Information HealthLytix Collects
The specific categories of information we collect include:
- Personally Identifiable Information (“PII”). When your healthcare provider connects your Test to their organization’s account, we collect what is generally called “Personally Identifiable Information” or “PII”, which is information that specifically identifies you as an individual. Examples of PII we collect may include your name, date of birth, and other information that, when linked to information that identifies a specific individual, is considered PII.
- Healthcare provider information.
Healthcare providers using the Service may provide us with information related to their medical practices, including NPI numbers, fax numbers, and the name, job title, and contact information of other providers involved in an individual's care.
- Biological sample.
To use the Service, we require a saliva sample. Please carefully review our Terms of Service for a description of how we handle your sample.
- Cookies and online tracking information.
Please refer to the section below entitled “Cookies and third-party services” for more information.
How We Use This Information
In general, we use the information that we collect to provide the Services you request and to help improve our services and client experiences. Specifically, we may use the information as follows:
- To provide the Service.
For example, to set up an organization’s HealthLytix account, send sample collection kits, collect payment for the Service you requested, and analyze your sample to produce the Results. As part of the Service, we may also periodically review your information to determine if any updates or changes to your Results (including, without limitation, reclassification of Variants of Uncertain Significance) are required.
- To communicate with you.
We may use your contact information to communicate with you about the Service, for example, to notify you when your healthcare provider has ordered a Test for you, remind you about returning your kit, respond to your inquiries, follow up if there is an issue with your information or sample, and provide information about or request feedback on your Results. We may also contact you to request optional customer feedback, which could be used to improve our services and in publications. We’ll only associate your feedback with your name with your consent. To learn how you may opt-out of marketing surveys, please read “Your Choices” below. If you’re a resident of the European Union (“EU”), we will only send you marketing surveys if you’ve opted-into receive such messages from HealthLytix. If you’re an EU resident and you didn’t opt-in but you’re receiving such messages anyway, please contact us at firstname.lastname@example.org so we can promptly correct your preferences in our systems.
- To help us improve the Service and develop new tests and services.
For example, your information and sample may be used for regulatory compliance, and de-identified for internal quality control, validation studies, and internal research and development purposes.
- For marketing purposes.
For example, we may send you monthly health newsletters, occasional product updates, and special offers and opportunities that we think might interest you. To learn about how you may opt-out of marketing emails, please read “Your Choices” below. If you’re a resident of the EU, we will only send you marketing emails if you’ve opted-in. If you’re an EU resident and you didn’t opt-in, but you’re receiving marketing communications anyway, please contact us at email@example.com so we can promptly correct your preferences in our systems.
- To comply with applicable law and our own obligations.
We may also process the information we collect about you or from you for the following purposes: (i) to enforce our Terms of Service or other legal rights, including intellectual property rights; (ii) as may be required by applicable laws and regulations or requested by any judicial process or governmental agency; and (iii) to comply with industry standards or our policies.
Cookies and Third-Party Digital Services
When you use online services in connection with HealthLytix’s Service and/or Site, the following information may be collected, stored, and used:
To improve and customize your experience when you use the Site, we may send one or more cookies — small text files containing a string of alphanumeric characters — to your device. We may use both session cookies that disappear after you close your browser and persistent cookies that remain after you close your browser and may be used automatically by the browser on subsequent visits to the Site. Please review your browser “Help” file to learn how to adjust your cookie settings. Note that some Site services may not function properly if you disable cookies.
- DNT requests.
Some browsers incorporate a “Do Not Track” (DNT) or similar feature that signals to digital services that a visitor doesn’t want to have their online activity tracked. Because there is not yet an accepted standard for how to respond to DNT signals, we and our service providers (like many digital service operators) do not respond to DNT signals.
- Device, usage, and other automatically collected information.
When you use our Site, we may automatically record certain information from your device by using various types of technology, including “clear gifs” or “web beacons.” This automatically collected information will help us customize and improve your experience with the Site and includes your IP address or other device address or ID, browser and/or device type, the webpages or sites that you visit just before or just after you use the Site, the pages or other content you view or otherwise interact with on the Site, and the dates and times that you visit, access, or use the Site. We also may use these technologies to improve our services by collecting information regarding your interaction with HealthLytix email messages, such as whether you opened or clicked on a message. We use automatically collected information to: (i) personalize our services, such as remembering your information so that you won’t have to re-enter it during your visit or the next time you visit the Site; (ii) provide customized content and information; and (iii) monitor and analyze the effectiveness of the Site and marketing activities.
- Analytics services.
HealthLytix uses services like Google Analytics in order to improve our services, better understand our clients, and improve our communications. Learn more about Google Analytics’ privacy choices.
- Advertising partners.
We may work with third-party advertising partners to show ads for the Service after you visit our Site. These third-party partners collect information from you when you visit our website and other websites. If you don’t want to receive our personalized ads, please visit the opt-out pages of the Network Advertising Initiative (https://www.networkadvertising.org) or the Digital Advertising Alliance (http://www.aboutads.info) to learn about how you can opt-out of receiving personalized ads from member companies. For more information, you can also visit: https://www.consumer.ftc.gov/topics/privacy-identity.
How Information is Shared
This section describes the circumstances under which we may share your information with third parties.
- To provide the Service.
- We may disclose your Protected Health Information (“PHI”) to your HealthLytix-registered healthcare provider and our contracted laboratory.
- We may disclose your PII to bill and collect payment from you or other responsible third-parties. We may also engage third-parties to assist us with these billing and collection efforts.
- We work with third-party service providers to provide website, application development, analytics, variant analysis, payment processing, hosting, maintenance, support ticketing, the transmission of test results, distribution and collection of Test Kits, and other services for us. We limit the personal, health, and non-personal information we share with these service providers to that which is minimally necessary for them to perform their services for us, and we require them to agree to maintain the confidentiality and security of such information.
- For HealthLytix's purposes.
- We may share aggregated, de-identified information (for example, aggregated trends about the general use of our Service) publicly and with our partners (this information will not include PHI).
- We may author publications using de-identified information, either on our own or in collaboration with academic or commercial third parties.
- Information about our users, including personal information, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
- As described above, we work with third-party advertising and analytics partners that collect information from you when you visit our Site. For more information, please see the “Cookies and third-party services” section above.
- For security or legal purposes, we may also disclose your information under the following circumstances:
- If we believe in good faith that doing so is appropriate or necessary in order to address fraud, security, or technical issues, or protect against harm to us or others to the extent required or permitted by law.
- To comply with applicable federal and state laws, rules, and regulations, as well as law enforcement requests and legal process, such as a court order or subpoena.
How We Protect Your Information
We use physical, managerial, and technical safeguards that are designed to improve the integrity and security of your information. All information on our servers is encrypted when it is at rest or in transit. All personal information (genetic or otherwise) is encrypted with AES-256 when it’s stored on our servers and is always transmitted over SSL. Internally, strict guidelines and access controls protect your PII and PHI.
We cannot, however, ensure or warrant the security of any information you transmit to us or store in connection with the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or managerial safeguards. You agree that HealthLytix is not liable for the unauthorized release of your PII or PHI, unless such release was the result of gross negligence or willful misconduct on the part of HealthLytix.
HealthLytix complies with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended to maintain the privacy and security of your PHI. If a breach occurs that may have compromised the privacy or security of your PHI, we will let you know promptly. We will follow the duties and privacy practices described in this Policy and Terms of Service.
If you receive marketing emails from us, you can unsubscribe from that particular type of marketing email by following the instructions contained within the email. Because we offer different types of marketing emails, if you click “unsubscribe” from one type of email, due to system limitations, you will only be opted-out of that type of commercial email; you will not automatically be unsubscribed from other email communication types. You can opt-out of receiving all types of marketing emails from us by modifying your account settings or sending your request to us by email at firstname.lastname@example.org. Please be aware that if you opt-out of receiving marketing emails from us or otherwise modify the nature or frequency of marketing communications you receive from us, it may take up to ten (10) business days for us to process your request, during which time you might receive marketing communications from us that you have already opted-out from. Finally, while you can opt-out of receiving marketing emails from us, you will continue to receive administrative communications from us regarding the Service.
You may, of course, decline to share certain information with us, in which case we might not be able to provide you with some or all of the features and functionality of the Service and our Site. If you want to access or amend the information we hold about you, you may do so through your account settings or contact us at email@example.com. At any time, you may also request that we deactivate your account by contacting us at firstname.lastname@example.org. If you choose to deactivate your account, you will be unsubscribed from all marketing emails and we will not provide you with any of the Services going forward (including, without limitation, any updates or changes to your Results). Please note that any changes you make will be reflected in active user databases within a reasonable period of time. Although we can remove personal information from our active databases, some or all personal information from deactivated accounts will remain in our inactive database for compliance with legal, regulatory, and other requirements. Please also note that information that has already been de-identified, anonymized, aggregated, and/or shared with third parties as set forth in this Policy prior to a removal request may not be retrievable or traced back for destruction, deletion, or amendment.
Other Important Information
Please do not use or access any part of the Site or the Service if you are under eighteen (18) years of age.
The Service and Site are hosted in the United States (US). If you choose to use the Service and/or Site from other regions of the world, then by your use of the Service and/or Site you acknowledge and agree that: (i) you are transferring your personal information outside of those regions to the US for genetic analysis, storage, and processing as required for us to perform our contractual obligations to you; and (ii) the laws and regulations of the US shall govern your use of the Service and provision of your information, and may differ from those of your country of residence. Also, we may transfer your data from the US to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service as required for us to perform our contractual obligations to you. By providing any information, including personal information, on or to the Service and/or the Site, you consent to such use, transfer, storage, and processing. While there is no statutory or contractual requirement for you to provide this information, some information is necessary for us to be able to provide the requested services. Failure to provide such information will make it impossible for you to use the Service. We will retain your personal information only for as long as is necessary to carry out the function for which the information is being used and to comply with applicable laws and regulations. You further agree that by providing your sample, you are not violating any export ban or other legal restriction in the country of your residence. Clients who live outside of the US in certain jurisdictions may have the option of requesting that their personal information be accessed, updated, and/or removed at any time from our active databases, subject to the applicable laws and regulations of such jurisdictions. Such clients may also have the right to object to our processing of their personal information and/or request that we provide their personal information to another third party. We may require that such requests be provided in writing, subject to applicable laws and regulations with respect to the transfer of medical information. If you would like to access, update, object to processing, request provision to a third party, and/or request removal from our active database of your personal information, please contact us at email@example.com. Any such requests will be honored within one (1) month. If you believe HealthLytix’s processing of your personal information is inappropriate, you have the right to lodge a complaint with a supervisory authority. With respect to requests to remove or halt the processing of personal information, such requests received prior to initiation of the Service will result in a cancellation of the Service, and no Results will be provided to you or your healthcare provider. Please also refer to the section above entitled “Your Choices” to understand how requests to remove personal information are handled. If you’re a resident of the EU, we will only send you marketing communications if you’ve opted-in. If you are an EU resident and you didn’t opt-in but you’re receiving marketing communications anyway, please contact us at firstname.lastname@example.org so we can promptly correct your preferences in our systems.
Changes and updates to this policy
Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time without notice to you. If we modify the Policy, we’ll make it available through the Site and indicate the date of the latest revision. Your continued use of the Site and/or Service after the revised Policy becomes effective indicates that you have read, understood, and agreed to the current version of the Policy.
Our contact information
> Please contact us with any questions or comments about this Policy, your personal information, or our use and disclosure practices at email@example.com.
Version date: January 25, 2019