MDX Labs ("we", "us" or "our") is committed to protecting and respecting your privacy. This privacy statement ("Privacy Statement"), together with our Cookies Policy, describes the types of personal information collected and created in connection with your use of our Products and Services, how and why we use such information, who we share it with, and your legal rights. Please read the following carefully to ascertain how we process your personal information (or "information").
We may, from time to time, provide links on www.labsmdx.com (the "Site") to the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy statements and that we do not accept any responsibility or liability for their privacy or security practices. Please check the privacy statements of any other websites before you submit any Personal Information to them.
The Site is intended solely for users within the United States. Individuals outside of the United States should not use the Site or provide any Personal Information to us. By using the Site or providing us with data, you acknowledge and agree that your Personal Information may be transferred to, processed and/or maintained outside of your state, province or country, and where laws regarding processing of Personal Information may be less stringent than the laws in your location. By providing your data or using the Site, you acknowledge such transfer, processing and maintenance.
What information we collect
When you access the Site or use our Products and Services, we collect, receive or otherwise process information in several different ways. In many cases, you choose what information to provide. Some information is required in order for us to provide our Products and Services. We use your information for the purposes described further below.
We may collect and process the following types of information about you:
1. Purchase and assistance information.
We collect information when you purchase our Products and Services, when you phone our Support Team, or otherwise contact us for support. This information will include name, gender, contact information, billing address, delivery address and any further information you volunteer to provide to u.
2. Health-related data.
When you purchase or use our Products and Services, we will collect and process data concerning your health, including Samples, Test Information or any other information we might receive from you, a medical practitioner, your insurance company, or Accredited Laboratory. When you activate a Service or Product, we will collect and process information relating to your personal health as well as a suitability questionnaire to confirm that the Service or Product is appropriate to your needs. You may also provide information to us if you connect a wearable device to one of our Products or Services.
We will collect and maintain your contact details when you communicate with us, sign up for promotional material, participate in special promotions, or connect with us through social media. If you contact us by email, we may keep a record of that correspondence. If you make a request with regard to the handling of your Personal Information, we may retain information regarding the request and any actions we take or correspondence we provide in response to such request.
4. Website and device information.
5. Survey information.
If you respond to any surveys that we might request, which are completely voluntary, we will process your responses.
How we use your information
We use the information we have to help us provide, operate, improve, understand, customize, support, and market our Products and Services. The broad uses of your information are described below. We may use your Personal Information for the following purposes:
- To receive, store and analyze your Samples at Accredited Laboratories.
- To receive, review, store and communicate your Test Information to you, including by presenting your Test Information and other reported history via the MDX Labs secure environment.
- To provide you with your results and, in some instances, relevant treatment options.
- To de-identify your information for service improvement, product quality improvement, research, operations or to disclose to trusted partners for business or other purposes.
- To fill and support your purchases of our Products and Services, including to process payments and to provide customer assistance.
- To ensure that content from our Site is presented in an effective manner for you and your device.
- For marketing purposes to keep you aware of what we are up to and provide you with offers, updates and news related to Services and Products you have purchased, unless you choose not to receive these. For more information on our use of advertising technologies and Cookies, please see our Cookies Policy.
- To provide targeted marketing.
- To link your account with other, third party accounts such as Facebook and other social media.
- To analyze information to help us administer, support and improve our business.
- To detect, investigate and prevent activities that may violate our policies or agreements or be illegal, including by sharing information with law enforcement.
- To retain certain records about the handling of any Samples you send us for regulatory purposes.
- To retain certain tax and accounting records.
We will not knowingly collect Personal Information from Site users that are under 18 years of age. We are relying on your undertaking in the Conditions that you are 18 years of age or older. You should not use the Site or its Services, including purchasing Products, if you are not 18 years of age or older. If you believe we might have information from or about an individual under 18 years of age, please contact us at email@example.com.
Where we store your information
The information that we collect from you may be transferred to and stored with an Accredited Laboratory (as defined in the Conditions) or any supplier of data processing and/or data hosting services.
How we secure your information
All Personal Information you provide to us in purchasing or availing of our Products or Services are stored on our secure servers or else on secure servers used by our service provider. Any payment transactions effected by us will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. You must not share a password with anyone.
Unfortunately, the transmission of information via the internet is not secure and if you request that we communicate with you using a secure means of communication, we can arrange to do this. Once we have received your Personal Information, we will impose obligations of confidentiality and security on any of our service providers who process the Personal Information.
We maintain appropriate physical, electronic, standard security practices, including encryption, passwords and physical security measures, and managerial procedures to protect the security and confidentiality of your personal data. We will make reasonable efforts to ensure that your privacy interests are protected.
Disclosure of your information
We share Personal Information with service providers, affiliates, partners, and other third parties where it is necessary to provide the Products and Services, or for any other purposes described in this Privacy Statement. In particular, we may share your Personal Information with certain third party suppliers and service providers to help us operate, provide, improve, understand, customize, support, and market our Products and Services. We will take all steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Privacy Statement by imposing obligations of security and confidentiality on such service providers.
Your Personal Information may be provided as necessary to the following categories of recipients: Accredited Laboratories, couriers, communications and marketing service providers, analytics providers, legal or financial advisors, contractors and vendors, trusted third parties with whom we have an agreement for the protection of your information, or government/regulatory/law enforcement agencies pursuant to legally binding order.
We may disclose and transfer your Personal Information to our Accredited Laboratory for the purpose of (i) accepting and processing an accepted order by us, (ii) in order to procure the Product is delivered to you by it, and (iii) to test any Sample provided and make your Test Information available to you on our secure Account on our Site.
We may disclose and transfer your Personal Information to contracted or other medical practitioners for purposes of review, quality assurance, prescribing of tests, review of results and other purposes.To process a request for a Product and for our Accredited Laboratory to test the Sample and send you the Test Information, we need to disclose Personal Information within and outside our company including to medical practitioners, to our Accredited Laboratory and our IT services providers.
In instances where our business is subject to a re-organization, such as a merger or acquisition of some or all of its assets, we may, in accordance with our legitimate interests, share information in the course of the transaction. In such circumstances, your Personal Information may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status of MDX Labs.
If you send offensive or objectionable content or otherwise engage in any disruptive behavior on the Site, we can use your Personal Information to stop such behavior and pursue our legitimate interest to prevent such behavior on our Site. This may involve informing relevant third parties, such as law enforcement agencies, about the content and your behavior.
Equally, we may retain, preserve, or disclose your Personal Information if we have a good-faith belief that it is reasonably necessary to (i) respond, based on applicable law, to a legal request (such as a subpoena, a search warrant, court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce the agreements we have with you; (e) prevent physical injury or other harm to any person or entity, including yourself and members of the general public. For example, your IP address may be supplied to regulatory authorities in connection with fraud or other formal investigations.
We may pass aggregate information on the usage of our Site to third parties, but this will not include Personal Information.
YOUR CHOICES REGARDING YOUR INFORMATION.
You have several choices regarding use of information on our Site. To exercise certain of your rights or to submit a question, you can email us at firstname.lastname@example.org.
2. How We Respond to Do Not Track Signals.
Some web browsers transmit "do not track" signals to the websites and other online services with which your web browser communications. There is currently no standard that governs what, if anything, websites should do when they receive these signals. We currently do not take action in response to these signals. If and when a standard is established, we may revise our policy on responding to these signals.
NOTICE TO CALIFORNIA RESIDENTS – YOUR CALIFORNIA PRIVACY RIGHTS
This section is applicable to residents of California. If you are a resident of California, you have certain rights described below. The following do not apply to individuals who do not live in California on a permanent basis.
RIGHTS PROVIDED BY CALIFORNIA CIVIL CODE SECTION 1798.83
A California resident who has provided Personal Information to a business with whom he/she has established a business relationship for personal, family, or household purposes (a "California Customer") may request information about whether the business has disclosed Personal Information to any third parties for the third parties' direct marketing purposes. In general, if the business has made such a disclosure of Personal Information, upon receipt of a request by a California Customer, the business is required to provide a list of all third parties to whom Personal Information was disclosed in the preceding calendar year, as well as a list of the categories of Personal Information that were disclosed. California Customers may request further information about our compliance with this law by emailing us at email@example.com. Please note that we are only required to respond to two requests per California Customer each year under Code Section 1798.83.
RIGHTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT
1. You have a right to know about personal information collected, disclosed, or sold.
California residents have the right to request that we disclose what personal information we collect, use, disclose, and sell. This is called the "Right to Know". Under the Right to Know, you can request a listing of the types of personal information we have collected about you, the sources of that information, how we use the information (e.g., our business or commercial purposes for collecting or selling personal information), other individuals and business with whom we share personal information, and the specific pieces of personal information that we have collected about you.
If you would like the above information, you may contact us through our webpage or at firstname.lastname@example.org. Contact information is at the bottom of this section. When you make a request under your Right to Know, you can expect the following:
1. We will verify your identity. We will verify your identity using the following process: Our customer care team will ask questions based upon information that you previously have provided. Where possible, we will use information we already hold about you in order to confirm that you are who you say you are.
2. We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at email@example.com.
3. We will respond to your request within 45 days if possible. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
4. In certain cases, a Request to Know may be denied, for example, if we cannot verify your identity or if providing you the information could create an unreasonable risk to someone's security (for example, we do not want very sensitive information disclosed inappropriately). If we deny your request, we will explain why we denied it. If we deny a request, we will still try to provide you as much of the information as we can, but we will withhold the information subject to denial.
2. You have a Right to Request Deletion of Personal Information about You.
California consumers have a right to request the deletion of their personal information collected or maintained by us. If you would like information about you to be deleted, you may request deletion through your account or at firstname.lastname@example.org. Contact information is at the bottom of this section. When you make a request for deletion, you can expect the following:
1. After you request deletion, you will need to confirm that you want your information deleted.
2. We will verify your identity We will verify your identity using the following process: Our customer care team will ask questions based upon information that you previously have provided. Where possible, we will use information we already hold about you in order to confirm that you are who you say you are.
3. We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
4. We will respond to your request within 45 days if possible. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
5. In certain cases, a request for deletion may be denied, for example, if we cannot verify your identity, the law requires that we maintain the information (e.g., in case of certain tests) or if we need the information for internal purposes such as ongoing research. If we deny your request, we will explain why we denied it, treat your request an "opt-out" of the sale of information (as described in our Notice of Right to Opt-Out), and delete any other information that is not protected from deletion.
3. No Sale of Personal Information
We do not sell Personal Information.
4. Right to Non-Discrimination for the Exercise of a Consumer's Privacy Rights
You have a right not to receive discriminatory treatment by us for exercising any of your privacy rights conferred by the CCPA. We will not discriminate against any California consumer because such person exercised any of the consumer's rights under CCPA, including, but not limited to:
- Denying goods or services.
- Charging different prices or rates for goods and services, including through the use of discounts or other benefits or imposing penalties.
- Providing a different level or quality of goods or services.
- Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.
We may, however, charge a different price or rate, or provide a different level or quality of goods or services, if that difference is related to the value provided to you by your data.
5. Authorized Agents
If you would like, you may designate an authorized agent to make a request under the CCPA on your behalf. We will deny requests from agents that do not submit proof of authorization from you. To verify that an authorized agent has authority to act for you, we may require a copy of a power of attorney or require that you provide the authorized agent with written permission and verify your own identity with us.
6. Contact Information
To request additional information, or make any of the requests described above, you may contact us at email@example.com or through our website.
Changes to our Privacy Statement
From time to time, we will make changes to this Privacy Statement. Any changes we may make in future will be posted on this page, so please check back regularly to see if there have been any changes to this Privacy Statement.
Questions, comments and requests regarding this Privacy Statement are welcomed and should be addressed to our Corporate Office at firstname.lastname@example.org.
This Privacy Statement was last updated on March 19, 2021.