Smarter oncology second opinion — AI-powered, expert-reviewed, using your existing NGS report.
Read More
Company
Our TechnologyOur StoryOur TeamCareersOncompass MedicineResourcesContact Us
Solutions
For Oncologists
Services
Second Opinion Service
Get a Second Opinion
Terms of Use | Cookie Policy | Privacy Policy | HIPAA Notice
Company
Our TechnologyOur StoryOur TeamCareersOncompass Medicine
Solutions
For OncologistsFor Partners
Resources
All ResourcesNewsMedia CoveragePublicationsEnhancing NGS
Contact
Get a Second Opinion
Close Cookie Popup
We use cookies
We use cookies to enhance your browsing experience, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Learn more in our Cookie Policy.
Accept All Cookies
Reject All
Preferences
Close Cookie Preference Manager
Cookie settings
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. More info
Strictly Necessary (Always Active)
Cookies required to enable basic website functionality.
Accept All Cookies
Save preferences
Made by Flinch 77
Oops! Something went wrong while submitting the form.
Cookies Preferences

Privacy Policy

Last updated on: 20.04.2026

Genomate Health, Inc. ("Genomate Health," "we," or "us") is committed to protecting your rights and freedoms when we collect, use, and process Personal Data safely and in accordance with all legal obligations.

This website (www.genomate.health) and the services provided herein (the "Website") the property of GENOMATE HEALTH, INC. By using this Website, you, as a "User", acknowledge and agree to the contents of this Privacy Policy ("the Policy").

Genomate Health, Inc., 1 Broadway, Cambridge, MA, USA, is the controller of personal data collected via this Website. For EU matters you can contact our EU establishment: Genomate Health Hungary Kft, Retek utca 34, 1024 Budapest, Hungary. Contact: privacy@genomate.health

For EU/EEA personal data transferred to the U.S. in reliance on the DPF, Genomate Health applies the DPF Principles as described in the Data privacy framework participation and notice section.

Genomate Health, Inc. ("Genomate", "we" or "us") is committed to protecting your rights and freedoms in order to collect, use, and process your personal data safely and in accordance with all legal obligations. We value your personal data and will maintain its integrity and confidentiality. This Privacy Policy is meant to help you understand what personal data we collect, how we use it, with whom we share your personal data and what steps you take in order to ensure your personal data's security when you interact with us through the Website. To reflect any changes to the way we process your personal data or any changes to your legal requirements, periodic updates and changes to this Privacy Policy will be posted on this Website. We abide by the highest standards and we value your personal data, therefore, our Privacy Policy is established in accordance with the rules imposed by the EU Regulation 2016/679 (GDPR) as well as by relevant federal and state legislation on personal data protection.

Summary

We hope that you will read this entire Privacy Policy carefully as we tell you what kind of data we collect and for what reason, but if you are in a hurry, here are some main ideas extracted from the Policy.

  • We will not use your personal data for commercial purposes or sell it to any third party. Your personal data is collected only for the purpose of being able to provide you with our services.
  • We only collect the minimum personal data necessary to fulfil the purposes described below.
  • You can exercise any of the rights provided by the GDPR and described below. You can contact us at any time about your rights and we will do our best to ensure that they are respected.
  • Your personal data may be shared with other entities or persons with whom we are in contractual relations, such as suppliers, IT service providers or online payment service providers.
  • If you have any questions about your rights, this Policy, or our business, we encourage you to contact us at privacy@genomate.health

1. Categories of Personal Data

Through our Website, we may collect the following categories types of Personal Data about you which are described in more detail below:

(A) Personal Data you provide to us

(B) Personal Data we may automatically collect

(C) Cookies & Other Technologies

(D) Personal Data we may receive from third parties.

(A) Personal Data you provide to us

When using the Website, you may provide us with the following Personal Data:

Contact Information. When filling in our contact forms, you provide us with your email address, first and last name, your phone number and the message you want to send us. When applying to be a partner you also provide us with the organization you work for and the region you work in.

Professional Information. When you choose to apply to be a part of our team through the form available on our website, you may share with us your Curriculum Vitae, which contains information such as: your name, phone number, e-mail address, current job role and employer, past employers and other professional information. You also provide through the form your first and last name, your phone number and email address.

Access Request Information (Genomate CDS Access). If you are a healthcare professional or authorized member of a care team requesting access to the Genomate CDS you will be asked to submit the following Personal Data through the secure access form: first and last name, email address, phone number, your professional role, NPI (National Provider Identifier) – required for U.S.-based professionals, institution name, country/region, city, postal code, institution address, purpose of access (e.g., access to an existing order, intention to place a new order, or other)The information you provide will be reviewed by a Genomate Health administrator solely for the purpose of evaluating and authorizing portal access in accordance with our internal access control procedures. If your request is approved, you will receive follow-up communication with next steps. If your request is not approved or needs clarification, you may be contacted for further information.Please do not use this form to submit any patient data or medical records. Patients interested in accessing information through Genomate should be advised to speak with their treating physician.

Second opinion service information (including medical data). If you choose to use or express interest in our Second Opinion Service, you may provide additional Personal Data through dedicated forms available on the Website. This may include identification and contact details (such as first and last name, email address, phone number, and address), as well as health-related information necessary for the provision of the service. Depending on the case, this may include medical documentation such as diagnostic reports (e.g., NGS reports), information about your condition, treatment history, and, where applicable, information about dependents or caregivers involved in your care. This information is processed solely for the purposes of assessing your request, coordinating the Second Opinion Service, facilitating medical review, and communicating with you regarding your case. Detailed information on how this data is processed, including categories of data, purposes, legal bases, retention, and sharing, is made available to you at the time of submission through the relevant forms and associated notices.

Eligibility questionnaire. Before accessing the Second Opinion Service, you may be asked to complete a preliminary eligibility questionnaire. This questionnaire may include limited information such as cancer status, cancer type, and country of residence. This information is used exclusively to determine whether the service is currently available and appropriate for your situation. We do not use this data for any other purpose.If you are not eligible or the service is not yet available in your region, you may be invited to provide your contact details (such as first and last name, email address, phone number, and country) so that we can inform you when the service becomes available and, where applicable, send you relevant updates or newsletters, subject to your preferences.

(B) Personal Data we may automatically collect:

The Website may automatically collect certain information about you, generally referred to as Navigation Data. We use this data to help us design the Website to better suit our Users' needs. This data may include:

  • IP address, which is the number associated with the service through which you access the Internet, like your ISP (Internet service provider), your company;
  • Date and time of your visit or use of the Website;
  • Domain server from which you are using the Website;
  • Type of computer, web browsers, search engine used, operating system you use;

Collecting IP addresses is standard practice and is done automatically by most online service providers. We use IP addresses for purposes such as calculating Website usage levels, diagnosing server problems, and administering the Website. We may also derive your approximate location from your IP address.

(C) Cookies & Technologies used to collect information about you

We collect the following Information directly and through the use of third parties. We collect this Information by using certain technologies, such as cookies, web beacons, and other technologies. Third-party service providers, advertisers, and/or partners may also view, edit, or set their own cookies or place web beacons.

We set only strictly necessary cookies without consent. All other cookies and similar technologies (e.g., analytics, advertising, social media pixels) load only after your consent via our banner. You can withdraw consent at any time through the banner's Preferences link. For providers, lifetimes, and purposes, see our Cookies Policy.

The use of these technologies by such third parties is subject to their own privacy policies and is not covered by this Privacy Policy, except as required by law. Please refer to our Cookies Policy to learn more about your rights and responsibilities with respect to cookies and other technologies. If you have any questions about your rights under our Cookies Policy, we encourage you to contact us at privacy@genomate.health.

a. Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. Most web browsers automatically accept cookies. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of the Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our website.

b. Flash Cookies. We may use local shared objects, also known as Flash cookies, to store your preferences such as volume control or display content based upon what you view on our site to personalize your visit. Third parties, with whom we partner to provide certain features or to display advertising based upon your browsing activity, use Flash cookies to collect and store information. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored. Cookie management tools provided by your browser will not remove Flash cookies.

c. Web Beacons. Website pages may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity). We also use these technical methods to analyze the traffic patterns, such as the frequency with which our users visit various parts of the Website. These technical methods may involve the transmission of Information either directly to us or to a third party authorized by us to collect Information on our behalf. The Website use retargeting pixels from Google, Facebook and other ad networks. We also use web beacons in HTML emails that we send to determine whether the recipients have opened those emails and/or clicked on links in those emails.

d. Analytics. Analytics are tools we use, such as Google Analytics, to help provide us with information about traffic to the Website and use of the Website, which Google may share with other services and websites who use the collected data to contextualize and personalize the ads of its own advertising network.

e. Mobile Application Technologies. If you access the Website through a mobile device, we may automatically collect information about your device, your phone number, and your physical location.

(D) Personal Data we may receive from Third Parties

Currently, through our Website we do not receive any Personal Data from third parties. Should this change, this section will be updated accordingly.

Where we use third-party service providers (such as form providers or hosting services) to collect data on our behalf, the Personal Data is still considered to be provided directly by you. These providers act as data processors under our instructions and do not independently supply us with your Personal Data.

(E) Special Categories of Personal Data

This Website is not intended for the submission, processing, or collection of special categories of personal data as defined in Article 9(1) of the General Data Protection Regulation (GDPR) through general-purpose forms (such as contact forms, partner applications, or job application forms). These special categories include any personal data revealing:

  • racial or ethnic origin,
  • political opinions,
  • religious or philosophical beliefs,
  • trade union membership,
  • genetic data,
  • biometric data used for the purpose of uniquely identifying a natural person,
  • data concerning health, or
  • data concerning a natural person's sex life or sexual orientation.

We expressly request that you do not submit any such sensitive personal data through general contact forms, job application forms, or any other non-secure or free-text fields on this Website.

However, in specific contexts, such as the Genomate Second Opinion Service or access to Genomate CDS, we may collect and process special categories of personal data, including genetic data and data concerning health. Such data is collected exclusively through dedicated, secure, and clearly designated interfaces (including HIPAA-compliant forms and systems) that are specifically designed for the submission and handling of medical and clinical information.You should only submit medical, genetic, or other health-related data through these designated secure channels and not through any general-purpose Website forms.

If you believe you have inadvertently submitted special category data via the Website (e.g., via free-text fields or attachments), we kindly ask that you contact us immediately at privacy@genomate.health. In such cases:

  • The data will be handled strictly in accordance with our internal data handling and minimization protocols;
  • Any such information will be assessed for compliance with Article 9(2) GDPR (e.g., explicit consent, legal obligation in employment, or public interest in public health); and
  • Where no lawful basis applies, we will promptly and securely delete the information from our systems.

In contexts where the Genomate platform processes special category data—such as medical or genetic data for oncological decision support—such processing is governed by separate privacy documentation and conducted in compliance with applicable laws including the GDPR, HIPAA, and the In Vitro Diagnostic Medical Devices Regulation (EU) 2017/746 (IVDR).

If you have questions about how Genomate processes special category data in a healthcare or research context, please consult the Platform Privacy Policy, the Data Processing Agreement (DPA), or reach out to our Data Protection Officer at privacy@genomate.health.

2. Purpose of Data Processing

The processing of personal data listed above is based on at least one of the following legal bases:

  • processing may be required for the conclusion of a legal relationship / contract and / or for its execution;
  • the processing may be required in order to fulfill a legal obligation incumbent on us (e.g. those relating to the management of tax supporting documents, reporting to the relevant public authorities, obligations to keep evidence for certain periods of time, etc.);
  • processing is justified in light of our legitimate interests;
  • processing is based on your consent.

If you want to learn more about the specific processing of your personal data, you can contact us at privacy@genomate.health.

More specifically, we use the Personal Data with the following purposes:

To sort out your requests. We collect your data in order to provide you with information of interest to you as a beneficiary of our services. We will use the contact details provided by you, respectively the email address, exclusively with the purpose of processing your specific request. We always make sure that processing is carried out in accordance with your rights and freedoms and that the decisions taken on the basis of them do not affect you.

Legal Basis: Legitimate interest (Article 6(1)(f) GDPR) – to respond to requests and ensure efficient communication.

In some cases, this may also be a pre-contractual measure (Article 6(1)(b)), particularly if your inquiry is about entering into a business relationship.

To process your application. You have the option to apply to be a part of our team through the form available on our website. In order to consider your application, we need to be able to process the information you provide us with. We will use your personal data only with the purpose of reviewing your application and contacting you.

Legal Basis:

  • Pre-contractual steps (Article 6(1)(b)) – to take steps prior to entering into an employment contract.
  • Consent – for retention of your CV for future roles (only if explicitly given).
  • Legal obligation – if required to document or report hiring activity under applicable labor laws.

To provide and manage the Second Opinion Service and access to Genomate CDS. Where you submit requests related to the Second Opinion Service or access to Genomate CDS, we process your personal data, including identification, contact details, professional information, and, where applicable, health and genetic data submitted through secure, designated interfaces, in order to:

  • assess eligibility and suitability for the service;
  • review and process access requests;
  • coordinate medical review and second opinion services;
  • communicate with you regarding your request, case status, and next steps;
  • ensure proper administration, documentation, and auditability of access and services.

Legal Basis:

  • Article 6(1)(b) GDPR – processing necessary for the performance of a contract or pre-contractual steps.
  • Article 6(1)(f) GDPR – legitimate interest in administering and securing access to our services.
  • Article 9(2)(h) GDPR – processing necessary for the provision of healthcare or treatment (where applicable).
  • Article 9(2)(a) GDPR – explicit consent, where required and collected through dedicated forms.

To assess eligibility and manage pre-access questionnaires. We process limited information provided through eligibility questionnaires (such as cancer status, cancer type, and country of residence) solely to determine whether our services are available and appropriate for your situation.

If you choose to provide your contact details in this context (e.g. name, email address, phone number, country), we will use them to inform you about service availability in your region and, where applicable, to send updates or newsletters, subject to your preferences.

Legal Basis:

  • Legitimate interest (Article 6(1)(f) GDPR) – to manage access to services and ensure appropriate use.
  • Consent (Article 6(1)(a) GDPR) – for follow-up communications and newsletters.

To improve our services. In order to provide you with the best online browsing experience on our website, we may collect and use certain information about your activity on the site. We rely on our legitimate interest to carry out activities for you in optimal conditions, while taking care to respect your fundamental rights and freedoms.

Legal Basis:

  • Consent (Article 6(1)(a)) – for non-essential cookies and tracking technologies.
  • Legitimate interest (Article 6(1)(f)) – to maintain and improve the functionality and performance of our Website.

To defend our legitimate interests. In certain situations, we will use or transmit information to protect our rights and activities. Among these we list:

  • Various measures to protect the website and its users against cyber attacks.
  • Measures to prevent and detect fraudulent attempts, including the transmission of information to the competent public authorities.
  • Various other risk management measures.

Legal Basis:

  • Legitimate interest (Article 6(1)(f)) – to ensure Website security and business continuity.
  • Legal obligation (Article 6(1)(c)) – in cases where reporting to authorities is required under applicable law.

In some cases, we base our processing on legal provisions such as the obligation to ensure the safeguarding of goods and values under the applicable legislation in this regard, or various reporting obligations.

To manage potential disputes and claims. In the course of our operations, we may need to process and retain personal data to establish, exercise, or defend legal claims, respond to official inquiries, or manage potential legal disputes with third parties. This may include maintaining communication logs, preserving contractual documentation, or providing evidence in proceedings.

Legal Basis:

  • Legitimate interest (Article 6(1)(f) GDPR) – to assert or defend against legal claims and safeguard our legal rights.
  • Legal obligation (Article 6(1)(c) GDPR) – where documentation must be retained or shared under applicable laws (e.g., tax, commercial, employment, or regulatory frameworks).

3. Sharing Your Personal Data

Where applicable, we may transmit or provide access to certain Personal Data collected to various categories of suppliers, personnel, or other companies with which we may develop partnerships necessary for the conduct of our business, provided that there is a good reason.

We may share your Personal Data as set forth in the Privacy Policy and in the following circumstances:

  • Third-Party Service Providers. We may share your Personal Data with third-party service providers that perform certain functions or services on our behalf (such as to host the Website, provide products and services, manage databases, perform analyses, provide customer service, accounting services or send communications for us). These third-party service providers are authorized to use your Personal Data only as necessary to provide these services to us. In some instances, we may aggregate Personal Data we collect so third parties do not have access to your particular Personal Data to identify you individually. Current example: We use HubSpot as a service provider to process contact form submissions and manage certain Website interactions. HubSpot acts as a data processor under our instructions and maintains appropriate safeguards in line with GDPR and other applicable data protection laws. Where possible, we minimize the sharing of directly identifiable information and may use pseudonymization or aggregated data for analytics or reporting purposes.
  • Disclosure of Personal Data for Legal and Administrative Reasons. We may disclose your Personal Data without notice: (i) when required by law or to comply with a court order, subpoena, search warrant, or other legal process; (ii) to cooperate or undertake an internal or external investigation or audit; (iii) to comply with legal, regulatory or administrative requirements of governmental authorities (including, without limitation, requests from the governmental agency authorities to view your Personal Data); (iv) to protect and defend the rights, property or safety of us, our subsidiaries and affiliates and any of their officers, directors, employees, attorneys, agents, contractors and partners, and the PlatformUsers; (v) to enforce or apply our Terms of Use; and (vi) to verify the identity of the User of the Website, if necessary.
  • Business Transfers. Your Personal Data may be transferred or otherwise conveyed to a third party where we: (i) merge with or are acquired by another business entity; (ii) are adjudicated bankrupt; or (iii) are liquidated or otherwise reorganized.
  • Personal Data Shared with our Subsidiaries and Affiliates. We may share your Personal Data with our subsidiaries and affiliates. If you do not want us to share your Personal Data with our subsidiaries and affiliates, please email us at privacy@genomate.health.
  • With Your Consent. In some cases, we may share Personal Data consistent with this Privacy Policy with your explicit consent.

Except as provided in this Privacy Policy or required by applicable law, we will not sell, trade, or disclose your Personal Data we have collected without your consent.

Where we transfer personal data subject to the DPF to agent service providers, we take reasonable and appropriate steps to ensure they process the personal data consistent with the DPF Principles and we remain liable for their DPF-inconsistent processing unless we prove we are not responsible.

4. Duration of Retention of Personal Data

We retain the personal data we process only for as long as is necessary for the purpose for which it was collected (including applicable law or regulations), such as:

  • All data sent to us when you make a request using our contact form will be used strictly to provide you with an answer and to resolve your request. Therefore, it will be kept for a period of 1 year from the date of receipt of the request, or at least until your request is solved, whichever is later.
  • By way of exception to the foregoing, we may retain any data, if any, for a period of 3 years, in respect of situations in which we have a legitimate interest in retaining certain personal data in connection with a potential dispute that may arise between the parties (for example, in the context of the possible employment of our legal liability or that of the data subject).
  • In any other case or in the absence of specific legal, regulatory or contractual requirements, our reference period for the retention of personal data is 5 years from the date of termination of relations / the last contact between us and you.
  • All Personal Data provided via the application form will be retained throughout the application process. If the application is successful and leads to employment, this Personal Data will be retained for the duration of the employment period and any additional time required to comply with specific regulatory retention requirements. In the event of an unsuccessful application, you have the option to grant consent for your personal data to be stored for a period of 2 years in case new opportunities arise.

In any case, except as provided by applicable law, we will delete your data at the time you request it. The applicable exceptional situations will be communicated to the applicant through the answer submitted by Genomate Health, Inc in connection with the request to delete the data.

5. Protecting Your Personal Data

At Genomate Health, Inc we have implemented the appropriate technical and organizational measures needed to ensure an adequate level of security and confidentiality to your personal data. The purpose of these measures is to protect your personal data against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing.

However, you should assume that no data transmitted over the Internet or stored or maintained by us or our third-party service providers can be 100% secure. Therefore, although we believe the measures implemented by us reduce the likelihood of security problems to a level appropriate to the type of data involved, we do not promise or guarantee, and you should not expect, that your Information or private communications will always remain private or secure. We do not guarantee that your Personal Data will not be misused by third parties. We are not responsible for the circumvention of any privacy settings or security features.

If you believe that your Personal Data has been accessed or acquired by an unauthorized person, you shall promptly contact us at privacy@genomate.health.

In accordance with Article 37 of the General Data Protection Regulation (GDPR), Genomate has appointed a Data Protection Officer (DPO) to oversee our data protection strategy and compliance. Our designated DPO is ReadyTech Consulting SRL. You may contact the DPO at privacy@genomate.health for any questions regarding the processing of your personal data or to exercise your rights under applicable data protection laws.

6. Use by Minors

The Website is not directed to minors under the age of 18 and we do not allow these individuals to provide any personal information through the Website. If your child has submitted personal information and you would like to request that such personal information be removed, please contact us at privacy@genomate.health.

7. Accessing, Correcting, Or Deleting Your Personal Data

Upon request as set forth below and subject to certain exceptions and limitations stemming from applicable laws, we will inform you of the existence, use and disclosure of your Personal Data and will provide you access to that Personal Data.

We encourage you to review, update, and correct the Personal Data that we maintain about you, and you may request that we delete Personal Data about you that is inaccurate, incomplete, or irrelevant. We may not accommodate a request to change your Personal Data if we believe the change would violate applicable law in our control. You can read more about this in the "Your Rights" section below.

You can access, correct, or delete your Personal Data directly from your account or by contacting us at privacy@genomate.health.

8. International Transfer of Personal Data

For the Website: we host and process personal data collected through this Website in the European Union. This includes contact forms, newsletter sign-ups, basic analytics, and related support records. We configure our Website vendors to process in the EU wherever available.

For the Genomate Platform and related clinical tools: personal data from individuals located in the EU is stored and processed in the EU. Personal data from individuals located in the United States is stored and processed in the United States. We use region-specific environments to keep EU and US data separate and we do not routinely move EU data to the US or US data to the EU.

If a specific service request or legal requirement makes a cross-border transfer necessary, we apply appropriate safeguards, including the European Commission's Standard Contractual Clauses with supplementary measures where required.

Status of EU-US Data Privacy Framework certification. Genomate Health, Inc. participates in the EU-US Data Privacy Framework (DPF) for transfers of personal data from the European Union to the United States. For more detailed information on our DPF commitments, including the scope of our certification, your rights, and our independent recourse mechanism, please see section 12 (data privacy framework).

You can contact us at privacy@genomate.health for more information about where we process your data and the safeguards used for any transfers.

9. Your Rights

You have the following rights as a User:

Access

You can ask us to confirm whether we process your Personal Data, as well as to provide you with a copy of it and to present to you the data we have, what we use it for, to whom we disclose it, if we transfer it abroad, how we protect it, how long we keep it, what rights you have, how you can file a complaint, where we got your data from, to the extent that the Personal Data has not already been provided to you in this page.

Rectification

You may ask us to rectify or complete your inaccurate or incomplete Personal Data. It is possible to check the accuracy of the data before rectifying it.

Data deletion

You can ask us to delete your Personal Data. We will proceed with the request if:

  • they are no longer necessary for the purposes for which they were collected;
  • you have withdrawn your consent (if the data processing was based solely on your consent);
  • they were processed illegally;
  • you exercise a legal right to oppose;
  • we have a legal obligation in this regard.

In some cases, your Personal Data may not be deleted. The most likely situations in which we could deny your request are:

  • for compliance with a legal obligation;
  • for the establishment, exercising or the defense of a right in court.

Restricting data processing

You can request that we restrict the processing of Personal Data only if:

  • their accuracy is challenge and we need to verify their accuracy;
  • they are no longer needed for the purposes for which they were collected, but you need them to establish, exercise or defense of a right in court;
  • processing is illegal, but you do not want the data to be deleted;
  • you have exercised your right to object, and the verification of our rights prevails is ongoing.We may continue to use your Personal Data following a request for restriction if we have your consent, or to ascertain, exercise or ensure the defense of a right in court or to protect the rights of Genomate or another natural or legal person.

Data portability

You can ask us to provide you with Personal Data in a structured, commonly used and automatically readable format, or you can request that it be ported directly to another data controller, provided that the processing is based on on your consent or on the conclusion or execution of a contract with you and to be done by automatic means, as well as to make the porting technically possible.

Opposition

You may object to the processing of your data at any time if you believe that your fundamental rights and freedoms prevail over our legitimate commercial interest.

Automated decisions

You may request that you not be subject to a decision based solely on automatic processing when that decision:

  • produces legal effects on you;
  • it affects you in a similar way and to a significant extent.

This right will not apply where the decision was reached by following automated decision-making:

  • we are required to enter into or enter into a contract with you;
  • is authorized by law and there are adequate guarantees for your rights and freedoms;
  • is authorized by law and there are adequate guarantees for your rights and freedoms;

Your choices for certain disclosures

Where we intend to disclose your personal data to a third party for a purpose materially different from the one it was collected for, we will inform you and provide a simple way to opt out before such disclosure. For any sensitive personal data submitted to the Website (which we discourage), we will seek affirmative opt-in consent where the law requires it.

Complaints

You have the right to submit a complaint regarding the processing of your Personal Data and we assure you that we will make every effort to resolve any issues in a reasonable manner. You may contact us by email at privacy@genomate.health. We promise to respond to any valid requests within a maximum of 30 days, unless this is particularly complicated or if you have made multiple requests, in which case we will respond within a maximum of 60 days, prior to which you will be contacted about the delay.

Alternatively, you can also submit your request to exercise your rights by post, at the following address:

Genomate Health, Inc.

1 Broadway, Cambridge, MA

United States of America

Given the global reach of our Website, we strongly recommend that you contact us by email at the address provided above. We cannot guarantee the arrival on time by post. If you, however, choose to submit a request through the mail, we recommend that you mail your request with confirmation of receipt.

If you are located in the European Union, you have the right under Article 77 of the General Data Protection Regulation (GDPR) to lodge a complaint with a Data Protection Authority (DPA) if you believe that our processing of your personal data infringes applicable data protection law.For EU data subjects, Genomate Health Hungary Kft. serves as our representative entity in the European Union.

Genomate Health Hungary Kft.

Retek utca, 34

Budapest, 1054

Hungary

The competent supervisory authority in Hungary is:

Hungarian National Authority for Data Protection and Freedom of Information (NAIH)

Szilágyi Erzsébet fasor 22/C,

1125 Budapest, Hungary

Website: https://www.naih.hu

Phone: +36 1 391 1400

Email: ugyfelszolgalat@naih.hu

You may also find a full list of EU data protection authorities and their contact details at the official EDPB website: https://edpb.europa.eu/about-edpb/about-edpb/members_en

We encourage you to contact us first with any questions, concerns, or complaints regarding the processing of your personal data. You can reach our Data Protection Officer at: privacy@genomate.health

If we do not resolve your complaint, you may contact JAMS, our independent dispute resolution provider, free of charge, as described in the Data Privacy Framework participation and notice section (section 12). For HR personal data transferred under the EU-U.S. Data Privacy Framework in the context of an employment relationship, you should instead contact your local EU Data Protection Authority. We will cooperate with the EU DPA panel and comply with their advice, and this route is free of charge to you.

How to submit a rights request

Email privacy@genomate.health with your request and the country you reside in. We may ask for limited additional information to verify your identity. We respond within 30 days (or 60 days if permitted and necessary due to complexity, in which case we will notify you). If we cannot fully comply, we will explain why and the options available to you.

We are committed to addressing your privacy concerns and will make every effort to resolve any issue promptly and transparently.

For personal data subject to the DPF, access, correction, amendment, or deletion requests can also be submitted to privacy@genomate.health and will be handled in accordance with the DPF Principles.

10. Links to Other Websites

The Website may contain links to other websites or services that are not owned or controlled by us, including links to Social Media Platforms such as Facebook, Instagram, Twitter and LinkedIn, or may redirect you off our website away from the Website to other websites for information, other services. These other websites may send their own cookies to you, independently collect data or solicit personal information and may or may not have their own published privacy policies. If you visit a website that is linked to the Website, you should consult that website's privacy policy before providing any Information.

This Privacy Policy only applies to Information collected by the Website. We are not responsible for the privacy and security practices of those other websites or Social Media Platforms or the Information they may collect (which may include IP address). You should contact such third parties directly to determine their respective privacy policies. Links to any other website's or content do not constitute or imply an endorsement or recommendation by us of the linked website, Social Media Platform, and/or content.

11. State-Specific Privacy Rights

State consumer privacy laws may provide their residents with additional rights regarding our use of their Personal Data ("Information"), including the following:

A. California

Residents of the State of California have the right to request information from us regarding other companies to whom we have disclosed certain categories of information during the preceding year for the other companies' direct marketing purposes. If you are a California resident and would like to make such a request, please contact us at privacy@genomate.health. If you are a California resident, certain Information that we collect about you is also subject to the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"). The CCPA provides California residents with the right to receive certain disclosures regarding the collection, use, and sharing of Information as well as the right to know/access, delete, and limit sharing of Information. You may submit a request for more information by contacting us at privacy@genomate.health.

B. Nevada

Nevada provides its residents with a limited right to opt-out of certain Information sales. You may submit a request for more information by contacting us at privacy@genomate.health.

C. Virginia

If you are a Virginia resident, certain Personal Data that we collect about you are subject to the Virginia Consumer Data Protection Act (VCDPA). You may submit a request for more information by contacting us at privacy@genomate.health

D. European Union

If you are a resident of the European Union, we have constructed this Privacy Policy with the GDPR principles in mind and we are fully compliant with the GDPR. If you wish to exercise any of the rights listed above or if you have any specific questions about our GDPR compliance, please contact us at privacy@genomate.health.

We do not "sell" or "share" (for cross-context behavioral advertising) personal information as those terms are defined by the CPRA. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link.

12. Data Privacy Framework

Genomate Health, Inc complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Genomate Health, Inc has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website.

Genomate Health employees located in the United States may provide services and support to customers, partners, or users located in the European Union (EU), European Economic Area (EEA), Switzerland, and the United Kingdom. To provide such services, Genomate Health may process or access Personal Data originating from these regions.

Genomate Health complies with the EU-U.S. Data Privacy Framework (DPF) Principles as issued by the U.S. Department of Commerce. These principles apply to Personal Data physically or remotely transferred from the EEA.

Genomate Health adheres to the following DPF Principles for all such transfers:

  • Notice – Individuals are informed about the purposes for which their personal data is collected and used, how to contact Genomate Health, the types of third parties to which the data may be disclosed, and available choices for limiting its use or disclosure.
  • Choice – Individuals are given the opportunity to opt out of having their personal data disclosed to a third party or used for a purpose materially different from that for which it was originally collected. For personal data subject to the DPF, individuals may opt out of: (a) disclosures to third parties not acting as agents, or (b) uses for purposes materially different from those for which the data was collected. Submit opt-out requests to privacy@genomate.health. For sensitive data, we obtain opt-in consent where required by the DPF.
  • Accountability for onward transfer – Genomate Health ensures that any onward transfers of personal data to third parties are conducted in compliance with the DPF Principles, with appropriate contractual safeguards in place. When we transfer personal data to third-party agents, we remain responsible under the DPF Principles if those agents process such personal data in a manner inconsistent with the Principles, unless we prove we are not responsible for the event giving rise to the damage.
  • Security – Personal data is protected against loss, misuse, unauthorized access, disclosure, alteration, and destruction through appropriate technical and organizational measures.
  • Data integrity and purpose limitation – Personal data is limited to what is relevant for the purposes of processing and is kept accurate, complete, and up to date as required for those purposes.
  • Access – Individuals have the right to access their personal data held by Genomate Health and to correct, amend, or delete it where it is inaccurate or processed in violation of the DPF Principles.
  • Recourse, enforcement, and liability – Genomate Health maintains procedures for verifying compliance with the DPF Principles and provides independent recourse and enforcement mechanisms to resolve complaints and disputes, as detailed in this Policy.
  • Types of personal data we process: user account and professional identity data, contact details, authentication and audit logs, platform usage data, and support communications collected from healthcare professionals using the Platform. Patient data may be processed on behalf of healthcare providers to generate clinical decision support reports, as described in this Privacy Policy.
  • U.S. entities or U.S. subsidiaries also adhering: Genomate Health, Inc. is the certifying U.S. entity. Genomate Health has no other U.S. subsidiaries adhering to the Principles. If this changes, we will update this notice.
  • Commitment and scope: Genomate Health commits to apply the DPF Principles to all personal data received from the EU/EEA in reliance on the EU-U.S. DPF, when such data is transferred to the United States.
  • Purposes of processing: we process personal data to provide, secure, and support the Platform; manage accounts and authentication; generate and deliver Genomate reports; provide customer support; meet regulatory and security obligations; and improve service performance, as detailed in the sections above.
  • How to contact us: privacy@genomate.health. For EU inquiries, you may also contact our EU establishment: Genomate Health Hungary Kft., Retek utca 3, 1024 Budapest, Hungary.
  • Third parties: we disclose personal data to service providers and other recipients as
  • Public authority requests: we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

How to exercise DPF choices and rights: please contact us at privacy@genomate.health. We will respond consistent with the DPF and applicable law.

Recourse, enforcement & liability. In compliance with the EU-U.S. Data Privacy Framework (DPF) Principles, Genomate Health commits to resolve complaints concerning your privacy and our collection or use of Personal Data transferred to the United States under this Policy.

Individuals in the European Union with inquiries or complaints regarding our compliance with the DPF should first contact the Genomate Privacy Office at privacy@genomate.health

Genomate Health has further committed to cooperate with and refer unresolved DPF-related complaints to JAMS, an independent dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions you may be entitled to invoke binding arbitration for some residual claims not otherwise resolved by other redress mechanisms. For more information, please visit the Data Privacy Framework website at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

The U.S. Federal Trade Commission (FTC) has jurisdiction over Genomate's compliance with the Data Privacy Framework.

13. Changes to this Privacy Policy

Genomate reserves the right to make changes to this Privacy Policy at any time by notifying Users on this page and, possibly - as far as technically and legally possible - sending a notification to Users through any contact data available to us. All such changes will be effective upon posting. It is strongly recommended that you check this page frequently, referring to the date of the last change listed under the title. If the changes affect the processing activities performed based on the User's consent, we will collect a new consent from the User, if necessary.

If we complete EU-US Data Privacy Framework self-certification, we will update this Privacy Policy to include a dedicated DPF notice and a link to our listing on the Data Privacy Framework List before relying on the DPF for any transfers.

14. Contact

We are always open to find out your thoughts and views and to provide you with any additional information you may need regarding the collection, use, and processing of your data. If you have any questions about the content of this Privacy Policy or wish to exercise your rights, please do not hesitate to contact us by email at privacy@genomate.health.

If you require this Policy in another language or an accessible format, contact privacy@genomate.health.

Award banner - genomeweb, best place to work 2025
Company
About Genomate®
Our Story
Our Team
Oncompas Medicine
Careers
Contact
Solutions
For Oncologists
For Partners
Order a Report
Services
For Patients
Order a Second Opinion
Resources
Browse
Publications
News
Events
Opinions
Enhancing NGS
Precision Care Pledge
The Genomate® Report can be used and clinically interpreted only by physicians or other qualified healthcare professionals. Genomate® is a clinical decision support software and is not intended to diagnose, treat, cure, prevent, or mitigate any condition. None of the statements contained herein have been evaluated by the U.S. Food and Drug Administration. Learn more.