Privacy Policy
Last Updated: October 14, 2021
This Privacy Policy provides information about how Veracyte, Inc. (“Veracyte”) collects, uses, and shares Personal Information relating to individuals obtained through our websites, products and services (collectively, the “Services”). Veracyte’s websites (the “Sites”) include www.veracyte.com, www.decipherbio.com, www.askforafirma.com, www.afirma.com, and www.prosigna.com. For purposes of this Policy, “Personal Information” means any information (whether electronic or written) relating to an individual who can be identified directly or indirectly. This Policy also provides information about your rights and choices regarding our processing of your Personal Information. Please review this document carefully, as our processing of your Personal Information is subject to the terms of this Privacy Policy.
The company responsible for collection, use and disclosure of your Personal Information under this Privacy Notice (the data controller) is Veracyte, Inc., located at 6000 Shoreline Court, Suite 300, South San Francisco, CA 94080, USA, unless specified otherwise. A reference to “Veracyte,” “we,” “us,” or “our” is a reference to Veracyte, Inc. and/or any relevant affiliate involved in the Personal Information processing activity, which could include Veracyte International Corp., Veracyte Global BV, Decipher Biosciences, Inc., and/or Decipher Corp.
Please note that all of the information provided in this Privacy Policy may not be applicable to you. Some activities or interactions with Veracyte may be governed by different privacy terms, which will be provided to you separately.
Personal Information We Collect:
-
Information Provided by You: The categories of Personal Information we collect from you typically include contact information (such as your name, email or postal address, telephone or fax number, email address, job title), and other details you choose to share with us. You provide Personal Information when you correspond with us, submit a website form, request information or support, or sign up for a Veracyte-sponsored newsletter, webinar, event or promotion. Where relevant to fulfill a transaction or request, we may collect additional information such as billing or payment information, shipping addresses, and credit card information. Additionally, in order to tailor our communications to you, we may ask you to voluntarily provide us with information regarding your professional background and areas of interest, experience with our products, contact preferences, and other information relating to your interactions with us or the Services.
-
Information Collected Automatically: When you use or interact with the Services, we may automatically record certain information from your web browser by using different types of technology, including “clear GIFs” or “web beacons.” This information includes Internet Protocol address, web browser type, the web pages or sites that you visit just before or just after our Sites, the pages you view on our Sites, and the duration, dates and times that you visit the Sites, and device information (regional and language settings and operating system).
We also use cookies to collect information when you use the Services. Cookies are small text files stored in your web browser that allow us or a third party to recognize you, making your next visit easier and the Services more useful to you. There are two broad categories of cookies: session cookies and persistent cookies. A session cookie expires and disappears when you close your browser. A persistent cookie stays on your device for a predefined time period or until you manually delete it. If you access the Services using a mobile device, the device ID or IP address may be recorded and used for purposes similar to those of cookies. If you’d like to instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser. Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer or store your preferences, and some of our pages might not display properly.
We use Google Analytics, a web analytics service provided by Google, Inc. to collect information about your use of the Services, including your IP address. Google uses this to provide information about visits to our Sites, including number of visitors, the websites from which visitors have navigated to our Sites, and the pages on our Sites to which visitors navigate. More information on Google Analytics can be found at the following link: www.google.com/policies/privacy/partners/. We also engage third party partners to place ads on other websites. These companies may collect contact information and/or use data about your visits to this and other websites in order to measure advertising or content effectiveness and to provide advertisements about our goods and services that may be of interest to you.
Our Sites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets. These features, which are either hosted by the respective social media network or hosted directly via our Sites, allow you to post information to your third party social media profile page and share it with others in your network. When you click through social media features from particular websites, the social media network may receive information showing the websites you have visited. If you are logged in to your social media account, the social media network can link your visit to our Sites and others, and may deliver advertisements or promotions about our Services tailored to your interests. Your interactions with social media features are governed by the privacy policies of the companies providing these features.
Certain web browsers and other programs may be used to signal your preferences about how or whether Veracyte or third parties may collect information about your online activities. Currently, Veracyte does not respond to such signals.
-
Information from Other Sources: We may receive Personal Information about you from third parties and from publicly available sources, including, when legally permitted, from health care providers and health systems, collaboration or event partners, lead generation companies and social media sites.
How We Use Personal Information:
We use Personal Information in a variety of ways, including for the following purposes and legal bases:
(1) Our Legitimate Business Interests
We may use your Personal Information to further our legitimate business interests. These may include, without limitation:
- Responding to your inquiries and communications.
- Marketing our products and services to you, and analyzing and improving our products and services, customer and technical support;
- Communicating with you, including by sending you newsletters, announcements, updates, and support and administrative messages;
- Analyzing your needs and interests, and personalizing your experience with the Services;
- Analyzing use of our Sites to study trends and users’ movements around the Sites, improve the Sites and develop new features and Services;
- Maintaining the safety, security, and integrity of our Services, databases and other technology assets, and business; and
- Verifying your identity in connection with a communication, transaction or account between you or us or in connection with your exercise of your privacy rights.
We may create anonymous data from your Personal Information and that of other individuals by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.
(2) Consent
We may use your Personal Information when we have your consent to do so, where required or permitted under applicable law. If we are using your Personal Information on the basis of consent, you may withdraw your consent at any time by informing us using the contact information below.
(3) To Contract With You
We may use the information you provide us to help us fulfill our contract with you when you purchase goods or services or otherwise transact with us, when you use our Sites under the applicable Terms of Use, and for other contractual purposes. We may also use this information to enforce our rights arising from such contracts.
(4) Compliance with Legal Obligations
We may use or disclose your Personal Information as we believe necessary or appropriate to:
- Comply with applicable laws and regulatory requirements, lawful requests, and legal processes, such as to respond to subpoenas or requests from government authorities;
- Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims, and enforcing terms and conditions governing the Services); and
- Protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
How We Share Your Personal Information:
We do not sell your Personal Information, nor do we share it with unaffiliated third parties for their own marketing or promotional use unless we have your consent. We may share your Personal Information with third parties who assist us in the process of providing Services to you, or otherwise perform functions on our behalf, including:
-
Affiliates: We may share your Personal Information with our corporate affiliates for purposes consistent with this Privacy Policy.
-
Event Partners: When you attend a conference, trade show, webinar or other event (either sponsored by us or one where we are a participating vendor) and register or have your badge scanned, your Personal Information will be shared with us, as well as with any partner or third party participating in that event. If you do not want your Personal Information shared in this manner, do not register or have your badge scanned. If you register with, or your badge is scanned by a third party at an event, your information will be governed by that third party’s privacy policy.
-
Service Providers: We may share your Personal Information with third-party companies and individuals that provide services on our behalf or help us operate the Site (such as customer support, website hosting and maintenance, analytics, email delivery, marketing, forms management, and database management services). These third parties may use your Personal Information only as directed or authorized by us and in a manner consistent with this Privacy Policy, and are prohibited from using or disclosing your information for any other purpose.
-
Healthcare Professionals: We may share your information with your healthcare providers and doctors who you have authorized to receive such information. When we transmit information to a healthcare provider, we are subject to laws and regulations governing the use and disclosure of Personal Information, including (in the United States) the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Personal data related to past, present or future health conditions, treatments and payments will only be used or disclosed for treatment and other authorized purposes as stated in our HIPAA Notice of Privacy Practices.
-
Legal Purposes, Business Transfers: We may disclose Personal Information where required by law, or in the good-faith belief that such action is necessary to comply with state and federal laws or respond to a court order, judicial or other government subpoena, or warrant. In some cases, we may make such disclosures without first providing notice to you. We also reserve the right to disclose Personal Information that we believe, in good faith, is appropriate or necessary to take precautions against liability; protect us from fraudulent, abusive, or unlawful uses; to investigate and defend ourselves against any third-party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of the Site; or to protect the rights, property, or personal safety of Veracyte, our users, or others. We may sell, transfer or otherwise share some or all of our business or assets, including your Personal Information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. We reserve the right, in any of these circumstances, to transfer or assign Personal Information that we have collected without prior notice to you.
-
Aggregated Data: We may share aggregated data with third parties collectively in an anonymous way, which does not reveal Personal Information. In addition, we may share your Personal Information when you have provided consent to do so.
Your Rights and Choices:
-
Opt out of marketing communications: If you no longer want to receive marketing communications from us, notify us using the contact information below, or follow the unsubscribe link provided in the marketing email. If you opt out of receiving marketing communications from us, we may still send you administrative messages, from which you cannot opt out.
-
Targeted online advertising: Some of the business partners that collect information about users’ activities on or through the Site may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising.
Users may opt out of receiving targeted advertising through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. If you choose to opt-out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included in this list, so you may still receive some cookies and tailored advertisements from companies that are not listed.
-
Health-Related Data: Veracyte processes health-related Personal Information as part of our business activities, subject to data privacy and security requirements applicable to health-related data. Depending on your jurisdiction, you may have certain rights with respect to Personal Information relating to your health. In the United States, for example, the HIPAA Privacy Standards grant US residents rights relating to protected health information (PHI), including the right to request a copy of or amend PHI, receive PHI via confidential communications, receive Veracyte’s Notice of Privacy Practices, request restrictions on the use and disclosure of PHI, receive an accounting of disclosures of PHI, to complain, and be notified of a PHI breach. For more information, please review Veracyte’s HIPAA Notice of Privacy Practices. If you would like to receive a hard copy of our HIPAA Notice of Privacy Practices, contact Veracyte Customer Care at 1.844.558.8372 or [email protected].
If you wish to submit a request relating to your health-related Personal Information, you may contact Veracyte Customer Care at the contact information above, and we will process your request pursuant to the laws and regulations applicable in your jurisdiction. We may ask you to verify your identity and to provide additional details, by completing forms, before we are able to further assist you.
-
Rights for Individuals based in California, the European Economic Area (EEA), Switzerland, or United Kingdom (UK): If you are a resident of California or an individual based in the EEA, Switzerland, or UK, you have additional rights. Please see the “Location-Specific Information” section below.
Data Security:
We employ a number of organizational, technical and physical safeguards designed to protect the Personal Information we collect and store. However, security risk is inherent in all Internet and information technologies and we cannot guarantee the absolute security of your Personal Information. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us using the contact information provided below.
Data Transfers:
Veracyte is headquartered in the United States, and we have operations, entities, and service providers both in the United States and throughout the world. As such, we and our service providers may transfer your Personal Information to, or store or process it in, servers in the United States and/or other jurisdictions which may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your Personal Information receives an adequate level of protection in the jurisdictions in which we process it. If you are located in the European Economic Area, Switzerland or UK, we provide adequate protection for the transfer of Personal Information to countries outside of these areas, such as through the use of authorized Standard Contractual Clauses.
Data Retention:
We will retain your Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and as outlined in this Privacy Notice. We will keep your Personal Information for periods of time needed to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes, and enforce our agreements, and otherwise as permitted by law. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide Services to you; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to the enforcement of applicable Terms of Use, applicable statutes of limitations, litigation or regulatory investigations).
Links to Other Websites:
Our Sites may contain links to other websites and services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. We do not control third party websites, applications or services, and are not responsible for their actions. To the extent you access a third party website, the privacy policy of that other website will apply to your access of that site. We encourage you to read their privacy policies to learn more.
Children’s Privacy:
Our Sites are not directed to, and we do not knowingly collect Personal Information from, anyone under the age of 16. We encourage parents or guardians who become aware that their child has provided us with Personal Information to notify us using the Contact Us details below. We will delete such information from our files as soon as reasonably practicable.
Location-Specific Information:
Privacy Statement for EEA, Switzerland, and UK Residents
Privacy Statement for California Residents
Changes to this Privacy Policy:
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on this webpage. Please revisit this page to stay aware of any changes. Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the changes (or as otherwise indicated at the time of posting). In all cases, your continued use of the Site after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.
Veracyte Contact Information:
If you have any questions, comments or complaints about this Privacy Policy or our privacy-related practices, please contact Veracyte at: [email protected], or as follows:
Veracyte, Inc.
Attn: Privacy Officer
6000 Shoreline Court, Suite 300
South San Francisco, CA 94080
USA