Privacy Policy
Last Updated on: October 10, 2023
The website
www.genomate.health and the services provided herein (the “Website”) is the property of GENOMATE HEALTH, INC. By using this Website, you, as a “User”, acknowledge and agree to the contents of this Privacy Policy (“the Policy”).

Genomate Health, Inc. (“Genomate”, “we” or “us”) is committed to protecting your rights and freedoms in order to collect, use, and process your personal data safely and in accordance with all legal obligations. We value your personal data and will maintain its integrity and confidentiality. This Privacy Policy is meant to help you understand what personal data we collect, how we use it, with whom we share your personal data and what steps you take in order to ensure your personal data’s security when you interact with us through the Website. To reflect any changes to the way we process your personal data or any changes to your legal requirements, periodic updates and changes to this Privacy Policy will be posted on this Website. We abide by the highest standards and we value your personal data, therefore, our Privacy Policy is established in accordance with the rules imposed by the EU Regulation 2016/679 (GDPR) as well as by relevant federal and state legislation on personal data protection.

Summary
We hope that you will read this entire Privacy Policy carefully as we tell you what kind of data we collect and for what reason, but if you are in a hurry, here are some main ideas extracted from the Policy.

• We will not use your personal data for commercial purposes or sell it to any third party. Your personal data is collected only for the purpose of being able to provide you with our services.
• We only collect the minimum personal data necessary to fulfil the purposes described below.
• You can exercise any of the rights provided by the GDPR and described below. You can contact us at any time about your rights and we will do our best to ensure that they are respected.
• Your personal data may be shared with other entities or persons with whom we are in contractual relations, such as suppliers, IT service providers or online payment service providers.
• If you have any questions about your rights, this Policy, or our business, we encourage you to contact us at privacy@genomate.health


1. Categories of Personal Data

Through our Website, we may collect the following categories types of Personal Data about you which are described in more detail below:
(A) Personal Data you provide to us
(B) Personal Data we may automatically collect
(C) Cookies & Other Technologies
(D) Personal Data we may receive from third parties.

(A) Personal Data you provide to us
When using the Website, you may provide us with the following Personal Data:

Contact Information. When filling in our contact forms, you provide us with your email address, first and last name, your phone number and the message you want to send us. When applying to be a partner you also provide us with the organization you work for and the region you work in.

Professional Information. When you choose to apply to be a part of our team through the form available on our website, you may share with us your Curriculum Vitae, which contains information such as: your name, phone number, e-mail address, current job role and employer, past employers and other professional information. You also provide through the form your first and last name, your phone number and email address.

(B) Personal Data we may automatically collect:
The Website may automatically collect certain information about you, generally referred to as Navigation Data.  We use this data to help us design the Website to better suit our Users’ needs.  This data may include:
• IP address, which is the number associated with the service through which you access the Internet, like your ISP (Internet service provider), your company;
• Date and time of your visit or use of the Website;
• Domain server from which you are using the Website;
• Type of computer, web browsers, search engine used, operating system you use;
Collecting IP addresses is standard practice and is done automatically by most online service providers. We use IP addresses for purposes such as calculating Website usage levels, diagnosing server problems, and administering the Website. We may also derive your approximate location from your IP address.

(C) Cookies & Technologies Used to Collect Information About You
We collect the following Information directly and through the use of third parties.  We collect this Information by using certain technologies, such as cookies, web beacons, and other technologies.  Third-party service providers, advertisers, and/or partners may also view, edit, or set their own cookies or place web beacons.  The use of these technologies by such third parties is subject to their own privacy policies and is not covered by this Privacy Policy, except as required by law.  Please refer to our Cookies Policy to learn more about your rights and responsibilities with respect to cookies and other technologies. If you have any questions about your rights under our Cookies Policy, we encourage you to contact us at privacy@genomate.health.

a.       Cookies (or browser cookies).  A cookie is a small file placed on the hard drive of your computer.  Most web browsers automatically accept cookies.  You may refuse to accept browser cookies by activating the appropriate setting on your browser.  However, if you select this setting you may be unable to access certain parts of the Website.  Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our website.
b.      Flash Cookies.  We may use local shared objects, also known as Flash cookies, to store your preferences such as volume control or display content based upon what you view on our site to personalize your visit.  Third parties, with whom we partner to provide certain features or to display advertising based upon your browsing activity, use Flash cookies to collect and store information.  Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored.  Cookie management tools provided by your browser will not remove Flash cookies.
c.   Web Beacons.  Website pages may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity).  We also use these technical methods to analyze the traffic patterns, such as the frequency with which our users visit various parts of the Website.  These technical methods may involve the transmission of Information either directly to us or to a third party authorized by us to collect Information on our behalf.  The Website use retargeting pixels from Google, Facebook and other ad networks.  We also use web beacons in HTML emails that we send to determine whether the recipients have opened those emails and/or clicked on links in those emails.
d.      Analytics.  Analytics are tools we use, such as Google Analytics, to help provide us with information about traffic to the Website and use of the Website, which Google may share with other services and websites who use the collected data to contextualize and personalize the ads of its own advertising network.
e.       Mobile Application Technologies.  If you access the Website through a mobile device, we may automatically collect information about your device, your phone number, and your physical location.

(D) Personal Data We May Receive from Third Parties
Currently, through our Website we do not receive any Personal Data from third parties. Should this change, this section will be updated accordingly.


2. Purpose of data processing

The processing of personal data listed above is based on at least one of the following legal bases:
• processing may be required for the conclusion of a legal relationship / contract and / or for its execution;
• the processing may be required in order to fulfill a legal obligation incumbent on us (e.g. those relating to the management of tax supporting documents, reporting to the relevant public authorities, obligations to keep evidence for certain periods of time, etc.);
• processing is justified in light of our legitimate interests;
• processing is based on your consent.

If you want to learn more about the specific processing of your personal data, you can contact us at privacy@genomate.health.

More specifically, we use the Personal Data with the following purposes:

2.1. To sort out your requests
We collect your data in order to provide you with information of interest to you as a beneficiary of our services. We will use the contact details provided by you, respectively the email address, exclusively with the purpose of processing your specific request. We always make sure that processing is carried out in accordance with your rights and freedoms and that the decisions taken on the basis of them do not affect you.

2.2. To process your application
You have the option to apply to be a part of our team through the form available on our website. In order to consider your application, we need to be able to process the information you provide us with. We will use your personal data only with the purpose of reviewing your application and contacting you.

2.3. To improve our services
In order to provide you with the best online browsing experience on our website, we may collect and use certain information about your activity on the site.We rely on our legitimate interest to carry out activities for you in optimal conditions, while taking care to respect your fundamental rights and freedoms.

2.4. To defend our legitimate interests
In certain situations, we will use or transmit information to protect our rights and activities. Among these we list:

• Various measures to protect the website and its users against cyber attacks.
• Measures to prevent and detect fraudulent attempts, including the transmission of information to the competent public authorities.
• Various other risk management measures.

In some cases, we base our processing on legal provisions such as the obligation to ensure the safeguarding of goods and values under the applicable legislation in this regard, or various reporting obligations.


3. Sharing Your Personal Data

Where applicable, we may transmit or provide access to certain Personal Data collected to various categories of suppliers, personnel, or other companies with which we may develop partnerships necessary for the conduct of our business, provided that there is a good reason.

We may share your Personal Data as set forth in the Privacy Policy and in the following circumstances:
Third-Party Service Providers.  We may share your Personal Data with third-party service providers that perform certain functions or services on our behalf (such as to host the Website, provide products and services, manage databases, perform analyses, provide customer service, accounting services or send communications for us).  These third-party service providers are authorized to use your Personal Data only as necessary to provide these services to us.  In some instances, we may aggregate Personal Data we collect so third parties do not have access to your particular Personal Data to identify you individually. 
Disclosure of Personal Data for Legal and Administrative Reasons.  We may disclose your Personal Data without notice: (i) when required by law or to comply with a court order, subpoena, search warrant, or other legal process; (ii) to cooperate or undertake an internal or external investigation or audit; (iii) to comply with legal, regulatory or administrative requirements of governmental authorities (including, without limitation, requests from the governmental agency authorities to view your Personal Data); (iv) to protect and defend the rights, property or safety of us, our subsidiaries and affiliates and any of their officers, directors, employees, attorneys, agents, contractors and partners, and the PlatformUsers; (v) to enforce or apply our Terms of Use; and (vi) to verify the identity of the User of the Website, if necessary.
Business Transfers.  Your Personal Data may be transferred or otherwise conveyed to a third party where we: (i) merge with or are acquired by another business entity; (ii) are adjudicated bankrupt; or (iii) are liquidated or otherwise reorganized.
Personal Data Shared with our Subsidiaries and Affiliates.  We may share your Personal Data with our subsidiaries and affiliates.  If you do not want us to share your Personal Data with our subsidiaries and affiliates, please email us at privacy@genomate.health.
With Your Consent.  In some cases, we may share Personal Data consistent with this Privacy Policy with your explicit consent. 

Except as provided in this Privacy Policy or required by applicable law, we will not sell, trade, or disclose your Personal Data we have collected without your consent.


4. Duration of Retention of Personal Data

We retain the personal data we process only for as long as is necessary for the purpose for which it was collected (including applicable law or regulations), such as:

• All data sent to us when you make a request using our contact form will be used strictly to provide you with an answer and to resolve your request. Therefore, it will be kept for a period of 1 year from the date of receipt of the request, or at least until your request is solved, whichever is later.
• By way of exception to the foregoing, we may retain any data, if any, for a period of 3 years, in respect of situations in which we have a legitimate interest in retaining certain personal data in connection with a potential dispute that may arise between the parties (for example, in the context of the possible employment of our legal liability or that of the data subject).
• In any other case or in the absence of specific legal, regulatory or contractual requirements, our reference period for the retention of personal data is 5 years from the date of termination of relations / the last contact between us and you.
• All Personal Data provided via the application form will be retained throughout the application process. If the application is successful and leads to employment, this Personal Data will be retained for the duration of the employment period and any additional time required to comply with specific regulatory retention requirements. In the event of an unsuccessful application, you have the option to grant consent for your personal data to be stored for a period of 2 years in case new opportunities arise.

In any case, except as provided by applicable law, we will delete your data at the time you request it. The applicable exceptional situations will be communicated to the applicant through the answer submitted by Genomate Health, Inc in connection with the request to delete the data.


5. Protecting Your Personal Data

At Genomate Health, Inc we have implemented the appropriate technical and organizational measures needed to ensure an adequate level of security and confidentiality to your personal data. The purpose of these measures is to protect your personal data against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing.

However, you should assume that no data transmitted over the Internet or stored or maintained by us or our third-party service providers can be 100% secure.  Therefore, although we believe the measures implemented by us reduce the likelihood of security problems to a level appropriate to the type of data involved, we do not promise or guarantee, and you should not expect, that your Information or private communications will always remain private or secure.  We do not guarantee that your Personal Data will not be misused by third parties.  We are not responsible for the circumvention of any privacy settings or security features.  

If you believe that your Personal Data has been accessed or acquired by an unauthorized person, you shall promptly contact us at privacy@genomate.health.


6. Use by minors

Our website is not directed to minors under the age of 18 and we do not allow these individuals to provide any personal information through our website. If your child has submitted Personal Information and you would like to request that such Personal Information be removed, please contact us at privacy@genomate.health.


7. Accessing, Correcting, Or Deleting Your Personal Data

Upon request as set forth below and subject to certain exceptions and limitations stemming from applicable laws, we will inform you of the existence, use and disclosure of your Personal Data and will provide you access to that Personal Data.  

We encourage you to review, update, and correct the Personal Data that we maintain about you, and you may request that we delete Personal Data about you that is inaccurate, incomplete, or irrelevant.  We may not accommodate a request to change your Personal Data if we believe the change would violate applicable law in our control. You can read more about this in the “Your Rights” section below. 

You can access, correct, or delete your Personal Data directly from your account or by contacting us  at privacy@genomate.health.


8. International Transfer of Personal Data

We currently store and process your personal data in the European Union. However, given the geographic scope of our business, we may transfer certain of your personal data to our HQ or partners in the United States. We take all measures to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests, and we allow such transfers only when absolutely necessary, applying the principle of minimization. Data transfers will always be protected by contractual commitments and, where appropriate, by other guarantees of a technical or organizational nature. To find out more about the countries where we transfer your data, you can contact us at any time. Despite the measures taken to protect your personal data, we do not take responsibility for vulnerabilities in systems that are not under our control. We remind you that the transmission of information via the Internet is not completely secure, there is a risk that the data will be viewed and used by unauthorized third parties regardless of our intervention.


9.  What are your rights?

You have the following rights as a User:

9.1. Access
You can ask us to confirm whether we process your Personal Data, as well as to provide you with a copy of it and to present to you the data we have, what we use it for, to whom we disclose it, if we transfer it abroad, how we protect it, how long we keep it, what rights you have, how you can file a complaint, where we got your data from, to the extent that the Personal Data has not already been provided to you in this page.

9.2. Rectification
You may ask us to rectify or complete your inaccurate or incomplete personal data. It is possible to check the accuracy of the data before rectifying it.

9.3. Data deletion
You can ask us to delete your Personal Data. We will proceed with the request if: 
• they are no longer necessary for the purposes for which they were collected;
• you have withdrawn your consent (if the data processing was based solely on your consent);
• they were processed illegally;
• you exercise a legal right to oppose;
• we have a legal obligation in this regard.

In some cases, your Personal Data may not be deleted. The most likely situations in which we could deny your request are:
• for compliance with a legal obligation;
• for the establishment, exercising or the defense of a right in court.

9.4 Restricting data processing
You can request that we restrict the processing of personal data only if:
• their accuracy is challenge and we need to verify their accuracy;
• they are no longer needed for the purposes for which they were collected, but you need them to establish, exercise or defense of a right in court;
• processing is illegal, but you do not want the data to be deleted;
• you have exercised your right to object, and the verification of our rights prevails is ongoing. We may continue to use your personal data following a request for restriction if we have your consent, or to ascertain, exercise or ensure the defense of a right in court or to protect the rights of Genomate Health, Inc or another natural or legal person.

9.5. Data portability
You can ask us to provide you with personal data in a structured, commonly used and automatically readable format, or you can request that it be ported directly to another data controller, provided that the processing is based on your consent or on the conclusion or execution of a contract with you and to be done by automatic means, as well as to make the porting technically possible.

9.6. Opposition
You may object to the processing of your data at any time if you believe that your fundamental rights and freedoms prevail over our legitimate commercial interest.

9.7. Automated decisions
You may request that you not be subject to a decision based solely on automatic processing when that decision:
• produces legal effects on you;
• it affects you in a similar way and to a significant extent.

This right will not apply where the decision was reached by following automated decision-making:
• we are required to enter into or enter into a contract with you;
• is authorized by law and there are adequate guarantees for your rights and freedoms;
• is based on your explicit consent.

9.8. Complaints
You have the right to submit a complaint regarding the processing of your Personal Data and we assure you that we will make every effort to resolve any issues in a reasonable manner. You may contact us by email at privacy@genomate.health. We promise to respond to any valid requests within a maximum of 30 days, unless this is particularly complicated or if you have made multiple requests, in which case we will respond within a maximum of 60 days, prior to which you will be contacted about the delay.

Alternatively, you can also submit your request to exercise your rights by post, at the following address:
Genomate Health, Inc.
1 Broadway, Cambride, MA
United States of America

Given the global reach of our Website, we strongly recommend that you contact us by email at the address provided above. We cannot guarantee the arrival on time by post. If you, however, choose to submit a request through the mail, we recommend that you mail your request with confirmation of receipt.


10. Links to Other Websites

The Website may contain links to other websites or services that are not owned or controlled by us, including links to Social Media Platforms such as Facebook, Instagram, Twitter and LinkedIn, or may redirect you off our website away from the Website to other websites for information, other services, or to receive special offers, contests, games, sweepstakes, or for transactions or purchases.

For example, if you “click” on a banner advertisement, the “click” may take you off the Website and onto a different website.  This includes links from advertisers, sponsors and marketing partners that may use our website’s logo as part of a co-branding agreement.  These other websites may send their own cookies to you, independently collect data or solicit personal Information and may or may not have their own published privacy policies.  If you visit a website that is linked to the Website, you should consult that website’s privacy policy before providing any Information.

This Privacy Policy only applies to Information collected by the Website. We are not responsible for the privacy and security practices of those other websites or Social Media Platforms or the Information they may collect (which may include IP address). You should contact such third parties directly to determine their respective privacy policies. Links to any other website’s or content do not constitute or imply an endorsement or recommendation by us of the linked website, Social Media Platform, and/or content.


11. State‐Specific Privacy Rights

State consumer privacy laws may provide their residents with additional rights regarding our use of their Personal Data (“Information”), including the following:

A. California. Residents of the State of California have the right to request information from us regarding other companies to whom we have disclosed certain categories of information during the preceding year for the other companies’ direct marketing purposes. If you are a California resident and would like to make such a request, please contact us at privacy@genomate.health. If you are a California resident, certain Information that we collect about you is also subject to the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). The CCPA provides California residents with the right to receive certain disclosures regarding the collection, use, and sharing of Information as well as the right to know/access, delete, and limit sharing of Information. You may submit a request for more information by contacting us at privacy@genomate.health.

B. Nevada. Nevada provides its residents with a limited right to opt-out of certainInformation sales. You may submit a request for more information by contacting us at privacy@genomate.health.

C. Virginia. If you are a Virginia resident, certain Personal Data that we collect about you are subject to the Virginia Consumer Data Protection Act (VCDPA). You may submit a request for more information by contacting us at privacy@genomate.health

D. European Union. If you are a resident of the European Union, we have constructed this Privacy Policy with the GDPR principles in mind and we are fully compliant with the GDPR. If you wish to exercise any of the rights listed above or if you have any specific questions about our GDPR compliance, please contact us at privacy@genomate.health.


12. Changes to this Privacy Policy

Genomate reserves the right to make changes to this Privacy Policy at any time by notifying Users on this page and, possibly - as far as technically and legally possible - sending a notification to Users through any contact data available to us. All such changes will be effective upon posting. It is strongly recommended that you check this page frequently, referring to the date of the last change listed under the title. If the changes affect the processing activities performed based on the User’s consent, we will collect a new consent from the User, if necessary.


13. Contact

We are always open to find out your thoughts and views and to provide you with any additional information you may need regarding the collection, use, and processing of your data. If you have any questions about the content of this Privacy Policy or wish to exercise your rights, please do not hesitate to contact us by email at privacy@genomate.health.