Predicine, Inc. (“we”, “us” or “our”) is headquartered in California in the United States (“US”) and is committed to protecting your privacy. We have created this Privacy Policy to inform you of our business practices regarding the collection, use and disclosure of Personal Information and Protected Health Information and the choices you have associated with that information.
For US residents: We adopt this Privacy Policy to comply with the California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act of 2020 (“CPRA”) and other California privacy laws. We also comply with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic & Clinical Health Act of 2009 (“HITECH”), as amended, including all implementing rules and regulations. US residents should read our Notice of Privacy Practices Under HIPAA, also located on our website.
For European Union (“EU”) residents: See the International Users section below for more information regarding our compliance with the EU’s General Data Protection Regulation of 2018 (“GDPR”) and the EU-US Data Privacy Framework (DPF). EU residents should read our Notice of Privacy Practices under GDPR, also located on our Site.
This Privacy Policy applies to all Personal Information collected or processed online or offline through the website located at www.predicine.com, and all corresponding and affiliated webpages and websites that link to this Privacy Policy (the “Site”); any Predicine mobile application; our diagnostic devices; and laboratory analyses and testing services (collectively, the “Services”).
Before using our Services, please carefully read our Website Terms of Use, this Privacy Policy and our Notices of Privacy Practices. By using this Site, you consent to the collection and use of your Personal Information in accordance with this Privacy Policy and our Terms of Use. If you do not agree with any part of this Policy or our Terms of Use, you should not use or access our Services.
We collect Personal Information when you use our Services.
| Information You Voluntarily Provide | Information Automatically Collected | CCPA Categories |
|---|---|---|
| Your filling out of forms on our Site | We may use automatic collection technology as you use our Site or Services to collect your equipment, browsing activity or patterns | Category A: Personal Information such as name, address, email address, telephone, account names and numbers, medical record numbers |
| Your registering on our Site | Traffic data, location data, logs and other communication data and the resources that you access and use on the Site | Category B: Personal information categories listed in the CCPA (signature, name, health insurance information, financial information for payment of our Services, medical information) |
| Your subscribing to or purchasing our Services | Information about your computer and internet connection, including your IP address, operating system and browser type | Category C: For job applicants, employment and vendors: professional or employment-related history, performance evaluations, education, work history, credit information, bank account numbers or other financial information for payment purposes and background checks. See our Privacy Notice for California Job Applicants on our Careers page. |
| Records of your emailing or corresponding with us | Information about your preferences to make your use of the Site more productive, via the use of Cookies. For more information on Cookies, please see Section 2. | Category D: Protected classification characteristics under California and federal law: age, race, marital status, medical condition, gender identity, military status, genetic information |
| Your posting of materials on our Site | Information collected by our diagnostic devices and used for testing purposes to provide a test result report | Category E: Biometric information regarding cancer patient tumor profiling |
| Your responses to surveys from our teams | When you interact on social media, we could obtain your Personal Information by our review of social media sites depending on what you or the social media site makes public. We comply with the privacy policies of the social media platform, and we will only collect and store such Personal Information that we are permitted to collect by those social media platforms. | Category F: Internet or other electronic network activity information (browsing history, search history, interaction with our Site or Services) |
| Your placement of orders or other transactions on our Site | Transaction records, purchase history | Category A: Personal Information (name, account numbers); Category B: Commercial information (purchase records, transaction details) |
| Any financial information you provide us | Payment card numbers, bank account or billing details you provide | Category B: Financial information for payment of our Services |
| Providing information such as name and address to refer our Site or Services | Name and contact details of referred individuals | Category A: Personal Information (name, email address of referred individual) |
| Sharing User Content with us. We cannot control User Content or the transfer of User Content. | User Content posted publicly on the Site (text, images, or other materials you share) | Category A: Personal Information (any information included in User Content you choose to share) |
| Searching our Site | IP address | Category A: Personal Information (any information included in User Content) |
| Healthcare providers who order our testing for you as a patient | Test orders, physician and facility details, clinical data submitted with test orders | Category A: Personal Information (name, contact details, medical record numbers); Category B: Medical information, health insurance details |
Cookies are text files, containing small amounts of information, which are downloaded to your browsing device (such as a computer, mobile device or smartphone) when you visit or use our Site or Services. Cookies can be recognized by the website that downloaded them — or other websites that use the same cookies. This action helps websites know if the browsing device has visited them before.
There are session cookies and persistent cookies. A session cookie lasts while your browser is open and is automatically deleted when you close your browser. A persistent cookie lasts until you or your browser deletes the cookies, or they expire.
Cookies set by us are called “first party cookies,” while cookies set by parties other than Predicine are called “third party cookies.” The parties that set third party cookies can recognize your device, both when you use the Services and when you use other websites or mobile apps.
Cookies collect and process both Personal Information, as well as information that does not identify you as an individual. To the extent that IP addresses or similar identifiers are considered Personal Information by local law, we will treat these identifiers as prescribed under such applicable laws. If we combine non-personal information with Personal Information, the combined information will be treated as Personal Information for as long as it remains combined.
In addition to cookies, we may use other technologies that are similar to cookies, like web beacons, flash cookies, or pixels to track how you use our Services.
We use third-party web analytics services on our Site, including Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses cookies and similar tracking technologies to collect and analyze information about how visitors use our Site and to report on activities and trends. You can learn about Google’s practices by visiting https://policies.google.com/technologies/partner-sites. You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout. By using our Site, you consent to the processing of data about you by Google in the manner described in Google’s Privacy Policy. If you are an EU/EEA resident, such data transfers are governed by Standard Contractual Clauses.
Where required by applicable law (including GDPR and applicable US state privacy laws), we obtain your consent before placing non-essential cookies or tracking technologies on your device. When you first visit our Site, you may be presented with a cookie consent banner or preference center that allows you to accept, reject, or manage your cookie preferences by category. You may withdraw your consent or update your preferences at any time by accessing the cookie settings available on our Site. Please note that disabling certain categories of cookies may affect the functionality of our Services.
Your browser may provide you with the option to refuse some or all browser cookies. You may also be able to remove cookies from your browser. You can exercise your preferences in relation to cookies served on our Services by taking the steps outlined below:
We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. In addition, most web browsers provide help pages relating to setting cookie preferences. More information may be found for the following browsers:
Some Internet browsers, such as Internet Explorer, Firefox, and Safari, include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT” signals have not been adopted, our Sites do not currently process or respond to “DNT” signals. However, we do honor Global Privacy Control (“GPC”) opt-out preference signals where required by applicable law, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CPRA”). When we detect a valid GPC signal from your browser, we will treat it as a request to opt out of the sale or sharing of your Personal Information for cross-context behavioral advertising.
We will only use your Personal Information as described in this Privacy Policy or as disclosed to you prior to such processing taking place. The purposes and how we may use your Personal Information include:
| Purpose | How We May Use It |
|---|---|
| To provide our Services | When you access or use our Services, we process certain Personal Information to coordinate and communicate about logistics and tracking of test orders made by your physicians. |
| To pay for our Services | We will process your Personal Information, insurance or other payor billing information in order to bill for our Services. |
| To communicate with you, respond to your inquiries and respond to your doctor’s inquiries | We will reach out to you at an email address, mailing address or phone number that you provide to us. |
| To market products to you | If you sign up for our Services, you will receive Service-related communications such as billing information, account information, test results, surveys, customer service, support, research you may be interested in participating in, policy changes or promotional related communications and initiatives. You may opt out of certain communications related to marketing; however, Service-related communications are necessary for us to provide our Services. |
| To enforce our Terms, Agreements or Policies | To maintain a safe, secure, and trusted environment for you when you use the Services, we use your Personal Information to make sure our terms, policies, and agreements with you and any third parties are enforced. We actively monitor, investigate, prevent, and mitigate any suspected or actual prohibited activities on our Services. |
| For product research and development, including quality metrics | We may process your Personal Information to improve, optimize, or expand our Services or features of our Services. We do so by processing information about your use of the Services, any information you provide to us, and by measuring, tracking, and analyzing trends and usage in connection to your use or the performance of our Services. We take additional security measures when processing your Personal Information for such purposes, such as by de-identifying (or “pseudonymizing”) your Personal Information and limiting access to such data. Once your data is de-identified or pseudonymized, you cannot be identified. |
| For scientific research and clinical trials | We may use your de-identified or pseudonymized Personal Information to conduct, whether independently, in collaboration with third parties, or sponsored by a third party, scientific research aimed at the creation of generalizable knowledge or product knowledge. Information collected through our Services as part of a research study or clinical trial may be used for any of the above-listed purposes, or any purpose permissible under applicable law. Your name and identity will not be used in describing or reporting results of research studies. |
| To comply with applicable law | We may have to use your Personal Information as set forth in our Notice of Privacy Practices such as to respond to law enforcement, in the interest of public health and safety, to enforce our Terms and protect our property and to comply with court proceedings. |
We may share or disclose your Personal Information in the following circumstances:
We may employ other companies and individuals to facilitate our Services (“Service Providers”), provide the Services on our behalf, perform Service-related services or assist us in analyzing how our Services are used. The Service Providers have access to your Personal Information only to perform these tasks on our behalf, are given only the minimum amount of information needed in order to perform their services and are obligated not to disclose or use it for any other purpose. The Service Providers are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them.
We may share your Personal Information with our subsidiaries and affiliates in order to provide you with the Services and take action based on your request.
To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information held by us about our Site users is among the assets transferred. By using our Site or Services, you agree to and do hereby consent to our assignment or transfer of rights to your Personal Information.
In certain circumstances, we may share your personal information with third parties to market their products or services to you if you have not opted out of these disclosures. We contractually require these third parties to keep personal information confidential and use it only for the purposes for which we disclose it to them.
We may disclose your Personal Information for any purpose with your consent.
We may share your Personal Information with you, your healthcare providers and doctors, and individuals who you have authorized to receive such information.
We may need to share your Personal Information to comply with the law or legal process and to exercise our legal rights to defend against legal claims. For example, we may use information to investigate, prevent or take action regarding illegal activities, suspected fraud or as otherwise required by law, such as for public safety. We do not use Personal Information for profiling or other automated decision purposes.
We DO NOT and will not sell or rent your Personal Information to any company, individual or organization. No Personal Information has been sold or rented in the preceding 12 months.
We are committed to ensuring that your Personal Information is kept accurate and up to date. However, it is up to you to update us with any changes. You may send us an email at privacy@predicine.com to request access to, or to correct any Personal Information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
If you delete your User Content from the Site, copies of your User Content may remain viewable in cached and archived pages or might have been copied or stored by other Site users. Proper access and use of information provided on the Site, including User Content, is governed by our Visitor Terms of Use.
The Services are offered and available to users in the United States who are 18 years of age or older. We do not collect or maintain Personal Information from people we actually know who are under 18 years old. If we obtain actual knowledge that a user is under 18 years old, we will use our best efforts to remove that person’s information from our database. If you are not 18 years of age or older, you must not access or use our Services.
This section applies only to California residents and their rights under the CCPA as amended by the CPRA. See Section 1 for more information on the CCPA categories of data we may collect about you.
The CCPA provides California consumers with specific rights regarding their Personal Information. This section describes your rights and how you can exercise them.
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your identity and verify your request, we will disclose to you:
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your identity and verify your request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
To exercise the access, data portability, and deletion rights described above, please submit your request to us by email: privacy@predicine.com.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your Personal Information. You may also make a request on behalf of your minor child. You may only make a request for access or data portability twice within a 12-month period.
The request must: (i) provide sufficient information that allows us to reasonably verify whether you are the person about whom we collected Personal Information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (an additional 45 days for a total of up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the date of the receipt of the request. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.
We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration and disclosure. All Personal Information you provide to us is stored on our secure servers behind firewalls. Any payment transactions will be encrypted using SSL or other encryption technology, or will use our third-party payment processors, who will use appropriate security procedures.
The safety and security of your information also depend on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Site, you are responsible for keeping this password confidential. You should not share your password with anyone. We urge you to be careful about giving out information in public areas of the Site like message boards. The information you share in public areas may be viewed by any user of the Site.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to our Site. We are not responsible for the circumvention of any privacy settings or security measures contained on the Site.
The Services may be linked to, rely on and be integrated with websites, applications, interfaces, services and platforms operated by other companies, including Third-Party Services. The Services may also feature advertisements from these companies. We are not responsible for the privacy practices of such websites, applications, interfaces, services and platforms operated by third parties that are linked to, rely on and/or integrated with the Services or for the privacy practices of third-party advertising companies. Once you leave our Site or Services via a link, access a third-party service or click on an advertisement, you should check applicable privacy policies to determine, among other things, how related companies process Personal Information they may collect about you. This Privacy Policy applies solely to information collected by Predicine.
Our Services are located in the United States. If you choose to use the Services from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your information outside of those regions to the United States for storage and processing. By providing your information, you consent to any transfer and processing in accordance with this Policy.
Predicine will treat all Personal Information received from the EU in accordance with the EU-US Data Privacy Framework (DPF) Principles and GDPR requirements. (See Notice of Privacy Practices Under GDPR located on Predicine’s Site for full details.)
EU-US DPF Notice for Personal Data Transfers to the United States. Predicine complies with the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information from European Union member countries (and Iceland, Liechtenstein, and Norway), the United Kingdom, and Switzerland transferred to the United States. Predicine has certified that it adheres to the EU-US DPF Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the EU-US DPF Principles, the EU-US DPF Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification page, please visit https://www.dataprivacyframework.gov/.
With respect to personal data received or transferred pursuant to the EU-US DPF, Predicine is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission. We have certified that we adhere to the following EU-US DPF Principles:
| Principle | Our Commitment |
|---|---|
| Notice | Predicine’s participation in the EU-US DPF applies to all Personal Information that is subject to this Privacy Policy and is received from the EU and European Economic Area (EEA), the United Kingdom, and Switzerland. Personal Information received under the EU-US DPF may include information such as name and email address, health information, contact details, and billing information. Predicine uses this information to deliver its services and to bill for payment for such services as set forth in this Privacy Policy. |
| Access | Pursuant to the EU-US DPF, EU individuals have the right to obtain our confirmation of whether we maintain Personal Information relating to you in the United States. Upon request, we will provide you with access to the Personal Information that we hold about you. You may also correct, amend, or delete the Personal Information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the EU-US DPF, should direct their query to privacy@predicine.com and we will respond within a reasonable timeframe. |
| Choice | Predicine will not use Personal Information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless Predicine has received the individual’s affirmative and explicit consent (opt-in). We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your Personal Information, please submit a written request to privacy@predicine.com. |
| Accountability for Onward Transfer | Predicine contracts with third parties who perform functions on our behalf, including data processing services. These entities may have access to Personal Information for limited, specific purposes needed to perform these functions. We require these third parties to safeguard Personal Information by contract, obligating them to provide at least the same level of protection as is required by this Privacy Policy. Predicine remains responsible and liable under the EU-US DPF Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Predicine proves that it is not responsible for the event giving rise to the damage. We may be required to disclose an individual’s Personal Information in response to a lawful request by public authorities, including meeting national security or law enforcement requirements. |
| Data Integrity and Purpose Limitation | Predicine will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. We will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete, and current and obtain the minimum amount of information necessary to fulfill its provision of healthcare services. |
| Audit and Enforcement | We conduct periodic internal and third-party compliance audits of our relevant privacy practices, procedures, and our information and data processing systems, to verify adherence to this Privacy Policy. Any employee that we determine is in violation of this Policy will be subject to retraining, disciplinary action up to and including termination of employment and potential reporting to authorities. The Predicine privacy and security program is subject to inspection by the Secretary of Health and Human Services (HHS) with respect to PHI; the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to the EU-US DPF; and the applicable Supervisory Authority in the EU with respect to GDPR. Predicine commits to cooperating in any investigations by or inquiries from these regulators. |
| Complaints | In compliance with the EU-US DPF Principles, Predicine commits to resolve complaints about our collection or use of your Personal Information. EU individuals with inquiries or complaints regarding our EU-US DPF policy should first contact Predicine at privacy@predicine.com or by mail at: Data Protection Officer, Predicine, 3555 Arden Road, Hayward, CA 94545.
Predicine has committed to refer unresolved privacy complaints under the EU-US DPF Principles to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information and to file a complaint. This service is provided free of charge to you. Predicine has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved EU-US DPF complaints concerning human resources data transferred from the EU in the context of the employment relationship. If your EU-US DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See EU-US DPF Annex I at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf. |
We process your Personal Information in order to perform our testing services and to bill for these services. You have most likely provided your consent for our testing through your doctor. Additionally, our processing is necessary based on our legitimate interest in providing our healthcare services to you. We process and store your contact information so that we may contact you or your doctor regarding the delivery of our healthcare services — for doctors’ use in treatment purposes and for patients’ test result reports. This Personal Information may come to us from you, your doctors, or your pathology lab and will be used to perform our testing services as you would expect when laboratory testing is ordered for you by your doctor.
Predicine may also use pseudonymized or anonymized data for scientific research purposes related to cancer diagnostic product improvement and development. PHI and PII are not used for this purpose; and therefore, your identity is not known during our research activities.
In some regions (like the European Economic Area and EU), you have certain rights under applicable data protection laws, which include the right (i) to request access and obtain a copy of your Personal Information, (ii) to request rectification or erasure; (iii) to restrict the processing of your Personal Information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your Personal Information.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases, our ability to uphold these rights for you may depend upon our obligations to process Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested.
If you would like to exercise any of the above rights, please contact us at privacy@predicine.com.
We reserve the right to update and revise this Privacy Policy as necessary. If we change our Privacy Policy and Notices, we will post those changes on our Site to keep you aware of what information we collect, how we use it, and under what circumstances we may disclose it. Changes to this Privacy Policy are effective when they are posted on this page.
You can contact Predicine using our Site contact page or by sending an email to one of the addresses below. We address questions and complaints about privacy and the collection or use of Personal Information in a timely manner. Please include your contact information and a detailed description of your request or privacy concern.
Predicine, Inc.
3555 Arden Road
Hayward, CA 94545
For our US Privacy Officer, please email: privacy@predicine.com
For our EU Data Protection Officer, please email: privacy@predicine.com
GDPR EU Representative
MDSS GmbH
Schiffgraben 41, Hannover, 30175, Germany
If you feel that your complaint has not been addressed, you can also contact:
In compliance with California Privacy Rights Act (CPRA) Attorney General Guidance, if you require this Privacy Policy in an alternative format accessible to consumers with disabilities — including large print, screen-reader-compatible formats, audio, or other accessible formats — please contact us at privacy@predicine.com or call (650) 300-2188. We will provide an accessible copy within a reasonable timeframe.
