This Privacy Notice (“Notice”) describes how CareDx, Inc. and its affiliates under common ownership and control (collectively, “CareDx” “we,” “us,” or “our”) may use and disclose the information we collect about you through the AlloCare™ App (the “App”), and the choices you have about how we use your Personal Information. “Personal Information” is any information that identifies you or that we can reasonably associate with or link to you.
The Notice applies to Personal Information that is collected or processed by us through the App, as well as the related products or services owned and operated by CareDx and made available in connection with the App, including wearable devices and digital platforms provided with the App (collectively, the “App Services”).
CareDx may have other privacy notices or policies that apply to certain specific situations, such as privacy notices that cover data processing activities on the CareDx website and your participation as a patient in clinical research studies sponsored by CareDx (to the extent applicable). Please refer to any such other privacy notice or policy where applicable, and not this Notice, to understand how we collect and process your Personal Information in those situations.
This Notice does not apply to Protected Health Information (“PHI”), as defined in the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended (“HIPAA”). For information regarding how we collect, use, and disclose PHI that we receive as a covered entity under HIPAA, please see our Notice of Privacy Practices. We may also maintain your PHI on behalf of other third parties subject to HIPAA, including, for example, physicians, hospitals, or medical facilities who are our CareDx customers. Where we maintain your PHI on behalf of any third party subject to HIPAA, we will maintain that information in accordance with applicable Business Associate Agreements that CareDx may enter into with each third party. If you have any questions about CareDx’s use or disclosure of your PHI in connection with the App or the App Services, you may contact us by using the information in the “How to Contact Us” section at the end of this Notice. Please note that this app is offered by CareDx as a service to individuals but you do not have to be a patient receiving health care services from CareDx in order to use the app. Whether we are required to do so under HIPAA or not, CareDx will treat all patient data it receives through the App Services as “PHI” protected by HIPAA.
We may collect several types of information from and about users of our App and App Services, including the following:
We may collect the categories of Personal Information listed above in the following manner:
We may use online identification technologies, such as cookies, web beacons, or pixels in connection with the App or App Services. These online identification technologies can be used to store registration information in an area of our App so that a user does not need to re-enter it on subsequent visits to that area. It is our intention to use these technologies to make navigation of our App easier for users, to facilitate efficient registration procedures (including remembering preferences), to better deliver tailored content to users, and for interest-based advertising purposes as described below. You may usually select certain your preferences in the device advertising settings or through the cookie settings offered on your device. If you select these settings, you may be unable to access certain parts of our App.
We may also use analytics providers which may set cookies or similar technologies in your mobile device browser. For example, we partner with Google Analytics for Firebase, which uses identifiers for mobile devices (including Android Advertising ID and Advertising Identifier for iOS), cookies, and similar technologies to track your interactions with the App. Google then collects that information and reports it back to us. This information helps us improve the App so that we can better serve users like you. You may usually opt out of Google Analytics for Firebase by selecting your preferences in the device advertising settings for mobile apps.
We may collect information about your activities in the App for use in providing you with advertising about products and services tailored to your individual interests. This section of our Notice provides details and explains how to exercise your choices.
We may use your information, including your Personal Information, for the following purposes:
In addition to those purposes listed above, we may use your information for any other purpose disclosed to you at the time of collection or that you have previously authorized. For example, if you, separately, choose to participate in any clinical studies, you will be asked to first review and sign an informed consent and authorization form (if applicable) (“Informed Consent”) for the study. By using the App and related App Services, you may also consent to the collection, use, and sharing of your information collected from and shared with the clinical studies as described in this Notice and as outlined in the Informed Consent, to the extent your Informed Consent permits the use and disclosure of your Personal Information in connection with the App and the App Services. To the extent anything in this Notice conflicts with the Informed Consent, the terms of the Informed Consent will control.
We only use sensitive personal information as described above to perform services reasonably expected by average customers and other users who request those services; to prevent, detect, and investigate security incidents; to prevent and prosecute fraudulent or illegal actions directed at us; for short-term, transient use; to perform services on behalf of the business; or to verify or maintain the quality or safety of a product, service, or device which we may own, control, or provide, or to improve, upgrade, or enhance such services or devices.
Subject to applicable laws, we may combine, aggregate, pseudonymize, de-identify or anonymize any of the information we collect from or about you. We may use information that does not personally identify you for any purposes, except where we are required to do otherwise under applicable law.
We may disclose your Personal Information to the following parties:
We may disclose information that does not personally identify you for any purpose, except where we are required to do otherwise under applicable laws.
We may disclose your Personal Information in exchange for valuable benefit or consideration to our business partners who offer products or services and/or research studies/opportunities jointly with CareDx, or to third parties or business partners who deliver marketing communications or products and services and/or research studies/opportunities that may be of interest to you, subject to any choices you have expressed. These disclosures may be deemed “sales” of Personal Information under applicable law. The following categories of your Personal Information may be disclosed or “sold” to these parties:
We do not knowingly sell Personal Information of individuals under the age of 16 or share their Personal Information for cross-context behavioral advertising.
Your preferences about how we use your information are important to us. If you are a registered user of the App, we offer the following choices that you can exercise with regard to your Personal Information:
If you are a resident of California, or a U.S. state in which a comprehensive privacy law similar to the California Consumer Privacy Act comes into effect after the Effective Date of this Privacy Notice, you may have one or more of the following rights. We will honor requests received to the extent required by the applicable law and within the time provided by law.
If you are a resident of California or a U.S. state in which a comprehensive privacy law similar to the California Consumer Privacy Act has come into effect since the Effective Date of this Privacy Notice, and you would like to exercise any of the above rights, please submit your request via our webform, email us at firstname.lastname@example.org, or call us at +1-888-255-6627.
For requests made in connection with the Right to Know, Right to Delete, and Right to Correct, please note:
You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with a signed written permission stating that the agent is authorized to make the request on your behalf. Your agent may contact us via the information provided in the “Exercising Your Rights” section to make a request on your behalf. If you are submitting a request through an authorized agent, we may, as permitted by law, require:
California Civil Code Section § 1798.83 permits California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. If you are a California resident, you may ask us to refrain from sharing your Personal Information with certain of our affiliates and other third parties for their marketing purposes. To make such a request, please use our webform, email us at email@example.com, or call us at +1-888-255-6627.
We do not currently respond to web browser “Do Not Track” (“DNT”) signals or other mechanisms that provide a method to opt out of the collection of information on the App. For more information about DNT signals, please visit http://allaboutdnt.com.
CareDx uses commercially reasonable physical, managerial, and technical safeguards that we designed to preserve the integrity and security of the Personal Information you provide to CareDx. We cannot, however, ensure or warrant the security of any information you transmit to CareDx, and you do so at your own risk. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to our App Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Protecting the privacy of minors is especially important. CareDx does not knowingly collect Personal Information from children under the age of sixteen (16) through the App or App Services, and our App or Services is not intended to be used by children under the age of sixteen (16). If we learn that a child under the age of sixteen (16) has provided us with Personal Information, we may delete it. Moreover, anyone under eighteen (18) years old should seek their parent or guardian’s permission prior to using or disclosing any Personal Information through our App or App Services. A parent or guardian of a CareDx patient under the age of sixteen (16) may register as a user of the App or App Services but is not authorized by CareDx to permit the child to use the App or App Services. If you, as a parent or guardian, become aware that your child has directly provided us with Personal Information and desire for us to delete or destroy such information, please contact us as instructed in the “How to Contact Us” section at the end of this Notice.
We may use or process your Personal Information in the United States or any other country in which we or our service providers operate. Because we operate with a technical infrastructure that is located in the United States, we may need to transfer your Personal Information to the United States for storage and as may be otherwise necessary, consistent with the terms of this Notice. Our use and storage of your Personal Information outside of the country in which you reside may subject your Personal Information to laws of other jurisdictions that may be different from the laws of the country in which you reside.
The App may contain links to third party services that are not under our control. We are not responsible for the collection and use of your information by any such services, and we encourage you to review their privacy policies. In addition, we are not responsible for the information collection, use, disclosure, or security practices of other organizations, such as Facebook, Apple, Google, Microsoft, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including in connection with any information you disclose to such other organizations through or in connection with the App.
You may opt to integrate the App with the Apple HealthKit™ database or a comparable data aggregation service. The App cannot read or provide information to the Apple HealthKit™ database or the comparable data aggregation service database without your explicitly granted permission. Please note, the information you provide directly from the Apple HealthKit™ App or a comparable data aggregation service (i.e., not through the App or the App Services) is governed by Apple’s terms and conditions and privacy notice or the applicable data aggregation service’s terms and conditions and privacy notice. CareDx is not responsible for the protection of data and information stored within the Apple HealthKit™ database or a comparable data aggregation service database. We strongly recommend you review the applicable policies, notice, and procedures before synching and backing up your Apple HealthKit™ data or other comparable data aggregation service data.
We may update this Privacy Notice from time to time by posting a new Privacy Notice within the App. We reserve the right to modify this Notice at any time, so we encourage you to review this page frequently. If we make a material change to our Privacy Notice, we will take reasonable steps to notify you, for example, by posting a banner or pop-up notice on the App. If you continue to use the App or the App Services after having been provided with such notice you will be deemed to have acknowledged the updated Privacy Notice.
If you have any questions about this Privacy Notice, please contact us by email at firstname.lastname@example.org or by calling us at +1-888-255-6627.