Effective Date: 2018-10-15
Myriad Website Privacy Notice
Myriad Genetics, Inc. is a leading molecular diagnostic company dedicated to saving lives and improving the quality of life of patients worldwide through the discovery and commercialization of novel, transformative diagnostic products and services across major diseases. Our first responsibility is to the patients and customers we serve and as part of that service, Myriad understands the importance of privacy and respects every patient's right to protected individual information.
This Website Privacy Notice ("Notice") applies to Myriad Genetics, Inc. and its subsidiaries, collectively ("Myriad" or "we"), and explains our information practices and the choices you can make about the way your Personal Data is collected and utilized throughout all Myriad-owned websites, domains, services, applications, and products ("Websites"). This Notice does apply to all Personal Data we collect and process about customers, suppliers and website visitors. We collect, use, disclose and otherwise process Personal Data that is necessary for the purposes identified in this Notice and as permitted by law, including the European General Data Protection Regulation ("GDPR").
|Personal Data||Personal Data means any information relating to an identified or identifiable natural person (data subject), e.g. a person who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, genetic, cultural or social identity of that natural person.|
|Processing Of Personal Data||Any operation or any set of operations concerning Personal Data, including in any case the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, dissemination by means of transmission, distribution or making available in any other form, merging, linking, as well as blocking, erasure or destruction of Personal Data.|
|Special Categories Of Personal Data||Any Personal Data that provides information on persons' religious or philosophical beliefs, race, political opinions, health, sexual life, genetic data, biometric data for the purpose of uniquely identifying a living person or membership of trade unions.|
|Data Subject (Or User)||Data Subject is any living individual who is using our website(s), including job applicants, health professionals, patients or potential patients, that use our website(s), and is the subject of Personal Data.|
|Data Controller||Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.|
|Data Processors (Or Service Providers)||Data Processor (or Service Provider) means any natural or legal person who processes the Personal Data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your Personal Data more effectively.|
|Cookies||Cookies are small files stored on your device (computer or mobile device).|
|GDPR||The European General Data Protection Regulation, (Regulation (EU) 2016/679). The GDPR is effective per 25 May 2018.|
Types of Data Collected
While using our websites, should you choose to contact us via email or online forms, or complete a Hereditary Cancer Quiz, or other personal/family history questionnaire, we ask you to provide us with certain personally identifiable information, including protected health information, which can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
- Personal or family health history
Should you choose to opt-in, we may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or the instructions provided in any email we send.
Job applicants who apply for a position with Myriad through our website(s) can submit Personal Data which may include contact information such as name, email address, mailing address, and phone number, the position of their interest, their qualifications and experience including job history and education, references, and any other information they choose to submit.
We also collect and process information on how our websites are accessed and used ("Usage Data"). This Usage Data includes information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our websites that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. This data is utilized to improve the value of our websites and to help make our websites more useful.
Like most websites, certain Myriad websites use persistent and session "cookies" to help us serve you better on future visits, help you avoid having to re-enter information, and help us improve the functions of our websites. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies do not contain or transmit any personally identifiable information from your computer to our websites. Should you choose to browse our websites without using cookies, if you do not want us to be able to recognize your computer, then you can prevent cookies from being saved by disabling cookies from our websites. Please note that it is possible that some features or services on our website may not fully function if cookies are disabled. The types of cookies used on our websites may include the following categories:
Strictly Necessary Cookies
These cookies are necessary for our websites to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of our sites will not then work.
Performance & Analytics Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our sites. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our sites, and will not be able to monitor its performance.
These cookies enable our websites to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Targeting (Marketing) Cookies
These cookies may be set through our sites by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Processing of Personal Data
Myriad processes the collected Personal Data for various purposes:
- To provide and maintain our Websites.
- To notify you about changes to our Websites.
- To allow you to participate in interactive features of our Websites when you choose to do so.
- To provide information on our products and services, including specific information regarding risk for hereditary cancer and options for clinical diagnostic testing.
- To provide customer support.
- To gather analysis or valuable information so that we can improve our Websites.
- To monitor the usage of our Websites.
- To detect, prevent and address technical issues.
- To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or inquired about unless you have not opted-in to receive such information.
- To manage job applications.
Legal Basis for Processing under the GDPR
If you are from the European Economic Area ("EEA"), Myriad's legal basis for Processing the Personal Data described in this Notice depends on the Personal Data we collect and the specific context in which we collect it.
We may process your Personal Data because:
- We need to perform a contract with you.
- To provide information or services you requested.
- You have given us your consent to process your Personal Data for the respective purposes.
- To comply with our legal obligations.
In addition, we may process your Personal Data on the basis of the legitimate interest of Myriad in providing your information on our Websites and to improve our Websites.
Retention of your Personal Data
Myriad retains your Personal Data only for as long as it is necessary for the purposes set out in this Notice. We retain and process your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies; for example, we retain Personal Data of patients as necessary to not only comply with clinical laboratory regulations, but also as useful to provide our clinical diagnostic testing services.
Myriad also retains your Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is processed to strengthen the security or to improve the functionality of our website, or we are legally obligated to retain this data for longer periods.
Transfer of Data
If you are located outside the United States and choose to consent to provide us your Personal Data, please note that we transfer the data, including Personal Data, to the United States and process it there. The level of data protection in the United States is considered not to be the same as in the EEA according to the absence of a respective adequacy decision of the EU Commission. Myriad ensures that such transfers are carried out in compliance with the applicable data protection laws and regulations. Any transfers to third countries outside the EEA are secured through appropriate contractual guarantees such as the EU Commission's Standard Contractual Clauses for transfers to the United States where applicable. You may request and receive a copy of such documents from us.
Disclosure of your Personal Data
If Myriad is involved in a merger, acquisition or asset sale, your Personal Data may be transferred to other parties involved.
Disclosure for Law Enforcement
Under certain circumstances, Myriad may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Myriad may disclose your Personal Data in the good faith belief that such action is necessary:
- To comply with a legal obligation by an authorized public authority
- To protect and defend the rights or property of Myriad
- To prevent or investigate possible wrongdoing in connection with our Websites
- To protect the personal safety of users of our Websites or the public
- To protect against legal liability
Security of your Personal Data
Consistent with applicable laws and requirements, including the GDPR, Myriad has put in place appropriate physical, electronic, and administrative safeguards to protect your Personal Data from loss, misuse, alteration, theft, unauthorized access, or unauthorized disclosure. We evaluate these safeguards on an ongoing basis to help minimize risks from new security threats as they become known.
We restrict access to Personal Data to personnel and third parties that require access to such information for legitimate, relevant business purposes. All our staff members, contractors and third parties who will have access to Personal Data on our instructions will be bound to confidentiality and we use controls to limit access to individuals that require such access for the performance of their responsibilities and tasks.
Your Data Protection Rights under the GDPR
If you are a resident of the EEA, you have certain data protection rights. Myriad aims to take reasonable steps to allow you to correct, amend, delete or limit the Processing of your Personal Data.
If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
Under the GDPR, you have the following data protection rights:
- Right of access
You have the right to obtain information as to whether we process your Personal Data and to receive a copy of your Personal Data retained by us as a Controller. In addition, you have the right to obtain certain information how and why we process your Personal Data.
- Right to rectification
You have the right to have your Personal Data amended or rectified where it is inaccurate and to have incomplete Personal Data about you completed.
- Right to erasure
You have the right to erasure of your Personal Data, inter alia, in the following cases:
- Your Personal data are no longer necessary in relation to the purpose for which they were collected and processed;
- Our legal grounds for the Processing of your Personal Data is consent, you withdraw your consent and we have no other legal ground for the Processing of your Personal Data;
- Our legal grounds for the Processing of your Personal Data is that the Processing is necessary for legitimate interests pursued by us or a third party, you object to our Processing and we do not have any overriding legitimate grounds;
- Your Personal Data have been unlawfully processed
- Your Personal Data must be erased to comply with a legal obligation to which we are subject.
- Right to restrict the Processing of your Personal Data
You have the right to restrict our Processing of your Personal Data in the following cases:
- For a period enabling us to verify the accuracy of your Personal Data where you have contested the accuracy of such Personal Data;
- Your Personal Data have been unlawfully processed and you request restriction of the Processing of your Personal Data instead of their erasure;
- Your Personal Data are no longer necessary in relation to the purpose for which they were collected and processed but the Personal Data are required by you to establish, exercise or defend legal claims; or
- For a period enabling us to verify whether our legitimate grounds override your interests where you have objected to the Processing of your Personal Data.
- Right to object to the Processing
You have the right to object to our Processing of your Personal Data, inter alia, in the following cases:
- Our legal grounds for the Processing is that the Processing is necessary for a legitimate interest pursued by us or a third party; or
- Our Processing is for direct marketing purposes.
- Right to data portability
You have the right to receive your Personal Data which you have provided to us and you have the right that we send your Personal Data to another organization (or ask us to do so if technically feasible) where our lawful basis for the Processing is your consent, or where the Processing is necessary for the performance of our contract with you and the Processing is carried out by automated means.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where Myriad relied on your consent to process your Personal Data.
Please note that we may ask you to verify your identity before responding to such requests.
If you are not satisfied with our use of your Personal Data or our response to any exercise of these rights, we kindly ask you to first contact our Data Protection Officer using the contact details set forth below or write to us at firstname.lastname@example.org.
You have the right to complain to a Data Protection Authority about our collection and Processing of your Personal Data. For more information, please contact your local data protection authority in the EEA.
Please note that we do no automated decision-making, including profiling concerning your Personal Data.
We may employ third party companies and individuals to facilitate our Websites ("Service Providers"), provide the Websites on our behalf, perform website-related services or assist us in analyzing how our Websites are used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or process it for any other purpose.
Links to Other Sites
Our Websites may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party's site. We strongly advise you to review the statement of every website you visit. We have no control over and assume no responsibility for the content, privacy statements or practices of any third party websites or services.
California Privacy Rights
California Civil Code Section § 1798.83 entitles California residents to request information concerning whether a business has disclosed personal information to any third parties for the third parties' direct marketing purposes. To make such a request, please contact email@example.com. Be sure to include your name and address. If you would like a response via email, please include an email address. Otherwise, we will respond by postal mail within the time required by law.
Our Websites do not address anyone under the age of 18 ("Child"). We do not knowingly collect and process personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with his or her Personal Data, please contact us. If we become aware that we have processed Personal Data from a Child without verification of parental consent, we take steps to remove that information from our servers.
Changes to this Notice
We may update our Notice from time to time. We will notify you of any changes by posting the new Notice on this page. We will let you know via email and/or a prominent notice on our Websites, prior to the change becoming effective and update the "effective date" at the top of this Notice. You are advised to review this Notice periodically for any changes. Changes to this Notice are effective when they are posted on this page.
Data Protection Officer:
The data protection officer in accordance with the General Data Protection Regulation is:
Ms. Alef Voelkner
Fox-On Datenschutz GmbH
51789 Lindlar/Köln, GERMANY
Phone: +492266 9015922
If you have any questions about this Notice or the practices of these Websites, please email us at firstname.lastname@example.org. You may also write to us at:
Attn: Privacy Officer
Myriad Genetics, Inc.
320 Wakara Way
Salt Lake City, UT 84108, USA