Genomic Focus Privacy Policy

Effective Date: August 29, 2023

Genomic Focus, LLC, including its subsidiaries and affiliates (referred to collectively as Genomic Focus, we or us ), is committed to protecting your privacy. This Privacy Policy (this Policy ) contains (1) general terms that apply to all of Genomic Focus s products and services, including the Genomic Focus Platform (collectively the Services ) and (2) terms that apply to specific Services (please see the relevant Service-Specific Policies section). This Policy describes how we collect, use, secure and share your personal information when you:

Access or use our various products or services;
Access or use our websites that link to this Policy ( Websites );
Interact with us, including by email, telephone, social media, and in person; or
Otherwise communicate with us.

We refer to our Websites, products, services, and interactions with you collectively as Services in this Policy.

This Policy, along with our HIPAA Notice of Privacy Practices, explains how we use and disclose our patients protected health infgenomicfocusptotp ormation ( PHI ) under the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ). PHI may include, but is not limited to, your genetic testing information and results. Where the terms of this Policy either increase the commitment Genomic Focus has made to an individual s privacy or grant additional rights to patients greater than those listed in the Notice of Privacy Policy Practices, the terms of this Policy will control how we use and disclose your PHI.

To the extent that any Service-Specific Policies conflict with the general terms of this Policy, the Service-Specific Policies will control how Genomic Focus uses or shares your personal information.

1. SEPARATE TERMS OF USE

This Policy is not a contract and does not create any contractual rights or obligations. Your use of the Services is governed by the Genomic Focus Terms of Use or other terms of use or contract linked to a particular Service.

2. POLICY UPDATES

Genomic Focus may revise this Policy from time to time. All updates to this Policy will be posted on the Websites. An updated Policy will supersede all previous versions. If we make any material changes to this Policy, we will notify you by email (sent to the e-mail address specified in your account) in addition to posting an updated Policy on our Websites. Your continued use of our Services after we have posted the updated Policy on the Websites constitutes your acceptance of such changes. Genomic Focus may also provide additional "just-in-time" notices or information about its data collection, use, and sharing practices in relation to specific Services.

3. TYPES OF PERSONAL INFORMATION WE COLLECT

This section lists the general categories of personal information we collect for the Services. See the Product Specific Policies section to learn more details for specific Genomic Focus products or services.

Throughout this Policy we use the term personal information to describe any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular person or household. Personal information includes, for example, PHI under HIPAA and personal data under the EU s General Data Protection Regulation. This Policy covers all personal information that we collect from you or on your behalf through our Services.

We may collect the following types of personal information:

Personal information provided by you. We collect any personal information that you voluntarily provide to us, such as health information you provide to us.
Communications between you and Genomic Focus. We collect personal information you submit when contacting us (such as your name and email address).
Registration information. When you register with Genomic Focus or create a user account to access our Services, we collect personal information, such as your name, date of birth, billing and shipping addresses, and contact information. We may use your registration information to provide Services to you.
Device information. When you use a mobile device (e.g., a tablet or smartphone) to access our Services, we may collect information about your device. We may collect information about your device s hardware, operating system or software, device name, unique device identifier, your mobile network information, and any other information about your device s interaction with our Services. Some features of the Services may not function properly if the use or availability of device identifiers is impaired or disabled.
Information about your use of the Services. When you browse our Websites, our system automatically collects information such as your web request, Internet Protocol ( IP ) address, browser type, browser language, domain names, referring and exit pages and URLs, platform type, pages viewed and the order of these page views, the amount of time spent on a page, the date and time of your request and one or more cookies that may uniquely identify your browser. We may collect this information through third-party analytics tools. This information is used to analyze trends, administer our Websites, improve the design of our Websites, and otherwise enhance our Services.
Cookies. We use technologies like cookies, web beacons, and pixel tags to gather information about how you are interacting with our Services, which may include identifying your IP address, browser type, and referring page.

4. CHILDREN'S INFORMATION

Our Websites are directed toward adults and are not designed for, intended to attract, or directed toward children under the age of 18. If you are under the age of 18, you must obtain the authorization of a responsible adult (parent or legal guardian) before using or accessing our Websites. If we become aware that we have collected any personal information from children under 18 without the authorization of a responsible adult, we will promptly remove such information from our databases.

5. USE AND SHARING PERSONAL INFORMATION

This section lists the general ways Genomic Focus uses and shares your personal information we collect for the Services. See the Product Specific Policies section to learn more details for specific Genomic Focus products or services.

Provide Services. We process your personal information to provide you with our Services. We share this information with third party service providers to the extent necessary to provide you with our Services.
Maintain legal and regulatory compliance. Certain laws or regulations apply to our Services that may require us to process your personal information. For example, we may process your personal information to fulfill our business obligations, ensure compliance with employment laws, or as necessary to manage risk as required under applicable law.
Ensure the security of the Services. We may process your personal information to combat spam, malware, malicious activities, or security risks; improve and enforce our security measures; and to monitor and verify your identity so that unauthorized users do not access your account with us.
Personalize your experience on our Websites. We may use cookies and similar tracking technology to keep track of your preferences (e.g., your language selection, time zones, etc.) so we can personalize your experience on our Websites.
Sale, Merger, or Bankruptcy. In connection with a bankruptcy, merger, acquisition or sale or other business transaction, involving all or a portion of our assets or business, user information will also be transferred as part of or in connection with the transaction.
Affiliates. Genomic Focus will share your personal information with our affiliates as necessary to provide the Services or with your consent where required by applicable law.

6. RETENTION

Because genetic testing is still an evolving science, we may store personal information provided to us in the context of performing genetic tests and delivering genetic testing services for as long as we need it to provide and improve our Services and to perform the activities described in this Policy, all to the extent permitted by law. This information remains subject to the protections of HIPPA, and the commitments in this Privacy Policy, for as long as we retain it.

7. SECURITY MEASURES

We use reasonable technical, administrative, and physical measures to protect information contained in our system against misuse, loss or alteration; and to secure information that we receive through our Services.

Please recognize that protecting your personal information is also your responsibility. You should keep your username, password, ID numbers, or other access credentials secure as Genomic Focus cannot secure personal information that you release on your own.

8. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

We may store, process, and transmit personal information in locations around the world, including locations outside of the country or jurisdiction where you are located. Our primary data processing activities occur within the United States. The United States and other countries where we process data may have data protection laws that are less protective than the laws of the jurisdiction in which you reside. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use our Services.

We transfer your personal information subject to appropriate safeguards as permitted under the applicable data protection laws.

9. NOTICE TO INDIVIDUALS LOCATED IN THE EUROPEAN ECONOMIC AREA, THE UNITED KINGDOM, OR SWITZERLAND

This Section only applies to users of our Services located in the European Economic Area, the United Kingdom or Switzerland (collectively, the Designated Countries ) at the time of data collection. If any terms in this Section conflict with other terms contained in this Policy, the terms in this Section shall apply to users in the Designated Countries. Lawful basis for processing your personal information. Below is a summary of our data processing activities and our lawful bases for processing data.

Purposes of processing	Legal basis for processing
o to provide our services to you and conduct related, compatible activities o to send service-related communications o to provide customer support o to enforce our terms, agreements, or policies o to ensure the security of our services o to share information with our service providers, business partners, and affiliates	Processing is based on our contractual obligations under the applicable contract.
o to personalize your experience on our Websites o to conduct research and product development o change of control	Processing is based on our legitimate interest to better understand you, to maintain and improve the accuracy of the information we store about you, and to better promote or optimize our Services.
o to maintain legal or regulatory compliance o responding to legal requests and preventing harm o safety and legal compliance	Processing is necessary for compliance with our legal obligations, the public interest, or in your vital interests.
o to conduct scientific, historical, or statistical research	Processing is based on your consent, as required under applicable law, or as otherwise permitted by laws governing scientific, historical or statistical research.
o to create anonymized or pseudonymized information or samples	Processing is based on your consent, as required under applicable law, or as otherwise permitted by laws governing scientific or historical research.

Marketing activities. Direct marketing includes any communications we send to you that are only advertising or promoting products and services. Transactional communications about your account or our Services are not considered direct marketing communications. We will only send you direct marketing communications by electronic means (including email or SMS) based on our legitimate interest or your consent. When we rely on legitimate interest, we will only send you information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. If you do not want us to use your personal information in this way, please click an unsubscribe link in your emails, or contact us at support@genomicfocus.com. You can object to direct marketing at any time and free of charge.

Individual rights. We provide you with the rights described below when you use our Services. When we receive an individual rights request from you, please make sure you are ready to verify your identity. Please be advised that there are limitations to your individual rights. We may limit your individual rights in the following ways: (i) where denial of access is required or authorized by law; (ii) when granting access would have a negative impact on other's privacy; (iii) to protect our rights and properties; and (iv) where the request is frivolous or burdensome. If you have questions, if you would like to exercise your rights under the applicable law please contact us at support@genomicfocus.com.

Right to withdraw consent. If we, or any third parties to whom we provide your personal information, rely on your consent to process your personal information, you have the right to withdraw your consent at any time. A withdrawal of consent will not affect the lawfulness of our processing or the processing by any third parties made before your withdrawal. In addition, your withdrawal of consent may not limit our, or the third parties further processing of personal information on another lawful basis, including where it is necessary for the performance of a contract; for us to comply with our legal obligations; where it protects your vital interests; or in limited circumstances where it is in our legitimate interests.
Right of access and rectification. If you request a copy of your personal information that we hold, we will provide you with a copy without undue delay and free of charge, except where we are permitted by law to charge a fee. We may limit your access if such access would adversely affect the rights and freedoms of other individuals. You may request to correct or update any of your personal information held by us.
Right to erasure (the right to be forgotten ). You may request us to erase any of your personal information held by us that: is no longer necessary in relation to the purposes for which it was collected or otherwise processed; was collected in relation to processing that you previously consented to, but later withdrew such consent; or was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing such as the conduct of scientific research or the establishment or defense of legal claims.
Right to object to processing. You may object to our processing at any time and as permitted by applicable law if we process your personal information on the legal basis of consent, contract, or legitimate interests. We can continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
Right to restriction. You have the right to restrict our processing of your personal information where one of the following applies:

You contest the accuracy of your personal information that is processed. We will restrict the processing of your personal information, which may result in an interruption of some or all of the Services, during the period necessary for us to verify the accuracy of your personal information.

The processing is unlawful and you oppose the erasure of your personal information and request the restriction of its use instead.

We no longer need your personal information for the purposes of the processing, but it is required by you to establish, exercise, or defend legal claims.

You have objected to processing, pending the verification whether the legitimate grounds of our processing override your rights.

We will only process your restricted personal information with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if or when the restriction is lifted.

Right to data portability. If we process your personal information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another data controller, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others.

Notification to third parties. If we share your personal information with third parties, we will notify them of any requests for rectification, erasure, or restriction of your personal information, unless this proves impossible or involves disproportionate effort.

Right to lodge a complaint. If you believe we have infringed or violated your privacy rights, please contact us at support@genomicfocus.com so that we can work to resolve your concerns. You also have a right to lodge a complaint with a competent supervisory authority situated in an EEA Member State of your habitual residence, place of work, or place of alleged infringement.

10. NOTICE TO CALIFORNIA RESIDENTS

This Section only applies to users of our Services that reside in the State of California. For purposes of this Section, the term "personal information" does not include information subject to HIPAA or the California Confidentiality of Medical Information Act. For example, this Section does not apply to genetic test records or to any data or medical records stored by Genomic Focus.

If you are a California Resident, you are entitled to certain privacy rights relating to your personal information. This section describes those rights and how you can exercise those rights.

Right to Know and Access Personal Information. You have the right to access and know what personal information we collect about you, and how we use, disclose, or sell such personal information. We do not "share" personal information as that term is used in the California Consumer Privacy Act.
Right to Request Deletion of your Personal Information. You have the right to request that we delete the personal information we have about you subject to certain limitations. If we do not delete your personal information for reasons permitted under applicable law, we will let you know the reason why.
Right to Correct Inaccurate Personal Information. You have the right to request that we correct inaccurate personal information that we maintain about you.
Right to Opt Out of Sale of your Personal Information. You may have the right to opt out of the sale or sharing of your Personal Data.

Non-Discrimination

We will not discriminate or retaliate against you for exercising any of your rights identified in this privacy policy.

Methods for Submitting Requests. If you wish to exercise any of these rights please email support@genomicfocus.com with the phrase California Privacy Rights in the subject line. You may also send a letter to us at Genomic Focus, LLC, Attn: Chief Privacy Officer, 11209 Grey Oaks Park Ter, Glen Allen, VA 23059. We will review your request and respond accordingly.

Identity Verification for requests. If you make a request related to personal information about you, you will be required to supply a valid means of identification as a security precaution. We will verify your identity with a reasonably high degree of certainty using the following procedure where feasible: we will match identifying information you provide when making the request to the personal information maintained by us, or use a third-party identity verification service. If it is necessary to collect additional information, we will use the information only for verification purposes and will delete it as soon as practicable after complying with your request. For requests related to particularly sensitive information, we may require additional proof of your identity.

Authorizing a Third Party to Make a Request. If you wish to authorize a third party to make a request on your behalf through an authorized agent, you must contact us directly and you or the third party acting on your behalf must provide a valid California power of attorney or comparable documentation of written permission from you and verification of your identity. Such power of attorney must meet the requirements of Probate Code sections 4000 to 4465. You may also make a privacy request on behalf of your minor child.

Additional disclosures
How We Collect Your Personal Information

We may have collected personal information about you from a variety of sources:

From You: When you set up your account or interact with us regarding your account, for billing and payment, for when you start, receive, or discontinue services, and when you otherwise interact with us or our representatives.
From Your Use of Our Website or Mobile Apps: We collect information about your visits and use of our website and mobile apps, including information through cookies and other logging technologies.

Categories of personal information we collect. Genomic Focus may have collected the following categories of personal information:

Identifiers, such as your name, date of birth and contact information. We use this information to provide you with our services, maintain your account, operate our business, and to otherwise communicate with you. We may provide this information to service providers and contractors or to other third parties as required by law.
Information Subject to Protection Under California Law, such as the Identifiers above, health insurance information, credit card number, or debit card number. We use this information to provide you with our services, maintain your account, and to otherwise communicate with you. We may provide this information to service providers, regulators or to other third parties as required by law.
Characteristics of Protected Classifications, such as your racial or ethnic origin and health information. For more information, please see the "Sensitive personal information" description below.
Sensitive Personal Information, such as your driver's license or government issued identification number, racial or ethnic origin.
Commercial Information, such as a record of products or services obtained or considered. We use this information to better understand your use of our services and for our internal business purposes. We may provide this information to service providers and contractors or to other third parties as required by law.
Professional Information, including information relating to your role as a representative or agent of a company or business, such as your work title and contact information. We use this to conduct business with you or your employer and provide you with services and otherwise communicate with you. We may provide this information to service providers and contractors or with other third parties as required by law.
Internet and Other Electronic Activity Information, such as your browsing history, search history, information about your interactions with our website, use our mobile apps, or interact with our digital advertisements. We may provide this information to service providers, contractors or to other third parties as required by law. We may collect the following internet and other electronic activity data:
Your Visits to Our Website or Mobile Apps: we collect information about visits to our website and mobile apps, such as the number of visitors and the number of users that click on certain links or use certain services. For some functionality we link usage information with the customer visiting the website.
Log Data: we receive information that is automatically recorded by our servers when you visit our website or mobile apps, including your Internet Protocol ("IP") Address.

Purpose for collecting or selling personal information. Your personal information may be collected or used for the purposes described in sections 5, 12, or 13 of this Policy, as well as for other purposes that may be described to you when we collect your personal information.

Categories of third parties with whom we share your personal information. Genomic Focus may share your personal information with the following categories of third parties:

To Third Parties to Fulfill Legal Obligations: From time to time, we may disclose your personal information with other parties as required pursuant to a valid legal warrant, subpoena, court order, or other legal or regulatory mandate, or as necessary for us to defend to assert legal claims.
To Third-Party Analytics Companies. We use selected third parties to collect data about how you interact with our website and apps. This information may be used to, among other things, improve the functionality of our website and services.
To Potential Business Partners. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
To Other Parties: From time to time, we may share your personal information to parties such as law enforcement or other government agencies when we, in good faith, believe you or others are acting unlawfully, when we believe it is necessary or appropriate to satisfy any law, regulation or other governmental request, to operate our business properly, to protect or defend our rights or the rights or well-being of our users, and when we believe disclosure is necessary or appropriate to protect the health and safety of our employees, other consumers, and the general public.

Retention

We retain your personal information based on legal requirements or business needs. Generally, we only retain personal information for as long as is reasonably necessary for our business purpose or as required by law. Information we retain remains subject to the protections of applicable law and the commitments made by Genomic Focus in this Privacy Policy.

Disclosing Aggregated and De-identified Data

We may share aggregated or de-identified, data and information derived from personal information with other entities for the purpose of performing activities that may help us provide and improve our products and services.

California Shine the Light Law

California residents may also request information from us once per calendar year about any personal information shared with third parties for the third party s own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To make such a request, please reach us at the contact information listed below. This request may be made no more than once per calendar year, and we reserve our right not to respond to requests submitted other than to the email or mailing addresses specified below.

11. DO NOT TRACK

Certain web browsers and other devices you may use to access the Websites may permit you to submit your preference that you do not wish to be tracked online. Like many websites, our Websites are not currently designed to recognize a Do Not Track signal from a web browser.

12. SERVICE-SPECIFIC POLICIES

The policies in this section apply to the Genomic Focus Platform

Joining Genomic Focus with a Member Account

Information Genomic Focus Collects
Your Health Records and Self-Reported Information

Genomic Focus is a technology service that allows you to upload copies of your health information and medical records ( Health Records ).

Genomic Focus consolidates and standardizes Health Records and Self-Reported Information and transforms them into digital data.

Account Information for Genomic Focus Account Creation & Maintenance

When you sign up for and use the Genomic Focus Service, we collect personal information from you for account creation and maintenance ( Account Information ). Such Account Information includes, as applicable or permitted under law, items such as your name, address, e-mail address, telephone number, your contact preferences, device identifiers, IP address, prior names, addresses, phone numbers, birth date, gender, race or ethnicity, medical or health plan record numbers, and information about your doctors, medical providers and health plans. We will let you know at the time of collection when it is optional for you to provide certain information, and when it is necessary to use certain Genomic Focus Services.

From time to time, Genomic Focus will send you emails that communicate information about your account or about products, Genomic Focus Services, or offers that may be of interest to you. When you open one of these emails or click on links within the email, we may collect and retain information about your interaction with the email to provide you with future communications that may be more interesting to you. You will have the option of opting out of email communications, except emails that Genomic Focus reasonably deems are required by law or necessary to prevent or mitigate a security or fraud risk, or to continue to provide you with the Service.

Records Collection and Sources. We collect personal information about you, including Health Records, using one or more of the following processes:

Asking you to identify the doctors, medical providers and institutions where you have received care;
You can also choose to obtain your own Health Records and upload them into your Genomic Focus account;
Other instances where you either choose to provide us with certain information or have us collect certain information on your behalf; and
From time to time we may collect new Health Records on your behalf.

Other Types of Information Genomic Focus Collects

Product Interaction and Feedback. We may collect responses to surveys that we invite you to complete, search queries within the Genomic Focus Services, and transactions you make regarding the Genomic Focus Services. We collect product interaction and feedback that you provide to us through our Service to provide you with the Genomic Focus Services, improve and enhance the Genomic Focus Services, and conduct research and analytics.

Other Information. We collect any other information you choose to include in communications with us, for example, when sending a message or submitting information through a web form.

How Genomic Focus Uses Your Information

Genomic Focus will use your information to create and manage your Genomic Focus account, and also for the following purposes:

To keep you posted on available clinical trials, products, Genomic Focus Services, software updates, and upcoming events. You can opt out of these communications in the manner designated in the specific communication, within your account or as otherwise in the manner provided to you.
To help us create, develop, operate, deliver and improve the Genomic Focus Services and, when necessary, for loss prevention and anti-fraud purposes and account and network security purposes.
To send important notices regarding Genomic Focus products, including changes to our terms, conditions, and policies. It is not possible to opt out of receiving this information as long as you continue to have a Genomic Focus account.
We analyze Health Records via machine learning and artificial intelligence to identify patterns.
When you ask us to delete your account, your Account Information, Self-Reported Information, and Health Records will be deleted and further access to your account and the Genomic Focus Services will not be possible, in accordance with applicable law.

Genomic Focus does not make decisions based solely on automated processing, including profiling, which have legal consequences for, or significantly affect, our users.

When Genomic Focus Shares Your Information

In addition to the sharing identified in Section 5 of this Policy, Genomic Focus may share data related to your usage of the Genomic Focus Platform including Account Information as follows:

To enforce any applicable terms of service.
With our research partners, such as academic researchers, clinical research organizations and sponsors that facilitate and/or provide clinical trials, real world evidence studies or similar research engagements, with your consent.

When you make a decision to share your data outside of Genomic Focus including Health Records the data practices under this Privacy Policy will no longer apply to the information held by that outside entity. We recommend that you review and determine you are comfortable with that entity s privacy policy prior to sharing your data (including Account Information and Health Records) outside of Genomic Focus.

In any circumstance where your consent is sought prior to Genomic Focus sharing personal information about you, you will be able to withdraw that consent at any time, provided we can individually identify you in such data. Such withdrawal of consent will apply only to new uses or disclosures of personal information about you within a reasonable amount of time after Genomic Focus has received the withdrawal or at such other time as required by applicable law.

Retention of Genomic Focus Health Records and Self-Reported Data: Because Genomic Focus accounts are voluntarily created by individuals, Genomic Focus will retain Health Records and Self-Reported Data for so long as an individual maintains an account with Genomic Focus.

Jurisdiction-Specific Provisions

a. Australia

If you are in Australia, the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy and the Product Specific Policies for Genomic Focus Services above.

We will only collect your Health Records from third parties if you give us your consent (for example, by requesting us to seek your Health Records from a third party) and the Health Records are reasonably necessary for one or more of the Genomic Focus Services, functions or activities, or as otherwise permitted to do so by law.

How we hold personal information about you. We use Google Cloud Services located predominantly in the United States.

We may disclose personal information about you to recipients outside of Australia, including within the United States.

Complaints. Please get in touch if you have any questions or complaints about how we collect, use or manage personal information about you. You can contact us using the contact information located in the Contacting Us section of this Policy. If you make a complaint, we will endeavor to respond within a reasonable period after the request is made, you have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC). Please note the OAIC requires any complaint to be made to us before you make a complaint to the OAIC. Further details about how to lodge a complaint with the OAIC can be found at https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us.

b. Canada

If you are in Canada, the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy and the Product Specific Policies for Genomic Focus Services above.

Personal information is maintained on our servers or those of our service providers and will be accessible by authorized employees, agents and representatives who require access for the purposes described in this Privacy Policy.

Your Rights. You may request access to or correction of personal information about you in our control as detailed in the Contacting Us section of the Privacy Policy. These rights are subject to certain exceptions and we may take steps to verify your identity before responding to your request.

We, our service providers and other parties with whom personal information about you may be shared as described in this Privacy Policy may process and store personal information about you outside of Canada, including in the United States and in other countries. While outside of Canada, personal information about you will be subject to applicable local laws, which may not afford the same level of protection to personal information about you as the laws in Canada.

c. European Union, United Kingdom, and Switzerland

Please see Section 9 of this Policy - Notice to Individuals Located in the European Economic Area, the United Kingdom, and Or Switzerland.

d. India

If you are in India, the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy and the Product Specific Policies for Genomic Focus Services above.

Sensitive Personal Information. Under local law, Sensitive Personal Information means passwords, financial information such as bank account, credit card, debit card or other payment instrument details, biometric data, physical or mental health details, sex life or sexual orientation, and/or medical records or history, biometric, genetic and gender related information, caste or ethnicity, religious or political affiliations and similar information, excluding information available in the public domain, or accessible by exercise of statutory rights under Indian laws.

Your Rights. To the extent provided by applicable laws and regulations, you may withdraw any consent you previously provided to us for certain processing activities, and correct or update personal information about you by contacting us as detailed in the Contacting Us section of the Privacy Policy. Where consent is required to process personal information, and you do not consent to the processing or if you withdraw your consent, we may not be able to deliver the expected Genomic Focus Services. Your request to withdraw your consent shall not (i) apply retrospectively; or (ii) require deletion of records required for statutory purposes.

e. Singapore

If you are in Singapore, the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy and the Product Specific Policies for Genomic Focus Services above.

Access. You have the right to access personal information about you, how we use it, and who we share it with. You can access the personal information you have made available as part of your account by logging into your account. If you believe we hold any other personal information about you, please contact us as detailed in the Contacting Us section of the Privacy Policy.

Correction. You have the right to correct any personal information about you that is inaccurate. You can access the personal information we hold about you by logging into your account. If you believe we hold any other personal information about you and that information is inaccurate, please contact us.

Our designated privacy officer for the purposes of compliance with the Personal Data Protection Act 2012 can be contacted at support@genomicfocus.com.

f. New Zealand

If you are in New Zealand, the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy and the Product Specific Policies for Genomic Focus Services above.

The New Zealand Privacy Act 2020 and Health Information Privacy Code 2020. Terms used in this section and not otherwise defined have the meaning given to them in the Privacy Act 2020 ( NZPA ), and the Health Information Privacy Code 2020 ( NZHIPC ).

If you are located in New Zealand, we will collect, store, use, retain, and disclose personal information about you (including your Health Records) in accordance with the requirements of the NZPA and NZHIPC, as applicable.

Storage of personal information. We store personal information that we collect using Google Cloud Services predominantly located in the United States. You acknowledge and agree that:

we may store, use, transfer and otherwise process personal information about you in countries other than New Zealand, including in the United States of America;
agencies to whom we may disclose personal information as set out in this Privacy Policy may store, use, transfer and otherwise process personal information about you in countries other than New Zealand, including in the United States; and
the laws of such countries may have different privacy and information protection requirements to those set out in the NZPA and NZHIPC.

Notifiable privacy breaches. We will comply with our obligations in the NZPA relating to notifiable privacy breaches, including our obligation to notify affected individuals as soon as practicable after we become aware that a notifiable privacy breach has occurred.

Your Rights. Where applicable, if you are located in New Zealand you have the following rights under the NZPA in relation to personal information we have collected about you; these rights are, to the extent required by the NZPA and subject to verification and any applicable exceptions:

Right to Access: You have the right to access any personal information that we hold about you.
Right to Correction: You have the right to request that we correct any personal information that we hold about you. We may be unable to change personal information that we hold that has been sourced directly from a third-party such as a medical provider. However, you are entitled to request the correction of any information you believe is incorrect, and request that we attach a statement of the correction sought to personal information about you.

To make a request in relation to the above rights, please contact us us as detailed in the Contacting Us section of this Policy. To fulfill your request, we will need to verify your identity and may ask for additional information and documents, which may include information previously provided. Only you, or someone legally authorized to act on your behalf, may make a request related to personal information collected about you. To designate an authorized agent, the authorized agent must provide sufficient information that allows us to reasonably verify that they have been authorized by you to act on their behalf.

g. Other locations around the world

If you live in another part of the world not specifically mentioned here, please contact us as detailed in the Contacting Us section of this Policy.