Exact Sciences Corporation, together with its wholly owned subsidiaries Exact Sciences Laboratories, LLC; Exact Sciences Development Company, LLC; Exact Sciences Europe, Ltd.; Biomatrica, Inc.; Genomic Health, Inc.; Genomic Health Italy, S.r.l.; Exact Sciences France SAS; Exact Sciences UK, Ltd.; Exact Sciences Ireland, Ltd.; Exact Sciences Deutschland GmbH; Paradigm Diagnostics, Inc.; and any other affiliates or subsidiaries with the brand name “Exact Sciences” (collectively, “Exact Sciences,” “we,” “our,” or “us”), complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce, with respect to the collection, use, and retention of personal information transferred from the European Economic Area, Switzerland, and the United Kingdom (collectively, “EEA”) to the United States. Exact Sciences has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (“Principles”), and this Policy describes how Exact Sciences commits to these Principles.
This Policy complements the privacy notice provided to individuals before or at the time of data processing. If there is any conflict between the terms in this Policy and any other privacy notice provided to you, this Policy shall govern. If there is any conflict between the terms in this Policy and the Principles, the Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/welcome.
Exact Sciences serves as both a controller and a processor with respect to the personal information it obtains and maintains. As a controller, Exact Sciences collects personal information from website visitors, customers, and suppliers.
- Exact Sciences also collects personal information relating to clinical research participants, including sensitive personal information. When doing so, Exact Sciences processes this information according to the relevant study agreement and protocol and any privacy notices provided in connection with the clinical research study.
As a processor, Exact Sciences collects personal information relating to individuals and patients in the EEA in connection with clinical trials that we conduct on behalf of our customers and with orders for our products or use of our services. In these instances, we process personal information according to the applicable customer agreement and applicable law.
Exact Sciences processes personal information relating to individuals in the EEA in accordance with the Principles of Notice; Choice; Accountability for Onward Transfers; Data Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability.
Exact Sciences informs EEA individuals about its processing of their personal information and its privacy practices, including the types of information collected, the third parties with which Exact Sciences shares information and its purposes for doing so, the rights and choices that EEA individuals have with respect to their personal information, and how to contact us to learn more about these practices.
We act as a processor of personal information relating to EEA individuals when we receive personal information from controller entities in the EEA, which we then process on behalf of that controller, in accordance with a written contract and applicable law. In these instances, the controller is responsible for providing appropriate notices to EEA individuals and obtaining any requisite consent.
Most personal information that Exact Sciences processes relies on a legal basis other than consent, such as fulfilling contractual obligations and legitimate interests. To the extent Exact Sciences is required to obtain consent for particular processing activities, we provide individuals with the opportunity to opt in or opt out of that processing activity, in accordance with applicable law. For example, before we disclose sensitive personal information to any third party, we will obtain affirmative express consent from the relevant EEA individuals.
When we act as a processor, the relevant controller is responsible for obtaining consent or otherwise providing EEA individuals with appropriate choices for the intended processing.
Exact Sciences shares personal information with its affiliates and subsidiaries. In doing so, we may disclose personal information without offering an opportunity to opt out, and may be required to disclose personal information (a) to third-party processors we have retained to perform services on our behalf and pursuant to our instructions; (b) where required to do so by law or legal process; or (c) in response to lawful requests from public authorities, including to meet national security, public interest, or law enforcement requirements. Exact Sciences also reserves the right to transfer personal information in the event of an audit or if we sell or transfer all or a portion of our business or assets (such as during a merger, acquisition, joint venture, reorganization, dissolution, or liquidation).
- Accountability for Onward Transfers
Exact Sciences may share personal information relating to EEA individuals with third parties that assist Exact Sciences in providing our products or services or otherwise in operating our business. In particular, we use third parties to provide the following types of services: customer support, IT services, data storage and security, technical support, research and development, marketing, legal services, recruiting and talent management, and human resources management (e.g., payroll, benefits, benchmarking, and relocation). When we engage third parties to assist us in operating our business, we do so pursuant to written agreements that require the third parties to (a) only process personal information on our behalf and according to our instructions; and (b) provide at least the same level of data protection as required by the Principles. If a third party is unable to meet its legal or contractual obligations, including its obligations under the Principles, we require that third party to notify us and we take reasonable and appropriate steps to stop and remediate any unauthorized processing of personal data. Exact Sciences remains responsible and liable under the Principles if any of our third-party processors process personal information in a manner inconsistent with the Principles, unless we can prove that we are not responsible for the event giving rise to the damage.
- Data Security
Exact Sciences takes reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, considering the risks involved in the processing and the nature of the personal information.
- Data Integrity and Purpose Limitation
We only process personal information relating to EEA individuals in ways that are compatible with and relevant to the purposes for which we collected, or obtained subsequent authorization to process, that personal information. To the extent necessary for such purposes, and consistent with our obligations as a controller or processor, Exact Sciences takes reasonable steps to ensure that we process personal information relating to EEA individuals that is (a) reliable for its intended use; and (b) accurate, complete, and current.
In furtherance of this Principle, please note that we rely on EEA individuals (or controllers, where we are the processor) to update and correct their personal information to the extent necessary for the purposes for which the information was collected or subsequently authorized. EEA individuals and controllers may contact us using the contact information provided below to request that Exact Sciences update or correct their personal information.
Subject to applicable law, Exact Sciences retains personal information in a form that identifies or renders identifiable the relevant EEA individual only for as long as it serves a purpose that is compatible with the purposes for which the personal information was collected or subsequently authorized by that EEA individual. We adhere to the Principles for as long as retain such identifiable personal information.
EEA individuals generally have the right to access their personal information. Accordingly, when Exact Sciences acts as a controller, where appropriate, we provide EEA individuals with reasonable access to the personal information that we maintain about them. We will also provide EEA individuals with a reasonable opportunity to correct, amend, or delete the information that is inaccurate or has been processed in violation of the Principles, as appropriate. Please note that these rights are not absolute and we may limit or deny access to personal information where the burden or expense of providing access would be disproportionate to the risks to the EEA individual’s privacy, or where the rights of someone other than the EEA individual would be violated. EEA individuals should use the information provided below to contact Exact Sciences in order to exercise any available rights.
When Exact Sciences acts as a processor on behalf of a controller entity, the controller is responsible for providing EEA individuals with access to their personal information and for honoring their rights to correct, amend, or delete information. In such circumstances, EEA individuals should direct their questions to the relevant controller. We will provide reasonable assistance to the controller in accordance with applicable law and our contractual obligations.
- Recourse, Enforcement, and Liability
Exact Sciences has mechanisms in place that are designed to promote compliance with the Principles. We periodically review our privacy practices to verify adherence to this Policy and our Privacy Shield certification.
In compliance with the Principles, Exact Sciences commits to resolve complaints about our collection or use of your personal information. EEA individuals with inquiries or complaints regarding this Policy should first contact Exact Sciences at email@example.com. Employees with inquiries or complaints regarding this Policy should contact their local Human Resources office.
If Exact Sciences is unable to resolve your complaint, you may raise your complaint with ICDR-AAA, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to you. Additionally, under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Exact Sciences is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, Exact Sciences may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- How to Contact Us
If you have questions or concerns regarding this Policy or our privacy practices relating to the Principles, please email us at firstname.lastname@example.org; call us at 844-870-8876; or write to us at
Exact Sciences Corporation
441 Charmany Drive
Madison, WI 53719
Effective date: July 2, 2020