Safe Harbor Privacy Policy
1. Safe Harbor Privacy Policy
GENOMIC HEALTH, INC. carefully protects the confidentiality of personal information provided to it by consumers, employees, healthcare professionals and business partners. GENOMIC HEALTH, INC. values the confidence of its consumers, employees, healthcare professionals and business partners. GENOMIC HEALTH, INC. will not release personal information to third parties about employees, potential employees, and their family members, contractors and contingent workers, scientific and medical research subjects, scientific and medical investigators and staff, service providers and business partners, investors and shareholders, medical and healthcare professionals, customers, suppliers, vendors, government officials, industry experts and opinion leaders for purposes other than providing services which have been agreed or to comply with applicable legal requirements. GENOMIC HEALTH, INC. is committed to upholding best practice in our use, collection and disclosure of personal information.
This Safe Harbor Privacy Policy (the “Policy”) sets forth the privacy principles that GENOMIC HEALTH, INC. follows with respect to personal information transferred from the European Economic Area (“EEA”) (which includes the twenty-seven member states of the European Union (EU) plus Iceland, Liechtenstein and Norway) and Switzerland to the United States of America.
2. Safe Harbor
The United States Department of Commerce the European Commission and the Swiss Federal Data Protection and Information Commissioner have agreed on a set of data protection principles and frequently asked questions (the “Safe Harbor Principles”) to enable U.S. companies to satisfy the requirement under European Union and Swiss law that adequate protection is given to personal information transferred from the EU or Switzerland to the United States. The EEA and Switzerland have also recognized the U.S. Safe Harbor as providing adequate data protection. GENOMIC HEALTH, INC. is committed to protecting personal privacy and adheres to the seven Safe Harbor principles.
3. Scope
This Safe Harbor Privacy Policy (the “Policy”) applies to all personal information received by GENOMIC HEALTH, INC. in the United States of America from the EEA and Switzerland, in any form including electronic, paper or verbal.
4. Definitions
For purposes of this Policy, the following definitions shall apply:
"Agent" means any third party that collects or uses personal information under the instructions of GENOMIC HEALTH, INC. or to which GENOMIC HEALTH, INC. discloses personal information for use on GENOMIC HEALTH, INC.’S behalf. These third parties are most commonly: employee payroll, employee benefits, distribution and billing partners.
"GENOMIC HEALTH, INC." means GENOMIC HEALTH, INC., its successors, affiliates, subsidiaries, divisions and groups in the United States of America and Switzerland.
"Personal information" means any information or set of information that identifies or is used by or on behalf of GENOMIC HEALTH, INC. to identify an individual in the context of providing GENOMIC HEALTH, INC.’S services. Personal information does not include information that is encoded or anonymised.
"Sensitive personal information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. GENOMIC HEALTH, INC. will treat any information received from a third party as sensitive personal information where that third party treats and identifies the information as sensitive personal information.
5. Privacy Principles
The privacy principles in this Policy are based on the Safe Harbor Principles.
Notice: Where GENOMIC HEALTH, INC. collects personal information directly from individuals (such as employees or customers) in the EEA or Switzerland, it will inform them about the purposes for which it collects and uses such personal information and the type of Agents to which it discloses such information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to GENOMIC HEALTH, INC., or as soon as practicable thereafter, and in any event before GENOMIC HEALTH, INC. uses or discloses the information for a purpose other than that for which it was originally collected.
Where GENOMIC HEALTH, INC. receives personal information from its subsidiaries, affiliates or other entities in the EEA or Switzerland, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals in respect of their personal information.
Choice: GENOMIC HEALTH, INC. does not use personal information for purposes other than which it was collected, i.e., the provision of GENOMIC HEALTH, INC.’s services. Such information is not disclosed to non-agent third parties.
Transfers To Agents: GENOMIC HEALTH, INC. most commonly transfers personal information to agents who are subject to the HIPAA Privacy Rule. As such they must safeguard personal information in a way that is consistent with the HIPAA Privacy Rule and the terms of this Policy. In the event that information is transferred to agents who are not subject to the HIPAA Privacy Rule appropriate assurances will be sought from these agents. These may include: a contract obligating the agent to provide at least the same level of protection as is required by the relevant Safe Harbor Principles, being subject to EU Directive 95/46/EC (the EU Data Protection Directive), Safe Harbor certification by the agent, or being subject to another European Commission adequacy finding (e.g., companies located in Switzerland). Where GENOMIC HEALTH, INC. has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, GENOMIC HEALTH, INC. will take all reasonable steps to prevent that use or disclosure.
Security: GENOMIC HEALTH, INC. will take all reasonable precautions to protect personal information in its possession from loss, misuse and unauthorised access. In addition, GENOMIC HEALTH, INC. will take all reasonable steps to prevent unauthorised disclosure, alteration and destruction of personal information.
Data Integrity: GENOMIC HEALTH, INC. will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorised by the individual. GENOMIC HEALTH, INC. will take all reasonable steps to ensure that personal information is relevant to its intended use and is accurate, complete, and up-to-date and does so in order to provide the very best services.
Access And Correction: Upon request, GENOMIC HEALTH, INC. will grant individuals reasonable access to personal information that it holds about them. This consists mainly of information received from third parties. In addition, GENOMIC HEALTH, INC. will take reasonable steps to permit individuals to correct, amend, or delete information that is inaccurate or incomplete with the relevant third party. GENOMIC HEALTH, INC. is unable to correct anything other than factual errors in any report GENOMIC HEALTH, INC. produce for its consumers because it is based on information provided by third parties. However, GENOMIC HEALTH, INC. will take all reasonable steps to facilitate amendments to information provided by third parties if an individual raises a query.
Enforcement: GENOMIC HEALTH, INC. will conduct compliance audits of its relevant privacy practices, for example its information systems and data processing installations, to verify adherence to this Policy. Any employee that GENOMIC HEALTH, INC. determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.
Dispute Resolution: Any questions or concerns regarding the use or disclosure of personal information should be directed to the GENOMIC HEALTH, INC. Privacy Officer at the address given below. GENOMIC HEALTH, INC. will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between GENOMIC HEALTH, INC. and the complainant, GENOMIC HEALTH, INC. has agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities and the Swiss Federal Data Protection and Information Commissioner to resolve disputes pursuant to the Safe Harbor Principles.
6. Limitation On Application Of Principles
Adherence by GENOMIC HEALTH, INC. to these Safe Harbor Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; and (b) to the extent expressly permitted by an applicable law, rule or regulation.
7. Internet Privacy
GENOMIC HEALTH, INC. sees the internet and the use of other technologies as valuable tools for communicating and interacting with consumers, employees, healthcare professionals, business partners, and others. GENOMIC HEALTH, INC. recognizes the importance of maintaining the privacy of information collected and/or stored online and has systems in place that protect data collected and/or stored online or via an electronic database. Personal information that is transferred from the EEA or Switzerland to the United States of America, will be treated in accordance with this policy.
8. Contact Information
Questions or comments regarding this Policy should be submitted to the GENOMIC HEALTH, INC. Privacy Officer by mail as follows:
GENOMIC HEALTH, INC.
ATTN: Privacy Officer
301 Penobscot Drive
Redwood City, California 94063
USA
Email: privacy@genomichealth.com
9. Changes To This Safe Harbor Privacy Policy
This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor Principles. If we make changes to this Policy, we will promptly post a copy of the updated Policy on our website at http://www.genomichealth.com/privacy. A notice will be posted on the GENOMIC HEALTH INC. web site www.genomichealth.com whenever this Safe Harbor Privacy Policy is changed in a material way.
EFFECTIVE DATE: 28 October 2009