- Privacy Notice Overview
- Why Do We Collect Information?
- What Categories of Personal Information Do We Collect?
- How Do We Collect Information?
- How Do We Use Personal Information?
- When Do We Share Personal Information?
- What Security Measures Do We Have?
- What Choices Do You Have About Your Personal Information?
- Data Retention
- Children’s Privacy
- Data Transfers
- Links to Other Websites
- Your Rights – Nevada Residents
- Your Rights – California Residents
- Your Rights – EU, Switzerland and UK
- Exercising Your Rights
- Contact Us
We at SomaLogic, Inc. and our affiliates (“SomaLogic”, “we”, “us”) care deeply about privacy, security, and online safety. This Privacy Notice (“Notice”) is designed to inform you about how we collect, use, and share your Personal Information (as defined below).
This Notice applies to “Personal Information” we obtain from individuals through our website (our “Site”), products, and services (collectively, the “Services”), and from third party and publicly available sources, as further described below. Please read this Notice carefully before you start to use our Services, whether online or offline. When referenced in this Notice, the term “Personal Information” includes any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, including any information that is subject to applicable data protection laws, including “protected health information” as defined under the Health Insurance Portability and Accountability Act of 1996, as amended and implemented (“HIPAA”), “Personal Data” as defined under the European Union (“EU”) General Data Protection Regulation 2016/679 (“GDPR”), the GDPR as it applies in the United Kingdom (“UK”), the UK Data Protection Act 2018, and the Swiss Federal Act on Data Protection and related Ordinances (“Switzerland”), and “Personal Information” as defined under the California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et. seq., as amended (“CCPA”).
As SomaLogic grows and our business changes, we reserve the right to modify, expand, or update this Notice at any time as we deem appropriate to reflect those changes. When we make changes to this Notice, we will post the updated notice on the Site and update the Notice’s “last updated” date above. It is important that you check back from time to time and make sure that you have reviewed the most current version of this Notice. If you do not agree with the changes, then you should stop using our Site and Services and notify us that you do not want your Personal Information used in accordance with the changes.Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.
Why Do We Collect Information?We rely on a wide variety of information to run our business. In some instances, this information may include Personal Information. In this Notice, we will provide multiple examples of how Personal Information we collect may be used and why it is important. Some of the reasons that we collect Personal Information include to:
- Provide our Services, and improve them over time;
- Allow you to download information;
- Personalize and manage our relationship with you, including introducing you to Services that may be of interest to you;
- Send you marketing communications;
- Investigate, respond to, and manage inquiries; and
- Work with and respond to law enforcement and regulators.
What Categories of Personal Information Do We Collect?The following are examples of the types of Personal Information that may be collected about you when you interact with us online or offline (the specific types of information collected will depend on the Services used):
- Personal identifiers: Name, alias, email address, postal address, company/institution name, job title, and phone number.
- Health information: Medical history, medical treatment or diagnosis, test results, clinical data, and health care provider information.
- Internet or other electronic network activity (collectively, “Usage Data”):
- Details about your computers, devices, applications, and networks (including IP address, browser characteristics, device ID, operating system, and language preferences);
- Activities on our Site and usage patterns of Services (including referring URLs, dates and times of website visits, and clickstream data);
- Data about files and communications, such as potential malware or spam (which may include computer files, emails and attachments, email addresses, metadata, and traffic data, or portions or hashes—a hash file is a file that has been converted into a numerical string by a mathematical algorithm—of any of this information).
How Do We Collect Information?We will collect the Personal Information described above from one or more of the below sources:
- Directly from you throughout our relationship through both online and offline interactions, including when you contact us, access our Site, or sign up for and/or use our Services;
- Indirectly from you, for example, from observing your actions on our Site;
- From our affiliates and partners, such as health care providers, health systems, and clinical laboratories;
- From third parties that are authorized to share your Personal Information with us; and
- From publicly available sources of information.
Information That You Give Us: Typically, the type of Personal Information we collect directly from you is your contact information. You decide how much Personal Information to share with us in most cases, but not sharing required Personal Information may limit your ability to fully engage with us.
Information Collected Automatically: When you use or interact with our Site, we receive and store information generated by your activity, like Usage Data, and other information automatically collected from your browser or mobile device. This information may include your IP address; browser type and version; preferred language; geographic location using IP address or the GPS, wireless, or Bluetooth technology on your device; operating system and computer platform; the full Uniform Resource Locator (URL) clickstream to, through, and from our Site, including date and time; and areas of our Site that you visited. We also may log the length of time of your visit and the number of times you visit. We may assign you one or more unique identifiers to help keep track of your future visits.In most cases, this information is generated by various tracking technologies. Tracking technologies may include “cookies”, “flash LSOs,” “web beacons” or “web bugs,” and “clear GIFs”.
Information from Other Sources: We may receive Personal Information about you from third parties and from publicly available sources, including, when legally permitted, from your health care providers and health systems, lead generation companies and business-focused social media sites such as LinkedIn.
How Do We Use Personal Information?We may use or disclose the Personal Information we collect for one or more of the following business purposes:
- To fulfil or meet the reason you provided the information;
- To provide, support, personalize, and develop our Services;
- To process your requests, transactions, payments and prevent transactional fraud;
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
- To personalize your Site experience and to deliver content and Service offerings relevant to your interests, including targeted offers and ads through our Site, third-party sites, and via email or text message (with your consent, where required by law);
- To help maintain the safety, security, and integrity of our Site/software/systems/networks, and Services, databases and other technology assets, and business;
- For testing, research, analysis, and product development, including to develop and improve our Services;
- To manage our relationship with you or your business;
- To manage our vendor and partner relationships;
- To develop new ways to meet our customers’ needs and to grow our business, for example by seeking customer feedback or sharing our market research;
- To develop and carry out marketing activities in order to keep our customers and prospective customers informed about our Services;
- To protect our and others’ interests, rights, and property;
- To develop and manage our brand; and
- To respond to requests by law enforcement and our regulators and as may otherwise be required by applicable law, court order, or governmental regulations.
When Do We Share Personal Information?
We respect the importance of privacy. Other than as provided in this Notice, we do not sell your Personal Information, nor do we share it with unaffiliated third parties for their own marketing use, unless we have your consent, or we are required by law to do so. Generally, we may disclose the Personal Information we collect to facilitate our communications with customers, to operate our business, to advertise or promote our Services, or with your consent.
We may share Personal Information with third parties in the following ways:
- To authorized third parties who perform services for us (including cloud services, data storage, sales, human resources, and marketing). Our contracts with our service providers include commitments that they agree to limit their use of Personal Information and to comply with privacy and security standards at least as stringent as the terms of this Notice. Remember that if you provide Personal Information directly to a third party, such as through a link on the Site, the processing is typically based on their standards;
- If we believe disclosure is necessary to prevent physical, financial, or other harm, injury, or loss;
- To legal, governmental, or judicial authorities, as instructed or required by those authorities or applicable laws, or in relation to a legal activity, such as in response to a subpoena or investigating suspected illicit activity;
- We may share your Personal Information in connection with a proposed or actual corporate merger, acquisition, consolidation, sale of assets, bankruptcy, insolvency or other corporate change;
- We reserve the right to disclose or use aggregated or de-identified data for any lawful purpose; and
- We may share your Personal Information with your consent or as otherwise permitted or required by law.
What Security Measures Do We Have?
We use various reasonable safeguards (administrative, organizational, technical, and physical) to protect the Personal Information we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. Nonetheless, no such measure is ever 100% effective; therefore, we do not guarantee that your Personal Information will be secure from theft, loss, or unauthorized access or use, and we make no representation as to the reasonableness, efficacy, or appropriateness of the measures we use to safeguard such Personal Information. We encourage you to use caution when using the Internet. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us as specified in the “Contact Us” section below.
What Choices Do You Have About Your Personal Information?
Depending on your jurisdiction, we offer certain choices about how we communicate with our users and what Personal Information we obtain about them. If you have any questions regarding these rights, please contact us as specified in the “Contact Us” section below. Please note that we may request additional information to respond to or fulfill any requests regarding your rights under applicable laws or regulations.You may choose not to receive marketing communications from us by clicking on the unsubscribe link, or contacting us as specified in the “Contact Us” section below. We might still send you some important emails, like responding to you by email if you send us a request or comment.
If you are a California or Nevada resident or an EU- or UK-based individual, you have additional rights. See the respective “Your Rights” sections below.
Data RetentionThe time periods for which we retain your Personal Information depend on the purposes for which we use it and applicable law for the type of data and use. SomaLogic will keep your Personal Information for as long as you are a registered subscriber or user of our Services or for as long as we have a valid business purpose to do so and, thereafter, for no longer than is required or permitted by law, as reflected in SomaLogic’s Records Retention Policy. The Personal Information we collect may be stored and processed in servers in the United States and/or other jurisdictions where SomaLogic, or our service providers, have facilities.
Children’s PrivacySomaLogic does not knowingly collect Personal Information from children under the age of 13 without first obtaining parental consent in accordance with applicable laws. If you believe we have collected Personal Information from your child in error or have questions or concerns about our practices relating to children, please notify us using the Contact Us details below.
Data TransfersSomaLogic is headquartered in the United States, and we have operations, entities, and service providers both in the United States and throughout the world. As such, we and our service providers may transfer your Personal Information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your Personal Information receives an adequate level of protection in the jurisdictions in which we process it. If you are located in the European Economic Area, Switzerland or UK, we provide adequate protection for the transfer of Personal Information to countries outside of these areas, such as through the use of authorized Standard Contractual Clauses.
Links to Other WebsitesOur Site may contain links to other websites for your convenience and information. These websites may be operated by companies not affiliated with SomaLogic. Linked websites may have their own privacy policies or notices, which we strongly suggest you review if you visit those websites. We are not responsible for the content, privacy practices, or use of any websites that are not affiliated with SomaLogic.
Your Rights – Nevada ResidentsAlthough SomaLogic does not sell Personal Information, Nevada residents have the right to submit a verified request directing SomaLogic not to sell their Personal Information. If you are a Nevada resident, and would like to submit such a request, please send your request through any of the methods noted below at “Exercising Your Rights.”
Your Rights – California Residents
Shine the Light Law
California Civil Code Section 1798.83 permits California residents to request a list of all third parties to which we, during the immediately preceding calendar year, have disclosed certain Personal Information for direct marketing purposes. SomaLogic does not share your Personal Information with non-affiliated third parties for their direct marketing use without your permission.
California Consumer Privacy Act (CCPA)
Access to Specific Information and Personal Information Portability Rights
You have the right, subject to certain exceptions defined in the CCPA and other applicable laws and regulations, to request that companies disclose certain information to you about their collection and use of your Personal Information over the past twelve (12) months. This right of access includes information about:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting that Personal Information.
- The categories of third parties with whom we share that Personal Information
- The categories of Personal Information that each recipient received.
- The specific pieces of Personal Information we collected about you.
Deletion Request Rights
You have the right, subject to certain exceptions defined in the CCPA and other applicable laws and regulations, to request that a company delete any of your Personal Information that it has collected from you and retained.
Exercising Access, Personal Information Portability, and Deletion Rights
When you make a request, we may require that you provide information and follow procedures so that we can verify the request and your jurisdiction before responding to it. The verification steps we take may differ depending on the request you make. We will only use the information received in a request for the purposes of responding to the request.
We are not required to respond to a consumer’s requests for access or disclosure of Personal Information more than twice in a twelve (12) month period. Please note that we will not accept more than two verifiable consumer requests within a twelve (12) month period. In some instances, we may direct your request to the organization from whom we received your Personal Information.
The CCPA permits California consumers to use an authorized agent to make privacy rights requests. We will confirm the agent’s authority with the California consumer about whom the request was made.
Many web browsers allow for the use of a “Do Not Track” function to inform websites that you do not want your online activities tracked. At this time, we do not track your or any other users’ Personal Information over time and across third-party websites. Our Site, therefore, does not respond to browser do-not-track signals.
No Sale of Personal Information You have the right, subject to certain exceptions defined in the CCPA and other applicable laws and regulations, to request that companies stop selling your personal information and refrain from doing so in the future. We are not currently selling your Personal Information.
Information Exempt from the CCPA
Note that certain information that is governed by the California Confidentiality of Medical Information Act (CMIA), HIPAA, or is subject to the Federal Policy for the Protection of Human Subjects, also known as the Common Rule, pursuant to good clinical practice guidelines issued by the International Counsel for Harmonisation or pursuant to human subject protection requirements of the United States Food and Drug Administration, is not considered Personal Information with respect to the rights of California residents noted above. However, additional rights might be available under those laws and standards. Please contact us at [email protected] for more information.
Your Rights – EU, Switzerland and UK
If you are based in the EU, Switzerland or UK, you are entitled to the following rights in relation to your Personal Information:
The right to access: You have the right to request from us copies of the Personal Information we hold about you.
The right to rectification: You have the right to request that we correct any Personal Information about you that is inaccurate. You also have the right to request that we complete the Personal Information we hold about you where you believe it is incomplete.
The right to erasure: You have the right to request that we erase your Personal Information, under certain conditions.
The right to restrict processing: You have the right to request that we restrict the processing of your Personal Information, under certain conditions.
The right to object to processing: You have the right to object to our processing of your Personal Information, under certain conditions and you have an unconditional right to object to the processing of your Personal Information for direct marketing purposes.
The right to data portability: You have the right to request that we transfer the Personal Information we have collected about you to another organization, or directly to you, under certain conditions.
The right to withdraw consent: Where we rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time.
The right to make a complaint to a UK or EU data protection regulator. The Information Commissioner’s Officer is the regulator in the UK and their details are here: https://ico.org.uk/make-a-complaint/. Here is a list of the regulators in the EU: https://edpb.europa.eu/about-edpb/board/members_en.
SomaLogic relies on the following legal bases when we use Personal Information described in the section “How Do we Use Personal Information”:
- Performing our contracts with you
- Legitimate interests
- Consent, such as where required to provide you with marketing communications
Exercising Your RightsTo exercise the rights described above, please submit a request to us by either:
- Emailing us at [email protected]
- Calling us at 877-990-2626
If you have questions or concerns regarding this Notice, would like to access the Notice in an alternative format, or would like to update information we have about you or your preferences, please contact us by email at [email protected], or by one of the following additional methods:
In the United States by calling us at 303-625-9000, Toll-Free 877-990-2626, or by writing to us at:
2945 Wilderness Place
Boulder, Colorado 80301
ATTN: Data Privacy Officer
In the EU and UK, we have appointed Reed Smith LLP as our GDPR representative. Reed Smith is authorised to receive communications relating to how we use Personal Information on our behalf and can be contacted by writing to:
For the EU:
Reed Smith LLP
112 Avenue Kléber
+33 (0)1 76 70 40 86
For the UK:
Reed Smith LLP
The Broadgate Tower
20 Primrose Street
London EC2A 2RS
+44 (0)20 3116 3000 ext. 3494