“Personal information” is information, or a combination of pieces of information, that could reasonably allow you to be identified, including information defined as “personal data” and governed by the EU General Data Protection Regulation 2016/679.
Please note that our collection or use of your personal information may be governed by a separate privacy notice. Our uses and disclosures of protected health information governed by the Health Information Insurance Portability and Accountability Act are explained in our HIPAA Notice. If you are a California resident, we will process that information according to our Privacy Notice for California Residents. If you receive a different notice at the time we collect your personal information, that privacy notice will govern how we use that personal information.
1. PERSONAL INFORMATION THAT WE COLLECT
When you access the Services, we may collect the following categories of personal information directly from you:
- Contact information, such as your name, postal address, email address, telephone number (each whether associated with you in your personal or professional capacity);
- Authentication data, such as user name, password, password hint(s), and other similar authentication information necessary to verify the identity of registered users;
- Professional details, such as job title, and organization; and
- Other information you provide, such as information you provide in emails and other communications that you send us or otherwise contribute (e.g., customer support inquiries). Please be aware that information you post on public parts of our website may be visible to anyone.
- Unique identifiers, such as IP address, browser type, operating system, the pages you view on the Sites, the pages you view immediately before and after you access the Sites, and the search terms you enter on the Sites, Internet or other electronic network activity information;
- General location data; and
- Inferences drawn from the above categories.
We also may obtain your personal information from third parties and sources, such as web hosting providers, analytics providers, and advertisers. In some cases, these third parties collect information on our behalf as our processors or service providers. In other cases, we collect information from third parties based on the account or privacy settings that you have established with those third parties. The information we collect from other sources may include any of the types of personal information listed above.
2. HOW AND ON WHAT BASES WE USE YOUR PERSONAL INFORMATION
We may use your personal information for the following purposes:
- Identification and authentication: We use your identification information to verify your identity when you access and use our Services, or otherwise engage with us, and to ensure the security of your personal information. This is necessary to provide the requested service.
- Communications: We may respond to and communicate with individuals and healthcare providers about requests, questions, comments, products, and services.
- Business operations: We process your personal information to provide the Services that you request and relationships with our actual and potential suppliers and customers. We use personal information to operate, evaluate, and improve our business, including developing new products and services; determining the effectiveness of the company’s sales, marketing and advertising; and performing accounting, auditing, billing, reconciliation, and collection activities.
- Service improvements: We analyze usage information, including site analytics, to continually improve the user experience.
- Customizing your experience: We may use your personal information to improve your experience of the Services, such as by providing interactive or personalized elements on the Services.
- Marketing: We may use your personal information in accordance with your preferences to build a profile about you, to understand your preferences, and to help determine which marketing materials would be of interest to you and your patients.
- Exercising or protecting rights: We may use your personal information to exercise or protect our legal rights, or the rights of you or a third party, where it is necessary to do so, for example to detect, prevent, and respond to intellectual property infringement claims or violations of law.
Applicable law may require Exact Sciences to identify a legal basis in order to process your personal information. Such bases include:
- Consent: We will rely on your consent, where required by law, to use (i) technical information (including general location data) derived from cookies and similar tracking technologies, as described in this Policy and our Cookies Policy; and (ii) your personal information for marketing purposes.
- Performance of a contract: We will process any of your personal information identified in this Policy as necessary to perform our contractual obligations with customers or suppliers.
- Complying with legal obligations: We may process your personal information to carry out fraud prevention checks or comply with other legal or regulatory requirements, such as those related to information security or consumer transaction law, when required by law.
- Legitimate interests: Any personal information not processed under the other bases identified in this section will be processed in furtherance of our legitimate interests. We have legitimate interests in providing and maintaining our Services, responding to your communications, improving and customizing our Services, exercising or protecting the rights of Exact Sciences or you or a third party, and operating our business effectively. Where we rely on legitimate interests to process your personal information, we will balance our need to process that information with any risks such processing poses to your rights and freedoms.
We may also anonymize your personal information in such a way that you may not reasonably be re-identified by us or any other company, and may use this anonymized information for any other purpose.
3. HOW AND WHEN WE SHARE YOUR PERSONAL INFORMATION
We may share your personal information as follows:
- To inform third-party entities that provide services to us: We may share your personal information with third parties that perform marketing services and other business operations. For example, we may partner with companies to process secure payments, fulfill orders, optimize services, send newsletters and marketing messages, support email and messaging services, and analyze information. These service providers may include advertising agencies, technical support, or website analytics providers, which will use your personal information only in the ways described in this Policy.
- Exact Sciences group companies: We may share your personal information with Exact Sciences group entities to ensure that we provide our Services effectively and according to your requests or a contract with you.
- Where required by law: We may share your personal information with law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
- In the context of a transaction: We may share your personal information with potential transaction partners, service providers, advisors, and other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell or transfer all or a portion of our assets or business. Should such a sale or transfer occur, we will use reasonable efforts to obligate the entity to which we transfer your personal information to use it in a manner consistent with this Policy.
4. YOUR RIGHTS OVER YOUR PERSONAL INFORMATION
You have certain rights regarding the personal information we hold about you, subject to local law. These may include the right to access, correct, delete, restrict or object to our use of, or receive a portable copy in a usable electronic format of your personal information. You also may have a right to lodge a complaint with your local data protection or privacy regulator.
We also encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. Where you have provided your consent to any use of your personal information, you can withdraw this consent at any time. Please note that we may require additional information from you in order to honor your requests.
If you would like to discuss or exercise any rights you may have under applicable law, please contact us at firstname.lastname@example.org or 1-844-870-8876. Please note that you may need to provide additional information for us to respond to certain requests.
5. DATA RETENTION
We retain your personal information for as long as necessary to carry out the purposes set out in this Policy, unless a longer retention period is required by applicable law. To determine the appropriate retention time for your personal information, we consider the amount, nature, and sensitivity of personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information, and whether we can achieve these purposes through other means, as well as applicable legal requirements. In some circumstances we may anonymize personal information so that it may no longer be associated with an individual, and in such cases we may use that anonymized information without further notice to you and outside of this Policy (because, once anonymized, it ceases to constitute “personal information”).
6. INFORMATION SECURITY
We implement technical and organizational measures to maintain a level of security appropriate to any risks presented to the personal information we process. These measures seek to ensure the ongoing integrity and confidentiality of personal information. Please note that no security measures can be 100% secure; however, we evaluate and test our chosen measures on regular basis in order to protect your personal information in accordance with this Policy and applicable law.
7. DO NOT TRACK
We do not currently respond to web browser “do not track” signals or other mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which we participate. For more information, visit www.allaboutdnt.org.
8. INTERNATIONAL DATA PROCESSING & TRANSFER
We process information collected from or about you in any country in which Exact Sciences operates, as permitted by applicable law. In some cases, your information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for information under applicable laws (such as those in the European Union). When we conduct such transfers, we put in place appropriate safeguards (such as Privacy Shield and standard contractual clauses) in accordance with applicable legal requirements. Information located outside of your home country may be subject to access by that country’s government or its agencies under a lawful order. For more information on the appropriate safeguards in place or to obtain a copy, please contact us at email@example.com.
9. THIRD-PARTY WEBSITES
This Policy applies solely to the information collected by Exact Sciences. Our Sites may contain links to websites not owned or controlled by Exact Sciences. Exact Sciences does not have any control over these third-party websites. We encourage you to be aware of these other third-party websites and their privacy statements, as we cannot control and are not responsible for privacy policies or practices of third-party websites.
10. CONTACT US
If you have questions or concerns regarding the way in which your personal information has been used, please contact us at firstname.lastname@example.org or 1-844-870-8876. Our data protection officer can be reached by emailing DPO@exactsciences.com.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to the data protection authority of your country of residence.
11. CHANGES TO THIS POLICY
Effective date: July 2, 2020