Privacy Policy
This Notice is effective as of November 29, 2023.
Privacy notice
This privacy notice applies to BioAgilytix, and its subsidiaries BioAgilytix Labs – Boston, BioAgilytix Labs – San Diego, and BioAgilytix – EU (collectively, BioAgilytix or “we” “our” or “us”). BioAgilytix cares about your privacy. This privacy notice describes how we collect, receive, use, store, share, transfer, and process your personal information (also referred to as “data”), as well as your rights in determining what we do with the information that we collect or hold about you.
We may update this Privacy Notice from time to time. When we do update it, for your convenience, we will make the updated Privacy Statement available on this page. Changes and additions to the Privacy Notice are effective from the date on which they are posted. Please review the Privacy Notice from time to time to check whether we have made any changes to the way in which we use your personal information. Any changes we make to the Policy in the future will be posted on this page, and where we change this Policy in ways that also affect how we process personal information about you, where appropriate, we will notify you directly via email or other direct contact with you, and we also will post a notice on our home page that this Policy has changed.
Data We Collect
The personal information we process (collect, use, and share) about you depends on who you are and how we interact with you. We process personal information about you that we collect either directly, through forms or data entry fields on our website, or through passive collection by cookies and other data collection technologies. The types of personal information we process in each of these contexts is further explained below.
When BioAgilytix acts as a Data Controller and is the recipient of personal information, it shall provide the appropriate notice in clear and conspicuous language when individuals are first asked to provide personal information to BioAgilytix, or as soon thereafter as is practicable. In addition, when BioAgilytix is a Data Controller it will seek consent prior to using personal information for a purpose other than that for which it was originally collected or processed.
Website Visitor Data
We may process your information when you contact us via our website such as submitting a question or request via the contact form, requesting to speak to a scientist or signing up for our newsletter. This information typically includes name, title, company name, phone number, and e-mail address.
BioAgilytix may also record information about how individuals access the Site. This information may include device information including as Internet Protocol (“IP”) addresses, log information, error messages, device type, and unique device identifiers, the websites the user visited immediately prior to and upon exiting this site, the browser software the individual is using to access the site, the pages viewed, the features used, details about any links with which the user interacted, device precise location information, or device motion information.
BioAgilytix may use cookies and other technologies on the site to enhance or improve the user experience, including customization of content. A cookie is usually text data stored on the individual’s device that a website transfers to the individual’s browser. Cookies can be utilized to help us provide you with information targeted to your interests, based upon your prior browsing on our site. We do not, however, permit third parties to track you from our site across other sites to deliver advertising or other content.
BioAgilytix does not seek information from persons less than 16 years of age and no information should be submitted to BioAgilytix by anyone under 16 years of age.
Business Customer Data
If you are a customer or you request or indicate an interest in information about our services, we may process your name, email address, phone number, job title, information about the company where you work, including its website address, postal address, job title, job function, company name, company size, company financial information, IP address, device type, email view information including IP address and associated city, information about which of our services you use or which may be of interest to you, and any comments you provide. We maintain and update this information as we continue to engage with you and use it as described under the Legitimate Interests processing purposes described below.
Also, in its role as a laboratory, BioAgilytix may receive personal information related to biochemical analysis, research, diagnostics, consulting, and clinical trial support services from or on behalf of Data Controllers within the European Union (EU), the United Kingdom (UK), Switzerland, or the US.
Job Applicant or Contractor Data
If you apply for a job in response to one of the career opportunities on our site, you will be submitting information to our service provider’s website. It will be subject to both the service provider’s privacy policy and this BioAgilytix Privacy Notice. We may process personal information about you and your professional experience, education, and training such as your application, your name (and any former names), postal address, email address, phone number, academic background, professional certifications and licenses, employment history, and curriculum vitae or resume. Additionally, prior to hiring, we may engage service providers to conduct background checks that involve the necessary personal information processing as permitted by the laws in the location in which you reside and/or work. Supplemental privacy notices may be provided to BioAgilytix applicants, employees, or contractors, and where applicable, consent will be obtained to ensure compliance with local requirements.
Lab Sample Data
If you are a clinical trial participant, we may process your participant-specific clinical trial identification code, health data and genetic data in order to process and analyze your sample and provide results. If your health care provider submits biological samples to us for analysis, we may process personal information about you including your name, gender, age, race, health data and genetic data for analysis.
HOW WE USE DATA AND PROCESSING PURPOSES
Website Visitor
BioAgilytix believes and supports personal information minimization and limiting use to those processing activities for which permission was given. BioAgilytix uses the personal information you provide as necessary:
- To deliver our products or services, or as required for legal compliance or other lawful purposes.
- To communicate with you via email, phone, or text messages and may send marketing materials if you chose to opt-in to marketing campaigns that you may also opt-out at any time.
- To respond to general inquiries, provide technical and customer support and training, verify your identity, and send important account and service information.
- For purposes of recruitment and employee administration.
- To provide you with a newsletter if you sign up through our site.
- For advertising purposes, including display ads, retargeting, and social media promotion.
- Our marketing team or one of our scientists may also process your information to send communications to you.
BioAgilytix processes laboratory data in the performance of services for and under the direction of its business customers who act as the Data Controllers.
This information is used to administer our systems and the site, and to make improvements to and protect the Site. IP addresses are collected to obtain certain aggregate information concerning the use of our website such as average time spent on the site, pages viewed, etc.
Legal Basis
BioAgilytix may use personal information from website visitors for the purposes above, based its legitimate business interests which include:
- Where processing enables us to enhance, modify, personalize or otherwise improve our websites, products and services.
- Determining the effectiveness of promotional campaigns and advertising and ensuring communications are relevant to the choices you make.
- Providing visitors with information requested, including questions directly asked or information contained in newsletters when requested.
If we process your personal information under consent provided by you, you have the right to withdraw that consent at any time. Your withdrawal of consent, however, will not affect the lawfulness of any processing we have undertaken before the withdrawal.
We may process your personal information where necessary for our compliance with a legal obligation. Finally, in some cases we process your personal information as necessary to perform a contract with you, or to take steps that you request before we enter into that contract.
Business Customer Data
If you have a contract or other agreement in place with us, we process personal information about individuals to fulfill obligations under that contract or agreement.
BioAgilytix may process personal information about you based on our legitimate business interests for the following purposes, to which individuals may exercise their Right to object as described below:
- To manage our relationship with you based on our legitimate business interest in retaining you as a customer or a sponsor;
- To provide additional services you request based on our legitimate business interest to respond to your reasonable requests and to retain you as a customer or sponsor;
- To better understand the needs of the research communities we aim to serve, we analyze our interactions with you online and offline and store that information in a quantitative way. This helps us continue to improve how we provide information and engage specifically with you, including to help us determine when you might be ready to make a purchase based on repeated interactions with BioAgilytix. We do not make any automated decisions about you that would result in legal or other similarly significant effects on you;
- To determine whether, when, and the IP address and associated city of, a marketing, sales, or business development email communication we sent was viewed based on our legitimate interest to effectively manage and improve upon such communications with you;
- To understand the organization that you work for, and your prior experience based on our legitimate interest to tailor our communications with you to improve our engagement with you;
- To understand your business and research-related needs based on our legitimate interest to develop and enhance our services to address your needs and to make them more relevant to you; and
- To manage our legal, financial, policy and regulatory compliance responsibilities and to demonstrate our compliance upon request.
Legal Basis
BioAgilytix may use personal information it receives from sponsors and business customers to based on its legitimate business interests for the purposes described above and to provide clinical laboratory services for and under the direction of its business customers who act as the Data Controllers.
Job Applicant or Contractor Data
If you have a contract or other agreement in place with us, we process personal information about you to fulfill the following obligations to you under that contract or an agreement with us, and to fulfill the specific obligations we have to you under the applicable contract or agreement such as:
- Payment of project fees to contractors or consultants;
- Managing performance obligations under employment contracts, where applicable.
Legal Basis
Our legal basis to process personal information about you for the purposes described above in order to maintain and execute our contract with you. We also have a legitimate interest in establishing and managing our relationship with and responsibilities to you and for effective operation of our business, such as to:
- Recruit new talent to join BioAgilytix;
- Onboard employees and contractors to BioAgilytix;
- Grant and ensure appropriate access to BioAgilytix systems and facilities; and Ensure the security and safety of the workplace and the tangible and intangible assets for which we are responsible.
Lab Diagnostic Data
If you are participating in a clinical trial or your health care provider submitted a biological sample to us, we process personal information about you in order to analyze those samples and provide results.
DISCLOSURES TO THIRD PARTIES
Any diagnostic information stored on behalf a customer is made available only to such customer.
BioAgilytix’s website may contain links to other sites that operate independently of BioAgilytix and are not under our control. We provide links to other websites solely for your convenience and information. BioAgilytix is not responsible for the content, security, or privacy practices employed by other sites.
BioAgilytix may share information it collects from Site users with service providers who help us perform services such as managing communications and administering the Site. BioAgilytix engages a third-party service to collect and analyze data about your visit to our site to improve navigation and understand our website usage patterns. In addition, BioAgilytix contracts with an email service provider to send information you request on our site through the Contact Us forms and utilizes a customer relationship management system to store your contact information. BioAgilytix also contracts with a third-party to manage our website. Our service providers may use personal information as needed to deliver services on our behalf or comply with applicable laws and regulations. BioAgilytix enters into a contract with third parties prior to sharing personal information to obtain assurances that the Agent will safeguard personal information consistent with BioAgilytix’s obligations. In limited cases, we may share information with other parties if appropriate to respond to your request or inquiry. We will share personal information in the event we sell or transfer all or a portion of our business assets, such as during a merger, acquisition, liquidation, or bankruptcy. We also may share personal information if we have a good faith belief that doing so is necessary to comply with applicable laws, respond to a legitimate request from law enforcement or other government body, to protect our interests or the health and safety of others, or to enforce our terms of use for this Site.
CHANGING YOUR PREFERENCES
If you have provided your consent, we may process personal information about you to send direct email marketing communications about our services. You may withdraw your consent at any time by clicking the “unsubscribe” link in the email footer. You may also withdraw consent by exercising your rights as described below.
If you would like to change any information you submitted to us or if you want to opt-out of receiving future communications from us or limit the use and disclosure of your information, please contact us at privacy@bioagilytix.com.
If you would like to manage cookies used by this site, the “help” section of the toolbar on most browsers will inform you on how to prevent your browser from accepting new cookies, how to have the browser notify you upon the receipt of a new cookie, or how to disable the use of cookies completely. However, if you configure your browser to decline cookies, certain features of our Site may not function correctly, and you may be required to reenter user IDs and passwords more frequently. Some browsers incorporate a “Do Not Track” feature that, when turned on, signals to websites and online services that you do not want to be tracked. Our site does not currently respond to Do Not Track signals.
We partner with third parties to either display advertising on our website or to manage our advertising on other sites. Our third-party partners may use cookies or similar technologies to provide you with advertising based upon your browsing activities and interests. If you wish to opt-out of interest-based advertising by third parties click here (or if located in the European Economic Area or United Kingdom click here). Please note that generic, non-personalized ads will continue to be displayed.
RIGHTS AVAILABLE TO INDIVIDUALS
You have the right to ask us about the processing of your personal information. Specifically, under applicable data privacy laws, and where contractual commitments require, BioAgilytix ensures that individuals can exercise all relevant informational rights with respect to their personal information collected by BioAgilytix, including, but not limited to, the right of access and correction, to withdraw consent at any time, object to data processing, request data deletion, restrict aspects of data processing. Where limitations apply, BioAgilytix will look at each circumstance and advise you of the reason we cannot comply with your request.
When BioAgilytix is a Processor and not a Data Controller, it will take reasonable steps to help the appropriate Data Controller respond and will act on the reasonable direction of the Data Controller’s customers with respect to access.
If you would like to exercise your rights provided under your country’s national data protection laws, please contact us at privacy@bioagilytix.com. Please note that we are required by law to verify your identity in order to comply with some data requests.
OTHER PRIVACY RELATED INFORMATION
Where We Store and Process Personal Data
To facilitate our global operations, BioAgilytix may transfer, store and process your personal information within our corporate locations or with service providers based in the United States and Europe. Laws in these countries may differ from the laws applicable to your country of residence. We take appropriate steps to ensure that personal information is processed, secured and transferred according to applicable law. Where we transfer personal information from the European Economic Area or the UK to other countries in which applicable laws do not offer the same level of data privacy protection, we have ensured that appropriate safeguards are in place through the use of written agreements, such as Standard Contractual Clauses, with recipients that require them to provide the same level of protection for the data.
Data Retention
We will keep personal information about you for as long as we provide services, as long as you work for or with us, or as long as we are addressing a concern, question, complaint, or request you have made to us, as applicable to our interactions with you. If we have a contract or other agreement with a customer, we will follow the retention obligations of that agreement. This applies to lab diagnostic data.
We may keep personal information longer if we have a legal obligation to keep it or to maintain necessary records for legal, financial, compliance, or other reporting obligations, and to enforce our rights and agreements. When we no longer need personal information, we securely delete or destroy it.
Security
BioAgilytix takes reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction, considering the risks involved and the nature of the personal information. We also have implemented measures to maintain the ongoing confidentiality, integrity and availability of the systems and services that process personal information and will restore the availability and access to personal information in a timely manner in the event of a physical or technical incident. Still, no system can be guaranteed to be 100% secure. If you have questions about the security of your personal information, or if you have reason to believe that the personal information that we hold about you is no longer secure, please contact us immediately as described in this Privacy Notice.
Data Privacy Framework
BioAgilytix complies with the EU-U.S. Data Privacy Framework (with the UK extension) and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. BioAgilytix has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles. If there is any conflict between the terms in this Privacy Notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.
Individuals can learn more about the Data Privacy Framework program, individual rights, and our participation in the program by visiting: https://www.dataprivacyframework.gov/s/.
BioAgilytix acknowledges that it is subject to the jurisdiction of the U.S. Federal Trade Commission for compliance and enforcement of the Data Privacy Framework applicable to the EEA, UK, and Switzerland.
BioAgilytix may share personal information with contracted third parties who act as a Data Controller or other Processors at the direction of those Data Controllers. BioAgilytix shall enter into a contract with third-party Data Controllers prior to sharing personal information requiring that personal information may only be processed for limited and specified purpose consistent with the consent provided by the individual, that third-party Data Controllers provide the same level of protection and notify BioAgilytix if it can no longer meet this obligation.
Under the Data Privacy Framework Principles, individuals have the right to opt out of (i) disclosures of their personal information to third parties; or (ii) uses of their personal information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual. BioAgilytix may share personal information with contracted third parties who act as an Agent and provide services to BioAgilytix in furtherance of data processing. BioAgilytix shall enter into a contract with third-party Agents prior to sharing personal information to obtain assurances that the Agent will safeguard personal information consistent with this Privacy Policy and BioAgilytix’s obligations under the principles.
BioAgilytix shall remain liable under the Data Privacy Framework Principles if its Agent processes such personal information in a manner inconsistent with the Principles, unless BioAgilytix proves that it is not responsible for the event giving rise to the damage.
Recourse, Enforcement, and Liability
If you have a privacy or data use concern, we ask that you contact us first at privacy@bioagilytix.com. However, if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, then you have the right to use your country’s data protection authority for dispute resolutions (free of charge). To find your country’s data protection authority, visit https://edpb.europa.eu/about-edpb/about-edpb/members_en if you are located in the EEA, https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html if you are located in Switzerland, or ico.org.uk if you are located in the UK.
This independent dispute resolution process is provided at no cost to the individual.
Under certain conditions an individual may choose to invoke binding arbitration to resolve any residual complaints not resolved by BioAgilytix, but prior to initiating such arbitration, a resident of an EEA country, UK or Switzerland must first (1) contact BioAgilytix and afford us the opportunity to resolve the issue; (2) seek assistance from the US Department of Commerce directly or through their loacal data protection authority, and provide the Department time to attempt to resolve the issue. If an EEA or Swiss resident invokes binding arbitration, each party shall be responsible for its own attorneys’ fees. Please be aware that the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief as necessary to remedy any violation of the privacy policy with respect to the resident. If an individual formally invokes binding arbitration, BioAgilytix will follow the terms set forth in Annex 1 of the Data Privacy Framework. For more information on binding arbitration visit: https://www.dataprivacyframework.gov/s/.
HOW TO CONTACT US
If at any time you have questions about our practices, your rights described above, or questions about this Privacy Notice, you may contact our Data Protection Officer using one of the contact methods below. This inbox is actively monitored and managed by personnel trained in our policies, processing, and handling of personal information.
Data Protection Officer
BioAgilytix Labs, LLC
2300 Englert Drive
Durham, NC 27713
Telephone number: 919.381.6097
privacy@bioagilytix.com