Genoox Privacy Statement, Effective Date of April 17, 2019
We at GNX Data Systems, Inc., along with our related, affiliated, parent, and/or subsidiary companies (collectively “Genoox”) welcome you to utilize Genoox’s products and services (collectively the “Products and Services”) which are available to you through our website and other platforms. Our Products and Services include our analytic tools and platforms that allow you to conduct automated variant classification based on professional standards guidelines, such as those of the American College of Medical Genetics and Genomics (“ACMG”) and the Association for Molecular Pathology (“AMP”). Our Products and Services, among other things, suggest the classification of variants in accordance with standardized guidelines, but you, or the appropriate health care professional, are responsible for making the final determination of classification.
Genoox is committed to protecting the privacy of Your Information, Other Information, and Submitted Data (each as defined herein). This privacy statement (“Privacy Statement”) describes the privacy practices of Genoox for individuals using our Products and Services. Our Products and Services (our analytic tools) are intended to assist geneticists, physicians, genetic counselors, bioinformaticians, variant scientists, data and other scientists and health care professionals including laboratories (collectively “Professionals”). Our automated variant classification tools are informed by professional standards and guidelines.1 We provide a platform for Professionals to align, annotate, add Submitted Data, interpret, analyze, search, classify, and generate clear annotated reports that suggest the classification of variants in accordance with standardized guidelines. Professionals are responsible for making the final determination of classification and selecting the variants to be reported. Genoox does not, and our Products and Services do not and are not intended to diagnose, treat, cure, mitigate, or prevent any disease or condition. The diagnostic and treatment determinations are the sole responsibility of an authorized health care professional. If you are not a Professional and are accessing our Products and Services, please only do so in consultation with your treating health care provider. Genoox and any of our Products and Services only supply data, annotations and suggested classifications back to the requesting user. Users are responsible for any further dissemination of the results in accordance with applicable laws, clinical guidelines, and consents.
Our Products and Services are intended only for individuals who are: (i) at least eighteen (18) years of age and/or (ii) otherwise recognized as being able to form legally binding contracts under applicable law. If you do not meet these criteria, please do not use our Products and Services. If the Submitted Data (as defined below) you upload requires consent of the patient or the patient’s guardian, you understand you are solely responsible for obtaining that consent, and by submitting the Submitted Data you represent to us that you have done so.
If you do not want Genoox to use Your Information, Other Information, and Submitted Data you submit for the purposes described in this Privacy Statement, please do not use our Products and Services.
The headings in this Privacy Statement are for convenience only and have no legal or contractual effect. By using our Products and Services you represent that you are not a person barred from providing services under the laws of the United States or any of its states or any other country or any other applicable jurisdictions.
When registering to use our Products and Services, Genoox may require you to provide us with your personal contact and verification information, such as your: name, company name (if applicable), position or role in your company (if applicable), address, phone number, provider number (if applicable), fax number and email address (“Your Information”). If we are charging for use of our Products and Services, and you are paying by credit card, we will also collect credit card information from you (we use a secure encrypted service and connections for this process). We also collect information about you and your device and use various analytic tools to collect, track, and analyze your usage of our Products and Services (we refer to this information as “Other Information”). We collect Other Information through cookies, web beacons, and similar technologies. If you access our Products and Services through a web browser, a “cookie” is a small data file sent from a website and stored on your device to identify your device in the future and allow for an enhanced personalized user experience. A “session cookie” disappears after you close your web browser, or may expire after a fixed period of time. A “persistent cookie” remains after you close your web browser and may be accessed every time you use our website. We may use both session and persistent cookies. You should consult your web browser to modify your cookie settings. Please note that if you delete or choose not to accept cookies from us, you may not be able to use certain features of our Products and Services.
Once you have registered with one or more of our Products and Services, you may upload raw data (including clinical information, family data, genetic data or other relevant data) that you submit (“Submitted Data”). Unless you have a contract with us that specifies otherwise, you must not submit any patient identifiable information (e.g., patient name, patient address, etc.) when you upload the Submitted Data. You are responsible for removing all patient identifiable information and fully de-identifying the Submitted Data before you provide us with the Submitted Data. Removing patient identifiable information may give you more options in the type of device you use to access our Products and Services. When you provide us with Submitted Data, you represent that the Submitted Data is fully de-identified and that you are doing so in compliance with the requirements of all applicable laws and regulations applicable to your jurisdiction including, but not limited, to those pertaining to privacy and informed consent.
If you do provide us with any patient identifiable information, then we agree that the provisions in Genoox’s business associate terms would apply.
Use of Information Collected
Genoox uses Your Information, Other Information, and the Submitted Data to enable access to our Products and Services. We may use Your Information, Other Information, and the Submitted Data to operate, maintain, enhance, and provide all features of our Products and Services. We also may use Your Information to contact you, to notify you about new Products and Services, to respond to your comments or questions that you may have, or to provide you with user support.
Unless we have a separate agreement with you that states otherwise, we may use De-identified Information, aggregate information (each as defined below) and the Submitted Data as described in this Privacy Statement. We will only sell, share or rent information, including De-identified Information, aggregate information, and Submitted Data (which has been appropriately de-identified by you) to others as described in this Privacy Statement.
Sharing of Information with Third Parties
Genoox may work with business partners in making our services available to you. Our policy is to require companies with whom we do business to support the same privacy policies we do. When using these third parties for services, we will share information only as necessary for them to provide related services or assist us in providing our Products and Services. These parties are not allowed to use Your Information, Other Information, or Submitted Data except for the purpose of providing these services.
We also reserve the right to disclose Your Information or Other Information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of our Products and Services, and any facilities or equipment used to make our Products and Services available, or (v) protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others. We will notify you of any such disclosures.
Sharing of De-Identified Information[, Aggregate Information//Derived Data,] and Submitted Data: Genoox will remove identifying information from Your Information (and if applicable from Other Information) and may work with it as anonymous information (“De-identified Information”). De-identified Information is information in a form where information about one individual would be indistinguishable from information relating to other individuals. De-identified Information is not in a form that allows anyone studying the information to personally identify any user. Genoox may share this De-identified Information, and the Submitted Data you submit (which is de-identified by you before submission) for various purposes including, to assist Genoox improve its Products and Services, to perform research, to allow others to perform research, or to provide users with statistics related to particular results. Genoox may share De-identified Information and Submitted Data (which has been de-identified by you) with its business partners, research partners or customers.
Aggregate information is information that describes the habits, usage patterns and/or demographics of users as a group but does not reveal the identity of particular users. Your De-identified Information is combined with the De-identified Information from other users of our Products and Services for statistical analysis. We may use aggregate information within Genoox to improve our Products and Services and to understand the needs of Professionals using our Products and Services. Genoox may share aggregate information with its business partners, research partners or customers.
[You agree that Genoox may monitor your use of the Services and collect and compile Derived Data. “Derived Data” means any data, analyses and information that is in an aggregated and anonymized form and that is derived from your use of the Services, including statistical and performance information related to the provision, operation and use of the Services, file types and sizes, instrument diagnostics, biases, errors, frequencies and trends within and across data, general platform trends, products and services, features used, reagents used, instrument type and identifiers. By submitting data through our Products and Services you are granting Genoox, all of your right, title, and interest in Derived Data, and all intellectual property rights therein, without any attribution or compensation to Genoox. You acknowledges that Genoox may compile Derived Data based on your De-identified Date and Submitted Data, and you agree that Genoox may (i) make Derived Data publicly available in compliance with applicable law, (ii) use Derived Data to the extent and in the manner permitted under applicable law; (iii) use Derived Data to improve our Products and Services; (iv) use Derived Data to understand the needs of Professionals using our Products and Services; and (v) share Derived Data with its business partners, research partners or customers; provided that such Derived Data do not identify you. You represent and warrant to Genoox that you have (or have obtained) sufficient right, title and interest to the Derived Data (and all intellectual property rights therein) to assign such Derived Data (and all intellectual property rights therein) to Genoox for use pursuant to these terms and conditions.]
Storage of Information Collected
Your Information, Other Information, and Submitted Data may be stored or processed in locations other than the jurisdiction in which you live or work. In such cases we will work to ensure that any vendor we use in that location has the appropriate protections in place. By using our Products and Services you consent to the collection, storage, and processing of Your Information, Other Information, and Submitted Data in any country to which we may transfer Your Information, Other Information, and/or Submitted Data in the course of our business operations.
Law Enforcement and Protection of Users and the Products and Services
To the extent permitted by law, Genoox may disclose Your Information, Other Information, or Submitted Data to governmental authorities or third parties pursuant to a legal request, subpoena or other legal process. Genoox may also use or disclose Your Information or Other Information as permitted by law to apply or enforce the Terms and Conditions, in the event you have breached our Terms and Conditions, or to protect Genoox’s rights, interest, or property as well as those of our affiliates. Following such disclosure to any third party, Your Information or Other Information may be accessible by others to the extent permitted or required by applicable law.
Genoox uses robust security measures to protect Your Information, Other Information, and Submitted Data from unauthorized access, maintain data accuracy, and help ensure the appropriate use of Your Information, Other Information and Submitted Data. When you access our Products and Services using modern web browsers, Secure Socket Layer (.SSL.) technology protects Your Information, Other Information, and Submitted Data using both server authentication and data encryption. These technologies help ensure that Your Information, Other Information, and Submitted Data are safe, secure, and only available to the appropriate Professional using our Products and Services. Unfortunately, no website, server or database is completely secure. Genoox cannot guarantee that Your Information, Other Information, or Submitted Data will not be disclosed, misused or lost by accident or by the unauthorized acts of others. You are responsible for maintaining the security and confidentiality of your Genoox usernames and passwords.
For web browser use, you may set your browser to refuse these data collection methods, but we may not recognize or respond to “do not track” technologies employed by your browser. We do not track our users over time and across third party websites or online services to provide targeted advertising, and we do not specifically respond to Do Not Track (“DNT”) signals.
California Shine the Light Law
California’s “Shine the Light” law, permits individuals who are California residents to request and obtain from us a list of Your Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. If you would like to make a request for information under the Shine The Light law, please contact us by email at [email protected]. Requests may be made only once a year and are free of charge.
Your Other Rights
You have the right to review and amend any of Your Information that we are storing if you think it is out of date or incorrect. You have the right to withdraw the consent to the use of Your Information at any time and to ask that Your Information be removed from Genoox databases. To make any of these requests, please send an email to [email protected].
Except where otherwise allowed by law, we keep identifiable information, such as Your Information, only for as long as it is necessary for us to provide you with access to our Products and Services unless you consent to allow us to keep it for a longer period of time. If you no longer will need access to our Products and Services, you may contact us at [email protected] to notify us so that we can remove Your Information.
Changes to this Privacy Statement
Genoox reserves the right to change this Privacy Statement, and when updated, the effective date of the new version will be at the top of this statement.
Your Information, Other Information, and Submitted Data will remain subject to the terms of this Statement of Privacy even if we undergo an organizational transition. However, we may transfer Your Information, Other Information, and Submitted Data to a successor entity upon a merger, acquisition, consolidation, or other reorganization in which Genoox participates. You hereby consent to such transfers and Genoox may assign and transfer all of the rights, benefits, duties, and obligations of this Privacy Statement, under the circumstances described in this paragraph.
In some cases, you (or the organization you work for) may enter into a separate agreement with Genoox to gain access to our Products and Services. In the event there is a conflict between the terms of that agreement and this Privacy Statement, the terms of the agreement will supersede the conflicting term of the Privacy Statement.
Questions regarding this Privacy Statement or the information practices of our Products and Services should be directed to [email protected].
Genoox Business Associate Terms
If you provide Genoox with any access to any PHI (defined below) in connection with the Services, you and Genoox agree to the following terms to address requirements of the Health Insurance Portability and Accountability Act of 1996, as amended, and its regulations (“HIPAA Rules”).
The following terms have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information (also referred to as “PHI”), Required By Law, Secretary, Security Incident, Subcontractor, Unsecured PHI, and Use.
Genoox Obligations and Activities.
Genoox agrees to:
Permitted Uses and Disclosures by Genoox.
You will not request that Genoox use or disclose PHI in any manner that would not be permissible under Subpart E of 45 CFR Part 164 if done by you.