Last Updated: Aug 1, 2018
We may revise this Policy from time to time. All updates will be posted on this web page. If we make any material changes in the way your personal information is handled, we will notify you by email (sent to the email address specified in your account) or by means of a notice on our Websites prior to the change becoming effective.
TYPES OF PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
Depending on which of our Services are being used, or which individual (provider or patient) is involved, Fulgent processes and stores different combinations of personal information as set forth in this Policy.
PERSONAL INFORMATION COLLECTED FROM PATIENTS
Through our test order forms and based on and by virtue of the respective consent provided by the patient through his or her provider, we may collect and process personal information of a patient, including the following categories:
Such collected personal information is used to provide the Services and test results to the provider and to perform the billing. All the collected personal information of a patient will be stored for as long as stated in the applicable patient informed consent form. The personal information will be processed by Fulgent for the performance of the specific genetic analysis requested by the patient’s provider on the applicable Test Requisition Form, and for informing the patient’s provider of the results of such analysis, all on the basis of the consent provided by the patient. Fulgent will de-identify (pseudonymize) the personal information to the extent possible.
In the event a patient has consented to research, his or her personal information and remaining sample will also be stored and processed for up to 20 years for the further purposes specified in the applicable Informed Consent Form and/or Test Requisition Form, and may be retained in an anonymized form to support further research, development, and improvement of diagnostic methods and potential therapeutic developments. Research and development also helps Fulgent to improve its Services and build new Services and customized features or Services.
PERSONAL INFORMATION COLLECTED FROM PROVIDERS
In order to provide the Services requested (including billing, etc.), we will mainly collect and process the following personal information from providers:
All the provider personal information will be stored as long as Fulgent is providing Services to any of provider’s patients. Such provider personal information will be processed to inform the provider of the patient’s test results, any other requests from the provider, and for invoicing. All of such processing is for the purpose of performing a contract as between Fulgent and the provider to provide the Services.
We may also use the personal information to share marketing information about our Services, and to do so, we may process your contact information or information about your interaction with our Services to send you marketing communications, provide you with information about events, webinars, or other materials, deliver targeted marketing to you, and, keep you updated about our Services. You can opt-out of our marketing activities at any time by using the “unsubscribe” link in any email communications or by contacting firstname.lastname@example.org.
PERSONAL INFORMATION COLLECTED FROM VISITORS TO FULGENT WEBSITES
Generally, individuals are able to visit www.fulgentgenetics.com (“Main Website”) without disclosing personal information, except as may be necessary to provider a product or service at his or her request. Data are collected from the Main Website only to the extent technically necessary. For example, in some cases we may recognize personal data like the IP address as well as non-personal data like the name of the visitor’s Internet service provider, the website from which the visitor came to our Main Website, the pages that the visitor views on the Main Website, and what the visitor clicks on any given page. This data could possibly identify an individual, but Fulgent does not use it to do so.
“Do Not Track”: Some browsers incorporate a "Do Not Track" (DNT) or similar feature that signals to digital services that a visitor doesn’t want to have their online activity tracked. Because there is not yet an accepted standard for how to respond to DNT signals, we and our service providers (like many digital service operators) do not respond to DNT signals.
Please see other sections of this Policy for descriptions of what is collected upon registration for our Patient Portal or our Provider Portal.
PERSONAL INFORMATION COLLECTED FROM JOB APPLICANTS
If you apply for a position with Fulgent through our Careers Page, we will collect your resume, contact information, employment and education history, and other related information. We may also receive information from references you identify and other third parties (for instance, background checks where permitted by applicable law).
PERSONAL INFORMATION PROVIDED VOLUNTARILY
We collect any personal information that you voluntarily provide to use, such as inquiries through our Main Website, information you provide about your business, etc., and is used only for the purpose of addressing the request received. In cases where social media services may be used, we do not have any influence on the storage and processing of providing personal information via the respective social media service. You are encouraged to review those privacy policies before sending Fulgent personal information via a social media service.
INFORMATION WE SHARE
Fulgent may disclose your personal information as follows:
HOW WE USE AND DISCLOSE DE-IDENTIFIED, ANONYMIZED OR PSEUDONYMIZED INFORMATION
“De-identified” or “pseudonymized” information is data we have stripped of your personally identifiable information, such as your name, address, or birthdate. We retain the ability to re-identify such information. “Anonymized” information is when personal information is stripped of all identifiers and cannot reasonably be linked back to you.
We may use “de-identified” or “pseudonymized” information for various purposes, including:
To the extent we have relied on your consent to process such de-identified personal information in relation to the above, you may withdraw your consent to participate at any time by contacting us at email@example.com. Fulgent will not include any such de-identified personal information in new research commencing within 30 days from the receipt of your request. Any research involving your data that has already been performed or published prior to the receipt of your request will not be reversed, undone, or withdrawn.
Our Websites are directed towards adults and are not designed for, intended to attract, or directed towards children under the age of 16. If you are under the age of 16, you must obtain the authorization of a responsible adult (parent or legal guardian) before accessing or using our Websites. If we become aware that we have collected any personal information from children under 16 without appropriate authorization, we will promptly remove such information from our databases.
You agree that you have provided notice to, and obtained consent from, any third party individuals whose personal information you supply to us, including with regard to (a) the purposes for which such third party’s personal information has been collected; (b) the intended recipients or categories of recipients of the third party’s personal information; (c) which of the third party’s information is obligatory and which information, if any, is voluntary; and (d) how the third party can access and, if necessary, rectify the information held about them.
Our Websites may contain links to external websites. Fulgent does not maintain these sites and is not responsible for the privacy practices of sites that it does not operate. Please refer to the specific privacy policies posted on these sites.
INFORMATION ACCESS, UPDATES, AND CHOICE
You can update, amend or delete your account information and preferences at any time by logging into your Provider Portal or Patient Portal Account or by contacting us at firstname.lastname@example.org.
All Fulgent email correspondence will include instructions on how to update certain personal information and how to unsubscribe from our emails and postal mail correspondence. Please follow the instructions in the emails to notify Fulgent of changes to your name, email address, and preference information.
Fulgent will take reasonable steps, such as confirmation emails, to verify your identity before granting access to your personal information.
For individuals residing in the European Economic Area (EEA), Switzerland or the United Kingdom (collectively, the “Designated Countries”) at the time of data collection, please refer to the section below captioned, “NOTICE TO INDIVIDUALS LOCATED IN THE EUROPEAN ECONOMIC AREA OR SWITZERLAND”.”
We store your personal information for as long as we need it to provide you our Services, to serve the purpose(s) for which your personal information was processed, or as necessary to comply with our legal obligations, resolve disputes, or enforce our agreements to the extent permitted by law. While retention requirements can vary by country, we generally apply the retention periods noted below.
We store information used for marketing purposes indefinitely until you unsubscribe. Once you unsubscribe from marketing communications, we add your contact information to our suppression list to ensure we respect your unsubscribe request. Also, we retain any information collected via cookies, clear gifs, flash cookies, webpage counters and other technical or analytics tools up to one year from expiry of the cookie or the date of collection. If you have any questions about our retention periods, please feel free to contact us at email@example.com.
We use reasonable technical, administrative and physical measures to protect information contained in our system against misuse, loss or alteration. Information that you provide through our Websites is encrypted using industry-standard Secure Sockets Layer (SSL) technology, with the exception of information you send via email. Your information is processed and stored on controlled servers with restricted access, and in compliance with the Security Rule of the Health Insurance Portability and Accountability Act of 1966 (HIPAA). Unfortunately, no method of electronic transmission is 100% secure, so we cannot ensure or warrant the security of any information you transmit to our Websites, and you do so at your own risk. Please do not submit any personal health information or credit card information via email.
Please recognize that protecting your personal information is also your responsibility. You should keep your username, password, ID numbers, or other access credentials secure as Fulgent cannot secure personal information that you release on your own or that you request us to release. If we receive instructions using your log-in information we will consider that you have authorized the instructions.
If you have any questions regarding this Policy or our privacy practices, you may contact us at:
4978 Santa Ana Ave., Suite 205
Temple City, CA 91780
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
We may store, process and transmit personal information in locations around the world, including locations outside of the country or jurisdiction where you are located. Such countries or jurisdictions may have data protection laws that are less protective than the laws of the jurisdiction in which you reside. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use our Services.
We transfer your personal information subject to appropriate safeguards as permitted under the applicable data protection laws. Specifically, when your personal information is transferred out of the Designated Countries, we have the required contractual provisions for transferring personal information in place with the third parties to which your information is transferred. For such transfers, we rely on legal transfer mechanisms such as Standard Contractual Clauses, or we work with US-based third parties that are certified under the EU-US and Swiss-US Privacy Shield Framework.
NOTICE TO INDIVIDUALS LOCATED IN THE EUROPEAN ECONOMIC AREA OR SWITZERLAND
THIS SECTION ONLY APPLIES TO USERS OF OUR SERVICES THAT ARE LOCATED IN THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM OR SWITZERLAND (COLLECTIVELY, THE “DESIGNATED COUNTRIES”) AT THE TIME OF DATA COLLECTION. WE MAY ASK YOU TO IDENTIFY WHICH COUNTRY YOU ARE LOCATED IN WHEN YOU USE SOME OF OUR SERVICES, OR WE MAY RELY ON YOUR IP ADDRESS TO IDENTIFY WHICH COUNTRY YOU ARE LOCATED IN.
Where we rely only on your IP address, we cannot apply the terms of this Section to any User or Customer that masks or otherwise obfuscates their location information so as not to appear located in the Designated Countries. If any terms in this Section conflict with other terms contained in this Policy, the terms in this Section shall apply to users in the Designated Countries.
|Section||Purposes of processing||Legal basis for processing|
||Processing is based on our contractual obligations under the Terms of Service, or to take steps at the request of the individual prior to entering into a contract.|
||Processing is based on our legitimate interest to better understand you, to maintain and improve the accuracy of the information we store about you, and to better promote or optimize our Services.|
||Processing is necessary for compliance with our legal obligations, the public interest, or in your vital interests.|
||Processing is based on your consent,as required under applicable law. In relation to 7(i) and 7(ii), to the extent the de-identified data is anonymized, it is not considered personal data and falls outside the General Data Protection Regulations (GDPR).|