Last Updated: 2024-7-30
This Privacy Notice describes how GDX Lab Inc., Inc., and certain of its subsidiaries collect, use, and disclose your personal information when you visit our GDX Lab Inc..com and GeneSight.com websites, or any other of our websites, applications, products, services, social media accounts, and interactive features (which are collectively referred to here as “Services”) that link to this Privacy Notice. This Privacy Notice applies to our Services in the United States. Information about our privacy practices in the European Union and European Economic Area can be found here.
This Privacy Notice does not apply to any Services that link to a different privacy notice.This Privacy Notice also does not apply to your Protected Health Information (“PHI”) that is governed by HIPAA, regardless of where it is collected. For information about how we use and disclose your PHI, our legal duties with respect to your PHI and your rights with respect to your PHI and how to exercise them, please refer to our HIPAA Notice of Privacy Practices. In connection with HIPAA covered services, in the event of a conflict between this Notice and our HIPAA Notice of Privacy Practices, our HIPAA Notice of Privacy Practices will prevail.
Navigate to sections within this Privacy Notice using the below links:
- PERSONAL INFORMATION WE COLLECT
- OUR USE OF PERSONAL INFORMATION
- OUR DISCLOSURE OF PERSONAL INFORMATION
- CHOICE AND CONTROL OF PERSONAL INFORMATION
- CALIFORNIA PRIVACY RIGHTS
- WASHINGTON CONSUMER HEALTH DATA PRIVACY RIGHTS
- RETENTION OF PERSONAL INFORMATION
- MINORS
- SECURITY OF PERSONAL INFORMATION
- CHANGES TO THIS PRIVACY NOTICE
- HOW TO CONTACT US
PERSONAL INFORMATION WE COLLECT
The personal information we collect depends on how you interact with us, the Services you use, the choices you make, and the methods we use for information collection, which include collecting information directly from you, collecting information automatically, and collecting information from third parties.
Information you provide directly. We collect personal information you provide to us, which can include:
- Name and contact information. We collect name, username or alias, and contact details such as email address, postal address, and phone number.
- Demographic data. In some cases, such as when you register with us, submit your information, or participate in surveys, we collect age, date of birth, gender, marital status, and similar demographic details.
- Provider information. If you register with us as a health care provider, we collect your practice affiliation, company or employer organization, medical specialty, National Provider Identifier, and other professional or employment information.
- Employment-related information. If you apply for employment through our Services, we collect information such as your resume and job application information, which may include educational information such as your degrees and transcripts, that you submit when applying for a job.
- User Generated Content and files. We collect audio and video recordings, photos, documents, website search bar queries, or other files you provide to or enter in our Services.
- Content of GDX Lab Inc. communications. We collect recordings or transcripts of audio and video communications you have with us, as well as the contents of your communications with us via our Services, such as through our website, forms, applications, surveys, chat features, and other channels.
- Financial Information. We collect income, tax return, or other financial information from you if you participate in one of our financial assistance programs.
- Sensitive Personal Information. Some types of personal information, such as health, genetic or precise location information is considered “sensitive”. GDX Lab Inc. may collect the following categories of sensitive personal information:
- Provider account access information. We collect information such as a username or account number in combination with a password, security or access code, or other credential that allows access to an account.
- Sensitive demographic data. We collect information about racial or ethnic origin.
- Health data. We collect certain information concerning your health, including your mental health and wellness, pregnancy, and fertility health history.
Information we collect automatically. When you use our Services, we may collect some information automatically. For example:
- Identifiers and device information. When you visit our websites, our web servers automatically log your Internet Protocol (“IP”) address and information about your device, including device identifiers (such as MAC address); device type; and your device’s operating system, browser, and other software including type, version, language, settings, and configuration. As further described in our Cookie Notice, our Services store and retrieve cookie identifiers, mobile IDs, and other data.
- Geolocation data. Depending on your device and app settings, we collect geolocation data when you use our Services, for example to locate a health care provider or health care services. This information may include precise geolocation data, meaning data derived from a device that is used to locate you within a circle with a radius of 1,850 feet or less.
- Internet and network activity. We collect browsing history and information regarding your interaction with our Services, and digital advertisements on other websites. We also use tools on certain pages of our Services to record and analyze your interaction with our Services to help us improve your experience.
- Usage data. We automatically log your activity on our Services and connected products, including the URL of the website from which you came to our sites, pages you viewed, how long you spent on a page, access times, and other details about your use of and actions on our website.
Information we obtain from third-party sources. We also obtain the types of information described above from third parties. These third-party sources include, for example:
- Third-party partners. Third-party applications and services, including social networks you choose to connect with or interact with through our Services.
- Co-branding/marketing partners. Partners with which we offer co-branded Services or engage in joint marketing activities.
- Service providers. Third parties that collect or provide data in connection with work they do on our behalf, for example cybersecurity vendors who help secure our Services.
- Data brokers. Data brokers and aggregators from which we obtain data to supplement the data we collect.
- Publicly available sources. Public sources of information such as open government databases.
Information we create or generate. We may generate new information or make inferences from other data we collect, including about your likely preferences, demographic categories, or other characteristics. For example, we infer your general geographic location (such as city, state, and country) based on your IP address.
When you are asked to provide personal information, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain services or features, those services may not work as intended. Please see our Cookie Notice for more information.
OUR USE OF PERSONAL INFORMATION
We use the following categories of personal information for the purposes described below:
Categories of Personal Information |
Purposes of Use |
Contact information, demographic data, professional information, employment-related information, content and files, content of GDX Lab Inc. communications, identifiers and device information, geolocation data, usage data, financial information, inferences Sensitive Information: account access information, precise geolocation data, sensitive demographic data, contents of communications, health data. |
Product and service delivery. To provide and deliver our Services, including troubleshooting, improving, and personalizing those Services. |
Contact information, demographic data, professional information, employment-related information, content and files, content of business communications, identifiers and device information, geolocation data, usage data, financial information, inferences Sensitive Information: account access information, precise geolocation data, sensitive demographic data, contents of communications, health data. |
Business operations. To operate our business, such as billing, accounting, improving our internal operations, securing our systems, detecting fraudulent or illegal activity, and meeting our legal obligations. |
Contact information, demographic data, professional information, employment-related information, content and files, content of business communications, identifiers and device information, geolocation data, usage data, financial information, inferences Sensitive Information: account access information, precise geolocation data, sensitive demographic data, contents of communications, health data |
Product improvement, development, and research. To develop new services or features, and conduct research (which may include recording and analyzing your interaction with certain pages of our website to help us improve your user experience). |
Contact information, demographic data, professional information, employment-related information, content and files, content of business communications, identifiers and device information, geolocation data, usage data, financial information, inferences Sensitive Information: account access information, precise geolocation data, sensitive demographic data, contents of communications, health data |
Personalization. To understand you and your preferences to enhance your experience and enjoyment using our Services. |
Contact information, demographic data, professional information, employment-related information, content and files, content of business communications, identifiers and device information, geolocation data, usage data, financial information, inferences Sensitive Information: account access information, precise geolocation data, sensitive demographic data, contents of communications, health data |
Customer support. To provide customer support and respond to your questions (which may include our recording and storing telephone, video, email, or online chat communications). |
Contact information, demographic data, professional information, employment-related information, content and files, content of business communications, identifiers and device information, geolocation data, usage data, financial information, inferences Sensitive Information: account access information, precise geolocation data, sensitive demographic data, contents of communications, health data |
Communications. To send you information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages. |
Contact information, demographic data, professional information, employment-related information, content and files, content of business communications, identifiers and device information, geolocation data, usage data, inferences Sensitive Information: account access information, precise geolocation data, sensitive demographic data, contents of communications, health data |
Marketing. To communicate with you about new services, offers, promotions, rewards, contests, upcoming events, and other information about our services and those of our selected partners (see the Choice and Control of Personal Information section of this Privacy Notice for information about how to change your preferences for promotional communications). |
Contact information, demographic data, professional information, employment-related information, content and files, content of business communications, identifiers and device information geolocation data, usage data, inferences Sensitive Information: account access information, precise geolocation data, sensitive demographic data, contents of communications, health data |
Advertising. To display advertising to you (see our Cookie Notice for information on Your Privacy Choices including targeted advertising). |
We combine data we collect from different sources for these purposes and to give you a more seamless, consistent, and personalized experience.
OUR DISCLOSURE OF PERSONAL INFORMATION
We disclose personal information with your consent or as we determine necessary to complete your transactions or provide the services you have requested or authorized. In addition, we disclose each of the categories of personal information described above, to these types of third parties, for the following business purposes:
- Service providers. We provide personal information to vendors working on our behalf for the purposes described in this Privacy Notice when they need the information to provide the services for which for which we’ve hired them. Examples of such vendors include companies that provide customer service support; audio, video, or chat communication support; website analysis and measurement; or security for our systems functions.
- Affiliates. We enable access to personal information across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access helps us to provide our services and operate our business.
- Corporate transactions. We may disclose personal information as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
- Legal and law enforcement. We access, disclose, and preserve personal information when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
- Security, safety, and protecting rights. We disclose personal information if we believe it is necessary to:
- protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone;
- operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or
- protect the rights or property of ourselves or others, including enforcing our agreements, terms, and policies.
Please note that some of our Services also include integrations, references, or links to services provided by third parties whose privacy practices differ from ours. If you provide personal information to any of those third parties, or allow us to share personal information with them, that data is governed by their privacy notices.
Finally, we may use and disclose de-identified information in accordance with applicable law. Where we do so, we will take reasonable measures to maintain and use the information in deidentified form and not reidentify the information except as permitted by applicable law.
CHOICE AND CONTROL OF PERSONAL INFORMATION
We provide a variety of ways for you to control the personal information we hold about you, including choices about how we use that data. In some jurisdictions, these controls and choices may be enforceable as rights under applicable law.
Access, portability, correction, and deletion. If you wish to access, download, correct, or delete personal information about you that we hold, send us a request by using the contact methods described at the bottom of this Privacy Notice.
Communications preferences. You can choose whether to receive promotional communications from us by email, SMS, and telephone. If you receive promotional email or SMS messages from us and would like to stop, you can do so by following the directions in the messages you receive. These choices do not apply to certain transactional or informational communications including surveys and mandatory service communications.
Data sales or sharing. Some privacy laws define “sale” or “sharing” broadly to include some of the disclosures described in the Our Disclosure of Personal Information section above. To opt-out from such data “sales” or “sharing” please utilize the controls described in Your Privacy Choices. You can also send us a request by using the contact methods described at the bottom of this Privacy Notice, and we can walk you through the use of our Cookie Manager and Consent Tools, as described in Your Privacy Choices.
Targeted advertising. To opt-out from or otherwise control targeted advertising, you have several options. Please review our Cookie Notice or Your Privacy Choices to learn more about your targeted advertising choices.
If you send us a request to exercise your rights or these choices, to the extent permitted by applicable law, we may decline requests in certain cases. For example, we may decline requests where granting the request would be prohibited by law, could adversely affect the privacy or other rights of another person, would reveal a trade secret or other confidential information, or would interfere with a legal or business obligation that requires retention or use of the data. Further, we may decline a request where we are unable to authenticate you as the person to whom the data relates, the request is unreasonable or excessive, or where otherwise permitted by applicable law. If you receive a response from us informing you that we have declined your request, in whole or in part, you may appeal that decision by submitting your appeal to our privacy office using the contact methods described at the bottom of this Privacy Notice.
CALIFORNIA PRIVACY RIGHTS
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain additional rights with respect to that information.
Notice at Collection. At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information and sensitive personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this Privacy Notice by clicking on the above links.
Right to Know. You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, sharing, or sale of such personal information. Note that we have provided much of this information in this Privacy Notice. You may make such a “request to know” by sending us a request using the contact methods described at the bottom of this Privacy Notice.
Rights to Request Correction or Deletion. You also have a right to request that we correct inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to correct or delete, send us a request by using the contact methods described at the bottom of this Privacy Notice.
Right to Opt-Out / “Do Not Sell or Share My Personal Information”. You have a right to opt-out from future “sales” or “sharing” of personal information as those terms are defined by the CCPA.
Note that the CCPA defines “sell,” “share,” and “personal information” very broadly, and some of our data sharing described in this Privacy Notice may be considered a “sale” or “sharing” under those definitions. In particular, we let advertising and analytics providers collect identifiers (IP addresses, cookie IDs, and mobile IDs), activity data (browsing, clicks, app usage), device data, and geolocation data through our Services, but do not “sell” or “share” any other types of personal information. categories of personal information in the last year.
If you do not wish for us or our partners to “sell” or “share” personal information relating to your interactions with our Services for targeted advertising purposes, you can make your request by using the controls described in Your Privacy Choices and our Cookie Notice, which describe how to use our Cookie Manger and Consent Tools. You may also email us for assistance using the contact methods described at the bottom of this Privacy Notice. If you opt-out using these choices, we will not share or make available such personal information in ways that are considered a “sale” or “sharing” under the CCPA. However, we will continue to make available to our partners (acting as our service providers) some personal information to help us perform advertising-related functions. Further, using these choices will not opt you out of the use of previously “sold” or “shared” personal information or stop all interest-based advertising.
Right to Limit Use and Disclosure of Sensitive Personal Information. You have a right to limit our use of sensitive personal information for any purposes other than to provide the services or goods you request or as otherwise permitted by law. To do so, send us a request by using the contact methods described at the bottom of this Privacy Notice.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.
Further, to provide, correct, or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your identity.
Finally, you have a right to not be discriminated against for exercising these rights set out in the CCPA.
Additionally, under California Civil Code Section 1798.83, also known as the “Shine the Light” law, California residents with whom we have an established business relationship are entitled to request and receive, free of charge, once per calendar year, information about the Personal Information we shared, if any, with other businesses for their own direct marketing uses during the prior year. California residents may request further information about our compliance with this law by using the contact methods at the bottom of this Privacy Notice.
WASHINGTON CONSUMER HEALTH DATA PRIVACY RIGHTS
If the processing of personal information about you is considered consumer health information subject to the Washington My Health My Data Act (“MHMDA”), you have certain additional rights with respect to that information. MHMDA protects consumer health data that is not protected under HIPAA. This section of the Privacy Notice applies to personal information defined as “consumer health data” subject to MHMDA.
Consumer Health Data We Collect (categories). As described in the Personal Information We Collect section of this Privacy Notice, the data we collect depends on how you interact with us, the Services you use, and the choices you make. Because consumer health data is defined very broadly, many of the categories of data we collect are or could be considered consumer health data.
Consumer health data can include:
- information about your health-related conditions, symptoms, status, diagnoses, testing (including tests, diagnostics, or other interventions), or treatments. We may collect such information through your navigation of our website, surveys or other communication with you.
- measurements of bodily functions, vital signs, or characteristics, including photographs, which may also be considered biometric information under the MHMDA.
- information that could identify your attempt to seek health care services or information, including services that allow you to assess, measure, improve, or learn about your or another person’s health. For example, we collect your GDX Lab Inc..com search queries, which may include queries concerning genetics, wellness, medical conditions, or other health-related topics.
- other information that may be used to infer or derive data related to the above or other health information.
Sources of Consumer Health Data
As described further in the Personal Information We Collect section of this Privacy Notice, we collect Personal Information (which may include consumer health data) directly from you, from your interactions with our Services, from third parties, and from publicly available sources.
Why We Collect and Use Consumer Health Data
We collect and use consumer health data for the purposes described in the How We Use Personal Information section of the Privacy Notice. Primarily, we collect and use consumer health data as reasonably necessary to provide you with the products you have requested or authorized. This may include delivering and operating the Services and their features, personalization of certain product features, ensuring the secure and reliable operation of the Services and the systems that support them, troubleshooting and improving the Services, and other essential business operations that support the provision of the products (such as analyzing our performance, meeting our legal obligations, developing our workforce, and conducting research and development).
We may use consumer health data for other purposes for which we give you choices and/or obtain your consent as required by law – for example, for advertising or marketing purposes. See the Choice and Control of Personal Information section of this Privacy Notice and the Cookie Notice for more details on the controls and choices you may have.
Our Sharing of Consumer Health Data
We may share each of the categories of consumer health data described above for the purposes described in the Our Disclosure of Personal Information section of this Privacy Notice. In particular, we may share Personal Information, including consumer health data, with your consent or as reasonably necessary to complete any transaction or provide any Services you have requested or authorized, as described in the previous section above.
Third Parties With Which We Share Consumer Health Data
As necessary for the purposes described above, we share consumer health data with the following categories of third parties:
- Service providers. Vendors or agents (“processors”) working on our behalf may access consumer health data for the purposes described above. For example, companies we’ve hired to provide customer service support or assist in protecting and securing our systems and Services may need access to data to provide those functions.
- Parties to a corporate transaction. We may disclose consumer health data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
- Government agencies. We will disclose consumer health data to law enforcement or other government agencies when we believe doing so is necessary to comply with applicable law or respond to valid legal process.
- Other third parties. In certain circumstances, it may be necessary to provide data to other third parties, for example, to comply with the law or to protect our rights or those of our customers.
- Other users and individuals. If you use our Services to interact with other users of the Service or other recipients of communications, such as a provider, we will share data, including consumer health data, as directed by you and your interactions.
How to Exercise Your Rights
MHMDA, if applicable, provides certain rights with respect to consumer health data, including rights to access, delete, or withdraw consent relating to such data, subject to certain exceptions. You can request to exercise such rights using the various tools and mechanisms described in the Choice and Control of Personal Information section of this Privacy Notice or the contact methods at the bottom of this Privacy Notice.
If your request to exercise a right under the MHMDA is denied, you may appeal that decision by contacting our Privacy Office using the contact methods at the bottom of this Privacy Notice. You can raise a concern or lodge a complaint with the Washington Attorney General at https://www.atg.wa.gov/file-complaint
RETENTION OF PERSONAL INFORMATION
We retain personal information for as long as necessary to provide the services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations.
MINORS
Our Services are not directed at or intended for use by minors.
SECURITY OF PERSONAL INFORMATION
We take reasonable and appropriate steps to help protect personal information collected in connection with our Services from unauthorized access, use, disclosure, alteration, and destruction. Please be aware that despite our efforts, no security system is foolproof; we cannot guarantee the security of information.
To help us protect personal information, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.
CHANGES TO THIS PRIVACY NOTICE
We will update this Privacy Notice on an ongoing basis for a variety of purposes, including when necessary to reflect changes in our Services, how we use personal information, or the applicable law. When we post changes to the Privacy Notice, we will revise the “Last Updated” date at the top of the Notice. If we make material changes to the notice, we will provide notice or obtain consent regarding such changes as may be required by law.
HOW TO CONTACT US
If you have a privacy concern, complaint, or a question for the GDX Lab Inc. Privacy Office, please contact us at info@GDX Lab Inc..com