SomaLogic Privacy Notice
Last updated: January 1, 2020
This Privacy Notice provides information about data we collect, use, and share, and our commitment to using the personal data we collect in a transparent and respectful manner.
- Privacy Notice Overview
- Why Do We Collect Information?
- What Categories of Personal Information Do We Collect?
- How Do We Collect Information?
- How Do We Use Personal Information?
- When Do We Share Personal Information?
- What Security Measures Do We Have?
- What Choices Do You Have About Your Personal Information?
- Data Retention
- Children’s Privacy
- Data Transfers
- Links to Other Websites
- Your Rights – Nevada Residents
- Your Rights – California Residents
- Exercising Your Rights
- Contact Us
We at SomaLogic, Inc. and our affiliates (“SomaLogic”, “we”, “us”) care deeply about privacy, security, and online safety. This Privacy Notice (“Notice”) is designed to inform you about how we collect, use, and share your Personal Information (as defined below).
This Notice applies to “Personal Information” we obtain from individuals through our website (our “Site”), products, and services (collectively, the “Services”). Please read this Notice carefully before you start to use our Services, whether online or offline. When referenced in this Notice, the term “Personal Information” includes any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, including any information that is subject to applicable data protection laws, including “protected health information” as defined under the Health Insurance Portability and Accountability Act of 1996, as amended and implemented (“HIPAA”), “Personal Data” as defined under the European Union (“EU”) General Data Protection Regulation 2016/679 (“GDPR”) and the UK Data Protection Act 2018, and “Personal Information” as defined under the California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et. seq., as amended (“CCPA”).
As SomaLogic grows and our business changes, and we may update this Notice at any time as we deem appropriate to reflect those changes. When we make changes to this Notice, we will post the updated notice on the Site and update the Notice’s effective date. It is important that you check back from time to time and make sure that you have reviewed the most current version of this Notice. Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.
Why Do We Collect Information?
We rely on a wide variety of information to run our business. In some instances, this information may include Personal Information. In this Notice, we will provide multiple examples of how Personal Information we collect may be used and why it is important. Some of the reasons that we collect Personal Information include to:
- Provide our Services, and improve them over time;
- Allow you to download information;
- Personalize and manage our relationship with you, including introducing you to Services that may be of interest to you;
- Investigate, respond to, and manage inquiries; and
- Work with and respond to law enforcement and regulators.
What Categories of Personal Information Do We Collect?
The following are examples of the types of Personal Information that may be collected about you when you interact with us online or offline (the specific types of information collected will depend on the Services used):
- Personal identifiers: Name, alias, email address, postal address, company/institution name, job title, and phone number.
- Health information: Medical history, medical treatment or diagnosis, test results, clinical data, and health care provider information.
- Internet or other electronic network activity:
- Details about your computers, devices, applications, and networks (including IP address, browser characteristics, device ID, operating system, and language preferences);
- Activities on our Site and usage patterns of Services (including referring URLs, dates and times of website visits, and clickstream data);
- Data about files and communications, such as potential malware or spam (which may include computer files, emails and attachments, email addresses, metadata, and traffic data, or portions or hashes—a hash file is a file that has been converted into a numerical string by a mathematical algorithm—of any of this information).
- SomaLogic Service use history.
- The location from which you access our Services.
We also collect information, such as clickstream data and aggregate usage statistics, which is generally not personally identifying.
How Do We Collect Information?
We will collect the Personal Information described above from one or more of the below sources:
- Directly from you throughout our relationship through both online and offline interactions, including when you contact us or sign up for and/or use our Services;
- Indirectly from you, for example, from observing your actions on our Site;
- From our affiliates and partners, such as health care providers, health systems, and clinical laboratories;
- From third parties that are authorized to share your Personal Information with us; and
- From publicly available sources of information.
Information That You Give Us: Typically, the type of Personal Information we collect directly from you is your contact information. You decide how much Personal Information to share with us in most cases, but not sharing required Personal Information may limit your ability to fully engage with us.
Information Collected Automatically: When you use or interact with our Site, we receive and store information generated by your activity, like Usage Data, and other information automatically collected from your browser or mobile device. This information may include your IP address; browser type and version; preferred language; geographic location using IP address or the GPS, wireless, or Bluetooth technology on your device; operating system and computer platform; the full Uniform Resource Locator (URL) clickstream to, through, and from our Site, including date and time; and areas of our Site that you visited. We also may log the length of time of your visit and the number of times you visit. We may assign you one or more unique identifiers to help keep track of your future visits.
In most cases, this information is generated by various tracking technologies. Tracking technologies may include “cookies”, “flash LSOs,” “web beacons” or “web bugs,” and “clear GIFs”.
Information from Other Sources: We may receive Personal Information about you from third parties, including, when legally permitted, from your health care providers and health systems.
How Do We Use Personal Information?
We may use or disclose the Personal Information we collect for one or more of the following business purposes:
- To fulfill or meet the reason you provided the information;
- To provide, support, personalize, and develop our Services;
- To process your requests, transactions, payments and prevent transactional fraud;
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
- To personalize your website experience and to deliver content and Service offerings relevant to your interests, including targeted offers and ads through our websites, third-party sites, and via email or text message (with your consent, where required by law);
- To help maintain the safety, security, and integrity of our Site/software/systems/networks, and Services, databases and other technology assets, and business;
- For testing, research, analysis, and product development, including to develop and improve our Services;
- To manage our relationship with you or your business;
- To develop new ways to meet our customers’ needs and to grow our business, for example by seeking customer feedback or sharing our market research;
- To develop and carry out marketing activities in order to keep our customers informed about our Services;
- To develop and manage our brand; and
- To respond to requests by law enforcement and our regulators and as may otherwise be required by applicable law, court order, or governmental regulations.
When Do We Share Personal Information?
We respect the importance of privacy. Other than as provided in this Notice, we do not sell your Personal Information, nor do we share it with unaffiliated third parties for their own marketing use, unless we have your consent, or we are required by law to do so. Generally, we may disclose the Personal Information we collect, including Personal Information, in order to facilitate our communications with customers, to operate our business, to advertise or promote our Services, or with your consent.
We may share Personal Information with third parties in the following ways:
- To authorized third parties who perform services for us (including cloud services, data storage, sales, human resources, and marketing). Our contracts with our service providers include commitments that they agree to limit their use of Personal Information and to comply with privacy and security standards at least as stringent as the terms of this Notice. Remember that if you provide Personal Information directly to a third party, such as through a link on the Site, the processing is typically based on their standards;
- When legally authorized, to our research partners, including laboratories, pharmaceutical companies, biotechnology companies, and research organizations.
- If we believe disclosure is necessary to prevent physical, financial, or other harm, injury, or loss;
- To legal, governmental, or judicial authorities, as instructed or required by those authorities or applicable laws, or in relation to a legal activity, such as in response to a subpoena or investigating suspected illicit activity;
- We may share your Personal Information in the event we sell or transfer all or a portion of our business or assets; and
- We may share your Personal Information with your consent or as otherwise permitted or required by law.
What Security Measures Do We Have?
We use various safeguards (administrative, organizational, technical, and physical) to protect the Personal Information we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability.
What Choices Do You Have About Your Personal Information?
We offer certain choices about how we communicate with our users and what Personal Information we obtain about them. You may choose not to receive marketing communications from us by clicking on the unsubscribe link, or contacting us as specified in the “Contact Us” section below. If you are a California resident, you have additional rights. See the “Your Rights – California Residents” section below.
The time periods for which we retain your Personal Information depend on the purposes for which we use it and applicable law for the type of data and use. SomaLogic will keep your Personal Information for as long as you are a registered subscriber or user of our Services or for as long as we have a valid business purpose to do so and, thereafter, for no longer than is required or permitted by law, as reflected in SomaLogic’s Records Retention Policy. The Personal Information we collect may be stored and processed in servers in the United States and/or other jurisdictions where SomaLogic, or our service providers, have facilities.
SomaLogic does not knowingly collect Personal Information from children under the age of 13 without first obtaining parental consent in accordance with applicable laws. If you believe we have collected Personal Information from your child in error or have questions or concerns about our practices relating to children, please notify us using the Contact Us details below.
SomaLogic is headquartered in the United States, and we have operations, entities, and service providers both in the United States and throughout the world. As such, we and our service providers may transfer your Personal Information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your Personal Information receives an adequate level of protection in the jurisdictions in which we process it. If you are located in the European Economic Area or Switzerland, we provide adequate protection for the transfer of Personal Information to countries outside of the EEA, such as through the use of authorized Standard Contractual Clauses.
Links to Other Websites
Our Site may contain links to other websites for your convenience and information. These websites may be operated by companies not affiliated with SomaLogic. Linked websites may have their own privacy policies or notices, which we strongly suggest you review if you visit those websites. We are not responsible for the content, privacy practices, or use of any websites that are not affiliated with SomaLogic.
Your Rights – Nevada Residents
Although SomaLogic does not sell Personal Information, Nevada residents have the right to submit a verified request directing SomaLogic not to sell their Personal Information. If you are a Nevada resident, and would like to submit such a request, please send your request through any of the methods noted below at “Exercising Your Rights.”
Your Rights – California Residents
Shine the Light Law
SomaLogic does not share your Personal Information with non-affiliated third parties for their own marketing use without your permission.
California Consumer Privacy Act (CCPA)
Access to Specific Information and Personal Information Portability Rights
You have the right, subject to certain exceptions defined in the CCPA and other applicable laws and regulations, to request that companies disclose certain information to you about their collection and use of your Personal Information over the past twelve (12) months. This right of access includes information about:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting that Personal Information.
- The categories of third parties with whom we share that Personal Information
- The categories of Personal Information that each recipient received.
- The specific pieces of Personal Information we collected about you.
Non – Discrimination
California consumers also have the right not to receive discriminatory treatment if they exercise the rights list above.
Deletion Request Rights
You have the right, subject to certain exceptions defined in the CCPA and other applicable laws and regulations, to request that a company delete any of your Personal Information that it has collected from you and retained, subject to certain exceptions.
Exercising Access, Personal Information Portability, and Deletion Rights
When you make a request, we may require that you provide information and follow procedures so that we can verify the request and your jurisdiction before responding to it. The verification steps we take may differ depending on the request you make. We will only use the information received in a request for the purposes of responding to the request.
We are not required to respond to a consumer’s requests for access or disclosure of Personal Information more than twice in a twelve (12) month period. Please note that we will not accept more than two verifiable consumer requests within a twelve (12) month period. In some instances, we may direct your request to the organization from whom we received your Personal Information.
The CCPA permits California consumers to use an authorized agent to make privacy rights requests. We will confirm the agent’s authority with the California consumer about whom the request was made.
Our websites do not respond to browser do-not-track signals.
No Sale of Personal Information
We are not currently selling your Personal Information.
Information Exempt from the CCPA
Note that certain information that is governed by the California Confidentiality of Medical Information Act (CMIA), HIPAA, or is subject to the Federal Policy for the Protection of Human Subjects, also known as the Common Rule, pursuant to good clinical practice guidelines issued by the International Counsel for Harmonisation or pursuant to human subject protection requirements of the United States Food and Drug Administration, is not considered Personal Information with respect to the rights of California residents noted above. However, additional rights might be available under those laws and standards. Please contact us at email@example.com for more information.
If you have questions or concerns regarding this Notice, would like to access the Notice in an alternative format, or would like to update information we have about you or your preferences, please contact us by email at firstname.lastname@example.org, or by one of the following additional methods:
In the United States by calling us at 303-625-9000, Toll-Free 877-990-2626, or by writing to us at:
2945 Wilderness Place
Boulder, Colorado 80301
ATTN: Data Privacy Officer