Privacy

Mon, Aug 15 2016

Last Updated

This Privacy Policy details the policies and procedures of DNAnexus, Inc. ("DNAnexus," "our," "us," or "we") regarding the collection, use, and disclosure of personal information that we receive or collect from users of the DNAnexus website and the services we offer through the DNAnexus website (collectively, the "Site"). This Privacy Policy applies to only the information that you provide to us through the Site.

  1. Information DNAnexus May Collect From You

    Our primary goals in collecting information are to provide genomic information management and analysis services to you, and to improve our Site, features, and content.

    1. Genomic Information That You Voluntarily Provide

      DNAnexus collects and stores the DNA sequence data, derived from humans or other organisms, that you submit to the Site along with metadata and other information related to such sequence data. You agree to and accept full responsibility for obtaining all necessary permissions and informed consents from the donors of all samples from which your submitted sequence data is derived.

    2. HIPAA, Protected Health Information, and the Clinical Compliance Features

      DNAnexus is not a Covered Entity as that term is defined in the Health Insurance Portability and Accountability Act of 1996, as amended, and its related regulations (collectively, "HIPAA"). On occasion, DNAnexus may agree in writing with a user to perform services for the user in the capacity of a Business Associate under HIPAA. We offer a separate HIPAA Business Associate Privacy Agreement ("BA Privacy Agreement") for HIPAA-regulated users, and we recommend that such users enter into a BA Privacy Agreement with DNAnexus prior to uploading, storing, or otherwise transferring "protected health information" as defined in HIPAA ("PHI") using the Site.

      DNAnexus offers clinical compliance features as part of its service ("Compliance Features") for users who wish to upload, store, or otherwise transfer PHI, as well as users who are using the Site in connection with their clinical operations. Users who desire to upload, store, or otherwise transfer PHI using the Site must implement all of the required Clinical Features. The uploading, storing, or transferring of PHI using the Site by users that have not implemented the Clinical Features is strictly prohibited. You agree that, unless you have implemented the Clinical Features, you will not upload, store, or otherwise transfer PHI using the Site. You acknowledge that this may require you, in some instances, to anonymize sequence data prior to uploading it to the Site. You further agree to indemnify and hold harmless DNAnexus of and from any and all claims, demands, losses, causes of action, damage, lawsuits, judgments, including attorneys' fees and costs, arising out of or relating to your uploading, storing, or transferring of PHI without having fully implemented the Clinical Features.

    3. User Account Information/Personally Identifiable Information

      When you register with us through the Site and during your use of the Site, we will ask you for personally-identifiable information, which is information about you that can be used to contact or identify you ("Personal Information"), such as: your name, company or organization name, title, e-mail address, postal address, telephone numbers, and, if you sign up for a paid account, billing information, including a credit card number. If you contact us, we may also keep a record of that correspondence or communication, including any Personal Information it contains.

    4. Cookies and Tracking Pixels

      We use cookies, tracking pixels, and other similar technologies to track activity on our Site and to enhance the functionality of our Site. Cookies are small data files that our web servers send to your browser and which get saved on the hard drive of the computer that you are using to access the Site. If you do not want to allow cookies on your computer, most browsers have a feature that allows you either to automatically decline cookies or to decline or accept particular cookies from particular web sites. If you choose to reject cookies from our Site, you may be unable to use certain Site services, features, and functionality. If you choose to accept cookies from us and our service providers, you are agreeing to let us and our service providers install cookies on your computer. To learn more about cookies, please visit http://allaboutcookies.org. Tracking pixels (also known as web beacons, action tags, or transparent GIF files) collect and store information about your visits to our Site, such as page visits, the duration of the visit, the specific link(s) that you clicked during your visit, and the address of the website from which you arrived at the Site.

      We also may use Adobe Flash technology (including Flash Local Shared Objects ("Flash LSOs")) and other technologies to, among other things, collect and store information about your use of the Site. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to "information" on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with the Site or our online content.

    5. User Software and Reference Data

      You may also be permitted to upload your own software and data, including reference genomes, to the Site in the course of using the Site. You agree to and accept full responsibility for obtaining all permissions, consents, and rights necessary for uploading and using any such software and data to and with the Site.

  2. Security of Your Information

    Our Site uses Secure Socket Layer (SSL) encryption to protect sequence data that users upload to the Site over the Internet. However, no data transmission over the Internet or data storage system can be 100% secure. As a result, while we strive to protect your information, we cannot guarantee the security of information you transmit to us, we transmit to you, or that we store on your behalf. If at any time you believe that your interaction with the Site or information is no longer secure, please inform us immediately.

    Further, if you register and create a profile on the Site, your profile, Personal Information, and sequence data submitted by you to the Site will be password- protected. You agree that you will be responsible for all actions taken under an authenticated login. Accordingly, we recommend that you select a strong password and do not divulge that password to anyone. Also, be certain to sign out of your DNAnexus account and close your browser window when you have finished using the Site to prevent others from accessing your information and data.

    Please note that while Site includes a service for storing your sequence data, which is backed up, we cannot guarantee that such sequence data will be secure, reliable, or available. Accordingly, DNAnexus will not be responsible for any loss or corruption of data, or any other harm that results from your access to or use of the Site despite the security features of our service described in this policy and elsewhere on the DNAnexus Site.

  3. How Your Information May be Used

    We may use your Personal Information to provide you with a personalized experience on our Site and to communicate with you through periodic messages regarding new service features and related products and services provided by our partners, events, and other information and notices we believe you may find interesting or useful. Your credit card information (if applicable) may be used by our financial services providers for payment processing and fraud prevention. We will not sell or provide your information to third parties for their own direct marketing purposes.

    We use the automatic usage and other non-Personal Information collected to maintain, secure, and improve our Site, and to understand your interests when visiting our Site. We may generate statistical information regarding our user-base and use it to analyze our Site or business.

  4. With Whom May DNAnexus Share Your Information?

    1. Data Storage

      We store the software and sequence data you submit and your account, profile, and member information (including Personal Information) on "cloud" servers owned and operated by third party providers. Our current provider is Amazon Web Services (AWS). Our Site is designed to encrypt all stored sequence data using encryption algorithms such as AES-256. For information about AWS's privacy protection and data security practices, please visit http://aws.amazon.com/security.

    2. Service Providers

      We may rely on various third-party service providers and contractors to provide services that support the Site and our operations, including, without limitation, maintenance of our databases, distribution of emails and newsletters on our behalf, data analysis, payment processing and other services of an administrative nature. Such third-parties may have access to your Personal Information for the purpose of performing the service for which they have been engaged.

    3. Compliance with Laws and Law Enforcement

      DNAnexus cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose Personal Information and other user information when we, in our sole discretion, have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may (either intentionally or unintentionally) be causing injury to or interference with our rights or property, users of our Site, or anyone else who could be harmed by such activities. We may also disclose user information when we believe, in our sole discretion, that such disclosure is required by applicable law. We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

    4. Business Transfers

      We reserve the right to transfer any and all information that we collect from Site users, including Personal Information, to a third-party in the event of any corporate reorganization, merger, sale, joint venture, assignment, transfers, or other disposition of all or any portion of DNAnexus's business, assets, or stock.

    5. European Union Transfer

      In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, DNAnexus is potentially liable.

  5. Information You Share With Other Users; Forums

    Our Site allows you to share the sequence data, reference genomes, and other information you submit to the Site with other users of the Site and third parties who are not users of the Site. DNAnexus is not responsible for such other users' and third parties' use of your sequence data, reference genomes or other information. You understand and acknowledge that, if you choose to share the sequence data, reference genomes, or other information you submit to the Site with other users of the Site or third parties, such shared information might be copied or redistributed by other users and third parties. Even after you remove information from your account or delete your account, copies of that information may remain viewable elsewhere to the extent it has previously been shared with others.

    We and our service providers may make available through the Site certain services to which you are able to post information and materials (for example, forums, chat rooms, message boards, and news groups). If you utilize such Site services, please remember that any information that is disclosed in these areas becomes public information and may be available to other users of the Site and the general public. In addition, when you choose to make a posting on such services, certain Personal Information (such as your user name) will be available for other users to view.

    We urge you to exercise discretion and caution when deciding to disclose Personal Information, or any other information, on the Site. We are not responsible for the use of any Personal Information or other information you voluntarily disclose or make available to other users or the public through the site.

  6. Changing or Deleting Your Information

    You may review, update, correct or delete the Personal Information you provide to us by contacting us. If you completely delete all such information, then your account may become deactivated. If you would like us to delete your account in our system, please contact us at info@dnanexus.com with a request that we delete your Personal Information from our database. We will use commercially reasonable efforts to honor your request. We may retain an archived copy of your records as required by law or for legitimate business purposes.

  7. Limiting Use in Our Email List

    If you no longer wish to receive new product/service notices, email newsletters or other future promotional communications from us, please follow the opt- out instructions included in each such communication or notify us by email at info@dnanexus.com with the word "remove" in the subject header, and we will remove your name from our email recipient list. You may not, however, opt out of necessary service or account maintenance notices or other administrative and transactional notices.

  8. Users Under 13 Years of Age

    This Site and our services are not directed towards users under the age of 13 and we do not knowingly collect Personal Information from users under the age of 13. If a parent or guardian becomes aware that his or her child under the age of 13 has provided us with Personal Information without their consent, he or she should contact us at info@dnanexus.com. If we become aware that a child under 13 has provided us with Personal Information, we will delete such information from our files.

  9. Links and Third Party Applications

    On the Site, we may provide links to websites or applications maintained by third parties, which we believe you may find useful. DNAnexus is not responsible for the privacy practices of these other websites or applications and we encourage you to review the privacy policies of each of those other websites or applications 7 before using such websites and applications. If you click on these third-party links, these other websites or applications may place their own cookies or other files on your computer, collect data, or solicit Personal Information from you. Other websites and applications will have different policies and rules regarding the use or disclosure of the personal information you submit to them. We make no representation with regard to the policies or business practices of any websites or applications to which you connect through a link from this Site, and are not responsible for any material contained on, or any transactions that occur between you and any such website or application.

  10. Location

    We host and maintain this Site in the United States. By providing Personal Information and other information to this Site, you understand and consent to the collection, use, processing and transfer of such information to the United States and other countries or territories, which may not offer the same level of data protection as the country where you reside, in accordance with the terms of this Privacy Policy.

  11. Privacy Compliance

    1. European Privacy Shield Compliance

      DNAnexus complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. DNAnexus has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

      In compliance with the EU-US Privacy Shield Principles, DNAnexus commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact DNAnexus at: privacy@dnanexus.com.

      DNAnexus has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

      Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

    2. Swiss Safe Harbor Compliance

      DNAnexus complies with the U.S. - Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from Switzerland. DNAnexus has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://export.gov/safeharbor.

      In compliance with the US-Swiss Safe Harbor Principles, (your company name) commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this privacy policy should first contact (your company name) at: privacy@dnanexus.com.

      DNAnexus has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

      Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

    3. FTC Compliance

      DNAnexus is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

  12. Privacy Policy Changes

    This Privacy Policy may be updated periodically. We will notify you of any material changes to this Privacy Policy by posting the revised policy on the Site. You are advised to periodically review this page to ensure continuing familiarity with the most current version of our Privacy Policy. Any changes to our Privacy Policy will become effective upon our posting of the revised Privacy Policy on 8 the Site. Use of the Site following such changes constitutes your acceptance of the revised Privacy Policy then in effect. You will be able to determine when this Privacy Policy was last revised by checking the "Last Updated" information that appears at the top of this page.

  13. Questions or Concerns?

    If you have any questions, comments, or concerns regarding this Policy, please contact us by email at info@dnanexus.com