Privacy Policy - California

Alphadera Lab, LLC. (“Alphadera Labs,” “we” or “us”) is committed to protecting your privacy. This Privacy Policy (this “Policy”) describes how we collect, use, store, secure, and disclose your personal information when you access or use our website www.alphaderalabs.com, our Provider Portal, and our Patient Portal (collectively, the “Website”), and when you transmit information to us electronically or in hard copy in relation to our genetic testing, COVID-19 and other infectious disease testing, and related services (our “Services”).

This Privacy Policy only applies to the Websites and the Services described in the Websites. We have entered into COVID-19 testing services arrangements with various organizations, institutions, and agencies that impose additional requirements and restrictions in connection with how your health information may be used and shared. If you are receiving testing services through one of these organizations, institutions, or agencies (for example, Harris County) rather than directly through us, you may receive privacy information that is specific to the services arrangement (“Specific Notice”) in which case we will follow the requirements in the Specific Notice.

This Privacy Policy is in addition to and does not replace our Notice of Privacy Practices, which explains how we handle personally-identifiable health information under U.S. law, including the Health Insurance Portability and Accountability Act, as amended from time to time (“HIPAA”). Identifiable information collected from individuals in connection with all of our laboratory testing services is used and shared in accordance with our Notice of Privacy Practices, and in some cases additional privacy practices depending on the services provided, such as a Specific Notice or the EEA/UK/Switzerland Privacy Notice described below. In such cases, we will follow the practices with the most restrictive privacy protections applicable to your information.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, please see our EEA/UK/Switzerland Privacy Notice.

If you are a California resident, please see our California Privacy Notice. Please note that rights afforded under the California Consumer Privacy Act of 2018 do not apply to personally identifiable health information.

We may revise this Policy from time to time. All updates will be posted on this web page. If we make any material changes in the way your personal information is handled, we will notify you by email (sent to the email address specified in your account) or by means of a notice on our Website prior to the change becoming effective.

1. ACCEPTANCE OF THIS PRIVACY POLICY

Before you use our Services (whether you are a provider or a patient), please read the Alphadera Labs Terms of Service, and the Patient Portal Addendum, if applicable. By accepting the applicable Terms of Use, you agree with our privacy practices as described in this Policy. If you do not agree with the terms of this Policy, please do not access the Websites or use our Services.

1. TYPES OF PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT

Depending on which of our Services are being used, or which individual (provider or patient) is involved, Alphadera Labs processes and stores different combinations of personal information as set forth in this Policy.

2.1 PATIENTS' PERSONAL INFORMATION

We may collect, process, and generate individually identifiable personal information of patients, including the following categories either directly or through third parties (for example health care providers):

Personal details (including first and middle name, last name, birth date and/or age)

Family relationships (if applicable)

Address and other contact information

Gender

Ethnicity

Nationality

Disease

Symptoms and other medical information

Information on patient’s insurance (where provided)

Payment information for services (where provided)

Identifiable genetic information; and

Genetic test results and findings

This information is protected by HIPAA in the United States and we have described how we may use this information in our Notice of Privacy Practices. How we use health information protected by GDPR is described in our EEA/UK/Switzerland Privacy Notice. Such personal information is most commonly used for operation of our laboratory, for example to provide the Services and test results to the provider and to perform the billing. Personal information will be processed by Alphadera Labs for the performance of the specific laboratory tests requested by the patient’s provider on the applicable Test Requisition Form, and for informing the patient’s provider of the test results. Alphadera Labs will remove information that identifies you to the extent possible when using your personal health information in order to protect your privacy and in some cases we may de-identify your data in accordance with applicable law so it may be used for other purposes as described in this Privacy Policy.

As further described in our COVID-19 FAQs, we do not isolate human genetic material from our COVID-19 samples and therefore do not generate human genetic information from COVID-19 samples. The same is true for other forms of infectious disease testing that we perform, such as the flu. For the genetic tests that we perform, you may elect to consent to research at the time the test is requested. In the event a patient has consented to research, his or her personal information and remaining sample will also be stored and processed for up to 20 years for the further purposes specified in the applicable Informed Consent Form and/or Test Requisition Form, and may be retained in an anonymized form to support further research, development, and improvement of diagnostic methods and potential therapeutic developments. Research and development also helps Alphadera Labs to improve its Services and build new Services and customized features or Services.

2.2 PERSONAL INFORMATION COLLECTED FROM PROVIDERS

In order to provide the Services requested (including billing, etc.), we will collect and process the following personal information from providers:

Personal details (including name, address)

Phone and fax number

Business address and department

Email address

NPI

Payment information (where provided)

All the provider personal information will be stored as long as Alphadera Labs is providing Services to any of provider’s patients. Such provider personal information will be processed to inform the provider of the patient’s test results, any other requests from the provider, and for invoicing. All of such processing is for the purpose of performing a contract as between Alphadera Labs and the provider to provide the Services.

We may also use the provider personal information to share marketing information about our Services, and to do so, we may process your contact information or information about your interaction with our Services to send you marketing communications, provide you with information about events, webinars, or other materials, deliver targeted marketing to you, and, keep you updated about our Services. You can opt-out of our marketing activities at any time by using the “unsubscribe” link in any email communications or by contacting privacy@alphaderalabs.com.

2.3 INFORMATION COLLECTED FROM VISITORS TO OUR ALPHADERA LABS WEBSITE

Generally, individuals are able to visit the www.Alphadera Labs.com site without disclosing personal information, except as may be necessary to provide a product or service at his or her request. Data are collected from the Website only to the extent technically necessary. For example, in some cases we may recognize personal data like the IP address as well as non-personal data like the name of the visitor’s Internet service provider, the website from which the visitor came to our Website, the pages that the visitor views on the Website, and what the visitor clicks on any given page. This data could possibly identify an individual, but Alphadera Labs does not use it to do so.

Cookies: We use cookies and similar tracking technologies (such as web beacons, email tags, scripts, and device identifiers) to personalize your experience on our Website. Please see our Cookie Policy for more information on the types of cookies found on our Website and how to control cookies. If you reject cookies you may still use our Website, but your ability to use some features or areas of the Website (including the Patient Portal or Provider Portal) may be limited. Our servers automatically record information created by your use of our Website and we use visitor logs to compile anonymous statistics. The aggregate information is collected sitewide and contains anonymous website statistics and is not considered personal information.

“Do Not Track”: Some browsers have a “do not track” feature that allows you to tell websites that you do not want to have your online activities tracked. At this time, due to a lack of industry standards, we and our service providers do not respond to browser “do not track” signals.

2.4 PERSONAL INFORMATION COLLECTED FROM JOB APPLICANTS

If you apply for a position with Alphadera Labs through our Careers Page, you will be redirected to our service provider who will collect your resume, contact information, employment and education history, and other related information. We may also receive information from references you identify and other third parties (for instance, background checks where permitted by applicable law). You may see our service provider’s privacy policy at https://paycomonline.com/privacy/.

2.5 PERSONAL INFORMATION PROVIDED VOLUNTARILY

We collect any personal information that you voluntarily provide to us, such as inquiries through our Website, information you provide about your business, etc., and is used only for the purpose of addressing the request received. In cases where social media services may be used, we do not have any influence on the storage and processing of providing personal information via the respective social media service. You are encouraged to review those privacy policies before sending Alphadera Labs personal information via a social media service.

1. INFORMATION WE SHARE

Subject to the limitations described in our Notice of Privacy Practices, COVID-19 FAQs, and the EEA/UK/Switzerland Privacy Notice, Alphadera Labs may disclose your personal information as follows:

Our operations as a laboratory. Protected health information may be shared for treatment, payment, laboratory operations, and other purposes described herein and in our Notice of Privacy Practices and EEA/UK/Switzerland Privacy Notice, as applicable.

Our service providers, vendors, and other processors. We may share your personal information with our service providers or other vendors and processors that help us provide our Services to you. Such entities will be given access as is reasonably necessary to provide our Services, and only under contractual obligations that are at least as restrictive as this Policy and in compliance with applicable privacy laws. Agents, vendors, and service providers who may have access to protected health information and other special categories of personal data are contractually obligated to protect the privacy and security of such information pursuant to applicable laws. Your payment information is transmitted directly to our third party payment processor. We do not store any credit card information on Alphadera Labs servers.

Affiliated businesses. We may share your personal information with group companies and affiliates. Affiliated businesses may use your information to help provide, understand, and improve our Services and the affiliates’ own services. Protected health information collected from United States users and patients will not be shared outside the United States.

Change of control. We may share your personal information as part of a purchase, transfer, or sale of the Services or the company (for example, a corporate restructuring, merger or consolidation with, or sale of substantially all of our assets to a third party).

Targeted advertising third parties. We permit third party advertising networks and providers to collect information regarding usage of our website to help us deliver targeted online advertisements to you. They use cookies and similar technologies to gather information about your browser’s or device’s visits and usage patterns on our website and on other websites over time, which helps us to better personalize such advertisements to match your interests, and to measure the effectiveness of our advertising campaigns. No personal health information is ever shared with these third-party advertising service providers.

Safety and legal compliance. We may share your personal information if we believe that such disclosure is necessary to comply with any applicable laws, regulations, legal processes, or requests by public authorities (e.g., law enforcement, tax authorities, etc.); to protect you, us, or other users’ rights or property; or to protect our Services; or to comply with or enforce our terms, agreements or policies.

Your consent or express actions. We will share personal information when we have your consent to do so. Also, any information or content that you voluntarily disclose for posting in public areas of our Websites, such as blog comments or social media posts on our social media profiles, become available to the public.

Anonymous or aggregate data. We may share anonymized or aggregated information with any third parties. Such information is de-identified in accordance with applicable law, no longer reasonably identifies you, and is not considered personal information.

1. COVID-19 TESTING-SPECIFIC DISCLOSURES

COVID-19 has been designated a pandemic by the World Health Organization and is currently a public health crisis in the United States. We provide FDA emergency use authorized RT-PCR based testing for COVID-19 (“COVID Services”). For more information regarding how your health information and samples will be used and shared in connection with COVID Services, please see our COVID-19 FAQs.

The California Department of Public Health (CDPH) and other federal, state, and local health authorities have required that COVID-19 test results (“COVID Test Results”) be made available to health authorities for public health purposes. Results and related information may also be provided to Alphadera Labs’s contractors, the healthcare provider or your employer who ordered your COVID Services, the CDPH and other federal (e.g., the Centers for Disease Control and Prevention), state, and local health authorities. By agreeing to this Privacy Policy or a Specific Notice, you agree that your personal information and COVID Test Results will be made available to such parties, as set forth herein. The COVID Services are hosted and performed in the United States and are subject to applicable US laws, rules, and regulations. You understand and agree that the COVID Services are not appropriate or approved for use outside of the United States. Alphadera Labs will collect, process, use, store, transfer, and disclose your personal information, COVID Results, and any other information as set forth in this Privacy Policy and the Notice of Privacy Practices or the Specific Notice, if applicable.

In some cases, we provide COVID-19 testing and related technology services to employers in connection with workplace health and safety programs. In such cases, you will be notified by your employer that the testing is part of their workplace safety program. In these cases, your COVID-19 Test Results may be shared directly with your employer and the ways we may use and disclose your information may be further limited by the contract we have in place with your employer.

As with all of the personal information collected by Alphadera Labs, all of your COVID Test Results will be located and hosted on servers located in the United States.

1. HOW WE USE AND DISCLOSE DE-IDENTIFIED, ANONYMIZED OR PSEUDONYMIZED INFORMATION

“De-identified” or “pseudonymized” (under GDPR) information is data we have stripped of identifiers that can be reasonably used to identify you in accordance with applicable law. Our Notice of Privacy Practices does not apply to this de-identified information. We retain the ability to re-identify such information, and once re-identified your information, including your genetic information, will be subject to this Privacy Policy and other notices that apply to such identifiable data such as the Notice of Privacy Practices. Note that if you are in the EEA, United Kingdom, or Switzerland, pseudonymized data is always considered “personal data” and is handled according to our EEA/UK/Switzerland Privacy Notice. “Anonymized” information is when personal information is stripped of all identifiers and cannot reasonably be linked back to you and is not considered personal data under applicable laws.

We may use “de-identified” or “pseudonymized” information for various purposes, including:

To the extent we have relied on your express consent to process such de-identified or pseudonymized personal information in relation to the above (for example, if you are in the EEA, United Kingdom, or Switzerland), you may withdraw your consent to participate at any time by contacting us at privacy@alphaderalabs.com. Alphadera Labs will not include any such de-identified or pseudonymized personal information in new research commencing within 30 days from the receipt of your request. Any research involving your data that has already been performed or published prior to the receipt of your request will not be reversed, undone, or withdrawn.

For testing quality control and validation:

In accordance with regulatory requirements, we may de-identify, store and use patients’ samples and information for internal testing quality control, validation, genetic testing research and development. This is an important use for Alphadera Labs to maintain our high quality Services and to develop new Services.

For genetic testing services, we may also share de-identified patients’ samples and information for quality assurance and validation purposes. Such sharing is essential to maintaining the quality of genetic testing in testing laboratories in accordance with regulatory requirements.

For research purposes:

For infectious disease testing, we may contribute viral genetic variants that we have observed in the course of providing services to the Centers for Disease Control.

For genetic testing services, we may contribute de-identified human genetic variants that we have observed in the course of providing our Services to publicly available databases.

For genetic testing services, we may use or disclose de-identified patient information for general research purposes. This may include research collaborations with third parties, such as universities, hospitals, or other laboratories, in which we utilize de-identified clinical cases at the individual or in the aggregate, and we may present or publish such information. This may also include commercial collaborations with private companies for research purposes.

For COVID Services, please see our COVID-19 FAQs about how your health information may be used and shared. For COVID Services and other infectious disease testing, we do not extract your DNA and therefore, we have no genetic information with respect to these Services. Any samples related to COVID Services and other infectious disease testing are destroyed after results are delivered.

To the extent we have relied on your express consent to process such de-identified or pseudonymized personal information in relation to the above (for example, if you are in the EEA, United Kingdom, or Switzerland), you may withdraw your consent to participate at any time by contacting us at privacy@alphaderalabs.com. Alphadera Labs will not include any such de-identified or pseudonymized personal information in new research commencing within 30 days from the receipt of your request. Any research involving your data that has already been performed or published prior to the receipt of your request will not be reversed, undone, or withdrawn.

1. CHILDREN’S INFORMATION

Our Website is directed towards adults and is not designed for, intended to attract, or directed towards children under the age of 16. If you are under the age of 16, you must obtain the authorization of a responsible adult (parent or legal guardian) before accessing or using our Website. If we become aware that we have collected any personal information from children under 16 without appropriate authorization, we will promptly remove such information from our databases.

1. THIRD-PARTY INFORMATION

You agree that you have provided notice to, and obtained consent from, any third party individuals whose personal information you supply to us, including with regard to (a) the purposes for which such third party’s personal information has been collected; (b) the intended recipients or categories of recipients of the third party’s personal information; (c) which of the third party’s information is obligatory and which information, if any, is voluntary; and (d) how the third party can access and, if necessary, rectify the information held about them.

1. LINKED WEBSITES

Our Website may contain links to external websites. Alphadera Labs does not maintain these sites and is not responsible for the privacy practices of sites that it does not operate. Please refer to the specific privacy policies posted on these sites.

1. INFORMATION ACCESS, UPDATES, AND CHOICE

You can update, amend or delete your account information and preferences at any time by logging into your Provider Portal or Patient Portal Account or by contacting us at privacy@alphaderalabs.com.

All Alphadera Labs email correspondence will include instructions on how to update certain personal information and how to unsubscribe from our emails and postal mail correspondence. Please follow the instructions in the emails to notify Alphadera Labs of changes to your name, email address, and preference information.

Alphadera Labs will take reasonable steps, such as confirmation emails, to verify your identity before granting access to your personal information.

For individuals residing in the European Economic Area (EEA), Switzerland, or the United Kingdom (collectively, the “Designated Countries”) at the time of data collection, please refer to our EEA/UK/SWITZERLAND PRIVACY NOTICE. If you are a California resident, please refer to our CALIFORNIA PRIVACY NOTICE.

1. RETENTION

We store your personal information for as long as we need it to provide you our Services, to serve the purpose(s) for which your personal information was processed, or as necessary to comply with our legal obligations, resolve disputes, or enforce our agreements to the extent permitted by law.

We store information used for marketing purposes indefinitely until you unsubscribe. Once you unsubscribe from marketing communications, we add your contact information to our suppression list to ensure we respect your unsubscribe request. Also, we retain any information collected via cookies, clear gifs, flash cookies, webpage counters and other technical or analytics tools up to one year from expiry of the cookie or the date of collection. If you have any questions about our retention periods, please feel free to contact us at privacy@alphaderalabs.com.

1. SECURITY MEASURES

We have implemented reasonable technical, administrative and physical measures to protect information contained in our system against misuse, loss or alteration and to safeguard your personal information. Information that you provide through our Websites is encrypted using industry-standard Secure Sockets Layer (SSL) technology, with the exception of information you send via email. Your information is processed and stored on controlled servers with restricted access, and in compliance with the Security Rule of the Health Insurance Portability and Accountability Act of 1966 (HIPAA). Unfortunately, no method of electronic transmission is 100% secure, so we cannot ensure or warrant the security of any information you transmit to our Websites, and you do so at your own risk. Please do not submit any personal health information or credit card information via email.

Please recognize that protecting your personal information is also your responsibility. You should keep your username, password, ID numbers, or other access credentials secure as Alphadera Labs cannot secure personal information that you release on your own or that you request us to release. If we receive instructions using your log-in information we will consider that you have authorized the instructions.

1. SPECIAL NOTICES FOR INDIVIDUALS IN CERTAIN GEOGRAPHIC AREAS

We are located in the United States and process and store your information in the United States. If you are located outside the United States, your information will be transmitted to us in the United States. When we conduct such transfers, we rely on various legal bases to lawfully transfer your personal information from your country to the United States, including the European Commission-approved Standard Contractual Clauses. Our data protection laws may be less protective than the laws of the jurisdiction in which you reside. If you do not want your information transferred to or processed or maintained in the United States, you should not use our Services.

Individuals Located in the European Economic Area, the United Kingdom, or Switzerland. If you are located in the European Economic Area, the United Kingdom, or Switzerland, applicable data protection laws, including the General Data Protection Regulation (GDPR), give you certain rights. For more information, please see our EEA/UK/Switzerland Privacy Notice.

California Residents. Pursuant to the California Consumer Privacy Act of 2018 (CCPA), California residents are afforded certain additional rights regarding our use of your personal information (“CCPA Rights”). Please note that the CCPA Rights do not apply to personally identifiable health information. If you are a California resident, please see our California Notice.

Nevada Residents. Pursuant to Nevada law, you may direct a business that operates a website not to sell certain personal information the business has collected or will collect about you. Alphadera Labs does not sell your personal information. For information about your rights under Nevada law, please contact privacy@alphaderalabs.com.

1. CONTACT US

If you have any questions regarding this Policy or our privacy practices, you may contact us at:

Alphadera Labs

15355 Vantage Pkwy.,

Suite 195,

Houston, TX 77032

privacy@alphaderalabs.com