Privacy Policy

Last Updated: December 5, 2022

Lynx Dx Inc. (“Company”, “we”, “us”, or “our”) is a leading molecular diagnostic testing company dedicated to the discovery and utilization of innovative technologies for early disease detection and to improve the quality of patient lives. Our primary responsibility is to our patients and customers and as part of that service, Lynx Dx understands the importance of data privacy and security and respects patient’s rights regarding the processing of their personal information.

This Privacy Policy describes how we collect and use the personal information you provide to us on our website and all other websites, mobile sites, applications, platforms and tools where this Privacy Policy appears or is linked, and through the use of our services, (collectively the “Site”). It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.

We collect, use and are responsible for certain personal information about you. When we do so we are subject to various laws in the United States, and we are responsible as controller of that personal information for the purposes of those laws.

By creating an account, providing information to us (by any means, whether in correspondence, via our Site, or otherwise), or continuing to use our services, you acknowledge that you have read, understood, and consent to be bound by this Privacy Policy.

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY OR OUR PRACTICES, YOU MAY NOT USE OUR SITE. THIS PRIVACY POLICY MAY CHANGE FROM TIME TO TIME AND YOUR CONTINUED USE OF OUR SITE CONSTITUTES YOUR ACCEPTANCE OF THOSE CHANGES. WE ENCOURAGE YOU TO REVIEW THIS PRIVACY POLICY PERIODICALLY.

As used in this Privacy Policy, “personal information” means any information relating to an identified or identifiable individual. We may collect and use the following personal information:

1. Identifiers – Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
2. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). – Such as a name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
3. Protected classification characteristics under California or federal law – Such as age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
4. Commercial information – Such as records of products or services purchased.
5. Sensitive personal information – Such as the processing of biometric information for the purpose of uniquely identifying a consumer; personal information collected and analyzed concerning a consumer’s health; or personal information that reveals:
   1. A person’s social security, driver’s license, state identification card, or passport number.
   2. A person’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
   3. A person’s racial or ethnic origin.

This personal information may be required by us in order to provide our product and/or service offerings to you. If you do not provide the personal information we ask for, it may delay or prevent us from providing products and/or services to you.

Some of the personal information processed by Lynx Dx, Inc., in connection with the Site, may be subject to additional laws and regulations, such as rules issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), that govern a health insurer and health care providers’ use and disclosure of certain individually identifiable health-related Personal Information (“Protected Health Information”).

As a service provider to our some of our customers, we collect and analyze data related to our customers patients on our customers behalf. In such cases, when we receive Protected Health Information, we may do so as a “Business Associate” of our customers under an agreement that, among other things, prohibits us from using or disclosing the Protected Health Information in ways that are not permissible by the customers itself, and requires us to implement certain measures to safeguard the confidentiality, integrity, and availability of the Protected Health Information. When we act as a Business Associate, we may be subject to certain laws and regulations, including certain HIPAA rules that govern our use and disclosure of Protected Health Information and that may be more restrictive than otherwise provided in this Privacy Policy.

To the extent that any of the personal information we collect in connection with the Site constitutes Protected Health Information under HIPAA, we will comply with the requirements of HIPAA and its implementing regulations. Additionally, Lynx Dx, Inc. will only process such Protected Health Information upon instruction from our customers or their health care providers, consistent with our Terms of Use, Business Associate Agreements, and our HIPAA Notice of Privacy Practices available at: https://www.lynxdx.com/hipaa-notice-of-privacy.

Cookies

Cookies are small text files of information stored by the Internet browser on your computer’s hard drive. We may use these cookies to collect browsing data to keep track of your preferences and profile information and to collect general usage and volume statistical information. We do not use cookies on our Site.

How to Manage Cookies

Although our Site does not use cookies or web beacons, you have the right to decide whether to accept or reject certain cookies on all websites. You can set your browser not to accept cookies. Please visit http://www.aboutads.info/choices/, http://www.youronlinechoices.com/, or http://www.networkadvertising.org/ for more information about how to manage website cookies.

We do not track users across the web and therefore do not respond to web browser “do not track” signals.

We may use your personal information to send you updates (by email, text message, telephone or post) about our products and/or services, including new products and/or services we may offer in the future. By using the Site, you expressly agree to opt in to text and email communications, you agree that you are solely responsible for the content transmitted through text and email messages sent related to your use of the Site and that you are responsible for any text message fees charged by your mobile communications service provider.

You have the right to opt out of receiving promotional communications at any time by:

• Contacting us by using one of the methods listed in the “How to Contact Us” Section below; or
• Using the “unsubscribe” link in emails or “STOP” number in texts.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.

We collect most of this personal information directly from you—in person, by telephone, text or email and/or via our Site. However, we may also collect information:

• From publicly accessible sources (e.g., property records);
• Directly from a third party, including health care providers; and
• Via our IT systems, including automated monitoring of our Site and other technical systems, such as our computer networks and connections, communications systems, email and instant messaging systems.

Under data protection law, we can only use your personal information if we have a proper reason for doing so, e.g.,

• To comply with our legal and regulatory obligations;
• For the performance of our contract with you or to take steps at your request before entering into a contract;
• For our legitimate interests or those of a third party (i.e. to minimize fraud that could be damaging for us and for you, to make sure we are following our own internal procedures so we can deliver the best service to you, to be as efficient as we can so we can deliver the best service for you at the best price, to protect trade secrets and other commercially valuable information, to prevent and detect criminal activity that could be damaging for us and for you, to make sure that we can keep in touch with our customers about existing orders and new products, and to promote our business to existing and former customers; or
• Where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

We use (process) your personal information:

• To provide products and/or services to you;
• To prevent and detect fraud against you or Lynx Dx Inc.;
• To ensure business policies are adhered to, e.g., policies covering security and internet use;
• For operational reasons, such as improving efficiency, training and quality control;
• To prevent unauthorized access and modifications to systems;
• For statistical analysis to help us manage our business;
• To update and enhance customer records; and
• For marketing our services, if you have opted-in to receiving such marketing material.

We may also anonymize, aggregate or de-identify personal information so the end-product does not identify you or any other individual. For example, we may use this information to generate norms by industry, geography, level, etc., enable us to understand where our services are being utilized, conduct ongoing validation studies, compile reports, and improve the services. Such aggregated, anonymized or de-identified information is not considered personal information for purposes of this Privacy Policy and we may use it for any purpose.

We routinely share personal information with:

• Our affiliates, including companies within the Lynx Dx Inc. group;
• Service providers we use to help deliver our products and/or services to you, including payment providers;
• Other third parties we use to help us run our business, such as website hosts (to the extent the personal information does not contain Protected Health Information); and
• Third parties approved by you, such as health care providers, health insurers, and State health departments (to the extent required to do so by applicable laws).

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information, including (where applicable), in compliance with HIPAA.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations, to protect and defend the rights or property of Lynx Dx, Inc., to act in urgent circumstances to protect the personal safety of users of the Site or the public, and/or protect against legal liability.

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. We will typically anonymize information, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

We will keep your personal information while you have an account with us or while we are providing products and/or services to you. Thereafter, we will keep your personal information for as long as is necessary:

• To respond to any questions, complaints or claims made by you or on your behalf;
• To show that we treated you fairly; or
• To keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this Privacy Policy. Different retention periods apply for different types of personal information.

Our Site is not directed to children, and you may not use our Site if you are under the age of 18. If you are under 18, do not use our services, access the Site, or provide any information about yourself including, without limitation, your name, address, email address or any screen name or user name you may use.

If we learn that we have collected or received personal information from a child under 13 without verification of parental consent, in compliance with the Children’s Online Privacy Protection Act, we will purge such information from our database and cancel the corresponding accounts. If you believe we may have any information from or about a child under 13, please see our “How to Contact Us” Section below. Please visit the FTC’s website at www.ftc.gov for tips on protecting children’s privacy online.

We use reasonable and appropriate physical, technical, and administrative safeguards to protect your information from unauthorized use, access, loss, misuse, alteration, or destruction. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

However, while we strive to protect your privacy, due to many reasons, including the inherent security flaws in the internet, we cannot guarantee the security of any information you disclose to us and, as such, you agree that your disclosure of such information is at your own risk.

Information may be held at our offices and those of our third party agencies, service providers, representatives and agents as described above (see above: “Who We Share Your Personal Information with”).

Lynx Dx Inc. is headquartered in the United States and utilizes service providers in the United States. The Site is not intended for Site visitors outside the United States. If you are a non-U.S. user of the Site, by visiting the Site and providing us with data, you acknowledge and agree that your personal information may be processed for the purposes identified in this Privacy Policy. If you choose to access our Site outside the United States, Company and our service providers may transfer your personal information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. In particular, you are advised that the United States of America uses a sectoral model of privacy protection that relies on a mix of legislation, governmental regulation, and self-regulation. Where the laws of your country allow you to do so, by using the Site or the services or by providing your data, you consent and authorize Company to transfer, store, and use all such personal information in the United States of America (and any other country where we operate) which may not offer an equivalent level of protection to that required in the country where you reside and to the processing of that personal information by us on our servers located in the United States of America, as described in this Privacy Policy. If you do not want your personal information transferred to the United States of America and any other country where we operate, please do not submit any information to us or use our Site or the services.

If, in your interactions with the Site, you are linked or directed to, or click on, a third party website, we cannot control what information you may provide to that party or on that website, and we are not responsible for how that party may use or disclose any information you may provide to them. This is not as an endorsement by us of any third party website, content that may be offered on such third party website, or of any products or services provided by such third party. We do not control, nor are we responsible for, such third party website, product or service offerings. As such, we urge that you exercise caution before providing them with your personal information and to review the third party’s privacy policy for information on its data processing practice.

You should contact the site administrator for such third party website if you have any complaints, claims, concerns or questions regarding such third party website or its privacy practices.

This Privacy Policy was published on the date “Last Updated” above.

We may change this Privacy Policy from time to time. Changes to this Privacy Policy will be made by updating this page. Please visit this Privacy Policy regularly to read the current version.

Please contact us by post, email or telephone if you have any questions about this Privacy Policy or our privacy practices.

Our contact details are shown below:

Lynx Dx Inc.
Attention: Privacy Officer
5230 S State Rd
Ann Arbor, MI 48108
Phone Number: (734) 212-6561
Email: compliance.officer@lynxdx.com