the same level of data protection. If we transfer or store personal information outside of the EEA, UK or other countries or economies that require legal protection for international data transfer, we will ensure that an adequate level of protection is provided by implementing measures such as standard data protection clauses, copies of which can be obtained, as required by law, by contacting us at the email address listed in Contact Us, or relying on other legally-approved transfer mechanisms, such as an adequacy decision.

Exact Sciences complies with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks (“DPF”) and UK Extension to the Data Privacy Framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA, UK, or Switzerland to the United States. Exact Sciences has certified to the U.S. Department of Commerce that it adheres to the DPF Principles. If there is any conflict between the terms in this Policy and the Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please click here.

In compliance with the DPF, Exact Sciences commits to resolve complaints about our collection or use of your personal information. EEA, UK, and Swiss individuals with inquiries or complaints regarding our DPF Policy should first contact Exact Sciences by using the information in Contact Us.

If Exact Sciences is unable to resolve your complaint, EEA, UK, and Swiss individuals may raise an unresolved DPF complaint with ICDR-AAA, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please click here for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to you. Additionally, Exact Sciences is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”). Under certain conditions, you may have the right to invoke binding arbitration relating to the collection or use of your personal information in connection with the DPF. Exact Sciences remains liable, to the extent imposed by applicable law, for onward transfers to third parties.

12. Contact Us

Please direct all complaints or other inquiries regarding personal Information, the Policy, or the International Policy to privacy@exactsciences.com.

You can contact Exact Sciences’ data protection officer in writing through the below:

Exact Sciences Corporation

Attn: Data Protection Officer

Email: DPO@exactsciences.com

Physical Address: 5505 Endeavor Lane, Madison, WI 53719

Exact Sciences Corporation includes, but is not limited to and may change from time to time, Exact Sciences Laboratories, LLC; Exact Sciences Europe, Ltd.; Biomatrica, Inc.; Genomic Health, Inc.; Genomic Health Italia SRL; Genomic Health, Inc.; Exact Sciences France SAS; Exact Sciences Innovation Ltd.; Exact Sciences Europe, Ltd.; Exact Sciences UK, Ltd.; Exact Sciences Ireland, Ltd.; Exact Sciences Deutschland GmbH; Exact Sciences Molecular Diagnostics GmbH; Exact Sciences Proteomics GmbH; Exact Sciences Netherlands B.V.; Exact Sciences Sweden AB; Exact Sciences Poland Sp. z o.o.; Exact Sciences Pte. Ltd.; Exact Sciences Spain SL; Exact Sciences MEA Trading L.L.C; Paradigm Diagnostics, Inc.; Resolution Biosciences, Inc.; PreventionGenetics, LLC; Exact Sciences International GmbH; Exact Sciences Canada, Ltd.; Exact Sciences Thrive, LLC; Genomic Health International Holdings, Inc.; EXSC Mexico, S. de R.L. de C.V.; CG Growth, LLC; Exact Sciences RDX LLC; Exact Sciences Ventures, LLC; PFS Genomics, Inc.; and any other affiliates or subsidiaries with the brand name “Exact Sciences”.

↑ Top