RxGenomix Privacy Policy

Your privacy is very important to us. Our privacy policy (“Policy”) explains the information that RxGenomix, LLC (“RxGenomix”) gathers from your use of the our pharmacogenomics services (the “Services”) and our website (including any related websites, the “Site”), how we use, disclose, and protect that information, your choices, and some other important information. Before using the Service, you must review and agree to the Terms of Service (“Terms of Service”), along with RxGenomix’s informed consent (“Informed Consent”). Capitalized terms used but not defined in this Policy have the meaning given to them in the Terms of Service. Your use of the Services and the Site, and your provision of information to us, is subject to the laws and regulations of the state of Tennessee, USA, where RxGenomix is located.

Information RxGenomix Collects

The specific categories of information we collect include:

  • Personally identifiable information (“PII”).
    • When you set up a RxGenomix account or purchase a Test, we collect what is generally called “personally identifiable information” or “PII”, which is information that specifically identifies you as an individual. Examples of PII we collect may include your name, email address, mailing address, phone number, credit card, or other billing information. We may also collect information such as date of birth or sex that, when linked to other information that identifies a specific individual, is considered PII.
  • Personal health information (“PHI”).
    • To provide meaningful Results, we request certain information about you such as age, ethnicity, and biological sex. Personal Health Information also includes information about your history of certain health conditions, your medication history, and any known genetic mutations in you. For the Service to perform as intended, it’s important that you provide the most accurate information possible.
  • Healthcare provider information.
    • Individuals who use the Service may also provide us with information about their healthcare providers. Healthcare providers using the Service may provide us with information about patients for whom they are ordering a Test and information related to their medical practices, including the health system or clinic where they practice, NPI numbers, e-mail addresses, fax numbers, and the name, job title, and contact information of other providers involved in an individual’s care.
  • Other people’s personally identifiable information.
    • You may only share with RxGenomix PII about someone else and their protected health information with the full and express consent of that other individual, for example, to purchase a Test for someone else. We reserve the right to require proof of such consent. We will only use the information for the specific reason that it was provided to us and pursuant to the terms of this Policy, our Terms of Service, and if applicable, Informed Consent.
  • Biological sample.
    • To use the Service, we require a biological sample such as a saliva sample. Please carefully review our Terms of Service and Informed Consent for a description of how we handle your sample.
  • Cookies and online tracking information.
    • Please refer to the section below entitled “Cookies and Third-Party Services” for more information.

How We Use This Information

In general, we use the information that we collect to provide the Services you request, to help improve our services and client experiences, and to help advance genetic research and science. Specifically, we may use the information as follows:

  • To provide the Services.For example, to set up your RxGenomix account, send you your sample collection kit, collect payment for the Service(s) you requested, and analyze your sample to produce the Results. As part of the Services, we may also periodically review your information to determine if any updates or changes to your Results (including, without limitation, reclassification of Variants of Uncertain Significance) are required.
  • To communicate with you.We may use your contact information to verify your identity or to communicate with you about the Services; for example, to notify you when your healthcare provider has ordered a Test for you, remind you about returning your kit, respond to your inquiries, connect you with a clinical pharmacist, follow up if there is an issue with your information or sample, and provide information about or request feedback on your Results.We may also contact you to request optional customer feedback, which could be used to improve our services and in publications. We’ll only associate your feedback with your name with your consent. To learn how you may opt out of marketing surveys, please read “Your Choices” below. If you’re a resident of the European Union (“EU”), we will only send you marketing surveys if you’ve opted in to receive such messages from RxGenomix. If you’re an EU resident and you didn’t opt in but you’re receiving such messages anyway, please contact us at [email protected] so we can promptly correct your preferences in our systems.
  • To help us improve the Services and develop new tests and services.For example, your information, sample (until such time your sample is destroyed), and all sequence data may be de-identified and used to support our laboratory partners’ operations with internal quality control, laboratory validation studies, and internal research and development; to perform data analysis; and for de-identified publication in RxGenomix’s database.
  • For marketing purposes.For example, we may send you monthly health newsletters, occasional product updates, and special offers and opportunities that we think might interest you. To learn about how you may opt out of marketing emails, please read “Your Choices” below. If you’re a resident of the EU, we will only send you marketing emails if you’ve opted in. If you’re an EU resident and you didn’t opt in, but you’re receiving marketing communications anyway, please contact us at [email protected] so we can promptly correct your preferences in our systems.
  • To let you know about new services or research opportunities.For example, we may contact you to offer new RxGenomix services or to let you know about special offers for RxGenomix clients on third party products or services that may be useful to people with PHI or Results like yours. We may also let you know about optional opportunities to participate in research we are conducting.
  • For third party research and development, or for other purposes to which you have consented or which you have authorized.For details about our R&D efforts with third parties, see “How Information is Shared” Below.
  • To comply with applicable law and our own obligations.We may also process the information we collect about you or from you for the following purposes: (i) to enforce our Terms of Service or other legal rights, including intellectual property rights; (ii) as may be required by applicable laws and regulations or requested by any judicial process or governmental agency; and (iii) to comply with industry standards or our policies.

Cookies and Third-Party Digital Services

When you use online services in connection with RxGenomix’s Service and/or Site, the following information may be collected, stored, and used:

  • Cookies.To improve and customize your experience when you use the Site, we may send one or more cookies — small text files containing a string of alphanumeric characters — to your device. We may use both session cookies that disappear after you close your browser and persistent cookies that remain after you close your browser and may be used automatically by the browser on subsequent visits to the Site. Please review your browser “Help” file to learn how to adjust your cookie settings. Note that some Site services may not function properly if you disable cookies.
  • DNT requests.Some browsers incorporate a “Do Not Track” (DNT) or similar feature that signals to digital services that a visitor doesn’t want to have their online activity tracked. Because there is not yet an accepted standard for how to respond to DNT signals, we and our service providers (like many digital service operators) do not respond to DNT signals.
  • Device, usage, and other automatically collected information.When you use our Site, we may automatically record certain information from your device by using various types of technology, including “clear gifs” or “web beacons.” This automatically collected information will help us customize and improve your experience with the Site and includes your IP address or other device address or ID, browser and/or device type, the web pages or sites that you visit just before or just after you use the Site, the pages or other content you view or otherwise interact with on the Site, and the dates and times that you visit, access, or use the Site. We also may use these technologies to improve our services by collecting information regarding your interaction with RxGenomix email messages, such as whether you opened or clicked on a message. We use automatically collected information to: (i) personalize our services, such as remembering your information so that you won’t have to re-enter it during your visit or the next time you visit the Site; (ii) provide customized content and information; and (iii) monitor and analyze the effectiveness of the Site and marketing activities.

How Information Is Shared

This section describes the circumstances under which we may share your information with third parties. For additional details, please review the Informed Consent.

To provide the Services.

  • We may disclose your PII and PHI to others involved in your care, including healthcare providers (your own provider and/or an independent provider who may review your information to determine whether a Test is appropriate for you), and clinical pharmacists (the Service includes complimentary access to RxGenomix’s clinical pharmacists), confirmatory laboratories, bioinformatics partners, the health system or clinic where your own provider practices, and other providers that you or your healthcare provider have designated to receive your PHI.
  • We may disclose your PII and PHI to bill and collect payment from you, your employer, your health insurance, your health system or clinic, or other responsible third parties. We may also engage third parties to assist us with these billing and collection efforts.
  • We work with third-party service providers to provide website, application development, analytics, variant analysis, payment processing, hosting, maintenance, support ticketing, transmission of test results, distribution and collection of Test kits, and other services for us. We limit the PII and PHI we share with these service providers to that which is minimally necessary for them to perform their services for us, and we require them to agree to maintain the confidentiality and security of such information.

For research, development, and analytics.

  • With your consent, we may use your de-identified sample, genetic information, PHI, and Results in our research with third-party collaborators. We may engage in research with third parties such as universities, hospitals, health systems, government institutions, or private companies to develop new tests, validate technologies, or improve existing technologies or processes. You can opt out of such third party research by updating your account settings or by notifying the healthcare provider who ordered your Test if you did not create an RxGenomix account. However, if you have consented in the past and later change your settings to opt out, RxGenomix cannot retract your de-identified sample (if you have chosen to store it), genetic information, PHI, and/or Results from research already performed.
  • With your consent, we may also include your de-identified genetic information, PHI, and Results in RxGenomix’s research database in order to support research in genetics. Information in RxGenomix’s research database will be accessible, searchable, and downloadable by researchers for an indefinite period of time. Genetic information in RxGenomix’s research database may include variants beyond those relevant to the product or service that your healthcare provider ordered for you, but such information will be de-identified. If you have consented in the past and later change your settings to opt out of RxGenomix’s research database, we cannot retract your de-identified information from research already performed or from previous releases of RxGenomix’s research database that have already been published. But we will promptly update our database following an opt out request and exclude your information from subsequent database releases.
  • If your employer has provided or paid for (in whole or in part) the Test, you acknowledge and agree that your de-identified Results and PHI may be anonymized and/or aggregated and returned to your employer or its designee (e.g., plan administrator or pharmacy benefits manager) as a data analytics resource.
  • If your health system has provided or paid for (in whole or in part) the Test, you acknowledge and agree that your Results and PHI may be provided to your health system. Further, RxGenomix may provide your health system with other data it has collected or sequenced, and related analyses, for your health system’s use for treatment, billing, healthcare operations, data analytics, or other purposes for which your health system has agreed to comply with applicable laws. If you have any questions about this, please contact your health system to learn if this applies to you and for details. RxGenomix expressly disclaims any and all liability for your health system’s use of information that it represents it is authorized to receive, store, and use.

For RxGenomix’s purposes.

  • We may share aggregated, de-identified information (for example, aggregated trends about the general use of our Services) publicly and with our partners (this information will not include PHI).
  • We may author publications using de-identified information, either on our own or in collaboration with academic or commercial third parties.
  • We may disclose your information when we believe in good faith that doing so is appropriate or necessary in order to enforce our Terms of Service.
  • Information about our users may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
  • As described above, we may work with third-party advertising and analytics partners that collect information from you when you visit our Site. For more information, please see the “Cookies and third-party services” section above.

For security or legal purposes.

  • We may also disclose your information under the following circumstances:
  • If we believe in good faith that doing so is appropriate or necessary in order to address fraud, security, or technical issues, or protect against harm to us or others to the extent required or permitted by law.
  • To comply with applicable federal and state laws, rules, and regulations, as well as law enforcement requests and legal process, such as a court order or subpoena. When possible, we will attempt to notify the individual who is the subject of the court order or subpoena so they may have an opportunity to oppose the disclosure.

How We Protect Your Information

We use physical, managerial, and technical safeguards that are designed to improve the integrity and security of your information. All information on our servers is encrypted when it is at rest or in transit. All personal information (genetic or otherwise) is encrypted with AES-256 when it’s stored on our servers and is always transmitted over SSL. Internally, strict guidelines and access controls protect your PII and PHI.

We cannot, however, ensure or warrant the security of any information you transmit to us or store in connection with the Services, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or managerial safeguards. You agree that RxGenomix is not liable for the unauthorized release of your PII or PHI, unless such release was the result of gross negligence or willful misconduct on the part of RxGenomix. If you choose to share PII or PHI with us via the internet or wireless connection (for example, via email messages), you do so at your own risk. If you choose to share your Results, designated record set or other data obtained from RxGenomix, or any of your PII or PHI with anyone outside of RxGenomix, you do so at your own risk, and RxGenomix has no control over the security of such sharing.

RxGenomix complies with the Health Insurance Portability and Accountability Act of 1996 and the regulations thereunder (as in effect from time to time, “HIPAA”) to maintain the privacy and security of your PHI. If a breach occurs that may have compromised the privacy or security of your PHI, we will let you know promptly. We will follow the duties and privacy practices described in this Policy, our Notice of Privacy Practices, the Informed Consent, and Terms of Service.

This Privacy Policy is in addition to and does not replace our Notice of Privacy Practices, which explains how we handle PII and PHY that is covered by HIPAA.

Your Choices

If you receive marketing emails from us, you can unsubscribe from that particular type of marketing email by following the instructions contained within the email. Because we offer different types of marketing emails — (1) product news and feedback surveys, (2) health newsletters, (3) marketing promotions, and (4) research invitations — if you click “unsubscribe” from one type of email, due to system limitations, you will only be opted out of that type of commercial email; you will not automatically be unsubscribed from other email communication types. You can opt out of receiving all types of marketing emails from us by modifying your account settings or sending your request to us by email at [email protected]. Please be aware that if you opt out of receiving marketing emails from us or otherwise modify the nature or frequency of marketing communications you receive from us, it may take up to ten (10) business days for us to process your request, during which time you might receive marketing communications from us that you have already opted out from. Finally, while you may opt out of receiving marketing emails from us, you will continue to receive administrative communications from us regarding the Services.

You may, of course, decline to share certain information with us, in which case we might not be able to provide you with some or all of the features and functionality of the Services and our Site. If you want to access or amend information we hold about you, you may do so through your account settings or contact us at [email protected]. At any time, you may also request that we deactivate your account by contacting us at [email protected]. If you choose to deactivate your account, you will be unsubscribed from all marketing emails; your sample and PII will no longer be shared for research (if you have opted into such research or sample storage); and we will not provide you with any of the Services going forward (including, without limitation, any Results that have not yet been reported, or any updates or changes to your Results). Although we can remove your information from our active databases, some or all information from deactivated accounts will remain in our inactive database for compliance with legal, regulatory, and other requirements. Please also note that information that has already been de-identified, anonymized, aggregated, published, and/or shared with third parties as set forth in this Policy prior to an account deactivation request may not be retrievable or traced back for destruction, deletion, or amendment.

Other Important Information

Children’s privacy

Please do not use or access any part of the Site or the Service if you are under 16 years of age. If you’re a parent or guardian and discover that your child under 16 has obtained an account on the Site, please alert us promptly at [email protected] so we can take action to prevent access.

International users

The Services and Site are hosted in the United States (US). If you choose to use the Services and/or Site from other regions of the world, then by your use of the Service and/or Site you acknowledge and agree that: (i) you are transferring your personal information outside of those regions to the US for genetic analysis, storage, and processing as required for us to perform our contractual obligations to you; (ii) the laws and regulations of the US shall govern your use of the Services and provision of your information, and may differ from those of your country of residence; and (iii) as per your acceptance of the Informed Consent, you permit your personal information to be used for the purposes set forth therein. Also, we may transfer your data from the US to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Services as required for us to perform our contractual obligations to you. By providing any information, including personal information, on or to the Services and/or the Site, you consent to such use, transfer, storage, and processing. While there is no statutory or contractual requirement for you to provide this information, some information is necessary for us to be able to provide the requested services. Failure to provide such information will make it impossible for you to use the Services. We will retain your personal information only for as long as is necessary to carry out the function for which the information is being used, as consented by you in the Informed Consent, and to comply with applicable laws and regulations. You further agree that by providing your sample, you are not violating any export ban or other legal restriction in the country of your residence.

Clients who live outside of the US in certain jurisdictions may have the option of requesting that their personal information be accessed, updated, and/or removed at any time from our active databases, subject to the applicable laws and regulations of such jurisdictions. Such clients may also have the right to object to our processing of their personal information and/or request that we provide their personal information to another third party. We may require that such request be provided in writing, subject to applicable laws and regulations with respect to the transfer of medical information. If you would like to access, update, object to processing, request provision to a third party, and/or request removal from our active database of your personal information, please contact us at [email protected]. Any such requests will be honored within one month.

If you believe RxGenomix’s processing of your personal information is inappropriate, you have the right to lodge a complaint with a supervisory authority or to contact RxGenomix’s Privacy Officer at [email protected].

With respect to requests to remove or halt the processing of personal information, such requests received prior to initiation of the Services will result in a cancellation of the Service, and no Results will be provided to you or your healthcare provider. Please also refer to the section above entitled “Your Choices” to understand how requests to remove personal information are handled.

If you’re a resident of the EU, we will only send you marketing communications if you’ve opted in. If you are an EU resident and you didn’t opt in but you’re receiving marketing communications anyway, please contact us at [email protected] so we can promptly correct your preferences in our systems.

Changes and updates to this policy

Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we’ll make it available through the Site, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of this change, for example, by sending a message to your email address on file with us. Your continued use of the Site and/or Service after the revised Policy becomes effective indicates that you have read, understood, and agreed to the current version of the Policy.

Our contact information

Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at [email protected].