All references herein to “you” and “your” include you as the individual user and, to the extent relating to your use of the Site or other Services, any company, institution or other entity employing, contracting or retaining you, or on whose behalf you are using the Services.
What Information Do We Collect?
We collect, receive and store the following types of information:
Personally Identifying Information: We collect Personally Identifying Information from the Site ONLY when you choose to provide it to us. Personally Identifying Information (PII) is information that can be used to identify or contact you, including but not limited to your name, address, email address, telephone number, company or institution affiliation, account identifiers, account password, payment information, credit card information and other billing data. In particular, we collect, receive and store the Personally Identifying Information you provide to Company when you purchase Services or sign-up or register with Company on the Site and/or for Services, including without limitation when you sign up for Opal or open any related account or membership, when you subscribe to a newsletter, respond to a survey, fill out a form, or complete your profile through the Site or Services.
Certain contact and other Personally Identifying Information may be necessary to use, sign up or register for Services, utilize certain features or functionality on the Site, or otherwise transact business with us. You can choose not to provide such information, but then you might not be able to use or take advantage of our Services, Site, business transactions or portions thereof.
Genomic Data: Genomic Data consists of genomic sequences, exomes, variant files, specific DNA or RNA sequences, gene sets and variant sets, as well as associated sample information, annotations, demographic descriptions (e.g., age, gender, ethnicity, background, etc.), phenotypic descriptions (e.g., disease conditions, health-related information, personal traits, family history) and other data that might be uploaded by you in connection with any such sequence data. We collect Genomic Data ONLY if you choose to provide it to us in connection with your use of our products or services.
User Content: User Content is information, data, text, files, software, graphics, audio, photographs, video, messages, communications or other materials, including Genomic Data, that you upload, submit, post or otherwise provide to the Site or Services. For example, we receive and store User Content you provide to Company when you:
- use the Site, the Fabric Enterprise System or other Services; and/or
- post, upload or otherwise provide content, materials, reviews or other information on the Site or through the other Services; and/or
- fill out surveys or questionnaires or sign up for or enter promotions, events or other special activities through the Site or other Services; and/or
- communicate with Company or with other users or participants of the Site or other Services (including the content of such communications and information provided in connection with such communications); and/or
- provide information to third parties and their web sites, applications and services which are accessed or used by Company or through the Site and/or Services.
Information We Collect Automatically: We receive and store certain types of information whenever you interact with us. For example, we may automatically record your activity on the Site and in the Services, the time and date or your activities, your IP address, browser type, page views, domains and similar information. Like many websites, we may also use “cookies” (see below), log files, web beacon technologies and other automated tools to obtain certain types of information when your web browser or application accesses our Services. We typically use this information for internal purposes such as to administer, develop, improve and customize the Site and the Services, to understand and analyze how the Site and Services are being used and to track, analyze and report on aggregate usage. Also we may use this information to personalize your experience, or to offer you products and services specifically based on your preferences and usage.
We comply with privacy and data protection laws and regulations applicable to us. Accordingly, if we receive or collect your Personal Data from the European Union or European Economic Area (“EU/EEA”) we will comply with any GDPR laws, rules and regulations that apply to us with respect to such Personal Data and you as a “Data Subject” under the GDPR. Accordingly, we will process any such Personal Data on the following basis:
- for the performance of any agreement between you and the Company such as to provide Services
- for the purposes of our legitimate interests related to the customer and business relationships between the Company and Data Subjects;
- to comply with legal obligations applicable to us, including legal corporate and accounting obligations.
Except with respect to Services we offer that are expressly indicated to be compliant with the Health Insurance Portability and Accountability Act (“HIPAA”), we do not purposefully collect, and request that you not provide, any individually identifiable health information and disclaim all responsibility or liability with respect to any such information provided to Company. With respect to any Services which are expressly indicated to be HIPAA-compliant, Company may receive such individually identifiable health information in compliance with applicable laws and regulations.
How Is Your Information Used?
Our primary goal in receiving information from you is to provide, administer, develop and improve our Services. Accordingly, Company may use the information submitted, collected or received from and/or about you for any of the following purposes:
To operate, provide, administer, develop, and improve our Services (including without limitation the Site and the Fabric Enterprise System), and to operate and support Company’s related businesses.
To better understand how users access and use our Services on an aggregated and individualized basis, to track and monitor usage, to conduct quality control, to fix technical and other errors or problems, and to respond to user desires and preferences.
To analyze, compile and publish, on an aggregated basis, information regarding usage of the Services and related subjects of interest to the general public, to analyze, compile and publish aggregated data and statistics regarding genomic analysis, and to enhance annotations and database information within (and otherwise used for) the Services such as the Fabric Enterprise System and other genomic analysis products or tools of Company (excluding in any event any disclosure or publication of Personal Identifying Information in such cases).
For advertising, marketing and promotional purposes; however, we do not sell or rent your Personally Identifying Information to any third party.
To provide personalized experiences and recommendations, language and location customization, personalized help and instructions, or other responses to your usage of our Services.
To track memberships, purchases and usage as necessary for the purpose of our complying with any third party agreements or obligations (such as, for example, making royalty or other payments to third parties). However, we will use reasonable efforts not to transfer Personally Identifying Information to such third parties, unless it is strictly required for such compliance.
To communicate with or contact you concerning your account or membership or your usage of or participation in the Services, and for other customer service, This will include use of your e-mail address to send you messages and notices for the purposes described above and below.
To bill you, process payments and for authorization, account history and billing purposes. This may include credit card authorization and verification for purchases made from Company, location verification for products and services which may have limited geographical access, and the like.
To offer you content, services, or other products and services, including to develop new services and products.
To provide you with news and newsletters, special offers, promotions, and targeted advertising.
To comply with applicable laws, rules and regulations and any regulatory mandate or court order.
To protect the safety of any person, to address fraud, security or technical issues, or to protect Company’s rights or property.
As used in this policy, the terms “using” and “processing” information include using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within our organization or among our affiliates within the United States or internationally.
When is Information Shared with or Disclosed to Others or the Public?
Information provided by our users is an important part of our business. Company will share and disclose user provided or collected information only as compatible with the purposes described above, when we have your consent (as may be provided by you from time to time through the Services or otherwise), and as described in this section as follows:
Public Forum: Any User Content or other user information, content or materials submitted or posted to public portions of the Site (such as discussion groups, bulletin boards and similar forums) or portions of the Service designed for broad user access (such as reviews, focused user groups, etc…) are or may be shared with the public without restriction. Company also reserves the right to publish or make publicly available any information that is already publicly available prior to the time first provided to or collected by Company or information that becomes publicly available without any action or omission on the part of Company.
Aggregated Data and Annotations: Company may publish and otherwise disclose (a) on an aggregated basis, information regarding usage of the Services and related subjects of interest to the public, (b) aggregated data and statistics regarding genomic analysis (excluding in any event any Personal identifying Information in both cases). Company may also disclose within the applicable Services themselves (such as the Fabric Enterprise System and other genomic analysis products or tools of Company) enhanced annotations and database information derived from your and other users’ usage of the Services.
Business Transfers and Collaborations: As we continue to develop our business, we might sell the Company and/or its business or assets and/or sell or buy online sites, services, subsidiaries, or other businesses; or we might collaborate or partner with other companies in strategic transactions or licenses. In such transactions, customer and user information generally would be one of the transferred business assets or otherwise one of the components of, or involved in, the transaction, we may therefore share this information in connection with such a transaction.
All users who have signed up or registered on the Site or for any of the Services may review, update, correct or delete the Personally Identifying Information in their registration or membership profile by changing the applicable information in their applicable account settings and/or profile page and/or by formally contacting the privacy contact listed below or your account representative at the Company in writing. If you delete some or all of such information, then your account may become deactivated.
We endeavor to comply with our obligations under the GDPR in relation to the storage, deletion, access and modification of your Personally Identifying Information. In particular, we respect your rights as a Data Subject under the GDPR to:
- access, modify or delete your Personal Data;
- restrict our processing of your Personal Data or to object to certain processing of your Personal Data; and
- to receive, under certain preconditions, your Personal Data in a structured, commonly used and machine-readable format and to transmit such data to another controller.
You may exercise these rights by updating your registration or membership profile, or sending us a written notice in accordance with the GDPR.
Cookies and Other Files
Log file information is automatically reported by your browser each time you access a web page. When you use the Services, our servers may record certain information that your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information. When you use the Services, we may employ clear GIFs (also known as web beacons) or similar mechanisms which are used to track the online usage patterns of our users anonymously. No Personally Identifying Information from your Company account is collected using these clear GIFs. In addition, we may also use clear GIFs in HTML-based emails sent to our users to track which emails are opened by recipients. The information is used to enable more accurate reporting and make the Services better for our users.
Identity Theft and Related Abuses
Identity theft and the practice currently known as “phishing” are of great concern to Company. Safeguarding information to help protect you from identity theft is important to us. We do not and will not, at any time, request your credit card information, your account ID, login password, or national identification numbers in a non-secure or unsolicited e-mail or telephone communication. For more information about phishing, visit the Federal Trade Commission’s website.
Your information may be transferred to – and maintained on – computers located in the United States of America as well as other locations and jurisdictions where we conduct business, which may be outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, Company transfers Personally Identifying Information to the United States and processes it there, and your submission of such information represents your agreement to that transfer. With respect to Personal Data subject to the GDPR, transfers of such Personal Data outside the EU/EEA are performed subject to appropriate safeguards such as standard data protection clauses adopted or otherwise approved by the EU Commission in accordance with the GDPR.
Our Policy Toward Children
The Services are not directed to children under 18. We do not knowingly collect Personally Identifying information from children under 18. If we become aware that a child under 18 has provided us with Personally Identifying Information, we will delete such information from our files.
Limitation of Liability