The company responsible for collection, use and disclosure of your Personal Information under this Privacy Notice (the data controller) is Veracyte, Inc., located at 6000 Shoreline Court, Suite 300, South San Francisco, CA 94080, USA, unless specified otherwise. A reference to “Veracyte,” “we,” “us,” or “our” is a reference to Veracyte, Inc. and/or any relevant affiliate involved in the Personal Information processing activity, which could include Veracyte International Corp., Veracyte Global BV, Decipher Biosciences, Inc., and/or Decipher Corp.
Personal Information We Collect:
Information Provided by You: The categories of Personal Information we collect from you typically include contact information (such as your name, email or postal address, telephone or fax number, email address, job title), and other details you choose to share with us. You provide Personal Information when you correspond with us, submit a website form, request information or support, or sign up for a Veracyte-sponsored newsletter, webinar, event or promotion. Where relevant to fulfill a transaction or request, we may collect additional information such as billing or payment information, shipping addresses, and credit card information. Additionally, in order to tailor our communications to you, we may ask you to voluntarily provide us with information regarding your professional background and areas of interest, experience with our products, contact preferences, and other information relating to your interactions with us or the Services.
Information Collected Automatically: When you use or interact with the Services, we may automatically record certain information from your web browser by using different types of technology, including “clear GIFs” or “web beacons.” This information includes Internet Protocol address, web browser type, the web pages or sites that you visit just before or just after our Sites, the pages you view on our Sites, and the duration, dates and times that you visit the Sites, and device information (regional and language settings and operating system).
We use Google Analytics, a web analytics service provided by Google, Inc. to collect information about your use of the Services, including your IP address. Google uses this to provide information about visits to our Sites, including number of visitors, the websites from which visitors have navigated to our Sites, and the pages on our Sites to which visitors navigate. More information on Google Analytics can be found at the following link: www.google.com/policies/privacy/partners/. We also engage third party partners to place ads on other websites. These companies may collect contact information and/or use data about your visits to this and other websites in order to measure advertising or content effectiveness and to provide advertisements about our goods and services that may be of interest to you.
Our Sites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets. These features, which are either hosted by the respective social media network or hosted directly via our Sites, allow you to post information to your third party social media profile page and share it with others in your network. When you click through social media features from particular websites, the social media network may receive information showing the websites you have visited. If you are logged in to your social media account, the social media network can link your visit to our Sites and others, and may deliver advertisements or promotions about our Services tailored to your interests. Your interactions with social media features are governed by the privacy policies of the companies providing these features.
Certain web browsers and other programs may be used to signal your preferences about how or whether Veracyte or third parties may collect information about your online activities. Currently, Veracyte does not respond to such signals.
Information from Other Sources: We may receive Personal Information about you from third parties and from publicly available sources, including, when legally permitted, from health care providers and health systems, collaboration or event partners, lead generation companies and social media sites.
How We Use Personal Information:
We use Personal Information in a variety of ways, including for the following purposes and legal bases:
(1) Our Legitimate Business Interests
We may use your Personal Information to further our legitimate business interests. These may include, without limitation:
Responding to your inquiries and communications.
Marketing our products and services to you, and analyzing and improving our products and services, customer and technical support;
Communicating with you, including by sending you newsletters, announcements, updates, and support and administrative messages;
Analyzing your needs and interests, and personalizing your experience with the Services;
Analyzing use of our Sites to study trends and users’ movements around the Sites, improve the Sites and develop new features and Services;
Maintaining the safety, security, and integrity of our Services, databases and other technology assets, and business; and
Verifying your identity in connection with a communication, transaction or account between you or us or in connection with your exercise of your privacy rights.
We may create anonymous data from your Personal Information and that of other individuals by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.
(2) Consent We may use your Personal Information when we have your consent to do so, where required or permitted under applicable law. If we are using your Personal Information on the basis of consent, you may withdraw your consent at any time by informing us using the contact information below.
(4) Compliance with Legal Obligations We may use or disclose your Personal Information as we believe necessary or appropriate to:
Comply with applicable laws and regulatory requirements, lawful requests, and legal processes, such as to respond to subpoenas or requests from government authorities;
Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims, and enforcing terms and conditions governing the Services); and
Protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
How We Share Your Personal Information:
We do not sell your Personal Information, nor do we share it with unaffiliated third parties for their own marketing or promotional use unless we have your consent. We may share your Personal Information with third parties who assist us in the process of providing Services to you, or otherwise perform functions on our behalf, including:
Healthcare Professionals: We may share your information with your healthcare providers and doctors who you have authorized to receive such information. When we transmit information to a healthcare provider, we are subject to laws and regulations governing the use and disclosure of Personal Information, including (in the United States) the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Personal data related to past, present or future health conditions, treatments and payments will only be used or disclosed for treatment and other authorized purposes as stated in our HIPAA Notice of Privacy Practices.
Legal Purposes, Business Transfers: We may disclose Personal Information where required by law, or in the good-faith belief that such action is necessary to comply with state and federal laws or respond to a court order, judicial or other government subpoena, or warrant. In some cases, we may make such disclosures without first providing notice to you. We also reserve the right to disclose Personal Information that we believe, in good faith, is appropriate or necessary to take precautions against liability; protect us from fraudulent, abusive, or unlawful uses; to investigate and defend ourselves against any third-party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of the Site; or to protect the rights, property, or personal safety of Veracyte, our users, or others. We may sell, transfer or otherwise share some or all of our business or assets, including your Personal Information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. We reserve the right, in any of these circumstances, to transfer or assign Personal Information that we have collected without prior notice to you.
Aggregated Data: We may share aggregated data with third parties collectively in an anonymous way, which does not reveal Personal Information. In addition, we may share your Personal Information when you have provided consent to do so.
Your Rights and Choices:
Opt out of marketing communications: If you no longer want to receive marketing communications from us, notify us using the contact information below, or follow the unsubscribe link provided in the marketing email. If you opt out of receiving marketing communications from us, we may still send you administrative messages, from which you cannot opt out.
Targeted online advertising: Some of the business partners that collect information about users’ activities on or through the Site may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising.
Users may opt out of receiving targeted advertising through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. If you choose to opt-out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included in this list, so you may still receive some cookies and tailored advertisements from companies that are not listed.
Health-Related Data: Veracyte processes health-related Personal Information as part of our business activities, subject to data privacy and security requirements applicable to health-related data. Depending on your jurisdiction, you may have certain rights with respect to Personal Information relating to your health. In the United States, for example, the HIPAA Privacy Standards grant US residents rights relating to protected health information (PHI), including the right to request a copy of or amend PHI, receive PHI via confidential communications, receive Veracyte’s Notice of Privacy Practices, request restrictions on the use and disclosure of PHI, receive an accounting of disclosures of PHI, to complain, and be notified of a PHI breach. For more information, please review Veracyte’s HIPAA Notice of Privacy Practices. If you would like to receive a hard copy of our HIPAA Notice of Privacy Practices, contact Veracyte Customer Care at 1.844.558.8372 or firstname.lastname@example.org.
If you wish to submit a request relating to your health-related Personal Information, you may contact Veracyte Customer Care at the contact information above, and we will process your request pursuant to the laws and regulations applicable in your jurisdiction. We may ask you to verify your identity and to provide additional details, by completing forms, before we are able to further assist you.
Rights for Individuals based in California, the European Economic Area (EEA), Switzerland, or United Kingdom (UK): If you are a resident of California or an individual based in the EEA, Switzerland, or UK, you have additional rights. Please see the “Location-Specific Information” section below.
We employ a number of organizational, technical and physical safeguards designed to protect the Personal Information we collect and store. However, security risk is inherent in all Internet and information technologies and we cannot guarantee the absolute security of your Personal Information. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us using the contact information provided below.
Veracyte is headquartered in the United States, and we have operations, entities, and service providers both in the United States and throughout the world. As such, we and our service providers may transfer your Personal Information to, or store or process it in, servers in the United States and/or other jurisdictions which may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your Personal Information receives an adequate level of protection in the jurisdictions in which we process it. If you are located in the European Economic Area, Switzerland or UK, we provide adequate protection for the transfer of Personal Information to countries outside of these areas, such as through the use of authorized Standard Contractual Clauses.
Links to Other Websites:
Our Sites are not directed to, and we do not knowingly collect Personal Information from, anyone under the age of 16. We encourage parents or guardians who become aware that their child has provided us with Personal Information to notify us using the Contact Us details below. We will delete such information from our files as soon as reasonably practicable.
Veracyte Contact Information:
Attn: Privacy Officer
6000 Shoreline Court, Suite 300
South San Francisco, CA 94080