Privacy Policy

Last Updated: December 10, 2024

  1. Introduction
    Veracyte, Inc. and its global affiliated Veracyte entities (collectively “Veracyte”, “we,” “us,” or “our”) respect your privacy. This Privacy Policy describes the types of Personal Information that we collect about you, how we use it, how we share it, your rights and choices, and how you can contact us about our privacy practices. For purposes of this Privacy Policy, “Personal Information” means any information (whether electronic or written) relating to a living individual (a “Data Subject”) who is, or can be, reasonably identified from the information, either alone or in conjunction with other information.

  2. Scope
    This Privacy Policy applies when you use or interact with any of our websites (“Sites”), products or services (collectively, the “Services”), provided that if you have a separate written valid legal agreement with Veracyte for products, services, or collaborative engagements, or other written legal agreement, the terms of such agreement shall govern our processing of your Personal Information. By using or interacting with the Services, you agree to our processing of your Personal Information as set forth in this Privacy Policy. This Privacy Policy does not apply to Personal Information that we collect and process under a signed agreement, or that is employee or contractor or candidate data, which is processed under different privacy terms made available to such individuals.

    Certain region-specific terms are set forth below in this Privacy Policy, applicable to data subjects in such regions, including specific states and countries.

    Please read this Privacy Policy in full to ensure you are completely informed about your Personal Information.

  3. Data Controller
    Veracyte, Inc. is the data controller of your Personal Information responsible for collection, processing and disclosure of your Personal Information under this Privacy Policy. If you have any questions relating to Veracyte, Inc.’s privacy practices, please contact us using the contact information provided at the end of this Privacy Policy.

  4. Personal Information we collect and the sources
    The Personal Information we collect from you will depend on how you interact with our Sites and the Services you use.

    4.1 Information Provided by You:
    We may collect and process the following types of Personal Information about you when you visit our Sites or use our Services. This typically includes:

    • Contact information (such as your name, email or postal address, phone number, and fax number, job title and other details you choose to share) that you provide when you correspond with us, submit a website form, request information or support, or sign up for a Veracyte-sponsored newsletter, webinar, event or promotion.
    • Payment information such as your credit card information, billing address, shipping address, and other payment information relevant to fulfilling a transaction or request.
    • Professional background and areas of interest, experience with our products, contact preferences, and other information you choose to provide relating to professional information.
    • Records of your communications with us, such as if you correspond with us by email or phone, submit a website form, sign up for a Veracyte-sponsored newsletter, or otherwise request information or support from us, we collect and maintain a record of your contact details, communications and our responses to your requests.
    • Technical troubleshooting or support-related information, we may ask you for information when you report a problem with the Sites and the Services, such as information about the problem you are experiencing.
    • Account log-in credentials (including your username and password)

    4.2 Information Collected Automatically:
    (a) First and Third-party Cookies and web beacons.
    When you use or interact with the Sites and the Services, we may automatically record certain information from your web browser by using first party and third party cookies and tracking services that employ cookies and page tags (known as web beacons) to collect data about your visit to our websites.

    The information collected may include usage and user statistics, Internet Protocol address, web browser type, the web pages or sites that you visit just before or just after our Sites, the pages you view on our Sites, and the duration, dates and times that you visit the Sites, and device information (regional and language settings and operating system).

    Web beacons are small transparent images that provide statistics typically used for analytics or targeting purposes. They are often used in conjunction with cookies, though they are not stored on your computer or device in the same way.

    Cookies are small data files placed on your computer or other device when websites are loaded in a browser. Cookies are used for a variety of reasons, including to ensure the website works properly (or more efficiently), to provide personalized content, and to create analytics. They are widely used to “remember” you and your preferences, either for a single visit (through a “session cookie”) or for multiple repeat visits (using a “persistent cookie”). A session cookie expires and disappears when you close your browser. A persistent cookie stays on your device for a predefined time period or until you manually delete it.

    If you access the Services using a mobile device, the device ID or IP address may be recorded and used for purposes similar to those of cookies.

    We use Google Analytics, a web analytics service provided by Google, Inc. to collect information about your use of the Services, including your IP address, and about your visits to the Sites, including number of visitors, the websites from which visitors have navigated to our Sites, and the pages on our Sites to which visitors navigate. For more information on Google Analytics, please click here. You can opt out the use of Google Analytics by installing Google’s opt-out browser add-on.

    Our Sites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets. These features, which are either hosted by the respective social media network or hosted directly via our Sites, allow you to post information to your third-party social media profile page and share it with others in your network. When you click through social media features from particular websites, the social media network may receive information showing the websites you have visited. If you are logged in to your social media account, the social media network can link your visit to our Sites and others, and may deliver advertisements or promotions about our Services tailored to your interests. Your interactions with social media features are governed by the privacy policies of the companies providing these features.

    Certain web browsers and other programs may be used to signal your preferences about how or whether Veracyte or third parties may collect information about your online activities. Collecting this information helps us to improve the Sites performance and deliver more personalized content and Services by enabling us to understand usage patterns and return visits to the Sites.

    If you access the Services using a mobile device, the device ID or IP address may be recorded and used for purposes similar to those of cookies.

    If you would like to instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser for more information. Please note, however, if you delete cookies or refuse to accept them, you might not be able to use all of the features within the Sites and Services (including not being able to store your preferences or some of our pages might not display properly).

    The Cookie Preference Center, which appears when you visit our Sites, describes the cookies that Veracyte deploys and offers you an opportunity to exercise your cookie preferences through the Cookie Preference Center when visiting our Sites.

    (b) Targeted online advertising
    We engage third-party partners to place advertisements about our Services on other websites. These partners may collect a limited set of Personal Information, such as your contact information and/or use information about your visits to the Sites and other websites to measure advertising or content effectiveness and to provide personalized advertisements that may be of interest to you.

    Some of these third-party partners may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising. Users may opt out of receiving targeted advertising through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. Please note, if you do choose to opt out, not all third parties that provide online behavioral advertising are included in these lists.

    Our Sites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets. These features, which are either hosted by the respective social media network or hosted directly via our Sites, allow you to post information to your third-party social media profile page and share it with others in your network. When you click through social media features from particular websites, the social media network may receive information about the websites you have visited. If you are logged in to your social media account, the social media network can link your visit to our Sites and to other websites, and may deliver more relevant and personalized advertisements or promotions about our Services to you. Please review the relevant social media network’s privacy policy and cookie disclosures for further information about the specific types of cookies and other tracking technologies used on their websites.

    (c) Do Not Track
    Some browser settings may allow you to automatically transmit a Do Not Track signal to websites and other online services you visit. Veracyte does not currently recognize or respond to browser initiated Do Not Track signals. To find out more about Do Not Track, please visit http://www.allaboutdnt.com.

    (d) Information from Other Sources
    We may receive Personal Information about you from third parties and from publicly available sources, including, when legally permitted, from health care providers and health systems, collaboration or event partners, lead generation companies and social media websites.

  5. How We Use Personal Information
    We use your Personal Information for a variety of purposes as described below. In some regions, including in the EEA, the UK, and Switzerland, we are required to explain the legal basis for processing your Personal Information which is also described below:

    (a) Our Legitimate Interests
    We may use your Personal Information to further our legitimate interests. These may include, without limitation:

    • Providing customer and technical support, including responding to your inquiries and communications and sending administrative messages;
    • Marketing our Services to you; including for example by sending newsletters, announcements, and updates;
    • Improving our Services by analyzing your needs and interests, and personalizing your experience with the Services;
    • Analyzing use of our Sites by studying trends and users’ movements around the Sites to help develop new features and Services;
    • Maintaining the safety, security, and integrity of our Services, databases and other technology and business assets; and
    • Verifying your identity in connection with a communication, transaction or account or in connection with your exercise of your privacy rights.

    We may create non-personal information from your Personal Information and that of other individuals by removing information that makes the Personal Information (directly or indirectly) identifiable to you. We may use this non-personal information and share it with third parties for our legitimate interest, including to analyze and improve the Services and promote our business.

    (b) Consent
    We may use your Personal Information when we have your explicit consent to do so, where required or permitted under applicable law. If we are using your Personal Information on the basis of consent, you may withdraw your consent at any time by informing us using the contact information below. Please note, however, that we may not be able to offer our full range of Services where your consent is not obtained.

    (c) To Contract with You
    We may use the information you provide to help fulfill our contract with you when you purchase the Services or otherwise complete a transaction with us or enter into an agreement with us pursuant to a business relationship. We may also use this information to enforce our rights arising from such contracts.

    (d) Compliance with Legal Obligations
    We may use or disclose your Personal Information as we believe necessary or appropriate to:

    • Comply with applicable laws and regulatory requirements, lawful requests, and legal processes, such as to respond to subpoenas or requests from government authorities;
    • Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims, and enforcing terms and conditions governing the Services); and
    • Protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

  6. How We Share Your Personal Information
    We may share your Personal Information with third parties who assist us in the process of providing Services to you, or otherwise perform functions on our behalf, including:

    • Affiliates: We may share your Personal Information with our corporate affiliates for purposes consistent with this Privacy Policy.
    • Event Partners: When you attend a conference, trade show, webinar or other event (either sponsored by us or where we are a participating as a vendor) or when you register or have your badge scanned, your Personal Information will be shared with us as well as with any partner or third party participating in that event. If you do not want your Personal Information shared in this manner, please do not register or have your badge scanned. If you register with, or your badge is scanned by a third party at an event, your information will be governed by that third party’s privacy policy.
    • Service Providers: We may share your Personal Information with third-party companies and individuals that provide services on our behalf or help us operate the Sites (such as customer support, website hosting and maintenance, analytics, email delivery, marketing, forms management, and database management services). These third parties may use your Personal Information only as directed or authorized by us and in a manner consistent with this Privacy Policy.
    • Healthcare Professionals: We may share your information with your healthcare providers and doctors who you have authorized to receive such information. When we transmit information to a healthcare provider, we are subject to laws and regulations governing the use and disclosure of Personal Information, including (in the United States) the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Personal Information relating to past, present or future health conditions, treatments and payments will only be used or disclosed for treatment and other authorized purposes as stated in Veracyte’s HIPAA Notice of Privacy Practices.
    • Any competent law enforcement body, regulatory, government agency, court or other third party: We may disclose Personal Information where required by law, or in the good-faith belief that such action is necessary to comply with state and federal laws or respond to a court order, judicial or other government subpoena, or warrant. In some cases, we may make such disclosures without first providing notice to you to ensure compliance with applicable court orders and/or applicable laws. We also reserve the right to disclose Personal Information that we believe, in good faith, is appropriate or necessary to take precautions against liability; protect us from fraudulent, abusive, or unlawful uses; to investigate and defend ourselves against any third-party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of the Sites; or to protect the rights, property, or personal safety of Veracyte, our users, or others.
    • A potential buyer: We may sell, transfer or otherwise share some or all of our business or assets, including your Personal Information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution, provided that we inform the buyer it must use your Personal Information only for the purposes disclosed in this Privacy Policy.
    • Aggregated Data: We may share aggregated data with third parties, which does not reveal Personal Information. We do not share your Personal Information with unaffiliated third parties for their own marketing or promotional use unless we have your consent.

  7. Data Security
    Veracyte’s global cybersecurity program includes a variety organizational, technical and physical measures designed to protect your Personal Information against unauthorized, accidental, or unlawful access, destruction, loss, alteration, disclosure or use. Although we take reasonable security measures to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to the Sites. Security risk is inherent in all Internet and information technologies and we cannot guarantee the absolute security of your Personal Information, and we cannot ensure or warrant the security of any information you transmit to us. If you have reason to believe that your interaction with Veracyte is no longer secure, please immediately contact us using the contact information provided below.

  8. International Data Transfers
    Veracyte is headquartered in the United States, and our affiliates and third-party service providers operate both in the United States and around the world. Regardless of where your information is processed, we will treat all Personal Information in accordance with applicable law and this Privacy Policy. We may transfer your Personal Information to the United States and other jurisdictions where the data protection laws are different from those of your jurisdiction (and which, in some cases, may not be as protective).

    If you are located in the EEA, Switzerland or UK, we will protect your Personal Information when it is transferred outside of such locations by processing it in a jurisdiction that provides an adequate level of protection (see here for a list of countries deemed adequate by the European Commission) or by implementing appropriate safeguards to protect your Personal Information, including through the use of Standard Contractual Clauses or another lawful transfer mechanisms approved by the European Commission and/or the UK or Swiss authorities (as applicable).

  9. Data Retention
    We will retain your Personal Information for fulfilling the purpose(s) outlined in this Privacy Policy. We will retain your Personal Information where we have an ongoing legitimate business need to do so (for example, to provide you with the Services you have requested or to comply with applicable legal, tax, or accounting requirements). The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide the Services to you; (ii) whether we are subject to a legal obligation; or (iii) whether retention is advisable in light of our legal position (such as in regard to the enforcement of applicable Terms of Use, applicable statutes of limitations, litigation or regulatory investigations). Where we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it, or, if this is not possible, we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

  10. Third Party Websites
    Our Sites may contain links to other websites and services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any particular third party. We do not control third party websites, applications or services, and are not responsible for their actions. When you click on a link to a third-party website, the collection and use of your Personal Information is governed by that website’s policies and not by those of Veracyte. We are not responsible for the privacy practices of such third parties and we encourage you to review their privacy policies and user policies.

  11. Children’s Privacy
    Our Sites and Services are not directed to children under the age of 16. Veracyte does not knowingly collect Personal Information relating to children without the consent of a parent or legal guardian. If you become aware that a child has provided us with Personal Information, please contact us using the contact information below so we can take the necessary steps to delete the Personal Information.

  12. Your Rights and Choices – Location-Specific Information
    Depending on your location, jurisdiction, and subject to applicable law, you may have certain rights with regard to the personal information we collect about you. If you are a resident of the European Economic Area (EEA), Switzerland, or the UK, please see the section immediately below. If you are a resident of California or another U.S. state with an applicable privacy law, please refer to the respective dedicated sections below for further information about your privacy rights.

    (a) European Economic Area, Switzerland, UK.
    If you are a resident of the EEA, Switzerland or UK, you have the following rights in relation to your Personal Information:

    • Right to access: You have the right to know what information Personal Information we hold about you, and to obtain a copy of such Personal Information.
    • Right to correct: If you find out that your Personal Information is inaccurate or incomplete, you can request that we correct it.
    • Right to delete: You may require that we erase your Personal Information where certain grounds apply (including where we no longer require the Personal Information for the purpose for which it was collected or where we relied upon your consent to process the Personal Information and you have withdrawn that consent, among other things).
    • Right to Restrict: You have the right to request that we suspend our processing of your Personal Information if:

      • The accuracy of the Personal Information is contested;
      • The processing is unlawful and you oppose the erasure of the Personal Information and request the restriction of its use instead;
      • Veracyte no longer needs the Personal Information for the purposes of processing but is required to keep it for the establishment, exercise, or defense of legal claims; or
      • You have objected to our processing of your Personal Information (see below) and we are verifying whether you have legitimate ground for such objection.
    • Right to withdraw consent: Where we process your Personal Information on the basis of your consent, you may withdraw such consent at any time and we will no longer process your Personal Information. Such withdrawal of consent shall not affect the lawfulness of our processing prior to the time that such withdrawal was made.
    • Right to object: Where we process your Personal Information on the basis of legitimate interests you may object to our processing based on grounds relating to your situation. Where we process your Personal Information for direct marketing purposes you may object at any time and we will cease our processing for such purposes.
    • Right to data portability: Where we are processing your Personal Information on the basis of your consent or pursuant to the performance of a contract with you and such processing is carried out by automated means, you may request to receive your Personal Information in a commonly used, machine readable format (or have that information transmitted to a third party where technically feasible).
    • Right to complain: You can contact us at any time if you wish to make a complaint about our processing of your Personal Information. Additionally, you have the right to complain to a data protection supervisory authority. You can contact the Information Commissioner’s Officer in the UK here: https://ico.org.uk/make-a-complaint/ or find the contact information for the relevant EU regulator here: https://edpb.europa.eu/about-edpb/board/members_en.
    • Right to opt out of marketing communications:> If you no longer want to receive marketing communications from us, please let us know using the contact information below, or click on the unsubscribe link provided within the marketing email. However, please note we may still send you administrative messages relating to your access to or use of the Services.

    To exercise the rights described above, please submit a request to us by emailing [email protected], or refer to our Contact Information at the end of this Policy.

    Veracyte’s DPO is:
    Field Fisher, Hamburg
    Amerigo-Vespucci-Platz 1
    Hamburg
    20457
    Germany

    We will provide an initial response to your request within 30 days or sooner if required by law. We may require specific information from you to help us confirm your identity and process your request. If Personal Information about you has been processed by us as a processor on behalf of a business customer (who is the data controller of your Personal Information) and you wish to exercise any rights you have with such Personal Information, please inquire with our customer directly. If you wish to make your request directly to us, please provide the name of the customer on whose behalf we processed your personal data. We will refer your request to that customer, and will support them to the extent required by applicable law in responding to your request.

    (b) California
    Additional Information for California residents
    This section applies only to residents of California, USA, and provides additional information for California residents under the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPRA”). The terms used in this section have the same meaning as in the CCPA.
    Personal Information Collected.
    As described above in the “Personal Information We Collect” section, Veracyte may have collected through our Sites or Services within the last 12 months, the following categories of Personal Information, by reference to the statutory categories specified in the CCPA:

    • Identifiers, such as your name, email address.
    • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as your contact information.
    • Commercial information, such as transaction information and purchase history.
    • Internet or network activity information, such as your browsing history and interactions with our Site.
    • Geolocation data, such as your approximate location based on your IP address.
    • Audio, electronic, visual, and similar information such as your photograph or electronic signature, call recordings, and webinar and other event recordings.
    • Professional information such as business contact information and professional memberships.
    • Education information such as schools attended, degrees awarded, and associated dates.
    • Inferences drawn from any of the above personal information to create a summary about you, for example your preferences and characteristics.
    • Protected classification information protected under California/federal law, including your gender, date of birth, and marital status.
    • Sensitive personal information, such as personal information concerning a consumer’s health.

    Sources of Personal Information.
    We obtain the categories of Personal Information listed above from the following categories of sources:

    • Directly from you or your agent.
    • Directly and indirectly from activity on websites we control (the “Sites”); for example, from submission forms on our Sites, or website usage details collected automatically.
    • From affiliates or third parties that interact with us; for example, a distributor, or a trade show, event or webinar service provider or sponsor.
    • From publicly available information.

    Business Purposes for Collecting Personal Information.
    We collect the categories of Personal Information listed above for one or more of the following business purposes:

    • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or product sample, or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate product recalls or process returns.
    • To provide, support, and develop our Sites, products, and services, including for testing, research, analysis, and product development.
    • To create, maintain, customize, and secure your account with us.
    • To process your requests, purchases, transactions, and payments and prevent transactional fraud.
    • To provide you with support and respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
    • To personalize your website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Sites, third party sites, and via email (with your consent for email communications where required by law).
    • To help maintain the safety, security, and integrity of our Sites, products and services, databases and other technology assets, and business.
    • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
    • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
    • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Site users is among the assets transferred.

    We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

    Disclosures of Personal Information.
    We may disclose your Personal Information with the following categories of third parties for a business purpose:

    • Healthcare professionals
    • Affiliates
    • Service providers
    • Advertising partners
    • Professional advisors
    • Authorities
    • Business transferees

    “Sales” and “Shares” of Personal Information.
    We do not sell, and have not sold in the past 12 months, California resident Personal Information to third parties as the term “sell” is traditionally understood (i.e., for money). However, the CCPA defines “sale” very broadly. It includes the disclosure of a California resident’s personal information in exchange for anything of value. Like many websites and apps, our Sites and related online Services use cookies and similar technologies to enable certain functionality, help collect information about your visit, and, if you choose to enable such cookies, show you relevant or personalized advertisements about our products and Services, as described in the “Information Collected Automatically” section above. The use of such cookies which disclose a California resident’s personal information (which includes IP addresses and cookie IDs) to third party service providers and advertisers may be considered a “sale” of personal information under the CCPA (given its broad definition of “sale”), or a “share” of personal information under the CCPA (which is defined as the disclosure of personal information for the purposes of cross-context behavioral advertising).

    As described in the “Information Collected Automatically” section above, you may opt out of such cookies at any time by adjusting your cookie choices in our Cookie Preference Center which appears as a cookie banner when you visit our Sites, or via the Cookie Preferences link in the footer of our Sites.

    We do not knowingly “sell” or “share” personal information of California residents who are under 16 years old.

    California Privacy Rights.

    • Know and Access: You have the right to request to know and access the following information covering the 12 months preceding your request:

      • the categories of personal information we have collected about you;
      • the categories of sources from which your personal information was collected;
      • the business or commercial purposes for collecting personal information about you;
      • the categories of third parties with whom the business discloses personal information about you; and
      • the specific pieces of personal information we have collected about you.

      You have the right to receive your personal information in a portable and commonly used format

    • Correct: You have the right to request that we correct any of your personal information that we have collected from you that is inaccurate.
    • Delete: You have the right to request that we delete personal information that we have collected from you.
    • Opt out of sales and sharing: To the extent our use of cookies and other tracking technologies to make available certain personal information to third parties constitutes a “sale” or “share” of personal information under the CCPA, you may opt-out of such “sale” or “share” at any time by adjusting your cookie choices in our Cookie Preference Center.
    • Limit the use and disclosure of sensitive personal information: Veracyte may collect certain “sensitive personal information,” as defined by the CCPA, from you if you choose to provide us with sensitive personal information such as your health-related data, sexual orientation, race or ethnicity. However, Veracyte does not use or disclose such “sensitive personal information” other than for the purposes described in the ‘How We Use Your Personal Information’ above, or as otherwise authorized by the CCPA. As a result, we do not offer an ability to limit the use and disclosure of sensitive personal information.
    • Non-Discrimination: You have the right to not be discriminated against for exercising any of your CCPA rights. We shall not discriminate against you for exercising any of your above rights.

    Please note that the rights described above are not absolute, and where an exception under applicable law applies, we may be entitled to refuse requests in whole or in part.

    California residents wishing to submit a verifiable request to exercise these rights can do so (up to twice within a 12-month period) by emailing us at [email protected] or calling us at 1.844.558.8372.

    When you seek to exercise the rights described above, we will need to verify your identity or authority to make the request and confirm that the Personal Information relates to you before fulfilling any consumer request. We will endeavor to respond to a verifiable consumer request within 45 days of receipt. An authorized agent may submit a rights request on behalf of a California resident under the CCPA. Requests must be submitted through the designated methods listed above. You (or your authorized agent) must provide documentation signed by you demonstrating that the agent is authorized to submit a verifiable consumer request on your behalf.

    California’s “Shine the Light” law (Civil Code Section § 1798.83) also permits California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. We do not disclose your Personal Information to third parties for their direct marketing purposes.

    (c) Other US States
    This section applies to residents of certain other US states which have an applicable data privacy law currently in effect, including but not limited to, Colorado, Connecticut, Utah, and Virginia.

    The categories of Personal Information collected, the purposes/uses of collecting such Personal Information, and the categories of third parties to whom Veracyte discloses such Personal Information are as outlined above.

    Depending on your US state of residency which has an applicable data privacy law currently in effect, you may have the following privacy rights:

    • Know and Access: You have the right to request to know and access the Personal Information that we have collected about you.
    • Data Portability: You have the right to obtain your Personal Information in a portable and readily usable format.
    • Correction: You have the right to request that we correct inaccuracies in your Personal Information.
    • Deletion: You have the right to request to delete your Personal Information.
    • Opt-out of Data Processing for purposes of Targeted Advertising; Sales to Third Parties; and Profiling: As described in the section “‘Sales’ and ‘Shares’ of Personal Information” above, we do not sell Personal Information to third parties for money, nor for the purpose of profiling in connection with decisions that produce legal or similarly significant effects. However, we do process Personal Information for the purpose of displaying targeted advertisements, if you instruct us to do so. You have the right to opt out of the processing of Personal Information for targeted advertising purposes at any time by changing your cookies choices via our Cookie Preferences Center.
    • Appeal: You have the right to appeal a refusal to take action on your request. You may ask us to reconsider our decision within 45 days after we send you our decision. We will endeavor to respond to your appeal within 60 days of such an appeal, including a written explanation of the reasons for the decision, and any action taken or not taken in response to the appeal.

    Please note that the rights listed above only apply to a resident in Colorado, Connecticut, Utah, and Virginia who is acting in an individual or household context only, and does not include residents acting in a commercial or employment context. If you wish to submit a rights request, please refer to our Contact Information section below.

  13. HIPAA
    Please also note that in the United States, HIPAA Privacy Standards grant U.S. based residents certain rights relating to Protected Health Information (“PHI”). For more information, please review Veracyte’s HIPAA Notice of Privacy Practices.

  14. Changes to this Privacy Policy
    We may modify this Privacy Policy at any time. You can see when it was last updated by checking the “last updated” date displayed at the top of this Privacy Policy. We encourage you to revisit this page from time to time to stay aware of any changes.
    If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on this webpage. In all cases, your continued use of the Sites after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

  15. Contact Information
    If you have any questions or comments about this Privacy Policy, or wish to submit a rights request, please contact Veracyte at: [email protected], or as follows:

    Veracyte, Inc.
    Attn: Chief Privacy and Data Officer
    6000 Shoreline Court, Suite 300
    South San Francisco, CA 94080
    USA

    If you are located in the EU, you may also contact our EU Representative at [email protected].
    Veracyte’s DPO is:
    Field Fisher, Hamburg
    Amerigo-Vespucci-Platz 1
    Hamburg
    20457
    Germany
    +49 (0)40 87 88 69 80