Last Updated: July 20, 2023
If you are located in the European Economic Area, the United Kingdom, or Switzerland, please see our EEA/UK/Switzerland Privacy Notice.
If you are a California resident, please see our California Privacy Notice. Please note that rights afforded under the California Consumer Privacy Act of 2018 do not apply to PHI and are instead protected by HIPAA, as discussed above.
We may revise this Policy from time to time. All updates will be posted on this web page. If we make any material changes in the way your personal information is handled, we will notify you by email (sent to the email address specified in your account) or by means of a notice on our Website prior to the change becoming effective.
TYPES OF PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
Depending on which of our Services are being used, or which individual (provider or patient) is involved, Inform Diagnostics processes and stores different combinations of personal information as set forth in this Policy.
2.1 PATIENTS’ PERSONAL INFORMATION
We may collect, process, generate, and share individually identifiable personal information of patients, including the following categories either directly or through third parties (for example health care providers):
- Personal details (including first and middle name, last name, birth date and/or age)
- Family relationships (if applicable)
- Address and other contact information
- Disease, diagnosis, or other similar health information
- Symptoms and other medical information
- Information on patient’s insurance (where provided)
- Payment information for services (where provided)
- Identifiable genetic information
- Genetic, COVID-19, or other test results and findings
Certain individually identifiable personal information of patients is protected by HIPAA in the United States, and we have described how we may use this information in our HIPAA Notice of Privacy Practices. How we use health information protected by GDPR is described in our EEA/UK/Switzerland Privacy Notice.
Inform Diagnostics engages in research and development, which helps us improve our Services and build new Services and customized features or Services. For the genetic tests that we perform, you may elect to consent to research at the time the test is requested. If you consent to research, your personal information and remaining sample may be stored and processed for up to 20 years for the further purposes specified in the applicable Informed Consent Form and/or Test Requisition Form; and it may be retained in an anonymized form to support further research, development, and improvement of diagnostic methods and potential therapeutic developments.
2.2 PERSONAL INFORMATION COLLECTED FROM PROVIDERS
In order to provide the Services requested (including testing, billing, etc.), we will collect and process the following personal information from providers:
- Personal details (including name, address)
- Phone and fax number
- Business address and department
- Email address
- Payment information (where provided)
This collection and processing is done for the purpose of performing a contract between Inform Diagnostics and the provider and providing the Services. For example, provider personal information will be processed to inform the provider of the patient’s test results, respond to other requests from the provider, and for invoicing. Inform Diagnostics stores provider personal information for as long as we need it to provide you our Services, to serve the purpose(s) for which your personal information was processed, or as necessary to comply with our legal obligations, resolve disputes, or enforce our agreements to the extent permitted by law.
We may also use provider personal information to share marketing information about our Services; and to do so, we may process your contact information or information about your interaction with our Services so that we can send you marketing communications; provide you with information about events, webinars, or other materials; deliver targeted marketing to you; and keep you updated about our Services. You can opt-out of our marketing activities at any time by using the “unsubscribe” link in our email communications or by contacting privacy@InformDx.com.
2.3 INFORMATION COLLECTED FROM VISITORS TO OUR WEBSITE
Generally, individuals are able to visit the informdx.com site without disclosing personal information, except as may be necessary to provide a product or service at their request or for advertising purposes. In some cases, we may recognize personal data like the IP address as well as non-personal data like the name of the visitor’s Internet service provider, the website from which the visitor came to our Website, the pages that the visitor views on the Website, and what the visitor clicks on any given page. This data could possibly identify an individual, but Inform Diagnostics does not use it to do so.
PERSONAL INFORMATION YOU SUBMIT: Inform Diagnostics collects personal information that you provide to us on the Website, such as when you enter information into data fields and web forms on the Website, create a user account on the Website, provide to us in-person at conferences and other events, or otherwise interact with us at such conferences and events. For example, you may submit your name, phone number, postal address, e-mail address, and/or other information in order to receive information about Inform Diagnostics or its products and services, register for Inform Diagnostics programs, contact Inform Diagnostics, or respond to Inform Diagnostics surveys. Additionally, if you are a clinician working with us, we collect certain additional information such as your NPI number and other information to establish accounts with us. In instances where social media services may be used, we do not have any influence on the storage and processing of providing personal information via the respective social media service. You are encouraged to review those privacy policies before sending Inform Diagnostics personal information via a social media service.
PASSIVE COLLECTION OF NON-PERSONAL INFORMATION: Inform Diagnostics sites may collect information about your visits and use of the Website without you actively submitting such information. This information does not identity you. Non-personal information may be collected by Inform Diagnostics and our site using various technologies, such as cookies, Internet tags, and web beacons. Your Internet browser automatically transmits to Inform Diagnostics and our site some of this non-personal information, such as the URL of the website you just visited and the browser version your computer is operating. Passive information collection technologies may make your use of the Website easier by allowing Inform Diagnostics and our site to provide better service, customize sites based on consumer preferences, learn which advertisements and features bring users to our site, compile statistics, analyze trends, and otherwise administer and improve our site. We may collect, use, store, and transfer non-personal information without restriction.
“DO NOT TRACK”: Some browsers have a “do not track” or “global privacy control” or “GPC” features that allow you to tell websites that you do not want to have your online activities tracked. For California residents, you may exercise your GPC rights by utilizing the available features on our Website.
APPLICANT INFORMATION: If you apply to a position with us through the Website, we collect personal information you provide in connection with your application such as your resume, cover letters and demographics. We may use third party platforms to assist us with processing your application. If you are a California resident, please see our California Privacy Notice and our California Notice to Job Applicants.
AGGREGATE INFORMATION: Aggregate information is information that does not identify you. Aggregate information may be collected when you visit the Website, independent of any information you voluntarily enter. Additionally, we may use one or more processes to de-identify information that contains personal information, such that only aggregate information remains. We may collect, use, store, and transfer aggregate information without restriction.
2.4 HOW WE USE PERSONAL INFORMATION THAT WE COLLECT ONLINE
We generally only use personal information for the purposes for which we have collected it, for operating our business, and for other purposes for which we obtain your consent. For example, we may use your personal information: (1) to provide you with the products of services that have been requested by your healthcare provider acting on your behalf; (2) to answer questions or respond to your inquiries about our company, services, billing, payment methods, or use of the Website; (3) to process or collect payments for our services. Per your request, we may contact you to resolve billing issues or to reply to your request for other documentation.
In addition to the purposes listed above, we may use personal information:
- To set up your account and to provide our site and services;
- To optimize the Website and your experience using it;
- To identify and authenticate your access to certain features of the Website;
- To communicate with you in order to keep you informed of our latest updates and features;
- To assess your candidacy for a position that you applied to and to facilitate your employment application;
- To perform research or to conduct analytics in order to improve and customize the Website to our users’ needs and interests;
- To market our products and services to you (to the extent permitted under HIPAA and other laws, where applicable);
- To detect and prevent illegal activity or any other type of activity that may jeopardize or negatively affect the integrity of the Website;
- To support and troubleshoot our site, respond to your inquiries, and communicate with you;
- To comply with our legal obligations; and
- To investigate violations and enforce our policies, and as required by law, regulation, or other governmental authority; or to comply with a subpoena or similar legal process or respond to a government request.
INFORMATION WE SHARE
Subject to the limitations described in our HIPAA Notice of Privacy Practices, California Privacy Notice, California Notice to Job Applicants, and the EEA/UK/Switzerland Privacy Notice (which are available on our Website), Inform Diagnostics may disclose your personal information as follows:
- Our operations as a laboratory. Protected health information may be shared for treatment, billing and payment, laboratory operations, and other purposes described herein and in our HIPAA Notice of Privacy Practices and EEA/UK/Switzerland Privacy Notice, as applicable.
- Our service providers, vendors, and other processors. We may share your personal information with our service providers or other vendors and processors that help us provide our Services to you, which, in limited circumstances, may access information from a different location than where the information was collected. Such entities will be given access as is reasonably necessary to provide our Services, and only under contractual obligations that are at least as restrictive as this Policy and are in compliance with applicable privacy laws. Agents, vendors, and service providers who may have access to protected health information and other special categories of personal data are contractually and/or legally obligated to protect the privacy and security of such information pursuant to applicable laws. Your payment information is transmitted directly to our third-party payment processor. We do not store any credit card information on Inform Diagnostic servers.
- Affiliated businesses. We may share your personal information with group companies and affiliates. Affiliated businesses may use your information to help provide, understand, and improve our Services and the affiliates’ own services.
- Data sharing. Where prohibited, protected health information collected from users and patients based in the USA or in the EEA/UK/Switzerland region will not be shared outside the United States.
- Change of control. We may share your personal information as part of a purchase, transfer, or sale of the Services or the company (for example, a corporate restructuring, merger or consolidation with, or sale of substantially all of our assets to a third party).
- Safety and legal compliance. We may share your personal information if we believe that such disclosure is necessary to comply with applicable laws, regulations, legal processes, or requests by public authorities (e.g., law enforcement, tax authorities, etc.); to protect you, us, or other users’ rights or property; to protect safety and security in connection with our Services; or to comply with or enforce our terms, agreements, or policies.
- Your consent or express actions. We will share personal information when we have your consent to do so. Also, any information or content that you voluntarily disclose for posting in public areas of our Website, such as public comments or social media posts, become available to the public.
- Anonymous or aggregate data. We may share anonymized or aggregated information with third parties. Such information is de-identified in accordance with applicable law, no longer reasonably identifies you, and is not considered personal information.
HOW WE USE AND DISCLOSE DE-IDENTIFIED, ANONYMIZED, OR PSEUDONYMIZED INFORMATION
- For testing quality control and validation:
- In accordance with regulatory requirements, we may de-identify, store, and use patients’ samples and information for internal testing quality control, validation, genetic testing, and research and development. This important purpose allows Inform Diagnostics to maintain our high-quality Services and to develop and improve new Services.
- For genetic testing services, we may also share de-identified patients’ samples and information for quality assurance and validation purposes. Such sharing is essential to maintaining the quality of genetic testing in testing laboratories in accordance with regulatory requirements.
- For research purposes:
- For infectious disease testing, we may contribute viral genetic variants that we have observed in the course of providing services to the Centers for Disease Control.
- For genetic testing services, we may contribute de-identified human genetic variants that we have observed in the course of providing our Services to publicly available databases.
- For genetic testing, cancer screening, and biopsy testing services, we may use or disclose de-identified patient information for general research purposes. This may include research collaboration with third parties, such as universities, hospitals, or other laboratories, in which we utilize de-identified clinical cases at the individual level or in the aggregate; and we may present or publish such information. This may also include commercial collaborations with private companies for research purposes.
To the extent we have relied on your express consent to process de-identified or pseudonymized personal information in relation to the above (for example, if you are in the EEA, United Kingdom, or Switzerland), you may withdraw your consent to participate at any time by contacting us at privacy@InformDx.com. Inform Diagnostics will not include any such de-identified or pseudonymized personal information in future research commencing within 30 days from the receipt of your request. Any research involving your data that has already been performed or published prior to the receipt of your request will not be reversed, undone, or withdrawn.
HOW WE PROTECT INFORMATION
We take the security of your personal information very seriously. We use reasonable administrative, physical, and technical safeguards to secure the personal information you share with us, including, where relevant, in compliance with applicable law. Our efforts include, but are not limited to, using industry standard tools such as firewalls, encryption, and intrusion detection. Your personal information is processed and stored on controlled servers with restricted access, and, if applicable, in compliance with the Security Rule of the Health Insurance Portability and Accountability Act of 1966 (HIPAA).
However, since the Internet is not a 100% secure environment, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. Please recognize that protecting your personal information is also your responsibility. You should keep your username, password, ID numbers, or other access credentials secure, as Inform Diagnostic cannot secure personal information that you release on your own or that you request us to release. If we receive instructions using your log-in information, we will consider that you have authorized the instructions. Please do not submit any personal health information or credit card information to us via email.
You agree that you have provided notice to, and obtained consent from, any third party individuals whose personal information you supply to us, including with regard to (a) the purposes for which such third party’s personal information has been collected; (b) the intended recipients or categories of recipients of the third party’s personal information; (c) which of the third party’s information is obligatory and which information, if any, is voluntary; and (d) how the third party can access and, if necessary, rectify the information held about them.
LINKS TO OTHER SITES
Our Website is directed towards adults and is not designed for, intended to attract, or directed towards children under the age of 16. If you are under the age of 16, you must obtain the authorization of a responsible adult (parent or legal guardian) before accessing or using our Website. If we become aware that we have collected any personal information from children under 16 without appropriate authorization, we will promptly remove such information from our databases.
UNSUBSCRIBING, REMOVING, OR MODIFYING YOUR INFORMATION
To the extent you are a registered user of the Website, to modify or view personal information you have provided to us in connection with your account, please login and update your profile. In some circumstances, such as to resolve disputes, troubleshoot problems and enforce our rights, or to the extent required or permitted by applicable law, we may retain in our files information you have requested to delete. Further, your personal information may remain on our system backups after deletion. If you have an account, we may send you certain communications related to this site and/or services that are considered part of your account, such as technical alerts.
You can update, amend, or delete your account information and preferences at any time by contacting us at privacy@InformDx.com. When you make a valid request, we will provide you with instructions on how to update certain personal information and how to unsubscribe from our emails and communications. Please follow the instructions when necessary to notify us of changes to your name, email address, and preferences. We will take reasonable steps to verify your identity, including via verification and confirmation emails, before granting access to your personal information.
For individuals residing in the European Economic Area (EEA), Switzerland, or the United Kingdom (collectively, the “Designated Countries”) at the time of data collection, please refer to our EEA/UK/Switzerland Privacy Notice. If you are a California resident, please refer to our California Privacy Notice.
We store your personal information for as long as we need it in connection with the Services; to serve the purpose(s) for which your personal information was processed; or as necessary to comply with our legal obligations, resolve disputes, or enforce our agreements to the extent permitted by law.
We store information used for marketing purposes indefinitely, and we collect it until you unsubscribe. Once you unsubscribe from marketing communications, we add your contact information to our suppression list to ensure we honor your unsubscribe request. If you have any questions about our retention periods, please feel free to contact us at privacy@InformDx.com.
SPECIAL NOTICES FOR INDIVIDUALS IN CERTAIN GEOGRAPHIC AREAS
We are located in the United States and may collect, process, and store your information in the United States. If you are located outside the United States, your information may be transmitted to us in the United States. When we conduct such transfers, we rely on various legal bases to lawfully transfer your personal information from your country to the United States, including the European Commission-approved Standard Contractual Clauses. Our data protection laws may be less protective than the laws of the jurisdiction in which you reside. If you do not want your information collected, transferred to, processed, or maintained in the United States, you should not use our Services.
Additionally, our Website is hosted in the United States. If you are visiting our Website from another country, the laws governing our collection and use of personal information may be different from the laws of your country. If you decide to use our Website, or share your information with us, you are agreeing to be governed by the laws of the United States, and you agree to the transfer of your personal information to the United States.
Individuals Located in the European Economic Area, the United Kingdom, or Switzerland. If you are located in the European Economic Area, the United Kingdom, or Switzerland, applicable data protection laws, including the General Data Protection Regulation (GDPR), give you certain rights. For more information, please see our EEA/UK/Switzerland Privacy Notice.
California Residents. Pursuant to the California Consumer Privacy Act of 2018 (CCPA), California residents are afforded certain additional rights regarding our use of your personal information (“CCPA Rights”). Please note that the CCPA Rights do not apply to personally identifiable health information. If you are a California resident, please see our California Privacy Notice.
Nevada Residents. Pursuant to Nevada law, you may direct a business that operates a website not to sell certain personal information the business has collected or will collect about you. For information about your rights under Nevada law, please contact privacy@InformDx.com.
Should you have any questions about this policy or our privacy practices, please send an email to privacy@InformDx.com or write us at:
Inform Diagnostics, Inc.
Attn: Privacy Officer
6655 N. MacArthur Blvd.
Irving, Texas 75039