Last Updated February 16th, 2021
We keep your name, email and company so you can use our system, and we may collect other personal information which you provide to us, as we have described in more detail in the Policy below. We place cookies on your browser to make our system faster and easier to use. We may use your name and email to send you information about our system. Please keep your personal information up to date. We will not sell your information to outside companies. You may stop receiving information from us at any time. We keep your data very private on our cloud. DNAnexus is a U.S. company. We follow the laws of that apply to us, like GDPR. If you need more information, see the Policy below.
DNAnexus uses your personal information in compliance with applicable laws, including the European General Data Protection Regulation 2016/679 (“GDPR”), as amended from time to time. DNAnexus is a data controller with respect to its own EU-based employee and contractor information as well as certain information derived from marketing in the EU.
Our primary goals in collecting information are to provide genomic information management and analysis services to you, to improve our Site, features, content, and to run our business.
- Genomic Information That You Voluntarily Provide
DNAnexus processes and stores the genomic sequence data (DNA, RNA, etc), derived from humans or other organisms, that you submit through or services along with metadata and other information related to such sequence data. You agree to and accept full responsibility for obtaining all necessary permissions and informed consents from the donors of all samples from which your submitted sequence data is derived. DNAnexus will be a processor for the purposes of processing genomic sequence data.
- HIPAA, Protected Health Information, and the Clinical Compliance Features
DNAnexus is not a Covered Entity as that term is defined in the Health Insurance Portability and Accountability Act of 1996, as amended, and its related regulations (collectively, "HIPAA"). On occasion, DNAnexus may agree in writing with a user to perform services for the user in the capacity of a Business Associate under HIPAA. We offer a separate HIPAA Business Associate Privacy Agreement ("BA Privacy Agreement") for HIPAA-regulated users, and we recommend that such users enter into a BA Privacy Agreement with DNAnexus prior to uploading, storing, or otherwise transferring "protected health information" as defined in HIPAA ("PHI") using the Site.
DNAnexus offers clinical compliance features as part of its service ("Compliance Features") for users who wish to upload, store, or otherwise transfer PHI, as well as users who are using the services in connection with their clinical operations. Users who desire to upload, store, or otherwise transfer PHI using the services must implement all of the required Compliance Features. The uploading, storing, or transferring of PHI using the services by users that have not implemented the Compliance Features is strictly prohibited. You agree that, unless you have implemented the Compliance Features, you will not upload, store, or otherwise transfer PHI using the services. You acknowledge that this may require you, in some instances, to anonymize sequence data prior to uploading it to the services. You further agree to indemnify and hold harmless DNAnexus of and from any and all claims, demands, losses, causes of action, damage, lawsuits, judgments, including attorneys' fees and costs, arising out of or relating to your uploading, storing, or transferring of PHI without having fully implemented the Compliance Features. Please note that for any personal information we receive which is PHI, DNAnexus will be a processor for the purposes of processing this personal information.
- User Account Information/Personally Identifiable Information
When you register with us through the Site and during your use of the Site, we will ask you for personal information, which is information about you that can be used to contact or identify you ("Personal Information"), such as: your name, company or organization name, title, e-mail address, postal address, telephone numbers, social media account, and, if you sign up for a paid account, and billing information. If you contact us, we may also keep a record of that correspondence or communication, including any Personal Information it contains.
- Cookies and other similar technologies
We automatically record certain information about you when you use the Site. DNAnexus may use this information to understand the manner in which pages of the Site have been visited in order to monitor and improve the Site. For further details please see the section on Cookies and other similar technologies below.
- User Software and Reference Data
We use the following cookies on this website (https://www.dnanexus.com):
These cookies are placed in your browser only after you have consented to use our cookies.
- Opting out of cookies
If you do not want to allow cookies on your computer, you can withdraw you consent at any time, for example by deleting the cookies, opting out via our opt-out mechanism, or most browsers have a feature that allows you either to automatically decline cookies or to decline or accept particular cookies from particular web sites. If you choose to reject cookies from our Site, you may be unable to use certain Site services, features, and functionality. If you choose to accept cookies from us and our service providers, you are agreeing to let us and our service providers install cookies on your computer.
Or following the instructions to opt out in respect of the following third party cookies:
- Google Analytics: to opt out of being tracked by Google Analytics you can download and install a browser add-on at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
- YouTube: sometimes, we embed images or videos from websites such as YouTube. As a result, when you visit a page where images or videos have been embedded by YouTube. We do not control the cookies and cannot prevent these sites or domains from collecting information on your use of this content. You should check YoutTube’s website for more information on how to opt out: https://support.google.com/youtube/answer/171780?hl=en-GB.
- Google DoubleClick: to opt out of Google DoubleClick please see instructions in the following link: https://policies.google.com/technologies/ads
To learn more about cookies, please visit http://allaboutcookies.org. Tracking pixels (also known as web beacons, action tags, or transparent GIF files) collect and store information about your visits to our Site, such as page visits, the duration of the visit, the specific link(s) that you clicked during your visit, and the address of the website from which you arrived at the Site.
Our Sites use Secure Socket Layer (SSL) encryption version 1.2 to protect sequence data that users upload to the Sites over the Internet. However, no data transmission over the Internet or data storage system can be 100% secure. As a result, while we strive to protect your information, we cannot guarantee the security of information you transmit to us, we transmit to you, or that we store on your behalf. If at any time you believe that your interaction with our Site or services is no longer secure, please inform us immediately.
Further, if you register and create a profile on our Site or services, your profile, Personal Information, and sequence data submitted by you will be password- protected. You agree that you will be responsible for all actions taken under an authenticated login. Accordingly, we recommend that you select a strong password and do not divulge that password to anyone. Also, be certain to sign out of your DNAnexus account and close your browser window when you have finished using the Site or services to prevent others from accessing your information and data.
We cannot guarantee that all data will be secure, reliable, or available
4. How Your Information May be Used
We may use your Personal Information to enable us to perform the contract we are about to enter into or have entered into with you, to ensure compliance with local legal and regulatory requirements and for the purposes of our legitimate business interests and if required, when you have consented to do so, including to:
- improve our products and services,
- ensure contact information is up to date and accurate,
- provide and improve our customer service,
- reduce risk and prevent fraud,
- comply with our legal and regulatory obligations and requests, including reporting to and/or being audited or investigated by national and international regulatory bodies;
- provide you with a personalized experience on our Site and services;
- understand how you visit our Site, how you interact with us and to enhance your user experience;
- comply with court orders and to exercise and/or defend our legal rights; and
- communicate with you regarding new service features and related products and services provided by us or our partners, about events, and other information and notices we believe you may find interesting or useful. For further details see our “Marketing” section below.
We use the automatic usage and other non-Personal Information collected to maintain, secure, and improve our Site and services, and to understand your interests when visiting our Site. We may generate statistical information regarding our user-base and use it to analyze our services, Site or business.
DNAnexus may also use your Personal Information to contact you in the future to provide you with our newsletter, and other information in connection with our products or services (such as exclusive access to new tools and DNAnexus’ product launches) which you have shown an interest in receiving. You must explicitly opt-in to receive marketing material. The ability to subsequently opt-out is also included on every marketing document.
Please note that we may contact you by email, telephone, SMS or on social media, (such as LinkedIn) where you have provided your consent for us to do so. If we do contact you with this information, in each communication we send you will contain instructions permitting you to “opt-out” of receiving future communications. In addition, if at any time you wish to not receive any future communications, or you wish to have your name deleted from our mailing lists, please contact us using the information provided in the “Questions or Concerns” section below.
- Data Storage
We store the software and sequence data you submit and your account, profile, and member information (including Personal Information) on "cloud" servers owned and operated by third party providers. Our current providers are Microsoft Azure and Amazon Web Services (AWS). Our Site is designed to encrypt all stored sequence data using encryption algorithms such as AES-256. For information about Microsoft Azure and Amazon Web Service's privacy protection and data security practices, please visit https://azure.microsoft.com/en-us/services/security-center and http://aws.amazon.com/security.
- Service Providers
We may rely on various third-party service providers and contractors to provide services that support the Site, services and our operations, including, without limitation, maintenance of our databases, distribution of marketing communications and newsletters on our behalf, data analysis, payment processing and other services of an administrative nature. Such third-parties may have access to your Personal Information for the purpose of performing the service for which they have been engaged.
- Compliance with Laws and Law Enforcement
DNAnexus cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose Personal Information and other user information when we, in our sole discretion, have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may (either intentionally or unintentionally) be causing injury to or interference with our rights or property, users of our Site or services, or anyone else who could be harmed by such activities. We may also disclose user information when we believe, in our sole discretion, that such disclosure is required by applicable law. We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
- Business Transfers
We reserve the right to transfer any and all information that we collect from Site users, including Personal Information, to a third-party in the event of any corporate reorganization, merger, sale, joint venture, assignment, transfers, or other disposition of all or any portion of DNAnexus' business, assets, or stock.
Our services allows you to share the sequence data, reference genomes, and other information you submit to the services with other users of the services and third parties who are not users of the services. DNAnexus is not responsible for such other users' and third parties' use of your sequence data, reference genomes or other information. You understand and acknowledge that, if you choose to share the sequence data, reference genomes, or other information you submit with other users or third parties, such shared information might be copied or redistributed by other users and third parties. Even after you remove information from your account or delete your account, copies of that information may remain viewable elsewhere to the extent it has previously been shared with others.
We and our service providers may make available through the Site (or other sites) certain services to which you are able to post information and materials (for example, forums, chat rooms, message boards, and news groups). If you utilize such services, please remember that any information that is disclosed in these areas becomes public information and may be available to other users and the general public. In addition, when you choose to make a posting on such services, certain Personal Information (such as your user name) will be available for other users to view.
We urge you to exercise discretion and caution when deciding to disclose Personal Information, or any other information, on the Site.
8. Your Rights
You may review, update, correct or delete the Personal Information you provide to us by contacting us as detailed below. If you completely delete all such information, then your account may become deactivated.
For individuals based in the United Kingdom and the European Economic Area (“EEA”): you may have the right to: request (a) access to your Personal Information we hold about you; (b) request we correct any inaccurate Personal Information we hold about you; (c) request we delete any Personal Information we hold about you; (d) restrict the processing of Personal Information we hold about you; (e) object to the processing of Personal Information we hold about you; and/or (f) receive any Personal Information we hold about you in a structured and commonly used machine-readable format or have such Personal Information transmitted to another company.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing information requested to you. We will process any request in line with any local laws and our policies and procedures. If you are located in the United Kingdom or the EEA, you have the right to lodge a complaint about how we process your Personal Information with the supervisory authority in your country.If you would like us to delete your account in our system or if you wish to exercise any of your rights, please contact us at firstname.lastname@example.org with your request. We will respond to your request according to applicable laws. We may retain an archived copy of your records as required by law or for legitimate business purposes.
9. Limiting Use in Our Email List
If you no longer wish to receive new product/service notices, email newsletters or other future promotional communications from us, please follow the opt- out instructions included in each such communication or notify us by email at email@example.com with the word "remove" in the subject header, and we will remove your name from our email recipient list. You may not, however, opt out of necessary service or account maintenance notices or other administrative and transactional notices.
10. Users Under 16 Years of Age
This Site and our services are not directed towards users under the age of 16 and we do not knowingly collect Personal Information from users under the age of 16. If a parent or guardian becomes aware that his or her child under the age of 16 has provided us with Personal Information without their consent, he or she should contact us at firstname.lastname@example.org. If we become aware that a child under 16 has provided us with Personal Information, we will delete such information from our files.
11. Links and Third Party Applications
On the Site and in the services, we may provide links to websites or applications maintained by third parties, which we believe you may find useful. DNAnexus is not responsible for the privacy practices of these other websites or applications and we encourage you to review the privacy policies of each of those other websites or applications before using such websites and applications. If you click on these third-party links, these other websites or applications may place their own cookies or other files on your computer, collect data, or solicit Personal Information from you. Other websites and applications will have different policies and rules regarding the use or disclosure of the personal information you submit to them. We make no representation with regard to the policies or business practices of any websites or applications to which you connect through a link from this Site or the services, and are not responsible for any material contained on, or any transactions that occur between you and any such website or application.
- European, Swiss and UK Privacy Shield Compliance - Withdrawn From this Program
The Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield on July 16, 2020. DNAnexus is replacing the scope of the Privacy Shield with the Standard contractual clauses (SCCs) and leveraging other available mechanisms with the understanding that the level of data protection in the DNAnexus systems are equivalent to that required for the European Union.
- DNAnexus as a processor under the General Data Protection Regulation (GDPR)
In the language of GDPR, DNAnexus positions itself as a processor or subprocessor for our customers, who are either controllers or processors. DNAnexus follows the instructions of the customer in the management of their data.
- DNAnexus shall take reasonable steps to secure data, such as encryption, stability and uptime, backup and disaster recovery, and regular security testing.
DNAnexus shall make its Data Protection Officer available address concerns or questions upon request.
More detail on DNAnexus’ Data Protection Addendum (DPA) may be obtained here.
- FTC Compliance
DNAnexus is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
15. Retention of your Personal Information
We will only retain your Personal Information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
1975 W El Camino Real #204, Mountain View, CA 94040