Website Privacy Policy and Terms of Use

This policy governs our website privacy terms and use of cookies.

Last Updated: June 2019

Progenity, Inc. (“Progenity” “we” or “us”) is committed to protecting your privacy. This Privacy Policy applies to all users of our website (including our online portals) and explains how we collect and use your personal data, as well as the rights you may have to your personal data.

General

We only process your personal data when we have a lawful basis to do so. For purposes of this Privacy Policy, “personal data” is non-public information that is personally identifiable to you or that could be used to identify you. Personal data may include information such as your name, email address, and other related information that you provide to us or that we obtain about you.

We collect personal data from individuals visiting our website, from prospective and current clinicians, and from patients or prospective employees accessing or creating accounts on one of our portals (as described below). Any references in this policy to “you” or “your” should be interpreted in the context in which the information is processed.

Progenity is the controller of personal data that you provide through the website. Our legal bases for processing your personal data include your consent, fulfilment of a contractual obligation, and where we have a legitimate interest to process your personal data, provided that our interests do not outweigh your individual rights and freedoms. Our legitimate interests include:

  • Investigating, preventing, and protecting against fraud, security risks, threats to you and others, and violations of this policy;
  • Protecting and defending our rights and properties, including intellectual property;
  • Complying with laws and regulations that apply to us, as well as responding to requests from law enforcement or government authorities or as otherwise required by law;
  • Improving your experiences with our products and services;
  • Understanding and improving our website, user experience, and customer relationships; and
  • Enabling our business operations.

Where we rely on your permission to process your personal data, you have the right to change, withdraw, or withhold your consent.

Personal Data Collection

We collect personal data that you choose to share with us, as well as information provided directly by your browser or device when you visit our website. We may also collect personal data via one the portals connected to our site (as described below).

Personal Data Collected from You

Submit Contact Form
When you submit a contact form to us via the website, we ask for your name, phone number, email address, and country. You may also choose to submit your company name. Any personal data you provide in the message field will also be collected, but you control which, if any, personal data you choose to share in this field.

We collect this information when you initiate contact with us for the purpose of responding to your communication. We will also ask you to answer a quick question regarding your relationship with us, which helps us categorize your contact inquiry and provide a faster response.

Find a Draw Location
When you use the “Find a Draw Location” feature on our website, we will ask you to input your postal code, address or city/state to help us narrow your search. Alternatively, you may select a state from a dropdown menu. You may also be provided with a pop-up window that offers you the option to share your physical location with us. We will only track your physical location when you consent via the pop-up.

We collect this information, upon your request, to enable our search feature to provide you with information on draw locations nearest to you.

Register for Updates
If you choose to register for updates from Progenity, we will collect your first and last name and email address. You may also choose to provide your company name, phone number and postal code, but this information is optional. We collect this information for the purpose of providing you with periodic updates regarding new product offerings, clinical research and product or company updates.

Register for a Webinar
If you choose to register for a webinar hosted by Progenity, we will collect first and last name, email, postal code and organization name. We also have an optional question that asks for the provider sales representative.

We collect this information for the purpose of registering you for and communicating with you about the webinar.

Personal Data Collected via Our Website Portals

Register an Account
Certain areas of our website are restricted to individuals with user accounts, and we collect personal data when you register an account to access these portals, including your personal data:

  • Member Account: If you are a patient and create a Member Account to access your test results, we will collect your first and last name, date of birth and mobile phone number (for two-factor authentication)when you register your account.
  • Clinician Account: If you are a clinician and register an account, we will collect your first and last name, title/professional suffix, National Provider Identifier (“NPI”), and practice association.

We may also collect additional personal information that you submit via these portals or about your interactions with the portals. In some circumstances, a portal may be provided or supported by one of our support vendors, which may provide us with additional personal data related to your use of the portal.

We use this information to administer your account and provide you with secure access to our portals.

Submit a Job Application
If you apply for a job via our Careers portal, you will be asked to provide your first and last name, contact information, work history, education, applicant information and your answers to our pre-employment questions. If you submit a resume and/or cover letter, we will also collect any information you provide in such documents, including any additional personal information you choose to share. We use this information to evaluate your candidacy for employment, as well as contact you regarding your application.

Pay Online
If you submit payment via our Pay Online portal, we will ask you provide your account number and bill amount to access the payment portal. Once inside the portal, we will ask you to provide patient name and billing information, including credit card number and expiration date, first and last name, address, city, state, postal code, email, and phone and fax numbers. We use this information for the purpose of facilitating your online payment.

Order Supplies
If you order supplies via our Order portal, we will ask you to provide your login ID and password to access the portal. Once inside the portal, you may select and order your supplies. To process your order, we will collect your first and last name, shipping address (street address, city, state/region, postal code, and country), phone and fax numbers, and sales representative name. After placing your order you will have the option to provide an email for order and shipping notifications.

We use this information for the purpose of processing and shipping your order.

Personal Data Collected via Web-Based Technologies

Browser or Device Information
When you use the website, we automatically receive certain information provided by the interaction of your mobile phone or web browser and the website. This information includes your internet website provider name, web browser type, type of mobile device (if applicable), and computer operating system. We use all of this information to analyze trends among our users to help improve the Website. Such information is collected in anonymous, aggregate form and is typically not considered personal data.

We also collect information on computer operating system, your IP address, the web browser, and information about the websites visited before accessing the website.

We collect this data for the following general purposes:

  • Customizing your user experience
  • Fulfilling your requests for products and services
  • Promoting and improving services

Cookies and Web Beacons
The website uses "Cookies" to identify the areas of the website that you have visited. A Cookie is a small piece of data stored on your computer or mobile device by your web browser and is often used to make websites work, as well as provide information to the website operator.

We may use Cookies to personalize the content that you see on our website, analyze our web traffic, and improve your experience while visiting the website. Most web browsers can be set to disable the use of Cookies. However, if you disable Cookies, you may not be able to access functionality on the website correctly or at all.

When you first visit our website, you will be asked to consent to our use of cookies, and you can withhold, withdraw, or change your consent at any time.

Communications you receive from us, as well as pages of our website, may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that enable us to analyze email and website statistics, including visits and click-through rates. The web beacons only collect aggregate, anonymous data and cannot be traced back to you individually.

Third-Party Cookies and Web Beacons
Some content or applications on our website are served by third parties, including content providers and application providers. Our third-party partners may use cookies alone or in conjunction with web beacons or other tracking technologies already in your browser to collect information about you when you visit our website. The information they collect may be associated with your personal data or they may collect information, including personal data, about your online activities over time and across different websites and other online services.

Third-party cookies and web technologies are controlled by our advertising partners and not subject to this Privacy Policy. If you have any questions about the practices of such third party, you should contact the responsible third-party directly.

We also share information about general use of our site with our trusted social media partners.

Personal Information Collected from Others

Test Orders
When your clinician requests or submits a test order, your clinician will submit your personal information as part of the testing process. This information may include your address, phone number, email, insurance information, medical history, height, and weight.

Personal Data Use

How we use your personal data will depend on how you interact with our website and the personal data you have shared with us.

Respond to Your Requests
We use your personal data to respond to your requests, including communications, requests for updates, bill payment, and supply orders. We may also use your personal data to register you for webinars, and, when applicable, enable you to create an account, use our online portals and e-commerce tools, and consider your candidacy for employment.

Customize the Website
We may use the personal data you provide to us along with any computer information we receive to customize the website.

Enhance Website and User Experience
We use the information regarding the use of our website to analyze and administer the site and track user movement for web analytics purposes. This website usage information enables us to provide you with an ever-improving site, service, and general offering. Except where you have provided consent for us to use your identifiable personal data for our analytics research, we only use anonymous, aggregate data that cannot be used to identify you individually.

Manage Account
If you have created an account, we will use your personal data to administer your account and allow you to access and use the appropriate website portals. If necessary, we will also use your personal data to verify your identity and provide you with access to your account should you become locked out or forget your login and password.

Conduct Marketing and Advertising
If you request to be updated about our products, services, company news, or other information, we will use the contact information you provided to send you the requested information, to provide you with marketing communications, and to keep you informed about product updates, events, webinars, or other materials.

Google Ads Remarketing
We use Google Ads Remarketing to advertise across the Internet. Google Ads Remarketing will display relevant ads tailored to you based on what parts of our sites you have viewed by placing a cookie on your machine. This cookie does not identify you. If you do not wish to participate in our Google Ads Remarketing, you can opt out by visiting Google's Ads Preferences Manager. You can also opt out of any third-party vendor's use of cookies by visiting www.networkadvertising.org/choices.

Meet Legal and Regulatory Obligations In certain circumstances, we use your personal data if we are required to by law or legal proceeding. We will only share the information we are required to disclose by law and only when we are required to do so.

Security and Fraud Prevention
When necessary, we will use your personal data to preserve the security of our website, systems, and personal data in our control. If necessary, we will also use your personal data to investigate possible fraud, to identify violations of this Privacy Policy and our Legal Terms, and to prevent any attempted harm to you and other Members.

Personal Data Sharing and Disclosure

We share your personal data when you have granted us permission to do so, when it is necessary to fulfill our obligations to you, or when it is in the legitimate interest of our business to do so, provided that our interests do not outweigh your individual rights and freedoms.

Clinicians
If your clinician accesses your test results via the Clinician Account, we will disclose to your clinician your first and last name, data of birth, sex, ethnicity, insurance, and additional demographic information supplied by your provider when ordering testing, including address, phone number, email, medical history, height, and weight. We provide your clinician with this information to enable your clinician to be able to evaluate and counsel you on your test results.

Support Vendors
When necessary, we share your data with third-party vendors working on our behalf to provide specific business support services, including payment processing, website hosting and management, and career applications. Such third-party vendors will only receive information necessary to provide the respective services and will be bound by confidentiality agreements limiting the use of such information.

Website Analytics Companies
We share anonymous, aggregate information regarding visitors to our website with third-party website analytics companies. These companies use this aggregate data, which has been stripped of any personally identifying information about you, to provide us with insight regarding our web usage patterns. As we only share anonymous, aggregate data, this information cannot be traced back to you individually by either us or the website analytics vendors.

We use Google Analytics to provide us website usage and analytic reports, which necessitates us sharing your anonymous, aggregate data. You may choose not to share your data with Google by installing the Google Analytics opt-out browser add-on, which instructs your browser not to provide your website usage data to Google Analytics. To opt-out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout to install the browser add-on.

Please note that installing the Google Analytics opt-out browser add-on will only disable the use of Google Analytics and will not prevent data from being sent to the website itself or to other web analytics services.

Legal Requirements
We may be legally required to disclose your personal data, if such disclosure is:

  • required by subpoena, law, or other legal process;
  • necessary to assist law enforcement officials or government enforcement agencies; and/or
  • necessary to protect us from legal action or claims from third parties including you and/or other Members.

Security and Fraud Prevention Efforts
When necessary, we will share your personal data to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations or suspected violations of this Privacy Policy, our agreements or arrangements with you or other policies in effect from time to time to which you are subject, or as otherwise required by law.

Sale of Business
We reserve the right to transfer your personal information in the event we sell or transfer all or a portion of our business or its assets to which your personal data relates. In such event, your personal data will continue to be governed by this Privacy Policy.

Your Choices and Rights

Data Subject Rights
If you are a European Union Economic Area (“EEA”) or Swiss data subject, we provide you with choices about the collection, use, and disclosure of your personal data. You may exercise these rights by contacting us at the address provided at the end of this Privacy Policy under the heading “Contact Information.”

Your rights include:

  • Accessing your personal data to know what information we have collected about you and how it has been shared;
  • Requesting the deletion of all or some of your personal data;
  • Changing or correcting inaccurate or outdated information;
  • Objecting to, limiting, or restricting use of all or some of your personal data; and
  • Requesting a copy of your personal data, including in a portable format.

You also have the right to lodge a complaint with your supervisory authority if you believe we have violated your privacy rights or applicable laws and regulations.

California Privacy Rights
If you are a resident of the State of California and you have provided your personal data to us, you have the right to request a list of all third parties to which we have disclosed your personal data for direct marketing purposes. If you exercise your right to submit such a request to us, we will send you the following information:

  • The categories of information we have disclosed to any third party for any third party’s direct marketing purposes during the preceding year; and
  • The names and addresses of third parties that received such information, or if the nature of their business cannot be determined from the name, then examples of the products or services marketed.

You may make such a request by contacting us at the address provided at the end of this Privacy Policy under the heading “Contact Information.”

California law also requires that we disclose how we respond to “do-not-track requests” from our users. At this time, we do not currently respond to “do-not-track” requests from our users’ browsers.

Other Important Information

Cross-Border Data Transfers
We process data both inside and outside the United States. It is important to know that data protection laws in the United States may not be as strong as those in your country. Where we transfer your personal data from the EEA or Switzerland to a location outside of these countries, we will only transfer your data if an appropriate level of protection for your personal data is guaranteed, such as where we have contractual obligations to protect or transfer data with certain safeguards in place. To ensure the continued protection of your personal data while in our care, we take appropriate organizational and technical measures. In addition, we may transfer your personal data if one of the legal exceptions for such transfer can be invoked, such as with your consent or in execution of an agreement you have with us.

Privacy Shield
Progenity, Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the United States Department of Commerce regarding the collection, use, and retention of all personal data from the European Union and Switzerland to the United States, respectively. Progenity is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Progenity has certified with the Department of Commerce that it adheres to the Privacy Shield Principles. If there is a conflict between this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

Under the Privacy Shield’s accountability principle, Progenity is responsible for any personal data that we receive under the Privacy Shield that is subsequently transferred to a third party. In particular, we remain responsible and liable under the Privacy Shield Principles if any third parties we have engaged to process personal information on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove we are not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, Progenity commits to resolve complaints about our collection or use of your personal information. European Union and Swiss individuals will inquiries or complaints regarding our Privacy Shield policy should first contact Progenity at:

Progenity, Inc.
Attn: Privacy Officer
5230 S. State Road
Ann Arbor, Michigan 48109
Michael.Tarwater@progenity.com

If you have further questions or complaints regarding our Privacy Shield certification or our data practices, we encourage you to contact us at the information provided in the “Contact Information” section below. For any complaints related to our participation in Privacy Shield that cannot be resolved with Progenity directly, we have chosen to participate with the European Union DPAs and Swiss Federal Data Protection and Information Commissioner at no charge to you. As explained in Privacy Shield, in some circumstances a binding arbitration may be used to address residual complaints not resolved by other means.

To learn more about the Privacy Shield Program, and to view our certification, please visit www.privacyshield.gov.

Third-Party Websites
The website may contain links to other websites that are not under our direct control. This Privacy Policy applies only to our websites and not to any third-party websites, which may have their own policies regarding privacy. We have no control of our responsibility for linked websites and provide these links solely for the convenience and information of our visitors. You access such linked websites at your own risk.

You should check the privacy policies, if any, of those individual websites to see how the operators of those third-party websites will utilize your personal information. In addition, these websites may contain a link to websites of our affiliates. The websites of our affiliates are not subject to this Privacy Policy, and you should check their individual privacy policies to see how the operators of such websites will use your personal information.

Security
We have implemented organizational and technical safeguards for protecting the personal data you share with us. These measures include secure infrastructure, carefully configured access to resources, and best practices around data safety and retention.

Data Retention
When you submit your personal information via our contact form, we will retain your personal information associated with your submission for 30 days before deletion. For other information you submit via our website, we will retain your personal information only for as long as we have a business, legal, or regulatory need. If you are an EEA or Swiss data subject, you may exercise your right to request the deletion of your data at any time.

Children Under the Age of 16
We do not knowingly collect personal data from individuals under the age of 16. Users of our website must be at least 16 years old. Our website is not intended for anyone under the age of 16, and no one under the age of 16 may provide information on this website. If you believe your child is providing or has submitted personal data to Progenity and you wish to remove any personal data about your child, please contact our Data Protection Officer at the address provided in “Contact Information” section below.

Privacy Policy Changes
We reserve the right to modify this Privacy Policy at any time. You can find the most current version of our privacy policy at any time by clicking on the “Privacy Policy” link at the bottom of our website. If we make material changes to this policy, we may notify you on our Website, by a blog post, by email, or by any method we determine. The method we chose is at our sole discretion. Any changes we make to our Privacy Policy are effective as of the date of this last update and replace any prior Privacy Policies.

Contact Information
Progenity, Inc.
Attn: Privacy Officer
5230 S. State Road
Ann Arbor, Michigan 48109
Michael.Tarwater@progenity.com

Support