Privacy Policy
This Privacy Policy (“Notice”) is being provided to you by Karius, Inc. (“Karius,” “us,” “we,” or “our”). This Notice describes the ways in which we collect, use, and disclose information, including personal health information, that we receive through our website and other online platforms and mobile applications that we operate and that link to this Notice (the “Site”). The Notice applies to our website (the “Site”), use of the online portal available via the Site, the Karius mobile application (the “App”) and all of the services available therein, and all other interactions that we have with you, either online or offline (collectively referred to in this Notice as the “Karius Service” or “Services”) that may be provided by us or our affiliates. Please read it carefully.
As described in Section 8 below, we reserve the right to revise the terms of this Notice from time to time and to make the revised Notice effective for all information we maintain.
This Notice applies when we act as a data controller of your information. Please note that some information we process about patients on behalf of our customers may be subject to additional terms, including data protection terms regarding the processing of patient data. In the event of a conflict between this Notice and the terms of such agreements, the terms of such agreements will govern, and we process such data in accordance with the applicable agreement. If you are a patient and have questions about how your information is processed through the Karius Service, please contact the relevant customer who has provided your information to us for more information.
If you are a California resident, for more information about how we process your information, see Section 5, Additional Information for California Residents.
1. Information We Collect
Karius and our service providers collect some information from everyone who uses or accesses the Karius Service—even if you don’t have a Karius account. Information is collected during various interactions with Karius.
Ordering Karius Services
If you are a medical professional (e.g., clinician, doctor, nurse, etc.) requesting a Karius Service on behalf of your patient, we will collect information such as your name, email address, and phone number so that we can contact you regarding your use of the Karius Service. We will also collect the patient’s name, birthdate, medical record number, and possibly other types of information. We will indicate if the collection and provision of certain categories of information are mandatory. For these categories, we may not be able to provide you with access to the Karius Service if you do not provide the required information. If you contact the Karius Medical Affairs team for a consultation regarding ordering a Karius Service, we may collect additional information verbally that personally identifies you or your patients.
Signing up for a Karius Customer Account
When you create a Karius account on our website, we ask for certain information, which may include your name, email address, and telephone number.
Contacting Karius for Customer Support or to Request Information
Whenever you contact Karius for help, we collect your name and email address along with additional information you provide in your request so that we can provide you with assistance and improve the Karius Service. If you use our Karius Assistant chatbot, we will collect any information you send us in your query. However, please do not send us any information that directly identifies you or your patient. Please see our Terms and Conditions for more information about Karius Assistant.
Collecting information from Third Parties
We may also collect information about you from third parties, such as publicly available sources (e.g., social media platforms), our service providers, and business partners, including analytics partners. Certain third-party information (e.g., healthcare provider name) may be necessary to provide you with Karius Services, such as your name and contact details.
Accepting Volunteered Information
We may also collect information that you voluntarily provide to us, such as when you submit a comment or feedback, participate in a survey or research, or have other interactions with us.
Automated Collection
We may use server logs to collect certain information when you access and use the Karius Service. This may include your IP address, user-agent string, browser type, operating system, referral URLs, device information (e.g., device IDs), pages visited, links clicked, the requested URL, hardware settings, and search terms. This may include geographical location information inferred from your IP address.
We, our service providers, and (with your consent) our third-party advertising and analytics partners also automatically collect information about users of the Karius Service using cookies and other tracking technologies, such as pixel tags (also known as web beacons or clear gifs). Cookies are a small data file transferred to your device that recognizes and identifies your device, allowing it to ‘remember’ information from the Karius Service for future use. Where you have consented to allow cookies and similar technologies from our third-party advertising and advertising analytics partners, those third parties may use the information they collect from you via those technologies to select and display advertisements that are more relevant to you, including advertisements for the Karius Services.
If you receive an email from us, we may also use certain analytics tools, such as pixels to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.
Please note that our third-party partners’ use of information collected via cookies and similar technologies is governed by those partners’ privacy policies. For more information about your choices regarding these technologies, please see Section 4, Your Choices.
2. How We Use Your Information
If you are a user of the Karius Service, Karius will process information to perform our obligations in providing the Karius Service to you or such other persons or entities on whose behalf you are using the Karius Service. That generally will include using your information to:
Verify your identity to provide you with access to the Karius Service (e.g., generating one-time passwords);
- Facilitate your creation and use of a Karius account;
- Provide and manage the Karius Service, including providing customer support and communicating with you about the Karius Service;
- Analyze and improve the Karius Service, including engaging in internal research to understand the effectiveness of our Karius Service and better understand our user base;
- Communicate with you about our products or other information we think may be of interest to you; and
- Comply with legal obligations (e.g., complying in good faith with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others; establishing, exercising, or defending our legal rights where it is necessary for our legitimate interests or the legitimate interests of others, such as protecting against malicious, fraudulent, or illegal activity).
For the purposes discussed in this Privacy Policy, we may combine the information that we collect through the Karius Service with information that we receive from other sources, both online and offline, and use and disclose such combined information in accordance with this Privacy Policy.
We may also use some anonymized and de-identified data to (i) research, understand and improve the Karius Service, (ii) detect and protect against error, fraud or other criminal activity, (iii) protect the security or integrity of the Karius Service, and (iv) use and disclose aggregated, de-identified data with partners and the public in a variety of ways.
3. How We Disclose Your Information
We may disclose your information for our business purposes in the following ways:
Affiliates and Subsidiaries. We may disclose information we collect within any Karius member or group (i.e., our subsidiaries and affiliates, including our ultimate holding company and its subsidiaries) to deliver products and services to you, ensure a consistent level of service across our products and services, and enhance our products, services, and your customer experience.
Service Providers. We may provide access to or disclose your information to select third parties who use the information to perform services on our behalf. Services provided by them may include billing, content and service enhancements, laboratory-related services, sales, marketing, research, customer service, shipping and fulfillment, data hosting and storage, information technology and security, fraud prevention, payment processing, auditing, consulting, and legal services. These entities may also include other third parties we use to support our business or in connection with the administration and support of the Karius Service.
Analytics and Advertising Partners. We may allow our analytics and advertising partners to collect information from you via automated means for analytics and, with your consent, advertising purposes, as described above under “Information We Collect”.
Protection of Karius and Others. We may disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such disclosure is reasonably necessary to: (i) comply with legal process (e.g. a subpoena or court order), (ii) enforce our Terms of Use, this Notice, or other contracts with you, including investigation of potential violations thereof, (iii) respond to claims that any content violates the rights of third parties, (iv) respond to your requests for customer service, or (v) protect the rights, property or personal safety of Karius, its agents and affiliates, its users or the public. This includes exchanging information with other companies and organizations for fraud protection, preventing spam and malware, and similar purposes.
Business Transfers. As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions), user information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third-party, customer information (including your email address) would likely be one of the transferred business assets. If such a transfer is subject to additional mandatory restrictions under applicable laws, we will comply with them.
Consent. We may also disclose your information in other ways in which you direct us, and when we have your express consent.
4. Your Choices
Marketing Communications. You may opt out of receiving marketing emails and other promotional messages from us by following the instructions in those messages. Please note that if you opt out, we may still send you non-promotional messages, such as messages regarding updates to this Notice or other applicable terms.
Advertising cookies and similar technologies. We work with third-party partners to help us better advertise our services. These partners collect information via cookies and similar technologies placed on the Karius Services that allow them to analyze your interactions with the Karius Service and better advertise our services. See “Information We Collect” above for more information about how we collect and use information via automated means. We ask for your consent to use advertising cookies; you may change your consent election at any time by clicking the “Cookie Preferences” link in the footer of our site. Please note that we do not knowingly collect the personal information of minors under 16 years of age.
Other cookies. You have several options to control or limit how we and our partners use other types of cookies and similar technologies, including for advertising purposes.
- Although most browsers and devices accept cookies by default, their settings usually allow you to clear or decline cookies. If you disable cookies, however, some of the features of the Karius Service may not function properly.
- To prevent your data from being used by Google Analytics, you can install Google’s opt-out browser add-on by visiting https://tools.google.com/dlpage/gaoptout.
5. Additional Information for California Residents ("California Privacy Notice")
If you are a California resident, the California Consumer Privacy Act (“CCPA”) requires us to provide you with the following additional information about: (i) the purpose for which we use each category of “personal information” and “sensitive personal information” (as defined in the CCPA) we collect, and (ii) the categories of third parties to which we disclose such information for a business purpose.
Please see the following chart for the rest of this information:
Category of Personal or Sensitive Personal Information | Categories of Third Parties to Which Information is Disclosed | Purposes of Use |
---|---|---|
Identifiers and contact information (e.g., name, address, email address) | Service providers, our affiliates, and entities for legal and fraud prevention | Provide and manage the Service; analyze and improve such Service; marketing; and legal purposes |
Commercial and transactional information (e.g., information about the fact that you made a purchase) | Service providers, our affiliates, and entities for legal and fraud prevention | Provide and manage the Service; analyze and improve such Service; marketing; and legal purposes |
Financial information (e.g., payment card or similar info collected by our payment processors) | Payment processors; service providers, our affiliates, and entities for legal and fraud prevention | Provide and manage the Service; analyze and improve such Service, and legal purposes |
Internet or other network or device activity (e.g., IP address, browsing history, app usage) | Service providers, our affiliates, and entities for legal and fraud preventionAdvertising and advertising analytics partners (with your consent) | Provide and manage the Service; analyze and improve such Service; marketing; and legal purposesAdvertising and marketing (with your consent) |
General geolocation information (e.g., city and state or zip code) | Service providers, our affiliates, and entities for legal and fraud prevention | Provide and manage the Service; analyze and improve such Service; and legal purposes |
Customer service data (e.g., information you provide through interactions with our customer service team) | Service providers, our affiliates, health care providers and services, and entities for legal and fraud prevention | Provide and manage the Service; analyze and improve such Service; for legal purposes |
Log-in credentials | Service providers, entities for legal and fraud prevention | Provide and manage the Service; analyze and improve such Service; for legal purposes |
For more detailed information about how we use and disclose your personal information, please see the “How We Use Your Information” and “How We Disclose Your Information” sections of this Notice above.
“Sharing” and “Selling”. California residents have the right to opt out of Karius selling or sharing their personal information for cross-context behavioral advertising purposes. We ask for your consent before disclosing your information to third parties for advertising purposes; accordingly, we do not “sell” or “share” personal information as those terms are defined under California law.
Other CCPA Rights. California residents have certain rights regarding their personal information. For example, you have the right to request that we:
- Confirm whether we are processing personal information about you;
- Correct inaccurate personal information we have about you;
- Provide access to or a copy of personal information we hold about you;
- Delete personal information we have about you; and
- Request information about the categories of personal information we collect, disclose, sell, or share about you, the sources of such information, the business or commercial purpose for collecting or selling or sharing your personal information, and the categories of third parties to whom we disclose personal information. Such information is also outlined in this Notice.
You may exercise your rights by emailing us at legal@kariusdx.com or contacting Karius Customer Service at 866-452-7487. We will take reasonable steps to verify your identity and requests, including by verifying your account information, residency, and the email address you provide. If you are an authorized agent submitting a request on behalf of another individual, we may require proof of your written authorization before processing the request.
Certain information may be exempt from such requests under applicable law, such as information we retain for legal compliance and to secure our Services. Applicable law may further provide you with the right to not be discriminated against for exercising your rights.
If we ever offer any financial incentives in exchange for your personal information, we will provide you with appropriate information about such incentives.
The CCPA also allows residents of the state of California to limit the use or disclosure of their “sensitive personal information” (as defined in the CCPA) if your “sensitive personal information” is used for certain purposes. Please note that we do not use or disclose “sensitive personal information” other than for purposes for which California residents cannot exercise the right to limit under the CCPA.
Retention of Your Personal Information. Please see the “Retention of Information” section below.
Shine the Light Disclosure. The California "Shine the Light" law gives residents of California the right, under certain circumstances, to request information from us regarding the manner in which we disclose certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not disclose your personal information to third parties for their own direct marketing purposes.
Do Not Track. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Except as otherwise described herein with respect to legally required browser-based opt-outs, we do not recognize or respond to browser-initiated DNT, as there is no industry-wide framework for DNT signals.
6. Retention of Information
We will retain information for as long as we have a legitimate need for it and no longer than necessary for the purposes for which the information is processed. The length of time for which we retain information depends on the purposes for which we collect and use it, or as required to comply with applicable laws.
7. Storage and Security of Information
We use appropriate controls and procedures to maintain the security of information and protect it from misuse, interference, and loss, and against unauthorized collection, copying, access, modification, or disclosure. When you choose a password to access the App, you are responsible for keeping it confidential. Do not share your password with anyone.
Due to the nature of the Internet, we do not provide any representation, guarantee, or warranty regarding the security of any information during transmission to or storage by us, and you acknowledge that the disclosure of information to us is at your own risk. Please contact us immediately if you become aware or have reason to believe there has been any unauthorized use of information in connection with the Karius Service.
The information that you provide to us or that is disclosed to us by our covered entity clients may be transferred to and stored with a cloud service provider with servers that are located in various jurisdictions. Some of these jurisdictions may not have the same or substantially similar privacy laws than those of your home jurisdiction.
8. Risks Associated with Electronic Communications and the Storing of Your Information Electronically
We understand the importance of protecting your information and take our security obligations seriously. We take a number of steps to safeguard the privacy and security of the information that we collect. However, any device or application connected to the Internet is susceptible to a security breach, despite the level of administrative, technical, and physical safeguards employed. This means that there is a risk that unauthorized persons may be able to access and read the information that we collected. By using the Services, you agree that you have read, understand, and accept this risk.
9. Changes to our Privacy Policy/Notice
Karius reserves the right to amend all or any part of this Notice. If we make material changes to the Notice, we will inform you in accordance with applicable law.. Your continued use of the Karius Service with us after any such changes are communicated to you constitutes your agreement to this Notice as amended.
10. Other Applications
The Karius Service may have links to other apps or websites. We are not responsible for the security or privacy of any information collected by such apps or websites. We make no representation or warranty that such apps or websites are safe or free from security or privacy risks. While we do not permit those apps or websites to track your use of the Karius Service, we are unable to control whether such tracking mechanisms are implemented by those apps or websites. You should exercise caution and review the privacy statements applicable to the third-party websites and services you use. The use of online tracking mechanisms by those third-party websites and services is subject to those third parties’ privacy policies and not this Notice.
11. Effect of Notice
This Notice applies in conjunction with any other policies, notices, contractual clauses, and consent statements that apply in relation to the collection, use, and disclosure of your information by us.
12. Contact Us
All comments, queries, and requests relating to our use of your information are welcome and should be addressed to our Privacy Officer at legal@kariusdx.com.