Privacy Policy

Information We Receive From Your Use of Our Services

 

Usage and Device Information

When you use our Services, we receive certain usage data (“Usage and Device Information”). This includes information about your interaction with the Services, for example, when you view or search content, install or open applications or software, create or log into your account, or import data into your account.

We may also collect data about the devices and computers you use to access our Services, including IP addresses, browser type, language, operating system, or mobile device information (including device and application identifiers), the referring web page, pages visited, location (depending on the permissions you have granted us), and cookie information.

 

Health and Other Special Categories of Personal Data

To the extent that information we collect directly from you is health data or another special category of sensitive personal data subject to the European Union’s General Data Protection Regulation (“GDPR”), we ask for your explicit consent to process such sensitive personal data. You can use your account settings or contact us to withdraw your consent at any time, by contacting us at privacy@pieriandx.com to request deleting your data or closing your account.

However, if we are acting as a service provider (a “Data Processor”) processing your personal information on behalf of a third party that has collected such data from you, and such third party is the party that has the right to determine the purposes for which it will process your personal information and the means it will use to process your personal information (the “Data Controller”), then such Data Controller has the legal obligation to ask for your explicit consent to process your sensitive personal data (including health data), and we are not responsible for obtaining such consent from you. In such a scenario, the Data Controller may have their own, separate policies regarding the use and disclosure of your personal information, including any sensitive personal data you provide to such Data Controller. In such a scenario, this Privacy Policy does not apply to, we cannot control the activities of, and we are not responsible for the activities of the applicable Data Controller generally; this Privacy Policy only applies to our processing of your personal information that we, as a Data Processor, have been asked to process on behalf of the Data applicable Data Controller. We encourage you to review such Data Controller’s privacy policy and/or contact the applicable Data Controller for more information about the policies that apply to their use and disclosure of your personal information, including any sensitive personal data.

 

How We Use Your Information

We use the information we collect for the following purposes.

 

Provide and Maintain the Services

We use the information we collect to deliver the Services to you and honor our Terms of Service for each Service or business contract with you. For example,

  • to administer, operate, maintain and secure our Services;
  • to monitor and analyze trends, usage and activities in connection with our Services;
  • for accounting, recordkeeping, backup and administrative purposes;
  • to customize and improve the content of our communications, websites and social media accounts;
  • to provide customer service and support;
  • to communicate with you, including responding to your comments, questions and requests regarding our Services; and
  • to process and complete transactions, and send you related information, including alerts and notifications about your service, purchase confirmations and invoices; and
  • to educate and train our workforce in data protection and customer support.

 

Improve, Personalize, and Develop the Services

We use the information we collect to improve and personalize the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys and develop new features and Services.

 

Communicate with You

We use your information when needed to send you Service notifications and respond to you when you contact us. We also use your information to promote new features or products that we think you would be interested in. You can control marketing communications and via the “Unsubscribe” link in an email.

 

Promote Safety and Security

We use the information we collect to promote the safety and security of the Services, our users and other parties. For example, we may use the information

  • to authenticate users;
  • to facilitate secure payments;
  • to respond to a legal request or claim, conduct audits, and enforce our terms and policies;
  • to investigate and protect against fraud, malicious or unauthorized access, and other illegal activities; and
  • to demonstrate and verify compliance with our internal policies and procedures, and applicable privacy and data security laws and regulations, such as HIPAA and GDPR.

 

Use and Disclosure of De-identified Information

“De-identified” means that we have removed, or rendered unreadable through complex computational algorithms, your personally-identifiable information, such as your name, address, or birthdate. We may use de-identified information that we have obtained from our Services for various purposes, including for example:

  • In accordance with regulatory requirements, we may de-identify, store and use your information for internal quality control, validation and research and development. This is important for PierianDx, Inc. to maintain high quality Services. We may use de-identified information as permitted by law. 
  • We may use or disclose de-identified information for general research and communications purposes. This may include data related to genotype, diagnosis, phenotype and outcomes across Customer sites. All data disclosures shall be done in aggregate or in a way which adequately de-identified that data so that individuals may not be identified. Data aggregations will be limited to clinical operations purposes to support licensees sites and will not be used for research purposes.

We use cookies and similar technologies for the purposes described above. For more information, please read our  Cookie Policy.

 

For personal data subject to the GDPR, we rely on several legal bases to process the data. These include when you have given your consent, when the processing is necessary to perform a contract with you, like the Terms of Service; and our legitimate business interests, such as in improving, personalizing, and developing the Services, marketing new features or products that may be of interest, and promoting safety and security as described above.

 

How We Share Your Information

We do not share your personal information except in the limited circumstances described below.

 

When You Agree or Direct Us to Share

You also authorize us to share your information with others, for example, with a third-party application when you give it access to your account, or with your employer company or other organizations and provide consent to each organization. Remember that their use of your information will be governed by their privacy policies and terms.

 

For External Processing

We transfer information to our corporate affiliates, service providers and other partners who process it for us, based on our instructions and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, sales, marketing, data analysis, research and surveys.

 

For Legal Reasons or to Prevent Harm

We may preserve or disclose information about you to comply with a law, regulation, legal process or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect or investigate illegal activity, fraud, abuse, violations of our terms or threats to the security of the Services or the physical safety of any person.

Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving danger of death or serious physical injury to a person.

We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports about our products and services to partners under agreement with us.

If we are involved in a merger, acquisition, or sale of assets, we will continue to take measures to protect the confidentiality of personal information and give affected users notice for the transferring of any personal information to a new entity.

 

Your Rights Regarding Your Personal Information

You can access and control your personal information by accessing your account profile, deactivating your account or contacting our help desk or your local site administrator. If you live in the European Economic Area, United Kingdom and Switzerland (the “Designated Countries”), you have a number of legal rights with respect to your information, as outlined below.

Accessing and Exporting Data. By logging into your account, you can access much of your personal information.

Editing and Deleting Data. Your account settings and certain platform APIs let you change and delete your personal information and/or account data. For instance, you can edit or delete the profile data you provide and delete your account if you wish.

If you choose to delete your account, please note that while most of your information will be deleted within 14 days, it may take up to 90 days to delete all of your information, such as the data stored in our backup systems. This is due to the size and complexity of the systems we use to store data. We may also preserve data for legal reasons or to prevent harm, including as described in the How We Share Your Information section.

If you live in a Designated Country, in certain circumstances, you can object to our processing of your information based on our legitimate interests, including as described in the How We Use Information section. You have a general right to object to the use of your information for direct marketing purposes. Please also review our Cookie Policy for your options to control how we and our partners use cookies and similar technologies for advertising.

 

Restricting or Limiting Data Use:

In addition to the various controls that we offer, if you reside in a Designated Country, you can seek to restrict our processing of your data in certain circumstances.

 

Onward Transfers of Data:

If we intend to disclose your personal information to any third party that will have the right to process it, we will enter into a contract with that third party that provides that your personal information may be processed only for limited and specified purposes consistent with the consent you have provided to us, and that the third party must provide the same level of protection for your personal information that we are obligated to provide under this Privacy Policy while it is processing your personal information. In addition, we will notify you if that third party will have the right to determine the purposes for which it will process your personal information and the means it will use to process your personal information (rather than just providing requested assistance to us in support of our permitted uses of your personal information).

 

Changes to Privacy Policy:

If we are using your personal information on the basis of your consent, and we change our Privacy Policy to permit any use or disclosure of your personal information that is materially different than the uses for which it was originally collected or subsequently authorized by you, we will obtain your consent before we make such further uses of your personal information.

 

Further Assistance:

If you need further assistance regarding your rights, please contact our Privacy Officer at privacy@pieriandx.com, and we will consider your request in accordance with applicable laws.

 

Data Privacy Framework

PierianDx, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. PierianDx, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. PierianDx, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

PierianDx, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. PierianDx, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S.

DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

As described above, we may share Personal Data, as defined in the EU’s General Data Protection Regulation (GDPR) with service providers we have retained to perform services on our behalf, when such service providers are (a) subject to GDPR, or the Swiss Federal Act on Data Protection, as applicable, (b) subscribe to the Data Privacy program Framework principles or (c) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Data Privacy program Framework.

Pursuant to the Data Privacy Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, should direct their query to privacy@pieriandx.com. If requested to remove data, we will respond within a reasonable timeframe.

 

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@pieriandx.com

 

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

 

PierianDx, Inc’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, PierianDx, Inc remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless PierianDx, Inc proves that it is not responsible for the event giving rise to the damage.

 

In compliance with the Data Privacy Framework Principles, PierianDx, Inc’s commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Data Privacy Frameworks. European Union, United Kingdom, and Swiss individuals with DPF inquiries or complaints should first contact PierianDx, Inc.’s by email at privacy@pieriandx.com

PierianDx, Inc. has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, the Data Privacy Framework Services, operated by the BBB National Programs, Inc. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you. If your DPF complaint cannot be resolved through the above channels, under certain

conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

PierianDx, Inc. is committed to upholding the principles and requirements of the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) in our data processing practices. PierianDx, Inc. and our commitments under the DPF program are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.