This privacy notice applies to BioAgilytix, and its subsidiaries BioAgilytix Labs – Boston, BioAgilytix Labs – San Diego, and BioAgilytix – EU (collectively, BioAgilytix or “we” “our” or “us”). BioAgilytix cares about your privacy. This privacy notice describes how we collect, receive, use, store, share, transfer, and process your personal information (also referred to as “data”), as well as your rights in determining what we do with the information that we collect or hold about you.
We may update this Privacy Notice from time to time. When we do update it, for your convenience, we will make the updated Privacy Statement available on this page. Changes and additions to the Privacy Notice are effective from the date on which they are posted. Please review the Privacy Notice from time to time to check whether We we have made any changes to the way in which we use your personal information. Any changes we make to the Policy in the future will be posted on this page, and where we change this Policy in ways that also affect how we process personal information about you, where appropriate, we will notify you directly via email or other direct contact with you, and we also will post a notice on our home page that this Policy has changed.
Data We Collect
The personal information we process (collect, use, and share) about you depends on who you are and how we interact with you. We process personal information about you that we collect either directly, through forms or data entry fields on our website, or through passive collection by cookies and other data collection technologies. The types of personal information we process in each of these contexts is further explained below.
When BioAgilytix acts as a Data Controller and is the recipient of personal information, it shall provide the appropriate notice in clear and conspicuous language when individuals are first asked to provide personal information to BioAgilytix, or as soon thereafter as is practicable. In addition, when BioAgilytix is a Data Controller it will seek consent prior to using personal information for a purpose other than that for which it was originally collected or processed.
Website Visitor Data
We may process your information when you contact us via our website such as submitting a question or request via the contact form, requesting to speak to a scientist or signing up for our newsletter. This information typically includes name, title, company name, phone number, and e-mail address.
BioAgilytix may also record information about how individuals access the Site. This information may include device information including as Internet Protocol (“IP”) addresses, log information, error messages, device type, and unique device identifiers, the websites the user visited immediately prior to and upon exiting this site, the browser software the individual is using to access the site, the pages viewed, the features used, details about any links with which the user interacted, device precise location information, or device motion information.
BioAgilytix does not seek information from persons less than 16 years of age and no information should be submitted to BioAgilytix by anyone under 16 years of age.
Business Customer Data
If you are a customer or you request or indicate an interest in information about our services, we may process your name, email address, phone number, job title, information about the company where you work, including its website address, postal address, job title, job function, company name, company size, company financial information, IP address, device type, email view information including IP address and associated city, information about which of our services you use or which may be of interest to you, and any comments you provide. We maintain and update this information as we continue to engage with you and use it as described under the Legitimate Interests processing purposes described below.
Also, in its role as a laboratory, BioAgilytix may receive personal information related to biochemical analysis, research, diagnostics, consulting, and clinical trial support services from or on behalf of Data Controllers within the European Union (EU), the United Kingdom (UK), Switzerland, or the US.
Job Applicant or Contractor Data
Lab Sample Data
If you are a clinical trial participant, we may process your participant-specific clinical trial identification code, health data and genetic data in order to process and analyze your sample and provide results. If your health care provider submits biological samples to us for analysis, we may process personal information about you including your name, gender, age, race, health data and genetic data for analysis.
HOW WE USE DATA AND PROCESSING PURPOSES
BioAgilytix believes and supports personal information minimization and limiting use to those processing activities for which permission was given. BioAgilytix uses the personal information you provide as necessary:
- To deliver our products or services, or as required for legal compliance or other lawful purposes.
- To communicate with you via email, phone, or text messages and may send marketing materials if you chose to opt-in to marketing campaigns that you may also opt-out at any time.
- To respond to general inquiries, provide technical and customer support and training, verify your identity, and send important account and service information.
- For purposes of recruitment and employee administration.
- To provide you with a newsletter if you sign up through our site.
- For advertising purposes, including display ads, retargeting, and social media promotion.
- Our marketing team or one of our scientists may also process your information to send communications to you.
BioAgilytix processes laboratory data in the performance of services for and under the direction of its business customers who act as the Data Controllers.
This information is used to administer our systems and the site, and to make improvements to and protect the Site. IP addresses are collected to obtain certain aggregate information concerning the use of our website such as average time spent on the site, pages viewed, etc.
BioAgilytix may use personal information from website visitors for the purposes above, based its legitimate business interests which include:
- Where processing enables us to enhance, modify, personalize or otherwise improve our websites, products and services.
- Determining the effectiveness of promotional campaigns and advertising and ensuring communications are relevant to the choices you make.
- Providing visitors with information requested, including questions directly asked or information contained in newsletters when requested.
If we process your personal information under consent provided by you, you have the right to withdraw that consent at any time. Your withdrawal of consent, however, will not affect the lawfulness of any processing we have undertaken before the withdrawal.
We may process your personal information where necessary for our compliance with a legal obligation. Finally, in some cases we process your personal Information as necessary to perform a contract with you, or to take steps that you request before we enter into that contract.
Business Customer Data
If you have a contract or other agreement in place with us, we process personal information about individuals to fulfill obligations under that contract or agreement.
BioAgilytix may process personal information about you based on our legitimate business interests for the following purposes, to which individuals may exercise their Right to object as described below:
- To understand your business and research-related needs based on our legitimate interest to develop and enhance our services to address your needs and to make them more relevant to you; and
- To manage our legal, financial, policy and regulatory compliance responsibilities and to demonstrate our compliance upon request.
BioAgilytix may use personal information it receives from sponsors and business customers to based on its legitimate business interests for the purposes described above and to provide clinical laboratory services for and under the direction of its business customers who act as the Data Controllers.
Job Applicant or Contractor Data
If you have a contract or other agreement in place with us, we process personal information about you to fulfill the following obligations to you under that contract or an agreement with us, and to fulfill the specific obligations we have to you under the applicable contract or agreement such as:
- Payment of project fees to contractors or consultants;
- Managing performance obligations under employment contracts, where applicable.
Our legal basis to process personal information about you for the purposes described above in order to maintain and execute our contract with you. We also have a legitimate interest in establishing and managing our relationship with and responsibilities to you and for effective operation of our business, such as to:
- Recruit new talent to join BioAgilytix;
- Onboard employees and contractors to BioAgilytix;
- Grant and ensure appropriate access to BioAgilytix systems and facilities;
- Ensure the security and safety of the workplace and the tangible and intangible assets for which we are responsible.
Lab Diagnostic Data
If you are participating in a clinical trial or your health care provider submitted a biological sample to us, we process personal information about you in order to analyze those samples and provide results.
DISCLOSURES TO THIRD PARTIES
Any diagnostic information stored on behalf a customer is made available only to such customer.
BioAgilytix’s website may contain links to other sites that operate independently of BioAgilytix and are not under our control. We provide links to other websites solely for your convenience and information. BioAgilytix is not responsible for the content, security, or privacy practices employed by other sites.
CHANGING YOUR PREFERENCES
If you have provided your consent, we may process personal information about you to send direct email marketing communications about our services. You may withdraw your consent at any time by clicking the “unsubscribe” link in the email footer. You may also withdraw consent by exercising your rights as described below.
If you would like to change any information you submitted to us or if you want to opt-out of receiving future communications from us or limit the use and disclosure of your information, please contact us at email@example.com.
RIGHTS AVAILABLE TO INDIVIDUALS
You have the right to ask us about the processing of your personal information. Specifically, under applicable data privacy laws, and where contractual commitments require, BioAgilytix ensures that individuals can exercise all relevant informational rights with respect to their personal information collected by BioAgilytix, including, but not limited to, the right of access and correction, to withdraw consent at any time, object to data processing, request data deletion, restrict aspects of data processing. Where limitations apply, BioAgilytix will look at each circumstance and advise you of the reason we cannot comply with your request.
When BioAgilytix is a Processor and not a Data Controller, it will take reasonable steps to help the appropriate Controller respond and will act on the reasonable direction of the Data Controller’s customers with respect to access.
If you would like to exercise your rights provided under your country’s national data protection laws, please contact us at firstname.lastname@example.org. Please note that we are required by law to verify your identity in order to comply with some data requests.
OTHER PRIVACY RELATED INFORMATION
Where We Store and Process Personal Data
To facilitate our global operations, BioAgilytix may transfer, store and process your personal information within our corporate locations or with service providers based in the United States and Europe. Laws in these countries may differ from the laws applicable to your country of residence. We take appropriate steps to ensure that personal information is processed, secured and transferred according to applicable law. Where we transfer personal information from the European Economic Area or the UK to other countries in which applicable laws do not offer the same level of data privacy protection, we have ensured that appropriate safeguards are in place through the use of written agreements, such as Standard Contractual Clauses, with recipients that require them to provide the same level of protection for the data.
We will keep personal information about you for as long as we provide services, as long as you work for or with us, or as long as we are addressing a concern, question, complaint, or request you have made to us, as applicable to our interactions with you. If we have a contract or other agreement with a customer, we will follow the retention obligations of that agreement. This applies to lab diagnostic data.
We may keep personal information longer if we have a legal obligation to keep it or to maintain necessary records for legal, financial, compliance, or other reporting obligations, and to enforce our rights and agreements. When we no longer need personal information, we securely delete or destroy it.
BioAgilytix takes reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction, considering the risks involved and the nature of the personal information. We also have implemented measures to maintain the ongoing confidentiality, integrity and availability of the systems and services that process personal information and will restore the availability and access to personal information in a timely manner in the event of a physical or technical incident. Still, no system can be guaranteed to be 100% secure. If you have questions about the security of your personal information, or if you have reason to believe that the personal information that we hold about you is no longer secure, please contact us immediately as described in this Privacy Notice.
BioAgilytix complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. BioAgilytix has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
Individuals can learn more about the Privacy Shield program, individual rights, and our participation in the program by visiting: https://www.privacyshield.gov/Individuals-in-Europe
BioAgilytix acknowledges that it is subject to the jurisdiction of the U.S. Federal Trade Commission for compliance and enforcement of the Privacy Shield and Swiss Privacy Shield.
BioAgilytix may share personal information with contracted third parties who act as a Data Controller or other processors at the direction of those Controllers. BioAgilytix shall enter into a contract with third-party Data Controllers prior to sharing personal information requiring that data may only be processed for limited and specified purpose consistent with the consent provided by the individual, that third-party Data Controllers provides the same level of protection and notify BioAgilytix if it can no longer meet this obligation.
BioAgilytix shall remain liable under the Principles if its Agent processes such personal information in a manner inconsistent with the Principles, unless BioAgilytix proves that it is not responsible for the event giving rise to the damage.
Recourse, Enforcement, and Liability
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
This independent dispute resolution process is provided at no cost to the individual. Under certain conditions an individual may choose to invoke binding arbitration to resolve any residual complaints not resolved by BioAgilytix or its third-party dispute resolution provider. If an individual formally invokes binding arbitration, BioAgilytix will follow the terms set forth in Annex 1 of the Privacy Shield Framework. For more information on binding arbitration visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction
To contact BioAgilytix for Privacy Shield-related issues, please use one of the contact methods below.
HOW TO CONTACT US
If at any time you have questions about our practices, your rights described above, or questions about this Privacy Notice, you may contact our Data Protection Officer using one of the contact methods below. This inbox is actively monitored and managed by personnel trained in our policies, processing, and handling of personal information.
This notice is dated April 2023.