This Privacy Notice (“Notice”) describes how CareDx, Inc. and its affiliates under common ownership and control (collectively, “CareDx” “we,” “us,” or “our”) may use and disclose the information we collect about you through the AlloCare™ App (the “App”), and the choices you have about how we use your Personal Information. “Personal Information” is any information that identifies you or that we reasonably can link to information that identifies you or your household.
By using the App and our App Services (defined below), you acknowledge that you have read and understand this Notice, and you consent to the processing of your Personal Information as set forth in this Notice, which is incorporated into the App’s Terms of Use. If you do not understand this Notice or have any questions regarding the collection, use, or disclosure of your Personal Information by CareDx, please reach out to us by using the information in the “How to Contact Us” section at the end of this Notice.
The Notice applies to Personal Information that is collected or processed by us through the App, as well as the related products or services owned and operated by CareDx and made available in connection with the App, including wearable devices and digital platforms provided with the App (collectively, the “App Services”).
CareDx may have other privacy notices or policies that apply to certain specific situations, such as privacy notices that cover data processing activities on the CareDx website and your participation as a patient in clinical research studies sponsored by CareDx (to the extent applicable). Please refer to any such other privacy notice or policy where applicable, and not this Notice, to understand how we collect and process your Personal Information in those situations.
This Notice does not apply to Protected Health Information (“PHI”), as defined in the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended (collectively, “HIPAA”). For information regarding how we collect, use, and disclose PHI that we receive as a covered entity under HIPAA, please see our Notice of Privacy Practices. We may also provide services to third parties who are subject to HIPAA, including, for example, physicians, hospitals, or medical facilities (“Healthcare Providers”). If your Healthcare Providers are covered by HIPAA, the information they provide us or that we collect on their behalf while we are providing services to them will generally be protected as PHI subject to HIPAA. To the extent applicable, we will use and disclose your PHI only as permitted by our agreements with your Healthcare Providers, as required by law, as authorized by you, or as permitted by HIPAA. You are not required to be a patient of CareDx in order to use the App.
We may collect several types of information from and about users of our App and App Services, including the following:
We may collect the categories of Personal Information listed above in the following manner:
We may collect information about your activities in the App for use in providing you with advertising about products and services tailored to your individual interests. This section of our Notice provides details and explains how to exercise your choices.
You may see certain ads on websites or other services that are not controlled by us because we participate in advertising networks. Ad networks allow us to target our messaging to users through demographic, interest-based and contextual means. These networks track your online activities over time by collecting information through automated means, including through the use of cookies, web server logs, and web beacons. The networks use this information to show you advertisements that may be tailored to your individual interests. The information our ad networks may collect includes information about your visits to websites or apps that participate in the relevant advertising networks, such as the pages or advertisements you view and the actions you take on the websites or apps. This data collection takes place both on our websites and in the App, and on third-party websites or services that participate in the ad networks. This process also helps us track the effectiveness of our marketing efforts. To opt-out of targeted advertising, you can use the opt-out tools provided by the Network Advertising Initiative and the Digital Advertising Alliance.
We may use each category of your information, including your Personal Information, for the following purposes:
In addition to those purposes listed above, we may use your information for any other purpose disclosed to you at the time of collection or that you have previously authorized. For example, if you, separately, choose to participate in any clinical studies, you will be asked to first review and sign an informed consent and authorization form (if applicable) (“Informed Consent”) for the study. By using the App and related App Services, you may also consent to the collection, use, and sharing of your information collected from and shared with the clinical studies as described in this Notice and as outlined in the Informed Consent, to the extent your Informed Consent permits the use and disclosure of your Personal Information in connection with the App and the App Services. To the extent anything in this Notice conflicts with the Informed Consent, the terms of the Informed Consent will control.
We only use sensitive Personal Information as described above to perform services reasonably expected by average customers and other users who request those services; to prevent, detect, and investigate security incidents; to prevent and prosecute fraudulent or illegal actions directed at us; for short-term, transient use; or to verify or maintain the quality or safety of a product, service, or device which we may own, control, or provide, or to improve, upgrade, or enhance such products, services, or devices.
Subject to applicable laws, we may combine, aggregate, pseudonymize, de-identify or anonymize any of the information we collect from or about you. We may use information that does not personally identify you for any purposes, except where we are required to do otherwise under applicable law. We will maintain de-identified information in de-identified form, and will not re-identify such information, except in accordance with the requirements of applicable law.
We do not process your Personal Information for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
We may disclose all or substantially all categories of Personal Information identified in the above section titled “Information We Collect” to the following parties:
We may disclose information that does not personally identify you for any purpose, except where we are required to do otherwise under applicable laws.
We may disclose your Personal Information in exchange for valuable benefit or consideration or for cross-context behavioral advertising to our business partners who offer products or services and/or research studies/opportunities jointly with CareDx, or to third parties or business partners who deliver marketing communications or products and services and/or research studies/opportunities that may be of interest to you, subject to any choices you have expressed. These disclosures may be deemed “sales” or “sharing” of Personal Information under applicable law. The following categories of your Personal Information may be disclosed, “sold”, or “shared” to these parties:
We do not knowingly sell Personal Information of individuals under the age of 16 or share their Personal Information for cross-context behavioral advertising.
Your preferences about how we use your information are important to us. If you are a registered user of the App, we offer the following choices that you can exercise with regard to your Personal Information:
If you are a resident of California, or a U.S. state in which a comprehensive privacy law similar to the California Consumer Privacy Act comes into effect after the Effective Date of this Notice, you may have one or more of the following rights. We will honor requests received to the extent required by the applicable law and within the time provided by law.
If you are a resident of California or a U.S. state in which a comprehensive privacy law similar to the California Consumer Privacy Act has come into effect since the Effective Date of this Notice, and you would like to exercise any of the above rights, please submit your request via our webform, email us at privacy@caredx.com, or call us at +1-888-255-6627.
For requests made in connection with the Right to Know, Right to Delete, and Right to Correct, please note:
You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with a signed written permission stating that the agent is authorized to make the request on your behalf. Your agent may contact us via the information provided in the “Exercising Your State-Specific Rights” section to make a request on your behalf. If you are submitting a request through an authorized agent, we may, as permitted by law, require:
California Civil Code Section § 1798.83 permits California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. If you are a California resident, you may ask us to refrain from sharing your Personal Information with certain of our affiliates and other third parties for their marketing purposes. To make such a request, please use our webform, email us at privacy@caredx.com, or call us at +1-888-255-6627.
The AlloCare App does not currently respond to web browser “Do Not Track” (“DNT”) signals. For more information about DNT signals, please visit http://allaboutdnt.com.
CareDx uses physical, managerial, and technical safeguards that we designed to preserve the integrity and security of the Personal Information you provide to CareDx. We cannot, however, ensure or warrant the security of any information you transmit to CareDx, and you do so at your own risk. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to our App Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Protecting the privacy of minors is especially important. CareDx does not knowingly collect Personal Information from children under the age of sixteen (16) through the App or App Services, and our App or Services is not intended to be used by children under the age of sixteen (16). If we learn that a child under the age of sixteen (16) has provided us with Personal Information, we may delete it. Moreover, anyone under eighteen (18) years old should seek their parent or guardian’s permission prior to using or disclosing any Personal Information through our App or App Services. A parent or guardian of a CareDx patient under the age of sixteen (16) may register as a user of the App or App Services but is not authorized by CareDx to permit the child to use the App or App Services. If you, as a parent or guardian, become aware that your child has directly provided us with Personal Information and desire for us to delete or destroy such information, please contact us as instructed in the “How to Contact Us” section at the end of this Notice.
We may use or process your Personal Information in the United States or any other country in which we or our service providers operate. Because we operate with a technical infrastructure that is located in the United States, we may need to transfer your Personal Information to the United States for storage and as may be otherwise necessary, consistent with the terms of this Notice. Our use and storage of your Personal Information outside of the country in which you reside may subject your Personal Information to laws of other jurisdictions that may be different from the laws of the country in which you reside.
The App may contain links to third party services that are not under our control. We are not responsible for the collection and use of your information by any such services, and we encourage you to review their privacy policies. In addition, we are not responsible for the information collection, use, disclosure, or security practices of other organizations, such as Facebook, Apple, Google, Microsoft, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including in connection with any information you disclose to such other organizations through or in connection with the App.
You may opt to integrate the App with the Apple HealthKit™ database or a comparable data aggregation service. The App cannot read or provide information to the Apple HealthKit™ database or the comparable data aggregation service database without your explicitly granted permission. Please note, the information you provide directly from the Apple HealthKit™ App or a comparable data aggregation service (i.e., not through the App or the App Services) is governed by Apple’s terms and conditions and privacy notice or the applicable data aggregation service’s terms and conditions and privacy notice. CareDx is not responsible for the protection of data and information stored within the Apple HealthKit™ database or a comparable data aggregation service database. We strongly recommend you review the applicable policies, notice, and procedures before synching and backing up your Apple HealthKit™ data or other comparable data aggregation service data.
We keep your information for the length of time needed to carry out the purposes outlined in this Notice and to adhere to our policies on keeping records (unless a longer period is required by law). Our records policies reflect applicable laws. We will retain and use your information to the extent necessary to manage your relationship with us, personalize and improve your overall customer experience, and to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this Notice.
We may update this Notice from time to time by posting a new Notice within the App. We reserve the right to modify this Notice at any time, so we encourage you to review this page frequently. If we make a material change to our Notice, we will take reasonable steps to notify you, for example, by posting a banner or pop-up notice on the App. If you continue to use the App or the App Services after having been provided with such notice you will be deemed to have acknowledged the updated Notice.
If you have any questions about this Notice, please contact us by email at privacy@caredx.com or by calling us at +1-888-255-6627.