GeneDx is committed to protecting your privacy. We employ a range of physical, technical and administrative safeguards to secure the personally identifiable information (“Personal Information”) you entrust to us and protect it from loss, misuse, unauthorized access, disclosure, alteration, corruption or destruction. We take reasonable measures to protect your Personal Information to prevent against unauthorized use, access, disclosure, and destruction. Your name and email address, along with other information that can be used to identify you, constitute your Personal Information. Please be aware that, despite our best efforts, security measures are not impenetrable, and we can’t guarantee against misuse.
If you choose to contact us through the Website, we’ll collect your contact information, such as your name and email address, postal address, or phone number so we can communicate with you. If you write a message, we will store the message so we can reference it to tailor our responses to you.
Website Visitor or User Data
Directly or through the use of third-party data analytics services (including Google Analytics), we collect visitor or user information, including your IP address and server log data (the address of the web page you visited before using the Website, your browser type and settings, the date and time of your use of the Website, language preferences). We may gather your information about the device you are using to access our Website, including what type of device it is, what operating system you are using, device settings, application IDs, location, unique device identifiers, and crash data. Other data is collected, including data generated by your use of the Website and links you interact with. Further information on how Google uses data collected by Google Analytics can be found at https://support.google.com/analytics/answer/6004245?hl=en. Information about how to opt out of Google Analytics can be found at https://tools.google.com/dlpage/gaoptout/.
Account and Interaction Data
We may collect additional Personal Information that you voluntarily submit to us through the Website for other purposes, including information needed to open an account if you choose to do so. This information may include (1) user name and password; (2) name, email address, telephone number, home address, business address, occupation; (3) personal interests or concerns; (4) registration information pertaining to an educational program or event; or (5) answers to an online form or survey.
What are cookies?
A cookie is a small file that can be placed on your computer’s hard disk or on a website server. Cookies do not retrieve information stored on your hard drive and do not corrupt or damage your computer or computer files. For those using our Website, we may link cookie information to your email address to maintain and recall your preferences within the Website.
How to manage cookie preferences
Depending on their purpose, some cookies will only operate for the length of a single browsing session, while others have a longer life span to ensure that they fulfill their longer-term purposes. Your web browser can be set to allow you to control whether you will accept cookies or reject cookies, to notify you each time a cookie is sent to your browser, or to delete cookies that have already been set. If your browser is set to reject cookies, certain aspects of the Website that are cookie-enabled will not recognize you when you return to the Website, and some Website functionality may be lost. The “Help” section of your browser may tell you how to prevent your browser from accepting cookies. You can update your cookie preferences on our Website by clicking on the cookie settings link found on the bottom of every Website page.
Our Website is not directed at nor intended for use by individuals under 13. If you learn that a child under 13 has provided us with Personal Information without consent, please contact us. If we become aware that a child under 13 has provided us with his or her Personal Information, we will promptly delete such data.
You may have implemented a “do-not-track” signal through your browser. As there currently is no fixed standard for do-not-track signals, we currently do not respond to do-not-track signals from your web browser.
Certain California residents have additional privacy rights under the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”). Please note that certain information, such as protected health information regulated by HIPAA, is exempt from the CCPA(CPRA). This means that GeneDx and certain service providers or other recipients may not be required to honor the rights described in this section and instead we comply with our obligations under HIPAA. Our collection, use and disclosure of protected health information is subject to our HIPAA Notice of Privacy Practices, which can be found here.
When we operate as a “service provider” or “contractor” (as defined under the CCPA/CPRA) for our customers and they provide us with your Personal Information for business purposes under a service contract, the CCPA(CPRA) applies primarily to those customers, not to us. In such cases, we will direct any requests you send us to exercise your rights under the CCPA(CPRA) to the applicable customer.
Your Rights Regarding Your Personal Information
The CCPA(CPRA) gives certain rights to California residents regarding their Personal Information. We summarize below what those rights are and how you may exercise them. You do not need to have an account with us to exercise these rights.
The CCPA(CPRA) also gives California residents the right to opt out of (or for minors under 16, the ability to opt in to) sales and sharing of their Personal Information. However, we do not and will not sell or “share” (as defined in the CCPA/CPRA) patient Personal Information. If, in the future, we decide to sell or share patient personal information, we will provide you with notice and the right to opt-out of (or for minors, opt-in to) such sales or sharing.
In the last 12 months, we have sold (within the meaning of CCPA/CPRA) or disclosed deidentified protected health information that was deidentified using the methodology described at 45 CFR 164.514(b)(1) or 45 CFR 164.514(b)(2).
Selling Personal Information
In the last 12 months we may have sold Personal Information relating to healthcare providers who have ordered genetic tests from GeneDx. We have not sold other personal information, including the PHI of patients, in the preceding 12 months for any monetary value.
However, our use of certain website cookies may be considered a “sale” of information under California law. In the past 12 months, we may have shared your internet activity or geolocation with third parties whose cookies are on our websites. These cookies are used to analyze usage of our website, as described in Section 6, above. You can opt-out of this “sale” of information by using our “Cookie Settings” link, which can be found at the permanent footer of this website, under ‘PRIVACY.”
Right to Know About the Collection, Use, Disclosure, Sale and Sharing of Personal Information
Upon providing us with a verified consumer request, you may ask us to disclose certain types of your Personal Information we have collected and used over the 12-month period prior to the date of your request. You may make this request only twice within any 12-month period. You may request:
Generally, within the preceding 12 months, GeneDx has collected the categories of Personal Information described in Section 2 above from the sources described in Section 2.
Right to Request Deletion of Personal Information
You have the right to submit a verified consumer request at any time that we delete any of your Personal Information collected and retained by us, unless an exception under the CCPA(CPRA) applies.
If no exception applies, and if we have been able to verify your consumer request, we will delete, aggregate or de-identify your personal information from our records in accordance with the CCPA(CPRA). We will also direct third parties to whom we have disclosed your Personal Information to delete it, although we cannot guarantee that such third parties will comply with our direction.
Please note that we may deny your deletion request based on certain provisions of the CCPA(CPRA), including where it is necessary for us or our service providers to carry out certain business functions, comply with laws or to engage in other internal and lawful uses of the information within the context in which you provided it to us.
Right to Correct Inaccurate Personal Information
You have the right to submit a verified consumer request at any time that we correct inaccurate Personal Information that we maintain about you, unless an exception under the CCPA(CPRA) applies.
Right to Opt Out of Sale or Sharing of your Personal Information
You may have the right to opt out of the sale or sharing of your Personal Information.
MaMaking a Verified Consumer Request or Opt Out to Us sumer Request to Us
To make a request to exercise your rights under CCPA(CPRA) described above, including if you are a California ordering provider and would like to opt out of the sale of your Personal Information, please submit a verifiable request to us by either:
A verifiable consumer request must be made by you or a person registered with the California Secretary of State whom you have authorized to make the request on your behalf. (A representative must be authorized by you in writing or have a valid power of attorney under California probate law.) You may also make a verifiable request to us on behalf of your minor child.
To be considered a proper verified request, your request must:
(1) provide us with sufficient information allowing us to reasonably verify that you are the same person about whom we collected the Personal Information or the authorized representative, and
(2) describe your request in reasonable detail so we can correctly understand, evaluate and respond to the request.
We may ask you for additional information if needed in order to verify your request, but if we do, we will use such additional information only to verify your identity (or the authority of the representative) and for security and fraud-prevention purposes.
We will also ask you to separately confirm any request to delete Personal Information.
Responding to Your Verifiable Consumer Request
We will use reasonable efforts to respond to your verifiable consumer request within 45 days of receiving it. If some cases, we may require more time (up to 90 days). In that is the case, we will communicate to you in writing (by postal mail or electronically, at your option) the reason and the length of anticipated delay. We will not be able to fulfill your request if we cannot verify your identity (or the authority of your representative) and confirm that the Personal Information subject to the request relates to you. A request from a California ordering provider to opt out of the sale of their Personal Information will be responded to within 15 business days of receiving it.
Disclosures we provide in response to a verified consumer request will cover only the 12-month period before we received the request. If your request involves the porting of your Personal Information, we will use a format that is reasonably designed to allow you to transmit the information to another entity. If we deny part or all of a verified consumer request, we will provide a reasonable explanation for the denial.
We do not charge fees for responding to verifiable consumer request unless they are excessive, repetitive or manifestly unfounded. If we determine that a fee is appropriate, we will provide you with an explanation and a cost estimate before we complete your request.
We will keep records of consumer requests and our responses as required under the CCPA(CPRA).
We will not discriminate against you for exercising any of your rights under the CCPA(CPRA). This means that, except where permitted under the CCPA(CPRA). if you make a request for disclosure or to delete your Personal Information, we will not (i) deny you goods or services, (ii) charge you different prices for goods or services (e.g., through penalties or withholding of otherwise available discounts), (iii) giving you a different level of goods or services, or (iv) suggesting to you that we will take any of the actions in (i) through (iii).
207 Perry Parkway
Gaithersburg, MD 28077