Terms of Agreement
Last Updated: March 8, 2022 Personalis, Inc. (“Personalis”, “We”, or “Us”) respects the privacy of visitors to our website and is committed to protecting it through our compliance with this policy. Personalis is located in the United States and personal data provided to us will be used and maintained by us in the United States. For United States residents, we provide this policy in accordance with the California Consumer Privacy Act of 2018 (“CCPA”), the California Consumer Rights and Protection Act (“CPRA”) (collectively, “California Law”) and other applicable state privacy laws (collectively, State Privacy Laws (“SPL”)). Where necessary, this policy specifies state-specific information. Otherwise, this policy adopts the most stringent requirements of SPL and affords them to all U.S. residents.
For individuals within China, the section on “Chinese Users” provides information regarding our appropriate mechanisms for personal data transfer from China related to the Personal Information Protection Law (“PIPL”).
For European Union (“EU”) and United Kingdom (“UK”) residents, the section on “European Users” provides information regarding our appropriate mechanisms for personal data transfer from the EU and information related to the UK Data Protection Act of 2018 (“DPA 2018”) and the General Data Protection Regulation of 2018 (“GDPR”), EU 2016/679.
Data Collection and Use
We may collect, store, and use several types of information from and about users of our Website, including both (1) personally identifiable information and (2) non-personal information. This information may include information voluntarily submitted by you or information collected from activity with our Website. For more detailed information on personal information from children, please refer to the “Children’s Policy” section below.
The categories of information that we may collect are:
- Information by which you may be personally identified, such as your name, postal address, email address, telephone number, IP address, or any other identifier by which you may be contacted online or offline.
- Information that is about you but does not identify you, such as information about your internet connection, the equipment you use to access our Website, and other usage details. We collect this information directly from you when you provide it to us and/or automatically as you navigate through our Website.
- For individuals seeking employment with Personalis, information related to your professional or employment-related history, education, work history, gender, race and ethnicity information, veterans status, and disability status.
We will only use your personal information for the purposes for which it was collected. We will only collect as much personal data as is reasonably necessary in relation to the specified purposes for which it was collected. We may use information that we collect about you or that you provide to us, including any personal information, for the following purposes: to present our Website and its contents to you; to provide you with information, products, or services that you request from us or that we believe may be of interest to you; to contact you; and to fulfill any other purpose for which you provide it. We may also use and process your personal information for marketing purposes (e.g., to offer or furnish additional information to you about Personalis, its products and/or services), to personalize the types of information you receive from Personalis, to store your interests and preferences in order to customize your use of our Website, to communicate with you, to verify compliance with the terms and conditions of our Website, to authenticate customers and users, to evaluate how the Website is being used and the audience the Website is reaching, to compile, identify, and analyze trends and interests to help us improve the Website and/or the products and services that we offer, and to develop and improve the content and operation of our Website or our products and/or services to better serve the needs of our customers and users.
We may also use your personal information to provide you with customer support and to maintain and improve our Website. We may combine your information with other information about you that is available to us, including information from other sources, in order to maintain accurate records of individuals who engage our services and to assist with the marketing of Personalis products and services. Additionally, your personal information may be aggregated with information from other users of our Website such that the information no longer personally identifies you. We will take reasonable measures to ensure this de-identified data cannot be associated with you. We will not attempt to re-identify individuals from the aggregated information. Any recipient of de-identified data from Personalis is contractually obligated to also refrain from attempting to re-identify individuals from aggregated data as well as to take steps to ensure the aggregated information cannot be associated with any one individual.
We may use and process the aggregated information for the general purpose of evaluating our market and/or business trends, our customer and user demographics, interests and behavior, our past and future product and/or service offerings and/or pricing, or other aspects of our business. We may share such aggregated information with our business partners, vendors, distributors, or other collaborators for these same purposes. We may also sell or license such aggregate information to one or more third parties for use and processing in a similar manner.
While Personalis makes every reasonable effort to protect information collected through this website based on the volume, scope, and nature of the personal data processed, please be aware that there is always some risk involved when submitting data over the Internet. We cannot guarantee that our website is 100% safe from illegal tampering or “hacking.” Any data transmitted over the Internet may be at risk; however, once it is received at Personalis and entered into its database, it has the same protection that Personalis extends to its own confidential information. We track the total number of visitors to our website, the number of visitors to each page of the website, and the domain names of our visitors’ Internet service providers. No personally identifiable information is gathered in this process.
Personalis’s general retention policy is to retain your personal information for only as long as is necessary for the business purposes for which your personal information was collected. The length of time that Personalis retains any personal information including, but not limited to, first-party cookies, and your name, address, email and genetic information varies depending on the legal basis for processing that personal information, applicable regulations, and Personalis’s need to establish, exercise, or defend legal claims.
The following table outlines the criteria applied to retention decisions for each category of personal information. The retention period for each category will only be as long as is reasonably necessary to achieve the business purpose(s) for which it was collected and to comply with applicable regulations.
|Identifiers||Identifiers may be collected to perform services on behalf of the business, to provide advertising and marketing services, to ensure security and integrity, and to undertake activities to verify or maintain the quality or safety of a service or device and to improve, upgrade, or enhance a service or device.|
|Biometric Information, including genetic data||Biometric information may be collected to perform services on behalf of the business, to undertake internal research for technological development, and to undertake activities to verify or maintain the quality or safety of a service or device and to improve, upgrade, or enhance a service or device.|
|Internet Activity Information||Internet activity information may be collected for auditing related to online advertising, debugging to identify and repair errors, performing services on behalf of the business, and providing advertising and marketing services.|
|Employment-related information||Employment-related information may be collected to ensure security and integrity and to perform services on behalf of the business.|
Personalis follows contractual rights and responsibilities with respect to processing and retaining personal information. Please note that, if Personalis processes your personal information on the legal basis of your consent and you withdraw your consent, your personal information will not be retained unless another legal basis for retaining your data has been established and communicated to you. In some circumstances Personalis may anonymize personal information so that it may no longer be associated with an individual, and in such cases we may use that anonymized information without further notice to you and outside of this Policy.
Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, for an extended period of time. Reasons we might retain some data for longer periods of time include:
- Security, fraud & abuse prevention
- Financial record-keeping
- Complying with legal or regulatory requirements
- Ensuring the continuity of our services
- Direct communications with Personalis
Your Rights and Choices for Your Information
We provide the above disclosures and mechanisms described in this policy so you can exercise your rights to receive information about our data practices, as well as to request access to and deletion of your personal information. We provide two mechanisms that allow you to submit requests to access, review, update, and/or delete your information. You can submit such requests by (1) calling our toll-free number at 1-855-436-6634 or (2) emailing us at [email protected]. These are the same mechanisms that you may use to appeal any refusal of the data subject rights described in SPL. We will provide a written description of the actions and reasons taken in response to an appeal within 60 days. Appeals will be addressed within 60 days. You may contact the Colorado Attorney General’s Office by visiting this website (https://coag.gov/) if appealing in relation to a CPA-based request or the Virginia Attorney General’s office by visiting this website (https://www.oag.state.va.us/) if appealing in relation to a CDPA-based request with concerns about the outcome of any appeal.
Personalis does not sell your identifiable personal information. We only share your information as described in this policy. Personalis also processes your information for the purposes described in this policy which include disclosures permitted for ‘business purposes’ or ‘internal operations’ by SPL. These purposes include:
- Protecting against security threats, abuse, and illegal activity. Personalis uses and may disclose information to detect, prevent, and respond to security incidents, and to protect against other malicious, deceptive, fraudulent, or illegal activity.
- Developing new products and features that are useful to our customers.
- Marketing to inform users about our products and services.
- Performing research that improves our products and services for our customers.
- Fulfilling obligations to our customers.
- Enforcing legal claims, including investigation of potential violations of applicable Terms of Agreement.
Links to Third Party Websites
We are committed to protecting the privacy of children. Our Website is not intended for or designed to attract children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe that we may have any information from or about a child under 13, please contact us at [email protected]. Parents of a child under 13 may initiate the process of verifying their consent for their child to use the site by contacting us at [email protected]
If you access the Website from within China, then this section may apply to you and you may contact us at [email protected] in order to exercise your rights to access, correct, know, delete, data portability, restrict processing, withdraw consent, and lodge a complaint with regulators.
Personalis is located and operates in the United States, as such your information may be transferred to entities located outside China, including entities located in the United States, for processing consistent with those listed above. Personalis will treat all personal information received from you in accordance with PIPL requirements.
Personalis has conducted a risk assessment on the cross-border transfer of information from China. The transfer is necessary for Personalis’s business purposes. The use of this Website by an individual from within China constitutes informed, voluntary, and explicit consent for the handling and transfer of personal information. To revoke that consent, users within China must contact us at [email protected]
If you are an EU citizen or are accessing the Website from within the European Economic Area, then this section may apply to you and you may contact us at [email protected] in order to exercise your rights to request access to, update, remove, and restrict the processing of your information.
Personalis is located and operates in the United States, as such your information may be transferred to entities located outside the European Economic Area, including entities located in the United States, for processing consistent with those listed above. Personalis will treat all personal information received from you in accordance with GDPR requirements.