Last Updated: July 26, 2022
Affirmativ Diagnostics PLLC, a Washington professional limited liability company doing business as ADx Health (“ADx Health,” “Company,” “we,” or “us”) respects your privacy and is committed to protecting it through our compliance with this Privacy Statement.
This Privacy Statement applies to our websites, and to your use of any related Services, and describes how and why we collect information from you or about you through any website owned and operated by ADx Health, including https://adxhealth.com/ and any other websites, pages, features, or content we own or operate (collectively our “Website”), how we might use or disclose this information, and how you may update or delete certain information about you from our system.
This Privacy Statement does not apply to the storage, use, and collection of protected health information (“PHI”), which is governed by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”) and therefore is covered by our Notice of HIPAA Privacy Practices (the “NPP”) instead. Any conflict between this Privacy Statement and the NPP with respect to such PHI shall be resolved in favor of the NPP.
Please read this Privacy Statement carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is to not use our services or Website. By accessing or using our services and this Website, you agree to this Privacy Statement. This Privacy Statement may change from time to time. Your continued use of this Website or our services after we make changes is deemed to be acceptance of those changes, so please check the Privacy Statement periodically for updates.
ADx Health respects all data subject rights to privacy and complies with all applicable data protection laws and regulations.
This Privacy Statement is informed by Privacy Best Practices for Consumer Genetic Testing Services, Future of Privacy Forum (July 31, 2018).
The terms “Aggregate Information,” “De-identified Information,” “Personal Information” and “Service” or “Services” have the meanings given them in our Terms of Service. Personal Information does not include PHI, which is governed by our NPP.
Any references in this Privacy Statement to “you” or “your” should be interpreted in the context in which the information is processed.
Personal Information Collection
We collect several types of information from and about users of our Website and Services, including the following categories of information and as explained more fully in this Privacy Statement:
- By which you may be personally identified, such as name, billing and shipping address, e-mail address, payment information, telephone number, gender at birth, age, and/or date of birth;
- Additional information about you that may be requested when you purchase one of our testing kit services (any PHI collected during this process is governed under the NPP [add link]);
- Any user content you create and provide to us; and/or
- About your internet connection, the equipment you use to access our Website and Client Portal, and usage details.
We collect this information:
- that you provide to us directly;
- automatically as you navigate through the Website (information collected automatically may include information provided by your browser or device when you visit our website, usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies);
- through the portals connected to our site (as described below); and
- from third parties that may include business partners and affiliates, clinicians, and/or our Physician Partner Program.
We will collect Personal Information from you so that we can provide you with the Services you require. If you do not provide certain information, we may not be able to fulfill your requests.
Personal Information Collected via Our Website Portals
REGISTER AN ACCOUNT
We collect Personal Information when you register an account to access user account-only portals:
- Client Account: If you purchase a testing kit service and register an account in our Client Portal, we will collect your name, billing and shipping address, e-mail address, payment information, telephone number, gender at birth, age, and/or date of birth.
- Partner Account: If you are a partner or physician or health care provider and register an account, we will collect your first and last name, title/professional suffix, National Provider Identifier (“NPI”), and practice association.
We may also collect additional Personal Information that you submit via these portals or about your interactions with the portals. In some circumstances, a portal may be provided or supported by one of our support vendors, which may provide us with additional Personal Information related to your use of the portal.
SUBMIT A JOB APPLICATION
If you apply for a job via our Careers portal, you will be asked to provide your first and last name, contact information, work history, education, applicant information and your answers to our pre-employment questions. If you submit a resume and/or cover letter, we will also collect any information you provide in such documents, including any additional Personal Information you choose to share.
If you submit payment for a test kit, we will ask you to provide your name and billing information, including credit card number and expiration date, first and last name, address, city, state, postal code, email, and phone and fax numbers.
Personal Information from Your Communications with Us
When you request information about our Services, request technical or customer support, register for updates from ADx Health, or otherwise communicate with us, we may collect your first and last name, email address, and phone number. When registering for updates, you may also choose to provide your company and/or practice name, phone number and postal code, but this information is optional. We collect this information for the purpose of providing you with periodic updates regarding new product offerings, clinical research and product or company updates.
Personal Information Collected via Web-Based Technologies
BROWSER OR DEVICE INFORMATION
When you use the Website, we automatically receive certain information provided by the interaction of your mobile phone or web browser and the Website. This information includes your internet website provider name, web browser type, type of mobile device (if applicable), and computer operating system. Such information is collected in anonymous, aggregate form and is typically not considered Personal Information.
We also collect information on computer operating system, your IP address, the web browser, and information about the Websites visited before accessing the Website.
COOKIES AND WEB BEACONS
- A cookie is a small piece of data stored on your computer or mobile device by your web browser and is often used to make websites work, as well as provide website traffic and browsing related information to the website operator.
- First-Party Cookies are cookies set by our Website, i.e. the website displayed in your URL window.
Communications you receive from us, as well as pages of our Website, may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that enable us to analyze email and website statistics, including visits and click-through rates. The web beacons only collect information that cannot be traced back to you individually.
Personal Information Use
How we use your Personal Information will depend on how you interact with our Website and Client Portal and the Personal Information you have shared with us. We use your Personal Information for a variety of business purposes, including to provide our Services, for administrative purposes, for research, and to market our products and Services, as described below.
Please note that our use of your PHI is governed by our NPP [add link], not this section.
To provide you with services
We use Personal Information as described in this Privacy Statement to operate, provide, analyze, and improve our Services. These activities may include, among other things, using your information in a manner consistent with this Privacy Statement to:
- Open your account, enable purchases, and process payments;
- Communicate with you and implement your requests;
- Contact you about your account and any relevant information about our services;
- Enforce our Terms of Service and other agreements;
- Monitor, detect, investigate and prevent prohibited or illegal behavior on our Website and in connection with our services, to combat spam and other security risks; and
- Perform research and development activities.
RESPOND TO YOUR REQUESTS and provide customer support
We use your Personal Information to respond to your requests, including communications, requests for updates, bill payment, and supply orders. We may also use your Personal Information to register you for webinars, and, when applicable, enable you to create an account, use our online portals and e-commerce tools, and consider your candidacy for employment.
We will never use your Personal Information to conduct research without your consent. We may use your Personal Information to determine your eligibility for research, including medical, clinical, and public health research, and/or to contact you to seek your consent to use or share your Personal Information for research. You will not be paid for this use.
ENHANCE WEBSITE AND USER EXPERIENCE
We use the information regarding the use of our Website to analyze and administer the site and track user movement for web analytics purposes. This Website usage information enables us to provide you with an ever-improving site, service, and general offering. Except where you have provided consent for us to use your identifiable Personal Information for our analytics research, we only use De-identified Information.
If you have created an account, we will use your Personal Information to administer your account and allow you to access and use the appropriate Website portals. If necessary, we will also use your Personal Information to verify your identity and provide you with access to your account should you become locked out or forget your login and password.
CONDUCT MARKETING AND ADVERTISING
If you request to be updated about our products, services, company news, or other information, we will use the contact information you provided to send you the requested information, to provide you with marketing communications, and to keep you informed about product updates, events, webinars, or other materials.
TO CREATE DE-IDENTIFIED AND/OR AGGREGATE INFORMATION
We may use your Personal Information to create de-identified and/or aggregate information, such as demographic information, information about health or wellness, or other analyses we create. De-identified information is not Personal Information, and we may use and disclose such information in a number of ways, including research, internal analysis, analytics, publications, making de-identified information available to third parties, and any other legally permissible purposes. We make available a research database that contains anonymized genomic, phenotypic, diagnostic, clinical and/or other information. It is intended for research use only, and any use for commercial or other non-research purposes is prohibited. To protect participating individuals’ identities, information is de-identified.
MEET LEGAL AND REGULATORY OBLIGATION
In certain circumstances, we use your Personal Information if we are required to by law or legal proceeding. We will only share the information we are required to disclose by law and only when we are required to do so, including to meet national security or law enforcement requirements.
SECURITY AND FRAUD PREVENTION
When necessary, we will use your Personal Information to preserve the security of our Website, systems, and Personal Information in our control. If necessary, we will also use your Personal Information to investigate possible fraud, to identify violations of this Privacy Statement and our Terms of Service, and to prevent any attempted harm to you and our services.
Personal Information Sharing and Disclosure
We disclose your Personal Information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.
Please note that our disclosure of your PHI is governed by our NPP [add link], not this section.
Disclosures to provide our services
- Health care provider: If your health care provider accesses your test results via the Physician Portal, we will disclose your first and last name, date of birth, gender at birth, additional demographic information supplied by your provider when ordering testing, including your address, phone number, email, medical history, height and weight.
- BUSINESS PARTNERS: We may share your Personal Information with business partners to provide you with a product or service you have requested. We may also share your Personal Information with business partners with whom we jointly offer products or services.
- SUPPORT VENDORS: When necessary, we share your data with third-party vendors working on our behalf to provide specific business support services, including payment processing, website hosting and management, and career applications. Such third-party vendors will only receive information necessary to provide the respective services and will be bound by confidentiality agreements limiting the use of such information.
- AFFILIATES: We may share your Personal Information with our company affiliates.
- PUBLIC HEALTH AUTHORITIES: We may share your Personal Information and results with federal, state, and local public health authorities as required by applicable laws and regulations for public health purposes (e.g., to prevent the spread of COVID-19).
- WEBSITE ANALYTICS COMPANIES: We share De-identified Information regarding visitors to our website with third-party website analytics companies. These companies use this De-identified Information to provide us with insight regarding our web usage patterns. As we only share De-identified Information, this information cannot be traced back to you individually by either us or the Website analytics vendors. We use Google Analytics to provide us website usage and analytic reports, which necessitates us sharing your Aggregate Information. You may choose not to share your data with Google by installing the Google Analytics opt-out browser add-on, which instructs your browser not to provide your website usage data to Google Analytics. To opt-out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout to install the browser add-on. Please note that installing the Google Analytics opt-out browser add-on will only disable the use of Google Analytics and will not prevent data from being sent to the website itself or to other web analytics services.
We may be legally required to disclose your Personal Information, if such disclosure is:
- required by subpoena, law, or other legal process;
- necessary to assist law enforcement officials or government enforcement agencies; and/or
- necessary to protect us from legal action or claims from third parties including you and/or other Members.
SECURITY AND FRAUD PREVENTION EFFORTS
When necessary, we will share your Personal Information to investigate, prevent, or act regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations or suspected violations of this Privacy Statement, our agreements or arrangements with you or other policies in effect from time to time to which you are subject, or as otherwise required by law.
SALE OF BUSINESS
We reserve the right to transfer your Personal Information in the event we sell or transfer all or a portion of our business or its assets to which your Personal Information relates. Should this event occur, we will let you know.
Your Choices and Rights
your privacy choices
The privacy choices you may have about your Personal Information are determined by applicable law and are described below.
- Email Communications: If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails and/or you may send us a return email asking to be omitted from future email distributions. Please note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms or this Privacy Statement).
- Text Messages and Phone Calls. If you receive an unwanted text message and/or phone calls from us, you may opt out of receiving future text messages and/or phone calls from us by following the instructions in the text message and/or phone call you have received from us or by otherwise contacting us as set forth in “Contact Us” below.
Your privacy rights
Your rights in relation to your Personal Information are:
- The right of access: you have the right to request a copy of your Personal Information
- The right to rectification: you have the right to have inaccurate, incomplete or obsolete data rectified
- The right to erasure: you have the right to ask for your Personal Information to be deleted in situations set forth by applicable laws
- The right to restrict processing: you have the right to request the restriction of processing of your Personal Information under certain circumstances
- The right to data portability: you have the right to request a copy of your Personal Information in a machine-readable format
- The right to object: you have the right to object to the processing of your Personal Information
- Rights in relation to automated decision making and profiling: you have the right to request human intervention on automated decisions.
- The right to withdraw your consent where the collection and processing of your Personal Information is based on your consent
If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below or as otherwise instructed in any additional privacy notices provided at the time we collect your Personal Information. We will process such requests in accordance with applicable laws.
COMPLAINT AND CONCERNS
We value your concerns and would like to have to opportunity to address them first. Please contact us at firstname.lastname@example.org. You shall have the right to lodge a complaint with a supervisory authority in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of Personal Information relating to you infringes data protection laws.
Children Under the Age of 18
ADx Health is committed to protecting the privacy of children as well as adults. A parent or guardian may collect a sample from, create an account for, and provide information related to, his or her child who is under the age of 18. The parent or guardian assumes full responsibility for ensuring that the information that he/she provides to ADx Health about his or her child is kept secure and that the information submitted is accurate.
If you believe your child is providing or has submitted Personal Information to ADx Health and you wish to remove any Personal Information about your child, please contact our Privacy Officer at the address provided in the “Contact Information” section below. If we learn we have collected or received Personal Information from a child under 18 without verification of parental consent, we will delete that information.
California Privacy Rights
If you are a resident of the State of California and you have provided your Personal Information to us, you have the right to request a list of all third parties to which we have disclosed your Personal Information for direct marketing purposes. If you exercise your right to submit such a request to us, we will send you the following information:
- The categories of information we have disclosed to any third party for any third party’s direct marketing purposes during the preceding year; and
- The names and addresses of third parties that received such information, or if the nature of their business cannot be determined from the name, then examples of the products or services marketed.
- You may make such a request by contacting us at the address provided at the end of this Privacy Statement under the heading “Contact Information.”
If you are a California resident and would like a copy of this Privacy Statement, please submit a written request to: email@example.com. California law also requires that we disclose how we respond to “do-not-track requests” from our users. At this time, we do not currently respond to “do-not-track” requests from our users’ browsers.
Under California Civil Code Section 1789.3, California users are entitled to the following specific consumer rights notice: If you have a question or complaint regarding our Website, please send an email to firstname.lastname@example.org. You may also contact us by writing to:
Attn: Elaine Luckey, Privacy Officer
3560 Meridian Street, Suite 101
Bellingham, WA 98225
California residents may reach the Consumer Information Center of the California Department of Consumer Affairs in writing at 1625 North Market Blvd., Suite N-112, Sacramento, California 95834, or by telephone at 916-445-1254 or 800-952-5210.
Other Important Information
CROSS-BORDER DATA TRANSFERS
We process data in the United States and Canada.
The Website may contain links to other websites that are not under our direct control. This Privacy Statement applies only to our Websites and not to any third-party websites, which may have their own policies regarding privacy. We have no control of or responsibility for linked websites and provide these links solely for the convenience and information of our visitors. You access such linked websites at your own risk.
You should check the privacy policies, if any, of those individual websites to see how the operators of those third-party websites will utilize your Personal Information. In addition, these websites may contain a link to websites of our affiliates. The websites of our affiliates are not subject to this Privacy Statement, and you should check their individual privacy policies to see how the operators of such websites will use your Personal Information.
We take steps to ensure that your information is treated securely and in accordance with this Privacy Statement. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss of Personal Information.
By using our Services or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services, by mail, or by sending an email to you.
We store the Personal Information we collect as described in this Privacy Statement for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
PRIVACY Statement CHANGES
We reserve the right to modify this Privacy Statement at any time. You can find the most current version of our Privacy Statement at any time by clicking on the “Privacy Statement” link at the bottom of our website. If we make material changes to this Privacy Statement, we may notify you on our Website, by a blog post, by email, or by any method we determine. The method we chose is at our sole discretion. Any changes we make to our Privacy Statement are effective as of this Last Updated date and replace any prior privacy statement.
To ask questions or comment about this Privacy Statement and our privacy practices, or submit a complaint, please contact us at:
Attn: Elaine Luckey, Privacy Officer
3560 Meridian Street, Suite 101
Bellingham, WA 98225