Your Privacy at a Glance
You should read the entire Privacy Notice, but here are some important points you may find helpful.
What Data Do We Collect?
- Your basic contact information
- Information necessary to process any medical tests you or your doctor have requested
- Financial transaction information related to payment or insurance processing of your tests
When & How We Collect Your Data
You Provide Data
We Collect Data
You browse pages on our website(s)
You request more information about our services
You or your doctor complete a Testing Request Form (paper or electronic)
You complete and sign an Informed Consent Form (paper or electronic)
You call or email us
You receive emails from us
You opt-in for newsletters or marketing messages
You register as a user on one of our websites
You request email or text notifications of test results
You apply for a job with us
How We Use Your Data
- To operate our business and deliver services to our customers
- To help improve our websites
- To do research and development on new products and services
- To respond to your inquiries or provide you information you have requested
- To send you marketing messages (but only if you have requested them)
- Infrastructure: Amazon Web Services (AWS), Microsoft Azure
- Analytics: Google Analytics
- SaaS Applications: Salesforce, NetSuite, Celigo, Clarity LIMS, Zendesk, Jira (Atlassian), Workiva, Conga
- Communications: Microsoft Office 365
- Finance & Payments: InstaMed, Vantage, Bill.com, GlobalPay, Change Healthcare
- You can turn off cookies in your browser, but this may mean we won’t recognize you when you visit our site and some of our website pages may not function properly
Know Your Rights
- You have a right to know what information we hold about you
- You have a right to request deletion of the information we hold about you; however certain laws or regulations may require us to hold on to some data for a specific period of time
- If we cannot delete your data for any reason, you have a right to know why
- You have a right to receive a copy of your data in a format that will allow you to give it to another company
- You have a right complain about us
- Depending on where you live, the laws of your country, state, or province, may give you more detailed rights
If you continue to use this site, you will be assumed to have agreed to this Notice in its entirety, so please make sure you read and understand everything presented below.
Avellino Lab USA Inc. Privacy Notice
At Avellino Lab USA Inc., we and our affiliates and subsidiaries, (collectively referred to throughout this Notice as “Avellino”) are committed to responsible and respectful stewardship of the data in our custody, including your Personal Information.
To help you understand your rights and our responsibilities, we have created this Privacy Notice and it applies to your use of this website, as well as any other website or application (collectively, “Sites”) that refers you to this Notice. It also applies to any information you provide to us via email, postal mail, or over the phone.
This Privacy Notice must be read in conjunction with our Cookie Notice, our HIPAA Notice of Privacy Practices (for healthcare-related data), our Genetic Data Usage Notice, and supplemental notices that may apply to you if you are a resident of California or the European Union/European Economic Area. If you are applying to join the Avellino team, our Job Applicant Privacy Notice will also apply. All of those documents are incorporated into this Notice and will apply to our usage of your data as appropriate, so please make sure you read and understand them as well.
HIPAA Notice of Privacy Practices
Genetic Data Usage Notice
California Privacy Notice
EU/EEA Privacy Notice
Job Applicant Privacy Notice
Acceptance of Privacy Notices
By using our Sites, you signify your acceptance of this Privacy Notice. If you do not agree to the terms of this Privacy Notice, please do not use the Site.
Commitments & Responsibilities
Our Commitment and Responsibilities
If you are a visitor to our Sites, we act as a Data Controller of any of your Personal Information that you provide or that we gather automatically. As a Data Controller, we have a responsibility to decide how personal data is processed and to protect it from misuse. Avellino is committed to the responsible, respectful, and lawful stewardship of any data in our custody.
If you are a patient of a healthcare provider who utilizes our services for genetic testing, research, or diagnostics, we may be considered at Data Processor of your Personal Information. Under US healthcare regulations we may also be considered a Business Associate. As a Data Processor or Business Associate, we have a responsibility to use your Personal Information only for the purposes specified by the Data Controller or Covered Entity (e.g., your doctor), or for uses specifically permitted under applicable laws or allowed under your signed Informed Consent agreement, and to protect it for as long as it is in our custody.
It is your responsibility to read and make sure you understand this Privacy Notice.
If you are a business customer of Avellino, you need to review our agreements with you because they may have other details regarding how we process your data.
If you are an individual user of our Services, or a patient of healthcare provider who is using our services for testing, research, or diagnostics, you need to review the Testing Request Form and Informed Consent Form that you were provided – and signed – at the time of your testing sample collection because it may have additional details regarding how we process your data.
What Data We Collect & How We Collect It
When we refer to “Personal Information” or “Data” we mean any information that identifies, describes, relates to, or is reasonably capable of being associated with you as a uniquely identifiable individual person, including information that can be linked, directly or indirectly, with yourself of others in your household. Personal Information does not include information which has been irreversibly deidentified, anonymized, aggregated, or otherwise rendered incapable of being reassociated with your identifying information though reasonable means. “Personal Information” and “Data” may be used interchangeably throughout this Notice.
Data We Collect Directly From You
At various points during the provision of Services to you, we may request that you provide the following information:
- Contact information for business inquires or requesting physicians, such as name, email address, mailing address, or phone number;
- Patient identifying and contact information necessary for providing requested Services, such as a patient identification number or name, date of birth, patient mailing address, phone number or email address (and parent/legal guardian contact information where applicable);
- Patient clinical history information, such as current or suspected diagnoses, reasons for testing, family history of relevant diseases necessary for providing requested Services;
- Patient demographic information, such as ethnicity, gender assigned at birth necessary for providing requested Services;
- Genetic information and identifiable health information collected about you in connection with and necessary for providing requested Services, which is governed by the applicable Informed Consent you agreed to at the time of sample collection and our Genetic Data Usage Notice;
- Payment or financial information, such as credit card or other payment card information, bank account information, billing addresses, or other information necessary when you purchase services from us;
- Health insurance information, such as insurance provider-issued ID number (where applicable), government-issued health insurance ID number (where applicable) so that we may request or receive payment;
- Signatures (including digital signatures) on Informed Consent forms, Healthcare Provider attestations, Ordering Physician attestations for our records, and to meet regulatory obligations;
- Support or follow-up information, or any other Personal Information you voluntarily provide to us in order to communicate with you or answer your questions, such as through the “Contact Us” page or when you communicate with us, including any files or attachments you send us;
- Job Application information, if you apply for a position with us through our Site (see the Job Applicant Privacy Notice).
- If you are using our Sites, we may also collect information about your usage of our Sites via cookies, website analytics, capturing server logs (see our Cookie Notice).
How & Why We Use Your Data
Data protection laws require that we only use your Personal Information for certain reasons and where we have a legal basis for doing so. Here are the reasons for which we process your Personal Information.
General Business Operations: This includes operating our Sites (logging in and authenticating users) and processing payments. Legal Basis: Entering or Performing a Contract; Legitimate Interests
Providing our Services: We process your Personal Information to provide you with our services that you request. We share this information with third-party service providers upon your request, or our service providers or partners to the extent necessary to provide you with our Services. We cannot provide you with Services that you have requested without processing your Personal Information. Legal Basis: Entering or Performing a Contract; Legitimate Interests
Communicating with You:
- Health-Related Communications: If you are a healthcare provider or patient requesting our products or services, we may contact you for information about research opportunities, clinical trials, or clinical treatments directly related to the services, for you or your patients, when appropriate. Legal Basis: Entering or Performing a Contract; Consent
- Account-Related Communications: When you sign up for our services, we will use your contact information to send administrative or account-related information to you to apprise you about our services. We consider these required operational messages, therefore even if you have unsubscribed from our marketing communications you may receive these messages as they may be required by law, essential to the functioning or security of your account, or otherwise reasonably required. Legal Basis: Entering or Performing a Contract; Legal Requirements; Legitimate Interests
- Marketing Communications: If you subscribe to our newsletters, we will use your name and email address to send them to you. Specifically, we may process your contact information and information about your interactions with our services to: (i) send you marketing communications; (ii) provide you with information about events, webinars, or other materials; (iii) deliver targeted marketing to you; and (iv) keep you updated about our services. You can opt-out of our marketing activities at any time and free of charge. If you do not wish to receive such communications from us, you may follow the instructions in these communications to “unsubscribe,” or contact us at email@example.com. Legal Basis: Consent
- Responding to You: When you contact us, such as with questions, concerns, feedback, disputes or issues, we process your Personal Information to respond to you or to ensure your continued ability to use and enjoy our services. Legal Basis: Entering or Performing a Contract
- Maintaining and Securing our Services: We may process any of your Personal Information to: (i) combat spam, malware, malicious activities, or security risks; (ii) improve and enforce our security measures; (iii) to monitor and verify your identity so that unauthorized users do not access your account with us; and (iv) generally maintain and secure our Site and services. We cannot ensure that our Site works as intended and in a secure manner if we do not process your Personal Information for these purposes. Legal Basis: Entering or Performing a Contract; Legitimate Interests
- Legal Purposes: We may process any of your Personal Information to: (i) monitor, investigate, prevent, and mitigate any alleged or actual prohibited, illicit, or illegal activities on our services; (ii) investigate, prevent, or mitigate violations of our terms, agreements, or policies; (iii) enforce our agreements with third parties and partners; and (iv) comply with applicable laws, such as business, privacy, employment and recruitment laws. We cannot perform our services in accordance or compliance with our terms, agreements, or policies or applicable laws without processing your Personal Information for such purposes. Legal Basis: Legitimate Interests
- Improving our Services: To continue to provide you with our innovative services, we may collect information about the way you use and interact with our Site for research and development purposes. Research and development help us improve our services and build new services and customized features or services. We take additional security measures when processing your personal information for such purposes, by de-identifying or pseudonymizing your information, limiting access to personnel that may conduct research and development, and applying other technical, physical, and administrative security measures. Without processing your Personal Information for such purposes, we cannot guarantee your continued enjoyment of part or all of our services. Legal Basis: Entering or Performing a Contract; Legitimate Interests
How We Share Your Data
We may disclose your Personal Information in the following circumstances to the extent permitted under applicable law:
- Health-Related Disclosures. If you are a patient, when you provide your email address or other contact information, we may share that Personal Information with a physician who performs the DNA test, and that physician may contact you about your interest in the DNA test.
- Vendors/Service Providers. We may share your Personal Information under confidentiality agreements with other companies that work with, or on behalf of, us to provide products and services. These companies may use your Personal Information to assist us in our operations. However, these companies do not have any independent right to share this information.
- Legal Disclosures. We may provide information about you to respond to subpoenas, court orders, legal process, or governmental regulations, to establish or exercise our legal rights or defend against legal claims, or where we believe it is necessary to share information in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law.
- Mergers and Acquisitions. We may share your Personal Information with other business entities in connection with the sale, assignment, merger, or other transfer of all or a portion of our business to such business entity. If as a result of this activity there are any substantive changes to our practices regarding your Personal Information, you will be provided with notice and an opportunity to object.
How We Secure Your Data
We have taken steps to implement security measures intended to prevent your Personal Information from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. We have put in place procedures to deal with any suspected breaches related to your Personal Information and will notify you, and any applicable regulator, of a breach where we are legally required to do so. The measures we have taken are reasonable and reflect current industry practices, however no security measures are guaranteed to prevent a security breach from occurring and while we have attempted to minimize risk, it is impossible to eliminate it completely.
Children’s Privacy Protection
Under Age 13
Our Site is not designed for, or intentionally targeted at, children under 13 years of age. It is not our policy to intentionally collect or maintain information about anyone under the age of 13. No one under the age of 13 should submit any Personal Information to us directly and we reserve the right to delete any data we suspect as being provided in violation of this policy. A parent or guardian, however, may request our Services on behalf of their child. Parents/guardians who have requested Services for their child must provide us with explicit and verifiable permission to process their children’s data. The parent or guardian assumes full responsibility for ensuring that the information that they provide to Avellino about their child is accurate and they may contact us at firstname.lastname@example.org to manage or delete their children’s Personal Information in accordance with the consent they agreed to at the time of the Service request. Please note, certain laws may require us to retain some information even if you have requested deletion; if we are unable to honor your request, we will provide you with an explanation regarding those requirements.
Under Age 18
Minors under 18 years of age may have the Personal Information that they have provided to Avellino Labs through the Site deleted by sending an email to email@example.com requesting deletion. Please note that, while we make reasonable efforts to comply with such requests, deletion of your personal information does not ensure complete and comprehensive removal of that data from all systems and certain laws may require us to retain some information even if you have requested deletion; if we are unable to honor your request, we will provide you with an explanation regarding those requirements.
Under applicable laws, you may have rights to access, update, rectify, receive a copy of your data in a format suitable for “porting” it to another provider, or erase certain personal information that we have about you. You may also be able to restrict data uses, or object to certain uses of your personal information.
To submit a request to exercise any such rights, please contact us at firstname.lastname@example.org clearly describing your request. If you have such rights and your request complies with the requirements under applicable laws, we will give effect to your rights as required by law.
If you are located in the European Union or European Economic Area, the UK, or Switzerland, please also see our EU/EEA Privacy Notice for more information.
If you are a resident of California, please also see our California Privacy Notice for more information.
Changes to this Notice
This Privacy Notice, and the supplemental notices referenced above, may be revised from time to time as we add new features and services, as laws change, and as industry privacy and security practices evolve. We display the date on which each notice is considered effective in order to help you know when such changes may have occurred. If we make any changes to our notices that substantially impact your rights, we will provide you with notice as required by applicable laws. Small changes that do not adversely affect individual privacy interests may be made at any time without prior notice.
Throughout our Sites we may provide links to other websites or services. We provide those links for your convenience and, unless otherwise stated, we do not endorse the information provided on those websites, and we do not control their privacy or security practices. If you follow any links from this site, you do so at your own risk and you should familiarize yourself with their privacy and security practices before sharing any Personal Information.
Questions About This Notice
If you have any questions about this Notice, or any of the supplemental notices referenced above, please contact us:
Avellino Lab USA, Inc.
ATTN: Privacy Office
4300 Bohannon Drive
Menlo Park, CA 94025 USA