Patient Data Privacy Policy

This privacy policy describes how Variantyx Inc collects, uses and shares personal information of any patient of our services.

 

What data we collect

We collect personally identifiable information (PII) data that you or your doctor actively provide to us. This includes personal medical information that you provide to us for diagnosis. You may also provide us biological samples which we will interpret for you and your doctor.

How we secure your data

Variantyx is committed to protecting the information you provide us. To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of the information, Variantyx has in place appropriate technological and operational procedures to safeguard the information we collect.

To ensure your data is secure, Variantyx follows the following governmental standards 

  • For the United States, the Health Insurance Portability and Accountability Act (HIPAA)
  • For Europe, the General Data Protection Regulation (GDPR)
  • For Israel, the Privacy Protection Act (PPA)

Your personal (PII) data which is entered by you or your doctor and submitted before or with your bio-sample is stored in servers in the EU.  This data could include information like your name, address, billing address, and other medical and personal data.  

The bio-samples submitted by you or your doctor are mailed directly to a lab which is listed on the samples shipping label.  These labs are located in the United States. 

Once the bio-samples are processed and converted to digital information, that digital data is then processed and analyzed in the United States.

By providing us with personal information, you acknowledge the transfer of personal information to and in the United States and to the processing of personal information in the United States. You accept that the data from DNA samples will be stored in the United States.

How we use your information

Personal information and biological samples provided by you and your doctor for medical analysis will be used for diagnosis or billing purposes.  

In no case is the personal information provided by our users sold, licensed or otherwise shared by us with advertisers, sponsors, partners or other third parties. We do not sell or license DNA samples, DNA results, DNA reports or any other DNA information, to any third parties without your explicit informed consent, and we do not sell or license such information to insurance companies under any circumstances.

Variantyx does not disclose any of your personal information except in very limited circumstances which are set out below.

i) In limited circumstances: (a) if required by law, regulatory authorities, legal process or to protect the rights or property of Variantyx or other users (including outside your country of residence); (b) to enforce our Terms and Conditions; (c) to protect our rights, privacy, safety, confidentiality, reputation or property, and/or that of the Variantyx website, or others; (d) to prevent fraud or cybercrime; (e) to permit us to pursue available remedies or limit the damages that we may sustain; or (f) to investigate rare cases involving reported abuse of our Privacy Policy.

ii) In an acquisition of Variantyx: in the event that Variantyx, or substantially all of its assets or stock are acquired, transferred, disposed of (in whole or part and including in connection with any bankruptcy or similar proceedings), personal information will as a matter of course be one of the transferred assets.

iii) To third-party service providers: Under the protection of appropriate agreements, we use third parties to perform various tasks for us. For example, we use third party platforms to process payments from you or use a specialized DNA lab to extract, process and store your DNA samples. These third-parties are only given access to that information needed to perform their support functions, and are prohibited from using it for other purposes. With respect to processors outside the European Economic Area, we attempt to ensure adequate safeguards for your personal information, as required by applicable law.

Data retention

All patient data, including DNA sequencing data, is maintained in a secure digital storage in accordance with HIPAA standards. Patient data and results are stored for a term of 7 years. While your DNA sequence data can not be deleted during that time, you have the ability as a patient or guardian to request release of a copy of your or your child’s raw sequence data to yourself, your healthcare provider, or another third party via written consent. For more information, please see our Raw Sequence Data page.

Your control over your data

You may choose to restrict the collection or use of your personal information in the following ways:

Access/review/update Personal Information. If you become aware that personal information we maintain about you is inaccurate, incomplete, misleading, irrelevant or out of date, or if you would like to access, update or review your information, you may contact us using the contact information below.  We will attempt to provide the requested information or make requested changes to the extent allowable by applicable privacy or other laws. In any event, we will respond to you as soon as reasonably possible, to advise you of the outcome of your request.

Remove Personal Information. You may request the removal of previously provided personal information at any time using the contact information below. 

Please note that some of the above rights are limited by applicable information protection law and we have the right to collect, process and hold your personal information to perform our legal obligations (for example: data for billing). We may require you to provide additional information necessary to confirm your identity before we comply with any request made by you.

Your right of access can normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law, for instance where you request multiple copies of your information

How to get in contact with us

If you have any questions about this patient data privacy policy or wish to request access to and receive information about the personal information we maintain about you, have the information blocked or deleted, as appropriate, or oppose (in case of legitimate reasons) the processing carried out with respect to your personal information (note please that the right to access personal information may be limited in some circumstances), you can contact your doctor or contact Variantyx via our Contact Us page.

Updates to our privacy policy

We reserve the right to change this privacy policy at any time. When we make changes, we will post the changed privacy policy at this site and it will become effective immediately. Your continued access to or use of the Site represents your acceptance of such changed privacy policy.