Effective date: June 1, 2024
This Privacy Notice (“Notice”) describes how CareDx, Inc. and its affiliates (collectively, “CareDx” “we,” “us,” or “our”) may collect, use, and disclose any information that identifies you or that we reasonably can link to information that identifies you or your household (“Personal Information”) which we collect from visitors to the CareDx Website, from other consumers, from conference attendees, customers, and business partners, as well as your choices and rights relating to your Personal Information. The “CareDx Website” means the website, www.CareDx.com, any website operated by or on behalf of CareDx that links to this Notice.
This Notice does not apply to Protected Health Information (“PHI”), as defined in the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended (“HIPAA”). For information regarding how we collect, use, and disclose PHI that we receive as a covered entity under HIPAA, please see our Notice of Privacy Practices. We may also maintain your PHI on behalf of other third parties subject to HIPAA, including, for example, physicians, hospitals, or medical facilities who are our CareDx customers. Where we maintain your PHI on behalf of any third party subject to HIPAA, we will maintain that information in accordance with applicable Business Associate Agreements that CareDx may enter into with each third party.
Information You Provide. We collect the Personal Information you provide to us when you access or use the CareDx Website, such as when you create an account on the CareDx Website, use a feature on the CareDx Website, contact us with a question, comment, or request in connection with the CareDx Website or our products and services (collectively, the “Services”), or interact with us at an industry conference. The categories of Personal Information that we collect include the following:
Information We Receive from Third Parties. We may receive information about you from third parties, including public and private databases, providers of demographic information, healthcare professionals, hospitals, or similar healthcare providers, or other users with whom you are connected via the Services. For example, we receive Personal Information, including
Information We Collect Automatically. When you access and use the CareDx Website, we and our third-party service providers may collect information, including usage and technical data, automatically from your device, including, for example:
Subject to applicable laws, we may combine any of the information we receive about you with Personal Information we obtain from third parties such as healthcare professionals, hospitals, or similar healthcare providers or their representatives who may use patient-related products and services that we make available to them.
We do not collect sensitive categories of Personal Information, such as precise geolocation data, account usernames and passwords, information about your race, political views, religious views, or health conditions or other protected classifications (“Sensitive Personal Information”), without obtaining your consent if required by law. We only use Sensitive Personal Information to perform services reasonably expected by average customers and other users who request those services; to prevent, detect, and investigate security incidents; to prevent and prosecute malicious, fraudulent or illegal actions directed at us; for short-term, transient use; or to verify or maintain the quality or safety of a product, service, or device which we may own, control, or provide, or to improve, upgrade, or enhance such services or devices.
Depending on your purpose for accessing CareDx Website, we may collect, use, or share your protected health information that you provide us for the purposes related to your treatment, your payment, or our healthcare operations. For information on how we collect, use, and disclose your protected health information, please see our Notice of Privacy Practices.
We may use online identification technologies, such as cookies, web beacons, or pixels in connection with the CareDx Website. These online identification technologies can be used to store registration information in an area of our site so that a user does not need to re-enter it on subsequent visits to that area. It is our intention to use these technologies to make navigation of our websites easier for visitors, to facilitate efficient registration procedures (including remembering preferences), to better deliver tailored content to visitors, and for targeted advertising purposes as described below.
We may also use site analytics providers which may set cookies in your browser. For example, we partner with Google Analytics, which uses Cookies to track your interactions with the CareDx Website. Google then collects that information and reports it back to us. This information helps us improve the CareDx Website so that we can better serve users like you. For information on how to opt out of Google Analytics tracking your online activity, visit https://support.google.com/analytics/answer/181881?hl=en.
If you are concerned about cookies, you may exercise certain preferences through the cookie settings offered on the CareDx Website. In addition, most browsers permit individuals to decline cookies. In most cases, you may refuse or delete one or more cookies and still access CareDx Websites, but the functionality of the CareDx Website may be impaired. After you finish using the CareDx Website, you may delete site cookies from your system if you wish. If you would like more information on how to opt out of cookies, please visit: http://optout.aboutads.info.
We may collect information about your online activities on the CareDx Websites for use in providing you with advertising about products and services tailored to your individual interests. This section of our Privacy Notice provides details and explains how to exercise your choices.
You may see certain ads on other websites because we participate in advertising networks. Ad networks allow us to target our messaging to users through demographic, interest-based and contextual means. These networks track your online activities over time by collecting information through automated means, including through the use of cookies, web server logs and web beacons. The networks use this information to show you advertisements that may be tailored to your individual interests. The information our ad networks may collect includes information about your visits to websites that participate in the relevant advertising networks, such as the pages or advertisements you view and the actions you take on the websites. This data collection takes place both on our websites and on third-party websites that participate in the ad networks. This process also helps us track the effectiveness of our marketing efforts.
To opt-out of targeted advertising, you can use the opt-out tools provided by the Network Advertising Initiative and the Digital Advertising Alliance.
We may use your Personal Information for the following purposes:
We use de-identified, aggregate, pseudonymized, or anonymized information to help us analyze the use of the CareDx Website. Where permitted by law, this Notice does not limit our use or disclosure of de-identified, aggregate, pseudonymous, or anonymous information, and we reserve the right to use and disclose such information to other third parties in our discretion.
We may disclose your Personal Information with third parties under the following circumstances:
Your preferences about how we use your information are important to us. We encourage you to contact us at the contact information set forth below to update or correct your information if it changes or if the Personal Information we hold about you is inaccurate. Please note that we may require additional information from you in order to verify your identity or honor your requests.
You may unsubscribe from our marketing or promotional emails. To do so, please email us at marketing@caredx.com or use the unsubscribe mechanism offered in our marketing emails or other communications as applicable. Please note that if you already have requested our products or services when you decide to unsubscribe, there may be a short period of time for us to update your preferences and ensure that we honor your request.
State-Specific Privacy Rights
If you are a resident of California, or a U.S. state in which a comprehensive privacy law similar to the California Consumer Privacy Act comes into effect after the Effective Date of this Privacy Notice, you may have one or more of the following rights. We will honor requests received to the extent required by applicable law and within the time provided by law.
We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to CareDx by your Personal Information, subject to the requirements of applicable law.
Disclosure, Selling, and Sharing of Personal Information
Within the last 12 months, we have disclosed the categories of Personal Information identified in the above section titled “Personal Information We Collect” for our business purposes. We list the categories of third parties to which we may disclose Personal Information in the above section titled “How and When We Disclose Your Information”.
As is common practice among businesses that operate Internet Web sites, we may disclose certain identifiers, information about the use of the CareDx Website, and inferences drawn about you to our analytics, advertising, and social media partners for their services. These disclosures may qualify as sales of Personal Information for valuable consideration or sharing of Personal Information for cross-context behavioral advertising under applicable law. However, we do not sell or share Personal Information covered by this Privacy Notice in exchange for monetary value. We also do not knowingly sell or share the Personal Information of individuals under 16 years of age.
Exercising Your Applicable State-Specific Rights
If you are a resident of California or a U.S. state in which a comprehensive privacy law similar to the California Consumer Privacy Act has come into effect since the Effective Date of this Privacy Notice, and you would like to exercise any of the above rights, please submit your request via our webform, email us at privacy@caredx.com, or call us at +1-888-255-6627.
For requests made in connection with the Right to Know, Right to Correct, and Right to Delete, please note:
If you choose to exercise any of the above privacy rights in applicable states, we will not discriminate against you by offering you different pricing or products, or by providing you with a different level or quality of services, based solely upon your request. However, in some circumstances, for example where you have requested a service that requires the use of your Personal Information, we may not be able to provide that service if you choose to delete your Personal Information.
Authorized Agent
You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with a signed written permission stating that the agent is authorized to make the request on your behalf. Your agent may contact us via the information provided in the “Exercising Your Applicable State-Specific Rights” section to make a request on your behalf. If you are submitting a request through an authorized agent, we may, as permitted by law, require:
Data Sharing for Direct Marketing Purposes (California)
California Civil Code Section § 1798.83 permits California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. If you are a California resident, you may ask us to refrain from sharing your Personal Information with certain of our affiliates and other third parties for their marketing purposes. To make such a request, please use our webform, email us at privacy@caredx.com, or call us at +1-888-255-6627.
We do not currently respond to web browser “do not track” signals or other mechanisms that provide a method to opt out of the collection of information across websites or other online services.
We may use or process your Personal Information in the United States or any other country in which we or our service providers operate. Because we operate with a technical infrastructure that is located in the United States, we may need to transfer your Personal Information to the United States for storage and as may be otherwise necessary, consistent with the terms of this Notice. Our use and storage of your Personal Information outside of the country in which you reside may subject your Personal Information to laws of other jurisdictions that may be different from the laws of the country in which you reside.
Protecting the privacy of young children is especially important. For that reason, CareDx does not knowingly collect personal information through the CareDx Website from persons 16 and under, and no part of the CareDx Website is directed to persons under 16. If you are under 16 years of age, then please do not use or access the CareDx Website at any time or in any manner. If we learn that we have collected Personal Information from a child less than 16 years of age, we will take the appropriate steps to delete this information. If you believe we have any information from or about a child under 16, please contact us using the information available in the “Contact Us” section at the end of this Notice.
The CareDx Website may include links to other websites whose privacy practices may differ from our practices. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy statement of any website you visit.
We will retain your Personal Information as long as we have a relationship with you. When deciding how long to keep your Personal Information after our relationship with you has ended, we take into account our legitimate business needs and our legal obligations, including, for example fraud prevention, dispute resolution, investigations, and enforcement of our Terms of Use.
CareDx uses commercially reasonable physical, managerial, and technical safeguards that we designed to preserve the integrity and security of the Personal Information you provide to CareDx. We cannot, however, ensure or warrant the security of any information you transmit to CareDx, and you do so at your own risk. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We may modify or update this Notice from time to time. If we update this Notice, we will notify you by posting a new privacy notice on this page. The date this Notice was last revised is identified at the top of the page. You are responsible for periodically visiting the CareDx Website and this Notice to check for any changes. If you continue to use our Services after having been provided with such notice you will be deemed to have acknowledged the updated privacy notice.
Please contact CareDx with any questions or comments about this Notice, your Personal Information, our third-party disclosure practices, or your consent choices at: privacy@caredx.com or call us at +1-888-255-6627.