Privacy Policy

SAGA Diagnostics Privacy Policy

 

Last modified: MAY 23, 2018.

Effective: MAY 25, 2018.

Data Protection Officer: Robert Rigo

 

SAGA DIAGNOSTICS AND YOU

SAGA Diagnostics is a cancer genomics company focused on providing services and products for ultrasensitive quantification of liquid biopsy biomarkers via its website (the “Site”) and laboratory (collectively, the “Service” or “Services”). The Service is operated by SAGA Diagnostics AB (the “Company”, “SAGA”, “we” or “us”) for users of the Service (“you” or “customer”).  This Privacy Policy sets forth our policy with respect to information that is collected from users of the Services. Under applicable law, SAGA Diagnostics AB the “data controller” of personal data collected through the Services.

 

INFORMATION WE COLLECT

When you interact with us through the Services, we may collect information from you, as further described below:

Information You Provide: We collect information from you when you voluntarily provide such information, such as when you register as a customer to use certain Services. Information we collect may include but not be limited to name, username, email address, mailing address, telephone number, patient and sample identifiers, or other information you send us as a customer. Depending on the Service ordered, the customer may send us consented biological samples and we may generate derivative data from it including genetic data; for example, we may determine the genetic sequence at specific locations in the DNA or RNA, such as for cancer genes.

 

OTHER INFORMATION:

Data We Collect Automatically: When you interact with us through the Services, we receive and store certain information such as an IP address, device ID, and your activities within the Services. We may store such information or such information may be included in databases owned and maintained by affiliates, agents or service providers. The Services may use such information and pool it with other information to track, for example, the total number of visitors to our Site as well as the sites that refer visitors to SAGA.

Aggregated Information: In an ongoing effort to better understand and serve the users of the Services, we may conduct research on our customer demographics, interests and behavior based on the information collected. This research may be compiled and analyzed on an anonymized aggregate basis, and we may share this aggregate data with our affiliates, agents and business partners. We may also disclose anonymous aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.

Cookies: We employ cookies and similar technologies to keep track of your local computer’s settings such as which account you have logged into and notification settings. Cookies are pieces of data that sites and services can set on your browser or device that can be read on future visits. We may expand our use of cookies to save additional data as new features are added to the Service. In addition, we use technologies such as web beacons and single-pixel gifs to record log data such as open rates for emails sent by the system. We may use third party web site analytic tools such as Google Analytics on our website that employ cookies to collect certain information concerning your use of our Services. However, you can disable cookies by changing your browser settings. Further information about the procedure to follow in order to disable cookies can be found on your Internet browser provider’s website via your help screen.

Advertisements: We are not an advertising platform and do not host advertisements on our Site. You may see our Service advertised in third-party applications or websites. Third-party advertising platforms may collect information for optimizing advertising campaigns. If you do not wish to receive personalized advertising that is delivered by third parties, you may be able to exercise that choice through opt-out programs that are administered by third parties, and you should inquire with such third parties.

 

WHERE INFORMATION IS PROCESSED

SAGA is based in Sweden and is subject to Swedish law and EU General Data Protection Regulation (GDPR). No matter where you are located, you consent to the processing and transferring of your information in and to Sweden and other countries that have equal or greater data and privacy protection regulations or other countries that have data protection agreement with Sweden or the EU. The laws of Sweden and other countries governing data collection and use may not be as comprehensive or protective as the laws of the country where you live.

 

OUR USE OF YOUR INFORMATION

We use the information you provide in a manner that is consistent with this Privacy Policy. If you provide information for a certain reason, we may use the information in connection with the reason for which it was provided. For instance, if you contact us by email, we will use the information you provide to answer your question or resolve your problem. Also, if you provide information in order to obtain Services, we will use your information to provide you with access to such services and to monitor your use of such services. The Company and its subsidiaries and affiliates (the “Related Companies”) may also use your information collected through the Services to help us improve the Services and to better understand our customers and you. The Company and its affiliates may use this information to contact you in the future to tell you about services we believe will be of interest to you. If we do so, each marketing communication we send you will contain instructions permitting you to “opt-out” of receiving future marketing communications. In addition, if at any time you wish not to receive any future marketing communications or you wish to have your name deleted from our mailing lists, please contact us as indicated below.

 

OUR LEGAL BASES FOR HANDLING OF YOUR PERSONAL DATA

The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data. To the extent those laws apply, our legal grounds are as follows:

To honor our contractual commitments to you: Much of our processing of personal data is to meet our contractual obligations to our customers, or to take steps at users’ request in anticipation of entering into a contract with them. For example, we handle personal data on this basis to register your customer account and provide our Services.

Legitimate interests: In many cases, we handle personal data on the ground that it furthers our legitimate interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals. These legitimate interests include: Providing a transparent customer experience; Customer service; Marketing, e.g. sending emails or other communications to let you know about new products and services; Protecting our users, personnel, and property; Analyzing and improving our business, e.g. collecting information about how you use our Services to optimize the Services; Processing job applications; Managing legal issues.

Legal compliance: We need to use and disclose personal data in certain ways to comply with our legal obligations.

To protect the vital interests of the individual or others: For example, we may collect or share personal data to help resolve an urgent medical situation.

Consent: Where required by law, and in some other cases, we handle personal data on the basis of your implied or express consent.

 

OUR DISCLOSURE OF YOUR INFORMATION

There are certain circumstances in which we may share your information with certain third parties, as set forth below:

Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, bankruptcy, dissolution or similar event, your information may be transferred to another party.

Consent: We may transfer your information with your consent.

Related Companies: We may also share your information with our Related Companies for purposes consistent with this Privacy Policy. Related companies are bound by agreements protecting your privacy.

Agents, Consultants and Related Third Parties: Like many businesses, we sometimes hire other companies or individuals to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases, software development, and processing payments. All agents, consultants, and related third parties are bound by agreements protecting your privacy.

Legal Requirements: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of the Company or Related Companies, (iii) protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.

Aggregated or Non-identifiable Data: We may also share aggregated or non-personally identifiable information with our partners or others for business purposes.

 

UNSOLICITED INFORMATION

You may provide us with ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and we shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.

 

CONSENT

Our Services are for adult customers age 18 and over. Customers may deliver to us biological samples and personal information from persons of any age.  We require our customers to obtain proper informed consent for all biological samples and personal information that we process within our Services, and we do not knowingly collect personal information or process that information without their consent or consent of a parent or legal guardian. If you believe we have obtained personal information without consent, or if you are a parent or guardian of a child under the age of 13 and believe we have obtained personal information without consent, please contact us at support@sagadiagnostics.com. If we learn that we are engaged in such processing, we will halt such processing and will take reasonable measures to promptly remove applicable personal information from our records.

 

LINKS TO OTHER WEB SITES

This Privacy Policy applies only to the Services. The Services may contain links to other web sites not operated or controlled by us (the “Third Party Sites”). The policies and procedures we described here do not apply to the Third Party Sites. The links from the Services do not imply that we endorse or have reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies.

 

DATA RETENTION

We generally retain personal data for so long as it may be relevant to the purposes identified herein. To dispose of personal data, we may anonymize it, delete it or take other appropriate steps. Data may persist in copies made for backup and business continuity purposes for additional time.

 

SECURITY

In compliance with applicable laws and regulations, we take reasonable steps to protect the information provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. These steps include the use of access control, encryption, two-factor authentication, and private servers. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any information via the Internet.

 

YOUR DATA RIGHTS AND CHOICES

We believe that users should be treated equally no matter where they are, and so we are making the following options to control your data available to all users, regardless of their location.

You can update certain information in our records by contacting us by email. You can also unsubscribe from certain emails by clicking the “unsubscribe” link they contain. You can opt out from certain cookie-related processing by following the instructions above in “Other Information.”

Individuals in the European Economic Area, Canada, Costa Rica and some other jurisdictions have certain legal rights to obtain confirmation of whether we hold personal data about them, to access personal data we hold about them, and to obtain its correction, update, amendment or deletion in appropriate circumstances. They may also object to our uses or disclosures of personal data, to request a restriction on its processing, or withdraw any consent, though such actions typically will not have retroactive effect. They also will not affect our ability to continue processing data in lawful ways.

 

How can I access the personal data you have about me?

If you would like to submit a data access request, you can do so by contacting us by email. We will then start the process and provide you access the personal data that SAGA has on you within 30 days.

 

How do I correct, update, amend, or delete the personal data you have about me?

You can update certain information in our records by contacting us by email. Please write us at support@sagadiagnostics.com with the words “Personal Data Request” in the subject or body of your message, along with an explanation of what data subject right you are seeking to exercise. For your protection, we may take steps to verify identity before responding to your request.

 

How do I object or restrict the manner in which SAGA processes my personal data?

You have a right to ask us to stop using or limit our use of your personal data in certain circumstances — for example, if we have no lawful basis to keep using your data, or if you think your personal data is inaccurate.  Individuals in the European Economic Area have the right to opt out of all of our processing of their personal data for direct marketing purposes. To exercise this right, please contact us by email. You may also click the “unsubscribe” link in any of our marketing emails.

 

The rights and options described above are subject to limitations and exceptions under applicable law. In addition to those rights, you have the right to lodge a complaint with the relevant supervisory authority. However, we encourage you to contact us first, and we will do our very best to resolve your concern.

 

CHANGES TO THIS PRIVACY POLICY

We reserve the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before you provide any information. This Privacy Policy was last updated on the date indicated above. Your continued use of the Services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.

 

CONTACTING US

The designated Data Protection Officer is Robert Rigo.  Please feel free to contact us if you have any questions about this Privacy Policy or SAGA’s information practices. You may contact us as follows: support@sagadiagnostics.com.