This Privacy Policy (“Policy”) describes how CareDx Inc. and its affiliates under common ownership and control (collectively, “CareDx” “we,” “us,” or “our”) may use and disclose the information we collect about you through the CareDx Patient App (the “App”), and the choices you have about how we use your Personal Information. Personal Information is any information that could reasonably be used, directly or indirectly, to contact or identify you, including, for example, direct identifiers, such as your name and contact information, as well as information about your use or potential use of our Services (defined below) that could reasonably be linked to you, such as your Internet Protocol address or device information.
By using the App and our App Services (defined below), you consent to the processing of your Personal Information as set forth in this Policy, which is incorporated into the App’s Terms of Use. If you do not understand this Policy or have any questions regarding the collection, use, or disclosure of your Personal Information by CareDx, please reach out to us by using the contact details found at the end of this Policy.
The Policy applies to Personal Information that is collected or processed by us through the App, as well as the related products or services owned and operated by CareDx and made available in connection with the App, including wearable devices and digital platforms provided with the App (collectively, the “App Services”).
Please note, CareDx may have other unique privacy policies that apply to certain specific situations, such as privacy notices that cover data processing activities on the CareDx website and your participation as a patient in clinical research studies sponsored by CareDx (to the extent applicable). To the extent those policies or notices apply and conflict with this Policy, those policies govern our interactions with you.
Please note that this Privacy Policy does not apply to Protected Health Information (“PHI”). PHI is Personal Information about you that relates to: (a) your past, present, or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care, which is created, received, transmitted, or maintained by an entity that is subject to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended (“HIPAA”). To the extent CareDx handles your PHI as an entity subject to HIPAA (e.g., where we interact with you as a health care provider), we will maintain your PHI in accordance with our Notice of Privacy Practices. We may also maintain your PHI on behalf of other third parties subject to HIPAA, including, for example, physicians, hospitals, or medical facilities, in accordance with our contractual obligations as set out in the applicable agreements with such parties, including Business Associate Agreements (as appropriate). If you have any questions about CareDx’s use or disclosure of PHI in connection with the App or the App Services, you may contact us by using the information found in the “How to Contact Us” section at the end of this Policy.
We may collect several types of information from and about users of our App Services, including information:
We may collect the categories of Personal Information listed above in the following manner:
We may disclose your Personal Information for business purposes to the following parties:
We may also disclose your Personal Information in exchange for monetary or other valuable benefit to our business partners who offer products or services and/or research studies/opportunities jointly with CareDx or to permit a third party or business partner to deliver marketing communications or products and services and/or research studies/opportunities that may be of interest to you, subject to any choices you have expressed. The following categories of your Personal Information may be shared with these parties:
We may disclose information that does not personally identify you for any purpose, except where we are required to do otherwise under applicable law.
Your preferences about how we use your information are important to us and, when possible, we aim to honor them. If you are a registered user of the App, we offer the following choices that you can exercise with regard to your Personal Information:
If you are a California resident, we offer the following choices that you can exercise with regard to your Personal Information:
To exercise your preferences with respect to your Personal Information, contact us by email at customercare@caredx.com or call us at +1-888-255-6627. You may freely exercise these rights without fear of being denied goods or services. However, in some circumstances, for example where you have requested a service that requires the use of your Personal Information, we may not be able to provide that service if you choose to delete your Personal Information.
California law requires that we indicate whether we honor “Do Not Track” settings in your browser concerning targeted advertising. We do not currently respond to web browser “Do Not Track” signals or other mechanisms that provide a method to opt out of the collection of information on the App. For more information about DNT signals, please visit http://allaboutdnt.com.
CareDx uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of the Personal Information you provide to CareDx. We cannot, however, ensure or warrant the security of any information you transmit to CareDx, and you do so at your own risk. Once we receive your transmission of information, CareDx makes commercially reasonable efforts to ensure the security of our systems. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
CareDx does not knowingly collect any Personal Information from children under the age of thirteen (13) without parental consent, unless permitted by law. A parent or guardian, however, may use the App to establish a user account for a minor under the age of thirteen (13). The parent or guardian is solely responsible for providing supervision of the minor’s use of App and any related App Services and the parent or guardian assumes full responsibility for ensuring that the child’s registration information is kept secure and that the information submitted is accurate. The parent or guardian also assumes full responsibility for the interpretation and use of any information provided through the App and the App Services for the minor.
If we learn that a child under the age of thirteen (13) has provided us with Personal Information, as defined by the Children’s Online Privacy Protection Act, we may delete it. If a parent or guardian becomes aware that his or her child has directly provided us with Personal Information, please contact us by using the contact information below.
The App Services are controlled and operated from the United States and CareDx makes no representation that the App Services are appropriate or available for use in locations outside of the United States. By accessing or using the App, any information you provide to us or that we automatically collect will be received in the United States and may be transferred to other jurisdictions and you explicitly authorize its processing in the United States in accordance with this Policy and pursuant to the laws of the United States, as well as and subsequent transfers outside the United States. If we transfer your Personal Information outside the United States, we take steps to protect your Personal Information as required under applicable law. We will retain your Personal Information for no longer than is necessary for the performance of our obligations, to achieve the purposes for which the information was collected, or as may be permitted under applicable law.
The App may contain links to third party services that are not under our control. We are not responsible for the collection and use of your information by any such services, and we encourage you to review their privacy policies. In addition, we are not responsible for the information collection, use, disclosure, or security practices of other organizations, such as Facebook, Apple, Google, Microsoft, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including in connection with any information you disclose to such other organizations through or in connection with the App.
You may opt to integrate the App with the Apple HealthKit™ database or a comparable data aggregation service. The App cannot read or write to the HealthKit database or the comparable data aggregation service database without your explicitly granted permission. Please note, the information you provide directly from the Apple Health App or a comparable data aggregation service (i.e., not through the App or the App Services) is governed by the Apple Terms and Conditions and Privacy Policy or the applicable data aggregation service Terms and Conditions and Privacy Policy. CareDx is in no way responsible for the protection of data and information stored within the Apple HealthKit database or a comparable data aggregation service database. It is strongly recommended that you review the applicable policies and procedures before synching and backup your Apple HealthKit data or other comparable data aggregation service data.
This Privacy Policy was last modified of September 22, 2020.