HR Privacy Policy – China

 PIPL Privacy Policy

Last updated: October 29, 2021

This Privacy Policy (the “Policy”) applies to the handling of Personal Information, subject to the Personal Information Protection Law of the People’s Republic of China (“China”, excluding the Hong Kong SAR, the Macao SAR and the Taiwan region for the purpose of this Policy), by Personalis, Inc. and its subsidiaries and affiliates (“Company,” “we,” “our,” or “us”) through its website, products, and services (the “Services”). It describes how we collect, use, and disclose such Personal Information, your rights and choices with respect to your Personal Information, and how you can contact us if you have any questions or concerns.

1.     Personal Information We Collect

In this Policy, “Personal Information” means any information relating to an identified or identifiable individual. We may collect Personal Information about you from various sources described below.

Information Provided by You

  • Communications. When you contact us via a contact form, email, or other means, you provide us with Personal Information, such as your name and contact details, and the content, date, and time of our communications.
  • Careers. If you apply for a job with us, you may provide us with your resume, name, contact details, and any other relevant information. If you become an employee, we may collect additional information, such as your emergency contacts, beneficiary selections, and other relevant information for employment, payroll, and benefit purposes, and we may collect certain sensitive Personal Information such as biometric data for identity verification or financial information.
  • Support Information. When you request technical support services, we will handle your Personal Information such as your name and the contact details you use to contact us, as well as information about the reasons for your support request, and any additional information you may provide in that context.
  • Information Collected from Health Care Providers. If you are a health care provider engaging with us in connection with our research, we may collect your name, contact details, and other information in order to support that engagement.

Where applicable, we may indicate whether and why you must provide us with your Personal Information as well as the consequences of failing to do so. For example, it may be necessary for you to disclose certain Personal Information in order for us to provide the Services to you.

Our Services are not intended for use by children under the age of 14.

Information We Collect by Automated Means

  • Social media. We may collect Personal Information via social media tools, widgets, or plug-ins to connect you to your social media accounts. These features may allow you to sign in through your social media account, share a link, or post directly to your social media account. When you visit a website that contains such tools or plugins, the social media or other service provider may learn of your visit. Your interactions with these tools are governed by the privacy policies of the corresponding social media platforms.
  • Cookies. We may collect Personal Information via cookies and similar technologies (see section 3 of this Policy for more information).

2.     How We Use Personal Information

We use the Personal Information we collect for the following purposes:

  • Providing Services, including to operate, maintain, support, and provide our Services.
  • Communicating with You, including to contact you for administrative purposes (e.g., to provide services and information that you request or to respond to comments and questions) or to send you marketing communications, including updates on promotions and events, relating to products and services offered by us.
  • Personalization, including to customize our Services to you and provide you with the most relevant marketing and advertising materials.
  • Customer and Vendor Relationship Management, including to track emails, phone calls, and other actions you have taken as our customer or vendor.
  • Aggregation and Anonymization. We may aggregate or anonymize Personal Information and use the resulting information for statistical analysis or other purposes.
  • Administrative and Legal, such as to address administrative issues or to defend our legal rights and to comply with our legal obligations and internal policies as permitted by PRC law.
  • Sensitive Personal Information. We use the sensitive Personal Information collected in order to provide employment benefits, report required information to government regulators, and conduct research and clinical trials, in each case, solely subject to your informed consent.

3.     Legal Bases for the Handling of Personal Information

We rely on various legal bases to handle your Personal Information, including:

  • Consent. You may have consented to the use of your Personal Information, for example to send you electronic marketing communications or for the use of certain cookies. We will obtain your consent for the handling of sensitive Personal Information. You may withdraw your consent at any time by contacting us as described in Section 10 of this Policy.
  • Contract. We need your Personal Information to provide you with our Services and to respond to your inquiries.
  • Legal. We may have a legal obligation to handle your Personal Information when necessary to fulfill statutory duties and responsibilities or statutory obligations, for example to comply with tax and accounting obligations.
  • Public Interest. We may also handle your Personal Information when necessary to respond to sudden public health incidents or protect individuals’ lives and health, or the security of their property, under emergency conditions.

4.     How We Disclose Personal Information

We may disclose Personal Information about you in the following circumstances:

  • Group Entities. We may disclose Personal Information about you to our affiliates and subsidiaries.
  • Service Providers. We work with third parties to provide services such as hosting, maintenance, and support. These third parties may have access to or handle your Personal Information as part of providing those services to us, but they are prohibited from using your Personal Information for their own purposes.
  • Legal. We may disclose your Personal Information when it is necessary to fulfill our duties and obligations under applicable law.
  • Public Posts. Any information that you voluntarily choose to post to a publicly accessible area of our Services will be available to anyone who has access to that content.
  • Anonymized Information. Personal Information that has been anonymized can no longer be linked to an individual. We may use and disclose anonymized information for any purpose, unless we are prohibited from doing so under applicable law.
  • Merger. Information about our users, including Personal Information, may be disclosed and otherwise transferred to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets. In such a scenario, we will notify you of the name of the personal information recipient and how to contact such recipient. The recipient will continue to fulfill the duties of Personalis outlined in this Policy. If any changes are made to how they use your Personal Information, the recipient will notify you of such changes as provided by applicable laws.

5.     Your Rights and Choices

As provided under applicable law and subject to any limitations in such law, you have the following rights:

  • Access and Portability. You may ask us to provide you with a copy of the Personal Information we maintain about you and request certain information about its handling. In certain situations, you may ask us to transfer your Personal Information to another organization directly.
  • Correction. If you believe your Personal Information that we handle is inaccurate or incomplete, you may ask us to correct or complete it.
  • Deletion. In certain situations, you may ask to have your Personal Information anonymized or deleted, as appropriate.
  • Consent Withdrawal. You may withdraw any consent you previously provided to us regarding the handling of your Personal Information at any time and free of charge. We will apply your preferences going forward. This will not affect the lawfulness of the handling before you withdrew your consent.

You may exercise these rights by contacting us using the contact details at the end of this Policy. Note that applicable laws contain certain exceptions and limitations to each of these rights. If we do not grant your rights request, we will explain the reason for doing so. We will also need to verify your identity before you exercise these rights to ensure that your Personal Information is not inappropriately disclosed.

6.     International Data Transfers

We may transfer your Personal Information outside of China when necessary for business or other valid purposes. Personal Information may be transferred to the United States and the United Kingdom. If we do so, we will comply with applicable data protection laws regarding the protection of Personal Information.

7.     Data Security and Data Retention

We use physical, managerial, and technical safeguards that are designed to improve the integrity and security of Personal Information that we collect, maintain, and otherwise handle.

We delete or anonymize your Personal Information when it is no longer necessary for the purposes for which we handle it, unless we are required by law to keep it for a longer period. When determining the retention period, we select the shortest retention period necessary to achieve the purpose of the handling and take into account various criteria, such as the type of products or services provided to you, the nature and length of our relationship with you, mandatory retention periods, and applicable statutes of limitations.

8.     Third-Party Services

Our Services may contain features or links to websites and services provided by third parties. Any information you provide via these websites or services is provided directly to these third-party operators and is subject to their privacy policies, even if accessed through our Services. We encourage you to learn about these third parties’ policies before providing them with your Personal Information.

9.     Changes and Updates to this Policy

We may update this Policy from time to time to reflect changes in our privacy practices. We will follow applicable laws and regulations regarding notification of such changes.

10.  Our Contact Information

Personalis is the entity responsible for the handling of your Personal Information. If you have any questions or comments about this Policy, our privacy practices, or if you would like to exercise your rights with respect to your Personal Information, please contact us by email at [email protected] or by mail at:

Personalis, Inc.

1330 O’Brien Drive, Menlo Park, CA 94025 USA