Skip to content

PLAIN ENGLISH VERSION OF OUR PRIVACY POLICY

LAST UPDATED: September 19, 2023

 

We keep your name, email and company name so you can use our system, and we may collect other personal information which you provide to us, as we have described in more detail in the Policy below. We place cookies on your browser to make our system faster and easier to use. We may use your name and email to send you information about our system. Please keep your personal information up to date.

We will not sell your information to outside companies. You may stop receiving information from us at any time as further described below. We keep your data very private on our cloud. DNAnexus is a U.S. company. We follow the laws that apply to us, including GDPR as applicable. If you need more information, see the Policy below.

DNAnexus, Inc. (together “DNAnexus”, “we”, “us” or “our”) is committed to safeguarding your privacy and protecting your personal information. This privacy policy (“Privacy Policy”) sets out how we collect, store, process, transfer, share and generally use your personal information which you provide to us through your use of our website and our services. We define “Site” or “Sites” as this website (https://www.dnanexus.com/ ) and https://blog.dnanexus.com/https://dnanexusconnect.com/ and https://platform.dnanexus.com/

DNAnexus uses your personal information in compliance with applicable laws, including the European General Data Protection Regulation 2016/679 (“GDPR”), as amended from time to time. DNAnexus is a data controller with respect to its own EU-based employee and contractor information as well as certain information derived from marketing in the EU.

Please read this Privacy Policy to understand how DNAnexus may process your personal information via your use of our Site and/or our services.

 

1. Information DNAnexus May Collect From You
 Our primary goals in collecting information are to provide genomic information management and analysis services to you, to improve our Site, features, content, and to run our business.

 

  1. Genomic Information That You Voluntarily Provide

    DNAnexus processes and stores the genomic sequence data (DNA, RNA, etc), derived from humans or other organisms, that you submit through or services along with metadata and other information related to such sequence data.

    You agree to and accept full responsibility for obtaining all necessary permissions and informed consents from the donors of all samples from which your submitted sequence data is derived. DNAnexus will be a processor for the purposes of processing genomic sequence data.

  2. HIPAA, Protected Health Information, and the Clinical Compliance Features

    DNAnexus is not a Covered Entity as that term is defined in the Health Insurance Portability and Accountability Act of 1996, as amended, and its related regulations (collectively, "HIPAA"). On occasion, DNAnexus may agree in writing with a user to perform services for the user in the capacity of a Business Associate under HIPAA. We offer a separate HIPAA Business Associate Privacy Agreement ("BA Privacy Agreement") for HIPAA-regulated users, and we recommend that such users enter into a BA Privacy Agreement with DNAnexus prior to uploading, storing, or otherwise transferring "protected health information" as defined in HIPAA ("PHI") using the Site.

    DNAnexus offers clinical compliance features as part of its service ("Compliance Features") for users who wish to upload, store, or otherwise transfer PHI, as well as users who are using the services in connection with their clinical operations. Users who desire to upload, store, or otherwise transfer PHI using the services must implement all of the required Compliance Features. The uploading, storing, or transferring of PHI using the services by users that have not implemented the Compliance Features is strictly prohibited. You agree that, unless you have implemented the Compliance Features, you will not upload, store, or otherwise transfer PHI using the services. You acknowledge that this may require you, in some instances, to anonymize sequence data prior to uploading it to the services.

    You further agree to indemnify and hold harmless DNAnexus of and from any and all claims, demands, losses, causes of action, damage, lawsuits, judgments, including attorneys' fees and costs, arising out of or relating to your uploading, storing, or transferring of PHI without having fully implemented the Compliance Features. Please note that for any personal information we receive which is PHI, DNAnexus will be a processor for the purposes of processing this personal information.

  3. User Account Information/Personally Identifiable Information
    When you register with us through the Site and during your use of the Site, we will ask you for personal information, which is information about you that can be used to contact or identify you ("Personal Information"), such as: your name, company or organization name, title, e-mail address, postal address, telephone numbers, social media account, and, if you sign up for a paid account, and billing information. If you contact us, we may also keep a record of that correspondence or communication, including any Personal Information it contains.
  4. Cookies and other similar technologies
    We automatically record certain information about you when you use the Site. DNAnexus may use this information to understand the manner in which pages of the Site have been visited in order to monitor and improve the Site.
    For further details please see the section on Cookies and other similar technologies below.
  5. User Software and Reference Data

    You may also be permitted to upload your own software and data, including reference genomes, to the services in the course of using the services. You agree to and accept full responsibility for obtaining all permissions, consents, and rights necessary for uploading and using any such software and data to and with the Site. The software you upload must comply with the DNAnexus “Terms of Use Policy”.

2. Cookies and other similar technologies
  1. Our use of cookies and other similar technologies

    We use cookies, tracking pixels, and other similar technologies to track activity on our Sites and to enhance the functionality of our Site. Cookies are small data files that our web servers send to your browser and which get saved on the computer that you are using to access the Sites. The actual cookies that we use are documented below for this website (https://www.dnanexus.com/) and pop-up windows on other sites

    We use the following cookies on this website (https://www.dnanexus.com):

    dnanexuscookies
    These cookies are placed in your browser only after you have consented to use our cookies.

  2. Opting out of cookies

    If you do not want to allow cookies on your computer, you can withdraw you consent at any time, for example by deleting the cookies, opting out via our opt-out mechanism, or most browsers have a feature that allows you either to automatically decline cookies or to decline or accept particular cookies from particular web sites. If you choose to reject cookies from our Site, you may be unable to use certain Site services, features, and functionality. If you choose to accept cookies from us and our service providers, you are agreeing to let us and our service providers install cookies on your computer.

    Or following the instructions to opt out in respect of the following third party cookies:

    • Google Analytics: to opt out of being tracked by Google Analytics you can download and install a browser add-on at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

    • YouTube: sometimes, we embed images or videos from websites such as YouTube. As a result, when you visit a page where images or videos have been embedded by YouTube. We do not control the cookies and cannot prevent these sites or domains from collecting information on your use of this content. You should check YouTube’s website for more information on how to opt out: https://support.google.com/youtube/answer/171780?hl=en-GB.

    • Google DoubleClick: to opt out of Google DoubleClick please see instructions in the following link: https://policies.google.com/technologies/ads

      To learn more about cookies, please visit http://allaboutcookies.org. Tracking pixels (also known as web beacons, action tags, or transparent GIF files) collect and store information about your visits to our Site, such as page visits, the duration of the visit, the specific link(s) that you clicked during your visit, and the address of the website from which you arrived at the Site.
3. Security of Your Information

Our Sites use Secure Socket Layer (SSL) encryption version 1.2 or better to protect sequence data that users upload to the Sites over the Internet. However, no data transmission over the Internet or data storage system can be 100% secure. As a result, while we strive to protect your information, we cannot guarantee the security of information you transmit to us, we transmit to you, or that we store on your behalf. If at any time you believe that your interaction with our Site or services is no longer secure, please inform us immediately.

Further, if you register and create a profile on our Site or services, your profile, Personal Information, and sequence data submitted by you will be password- protected. You agree that you will be responsible for all actions taken under an authenticated login. Accordingly, we recommend that you select a strong password and do not divulge that password to anyone. Also, be certain to sign out of your DNAnexus account and close your browser window when you have finished using the Site or services to prevent others from accessing your information and data.

We cannot guarantee that all data will be secure, reliable, or available.


4. How Your Information May be Used
 We may use your Personal Information to enable us to perform the contract we are about to enter into or have entered into with you, to ensure compliance with local legal and regulatory requirements and for the purposes of our legitimate business interests and if required, when you have consented to do so, including to:
  • improve our products and services,
  • ensure contact information is up to date and accurate,
  • provide and improve our customer service,
  • reduce risk and prevent fraud,
  • comply with our legal and regulatory obligations and requests, including reporting to and/or being audited or investigated by national and international regulatory bodies;
  • provide you with a personalized experience on our Site and services;
  • understand how you visit our Site, how you interact with us and to enhance your user experience;
  • comply with court orders and to exercise and/or defend our legal rights; and
  • communicate with you regarding new service features and related products and services provided by us or our partners, about events, and other information and notices we believe you may find interesting or useful. For further details see our “Marketing” section below.

We will not sell or provide your information to third parties for their own direct marketing purposes.

We use the automatic usage and other non-Personal Information collected to maintain, secure, and improve our Site and services, and to understand your interests when visiting our Site. We may generate statistical information regarding our user-base and use it to analyze our services, Site or business.

5. Marketing

DNAnexus may also use your Personal Information to contact you in the future to provide you with our newsletter, and other information in connection with our products or services (such as exclusive access to new tools and DNAnexus’ product launches) which you have shown an interest in receiving. You must explicitly opt-in to receive marketing material. The ability to subsequently opt-out is also included on every marketing document.

Please note that we may contact you by email, telephone, SMS or on social media, (such as LinkedIn) where you have provided your consent for us to do so. If we do contact you with this information, in each communication we send you will contain instructions permitting you to “opt-out” of receiving future communications. In addition, if at any time you wish to not receive any future communications, or you wish to have your name deleted from our mailing lists, please contact us using the information provided in the “Questions or Concerns” section below.

 

6. With Whom May DNAnexus Share Your Information?
  1. Data Storage

    We store the software and sequence data you submit and your account, profile, and member information (including Personal Information) on "cloud" servers owned and operated by third party providers. Our current providers are Microsoft Azure and Amazon Web Services (AWS). Our Site is designed to encrypt all stored sequence data using encryption algorithms such asAES-256. For information about Microsoft Azure and Amazon Web Service's privacy protection and data security practices, please visit https://azure.microsoft.com/en-us/services/security-center and http://aws.amazon.com/security.

  2. Service Providers

    We may rely on various third-party service providers and contractors to provide services that support the Site, services and our operations, including, without limitation, maintenance of our databases, distribution of marketing communications and newsletters on our behalf, data analysis, payment processing and other services of an administrative nature. Such third-parties may have access to your Personal Information for the purpose of performing the service for which they have been engaged.

  3. Compliance with Laws and Law Enforcement

    DNAnexus cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose Personal Information and other user information when we, in our sole discretion, have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may (either intentionally or unintentionally) be causing injury to or interference with our rights or property, users of our Site or services, or anyone else who could be harmed by such activities. We may also disclose user information when we believe, in our sole discretion, that such disclosure is required by applicable law. We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

  4. Business Transfers

    We reserve the right to transfer any and all information that we collect from Site users, including Personal Information, to a third-party in the event of any corporate reorganization, merger, sale, joint venture, assignment, transfers, or other disposition of all or any portion of DNAnexus' business, assets, or stock.

7. Information You Share With Other Users; Forums

Our services allow you to share the sequence data, reference genomes, and other information you submit to the services with other users of the services and third parties who are not users of the services. DNAnexus is not responsible for such other users' and third parties' use of your sequence data, reference genomes or other information. You understand and acknowledge that, if you choose to share the sequence data, reference genomes, or other information you submit with other users or third parties, such shared information might be copied or redistributed by other users and third parties. Even after you remove information from your account or delete your account, copies of that information may remain viewable elsewhere to the extent it has previously been shared with others.

We and our service providers may make available through the Site (or other sites) certain services to which you are able to post information and materials (for example, forums, chat rooms, message boards, and news groups). If you utilize such services, please remember that any information that is disclosed in these areas becomes public information and may be available to other users and the general public. In addition, when you choose to make a posting on such services, certain Personal Information (such as your user name) will be available for other users to view.

We urge you to exercise discretion and caution when deciding to disclose Personal Information, or any other information, on the Site.

8. Your Rights

You may review, update, correct or delete the Personal Information you provide to us by contacting us as detailed below. If you completely delete all such information, then your account may become deactivated.

For individuals based in the United Kingdom, Switzerland, and the European Economic Area
(“EEA”): you may have the right to: request (a) access to your Personal Information we hold about you; (b) request we correct any inaccurate Personal Information we hold about you; (c) request we delete any Personal Information we hold about you;

(d) restrict the processing of Personal Information we hold about you; (e) object to the processing of Personal Information we hold about you; and/or (f) receive any Personal Information we hold about you in a structured and commonly used machine-readable format or have such Personal Information transmitted to another company.

We may ask you for additional information to confirm your identity and for security purposes, before disclosing information requested to you. We will process any request in line with any local laws and our policies and procedures. If you are located in the United Kingdom, Switzerland, or the EEA, you have the right to lodge a complaint about how we process your Personal Information with the supervisory authority in your country.

If you would like us to delete your account in our system or if you wish to exercise any of your rights, please contact us at privacy@dnanexus.com with your request. We will respond to your request according to applicable laws. We may retain an archived copy of your records as required by law or for legitimate business purposes.

If personal information pertaining to you as an individual has been submitted to DNAnexus by or on behalf of a DNAnexus customer and you wish to exercise any data protection rights you may have in respect of that data under applicable law, including (as applicable) the right to access, port, correct, amend or delete such data, please inquire with the relevant DNAnexus customer directly. DNAnexus has a limited ability to access Customer Data. However, if you wish to make your request directly to us, please provide the name of the DNAnexus customer who submitted your data to DNAnexus. We will refer your request to that DNAnexus customer and will support them as needed in responding to your request within a reasonable timeframe.

California, Colorado, Connecticut, Delaware, Iowa, Indiana, Montana, Tennessee, Texas, Utah, Virginia and Washington Users Only: Your Privacy Rights


The California Consumer Privacy Act of 2018 (“CCPA”), California Privacy Rights Act (“CPRA”), Colorado Privacy Act (“CPA”), Connecticut Data Privacy Act (“CTDPA”), Delaware Personal Data Privacy Act (“DPDPA”), Iowa Act Relating to. Consumer Data Protection (“ICDPA”), Indiana Consumer Data Protection Act (“INCDPA”), Montana Consumer Data Privacy Act (“MTCDPA”), Tennessee Information Protection Act (“TIPA”), Texas Data Privacy and Security Act (“TDPSA”), Utah Consumer Privacy Act (“UCPA”), Virginia Consumer Data Protection Act (“VCDPA”) and Washington’s My Health My Data Act (“MHMDA”) all require businesses that collect personal information of California, Colorado, Connecticut, Utah, Virginia and Washington resident to make certain disclosures regarding how they collect, use and disclose such information. This section addresses these requirements. 

DNAnexus does not sell personal information as we understand sale to be defined by CCPA, CPRA, CPA, CTDPA, DPDPA, ICDPA, INCDPA, MTCDPA, TIPA, TDPSA, UCPA, VCDPA and MHMDA and its implementing regulations. The categories of personal information we collect about you and the third parties whom we share that personal information for a business purpose are as follows:

 

Categories of Personal Information we Collect

Categories of Third Parties that we share information for Business Purposes

Identifiers

(e.g. name, address, email address, etc.)

Vendors, service providers, and 3rd party business partners (see How Your Information May be Used)

Any categories described in subdivision (3) of Section 1798.80 (e.g. address, telephone number, financial information)

Vendors, service providers, and 3rd party business partners (see How Your Information May be Used)

Legally Protected Classifications
(e.g. Gender, marital status, etc.).

Not applicable

Commercial Information (e.g. transaction data, etc.)

Vendors, service providers, and 3rd party business partners (see How Your Information May be Used)

Internet or Other Network or Device Activity (e.g. browsing history, app usage, etc.)

Vendors, and service providers

Approximate Location Information (e.g. location inferred from your IP address, city, country, etc.)

Vendors, and service providers

Professional or Employment-Related Data (e.g. the name of your employer).

Vendors, service providers, and 3rd party business partners (see How Your Information May be Used)

Educational Information (e.g. degrees and certifications)

Vendors, and service providers

Inferences drawn from any of the information identified above.

Not applicable

 

DNAnexus collects personal information identified in the lists above to communicate with you, for marketing and promotional purposes, to provide and improve our services and other purposes set forth in the “How Your Information May be Used” section above.

Under the State regulations, residents of California, Colorado, Connecticut, Delaware, Iowa, Montana, Tennessee, Texas, Utah, Virginia and Washington have the right to make the following requests with regard to certain information that DNAnexus may collect about them, at no charge, two times every 12 months:

 

  • The right to request a copy of personal information we collected or disclosed for a business purpose in the past 12 months;
  • Your right to request more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information);
  • The right to request deletion of personal information we collected, subject to certain exemptions (for example, where information is used by us to detect security incidents, debugging or to comply with a legal obligation); and
  • The right to request that we disclose personal information we collect, use and disclose.

You can submit a copy, deletion or right-to-know request by sending an email to privacy@dnanexus.com . DNAnexus will verify that the information you submit (that includes first name, last name, email address, company and the country/state) matches DNAnexus’ records before we fulfill the request. You may use an authorized agent to submit a consumer rights request on your behalf using the method above, however, DNAnexus will require the authorized agent to provide signed permission to submit this request on your behalf and may still contact you to confirm your identity and that this request was submitted with your permission. DNAnexus does not discriminate against you for exercising your rights or offer you financial incentives related to the use of your personal information.


9. Limiting Use in Our Email List

If you no longer wish to receive new product/service notices, email newsletters or other future promotional communications from us, please follow the opt- out instructions included in each such communication or notify us by email at privacy@dnanexus.com with the word "remove" in the subject header, and we will remove your name from our email recipient list. You may not, however, opt out of necessary service or account maintenance notices or other administrative and transactional notices.

10. Users Under 16 Years of Age

This Site and our services are not directed towards users under the age of 16 and we do not knowingly collect Personal Information from users under the age of 16. If a parent or guardian becomes aware that his or her child under the age of 16 has provided us with Personal Information without their consent, he or she should contact us at privacy@dnanexus.com. If we become aware that a child under 16 has provided us with Personal Information, we will delete such information from our files.

11. Links and Third Party Applications
On the Site and in the services, we may provide links to websites or applications maintained by third parties, which we believe you may find useful. DNAnexus is not responsible for the privacy practices of these other websites or applications, and we encourage you to review the privacy policies of each of those other websites or applications before using such websites and applications. If you click on these third- party links, these other websites or applications may place their own cookies or other files on your computer, collect data, or solicit Personal Information from you. Other websites and applications will have different policies and rules regarding the use or disclosure of the personal information you submit to them. We make no representation with regard to the policies or business practices of any websites or applications to which you connect through a link from this Site or the services, and are not responsible for any material contained on, or any transactions that occur between you and any such website or application.

12. Location
DNAnexus is a United States based company and therefore we must abide the laws and regulations of the United States, as well as the other countries where we operate, including the United Kingdom, Germany, the Netherlands, and Australia. By providing Personal Information and other information to this Site or through your uses of our services, you understand your Personal Information may be transferred to the United States, the United Kingdom, Germany, Australia and other countries or territories, which may not offer the same level of data protection as the country where you reside, in accordance with the terms of this Privacy Policy. Please note that when we transfer your Personal Information to the United States we may rely on various applicable mechanisms (as described below in the “Privacy Compliance” section).

13. Privacy Compliance
1. European, Swiss and UK Privacy Data Privacy Farmework
DNAnexus complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  DNAnexus has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  DNAnexus has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
 
In compliance with the EU-US Data Privacy Framework Principles, DNAnexus commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles.  European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact DNAnexus at privacy@dnanexus.com.   
 
DNAnexus has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs Data Privacy Framework Services. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers  for more information and to file a complaint. This service is provided free of charge to you.  
 
If your  DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.

 

The Better Business Bureau (BBB) National Programs Data Privacy Framework Services is DNAnexus’ Independent Recourse Mechanism for Data Privacy Framework complaints. Complaints may be registered here.
 
In compliance with the Privacy Shield Principles, DNAnexus commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact DNAnexus at: privacy@dnanexus.com.

DNAnexus has further committed to refer unresolved Data Privacy Framework complaints to the Data Protection Authority (DPA) of the Republic of Ireland (see the DPA in item 3 of this section), an alternative dispute resolution provider located in the Republic of Ireland. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit the United States Council for International Business for more information or to file a complaint.  The services of United States Council for International Business are provided at no cost to you.
 
DNAnexus commits to cooperate with the EU Data Protection Authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.

In addition, DNAnexus is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). The possibility exists under certain conditions, for the individual to invoke binding arbitration. DNAnexus’ liability in cases of onward transfers to third parties.
 
2. DNAnexus as a processor under the General Data Protection Regulation (GDPR)

In the language of GDPR, DNAnexus positions itself as a processor or subprocessor for our customers, who are either controllers or processors. DNAnexus follows the instructions of the customer in the management of their data.

3. DNAnexus shall take reasonable steps to secure data, such as encryption, stability and uptime, backup and disaster recovery, and regular security testing.

DNAnexus shall make its Data Protection Officer available to address concerns or questions upon request.

More detail on DNAnexus’ Data Protection Addendum (DPA) may be viewed here or downloaded here.  

4. FTC Compliance

DNAnexus is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

14. Privacy Policy Changes
This Privacy Policy may be updated periodically. We will notify you of any material changes to this Privacy Policy by posting the revised policy on the Site. You are advised to periodically review this page to ensure continuing familiarity with the most current version of our Privacy Policy. Any changes to our Privacy Policy will become effective upon our posting of the revised Privacy Policy. Use of the Site or services following such changes constitutes your acceptance of the revised Privacy Policy then in effect. You will be able to determine when this Privacy Policy was last revised by checking the "Last Updated" information that appears at the top of this page.

15. Retention of your Personal Information
We will only retain your Personal Information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.

16. Changes to This Notice
DNAnexus may change this Notice from time to time. If we make any changes to this Notice, we will change the Last Updated notice at the beginning of this notice. If such changes are material in nature, we may provide additional notice (e.g. such as adding a statement to the main website page or sending you an email notification). Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

17. Questions or Concerns

If you have any questions, comments, or concerns regarding this Privacy Policy, please contact us by email at privacy@dnanexus.com or at our company address below:

DNAnexus, Inc.
1975 W El Camino Real #204, Mountain View, CA 94040