Portal Privacy Notice for EU Customers

Last Updated: May 2018

This Privacy Notice (the "Notice") describes Genomic Health’s practices and policies regarding the collection, use, storage and disclosure of personal data collected from users (‘you’) to provide access to this portal (the ‘Site’), as well as communicate with you about the services that are ordered through it (the "Services").

This Notice also informs you about your choices and rights regarding your personal data. Genomic Health values the trust placed in us by patients, our employees, healthcare professionals and business partners. We are committed to upholding best practices in our use, collection, storage and disclosure of personal data.

This notice is not intended to inform patients for whom tests are ordered about the processing of their data.

Who is Genomic Health?

‘Genomic Health’ means Genomic Health, Inc. and Genomic Health International Sàrl. In this Privacy Notice, ‘we’, ‘us’, and ‘ours’ refer to Genomic Health.

Genomic Health is the controller of the data about you that you submit on this website.

Genomic Health, Inc. is based in the United States, and Genomic Health International Sàrl is based in Switzerland. Their representative in the European Union is Genomic Health Ireland Limited.

They can be contacted by post, email, or telephone as follows:


Genomic Health, Inc.
Attn: Legal
301 Penobscot Dr.
Redwood City, California 94063
USA
Genomic Health Ireland Limited
Attn: Legal
70 Sir Rogerson’s Quay
Dublin 2
Ireland

+1 (650) 556-9300 +353 1 232 3333

europeansupport@genomichealth.com

What personal data do we collect from you?

When you are registered to place orders or consult information on this Site, we collect your name, title, specialty, credentials, and contact information.

What do we use your personal data for?

We use the personal data you provide to us to verify your authorization to place orders for Genomic Health Services, to control access to the Site, and to communicate with you as needed about Genomic Health Services. Your personal data may also be used for analysis about ordering patterns and trends to help Genomic Health deliver optimal services to you, for your patients.

What is our legal basis for using your information?

The European Union’s General Data Protection Regulation (2016) (‘GDPR’) requires us to tell you under what legal basis we process your information. The GDPR provides a list of six allowed legal bases for processing. One such basis, applicable here, is the legitimate interests of the person (in this case Genomic Health) responsible for processing your data.

Our legitimate interest is communicating with you, providing you Services, and otherwise acting within our relationship of laboratory to physician (physician’s delegate).

Who has access to your information?

Within Genomic Health, the information we collect is available to our Customer Service and sales teams, as well as to others (for instance, within the laboratory or Medical Affairs) who may need to interact with you or support your access to the Site.

We do not sell or rent your personal data to any other third party.

We may transfer your information in the event of a corporate restructuring, merger, acquisition, or consolidation with, or sale of most of our assets to a third party (including in insolvency proceedings).

Is your information transferred outside the Europe Union?

Yes. Genomic Health, Inc. and all its employees are located in the United States.

European law requires an appropriate safeguard for transfer of data to a country such as the US that the European Union does not consider to offer an adequate level of protection to personal data. The safeguards for transfers to Genomic Health, Inc. in the US are:

  • the US-EU Privacy Shield and U.S. Swiss Privacy Shield, with which Genomic Health, Inc. is registered, and
  • European Commission-approved standard contracts amongst the companies within Genomic Health binding them to respect your rights under European law.

How long does Genomic Health keep your information?

Genomic Health does not have a fixed period to keep the information you submit to us. We retain it as necessary to respond to you or maintain contact with you.

Your rights concerning your information

You have the right to:

  • access your information,
  • have us correct information,
  • have us erase and/or de-identify information,
  • have us restrict the processing of your information, or
  • object to our processing of your information.

You may exercise these rights at any time by contacting us at europeansupport@genomichealth.com.

You have the right as well to lodge a complaint with your local data protection authority if you believe that we have processed your data unlawfully, although we do of course invite you to contact us first so that we can try to resolve any issue.

How we secure information

We secure information by using industry standard administrative, physical and technical safeguards. We encrypt information transmitted to us using Secure Sockets Layer (SSL) technology. All information is stored on controlled servers with restricted access, either directly managed by Genomic Health or by a service provider subject to a strict data processing agreement. It is important for you to know that, despite using these current technical and industry-recommended practices, it is never possible to fully guarantee against breaches in security.

Updates

Please make sure you review our most current Notices, as we may revise this Notice from time to time. Updated versions will be posted on the Site, and for significant changes, we will place a notice on the Site.

Data Protection Officer

Genomic Health has appointed a data protection officer, whose contact information follows:


FAO: Global Privacy Officer
Genomic Health, Inc.
301 Penobscot Drive
Redwood City, California 94063
United States of America

(US) +1 (650)569-2134

dpo@genomichealth.com

Oncotype DX My Colon Cancer Coach