Innomics – Advancing Innovation in Multi-Omics

Last Updated: November 17, 2023

Innomics Inc., a corporation formed under the laws of the State of Delaware, with its operations in the State of Massachusetts (officially the Commonwealth of Massachusetts) and the State of California (hereinafter as Innomics or the Company), is dedicated to three main business areas: high-throughput next-generation sequencing (NGS), in vitro diagnostics (IVD), and mass spectrometry analysis (MS). As a genomics and proteomics service provider, Innomics is committed to protecting and respecting our customer’s and participants’ privacy in compliance with applicable laws and regulations, including but not limited to the HIPAA Privacy Rule, Clinical Laboratory Improvement Amendments (CLIA), and the General Data Protection Regulation (EU) 2016/679 (GDPR) of The European Parliament and of the Council.

In collecting or processing personal information (PI) through our websites or when you use our services or request to receive information from us, Innomics adheres to the basic principles of Transparency, Accountability, Legal use and Ethical use.

The Privacy Policy applies to Personal Information collected or processed by us online (through websites, applications, email, and otherwise) (“Online Services”) when we process your Personal Information for your potential participation as a research subject in clinical trials; when we process Personal Information for your potential participation in clinical trials as an investigator or a member of the investigator team; when we process medical information and in connection with post-approval pharmacovigilance and adverse events, complaints, and reports; when we provide products or services to you, your doctor, hospital, medical treatment or scanning facility, or other healthcare provider (collectively, “Healthcare Provider,” which refers both to the Healthcare Provider institution, organization, or company, and individuals employed by or working for or with such organization), or your patients; and in other situations where you interact with us, including but not limited to interacting with or visiting our sites and offices or our events (e.g., tradeshows and conferences) (such products, services, Online Services, and other systems collectively, the “Products and Services”); when we process your data as an employee of a company for which we provide Products or Services; or anywhere this Notice is posted or referenced. This Notice also applies to Personal Information that is collected or processed when you interact with us in person, by telephone, or by mail.

This Privacy Policy serves as a notice to the public. It outlines the types of Personal Information that Innomics may collect or process, how we may use and disclose that Personal Information, and how you may exercise any rights you may have regarding our processing of your Personal Information. Please read this Privacy Policy carefully to understand how we treat your Personal Information and/or Genetic Data that we may obtain in the course of providing our Services. To the extent permitted by applicable laws, by providing us your Personal Information or otherwise interacting with us, you are agreeing to this Notice and Policy. If you do not agree with the policies, procedures, and practices as described herein, you may choose not to access or use our products or services or not to transmit personal information to us.

This Privacy Policy will help you understand the following:

1. Definitions

"Affiliated Company" refers to a company that is related to Innomics due to joint ownership or control.

"Third Party" refers to an entity or individual who does not have any ownership or control relationship with Innomics, such as but not limited to Clinician, Hospital, Laboratory, Health Professional, Healthcare Service Provider, University, Research Institution, Pharmaceutical Companies.

"Genetic Data" refers to any data, regardless of its format, that results from the analysis of a biological sample of an individual, or from another source enabling equivalent information to be obtained, and concerns genetic material. Genetic material includes, but is not limited to, deoxyribonucleic acids (DNA), ribonucleic acids (RNA), genes, chromosomes, alleles, genomes, alterations or modifications to DNA or RNA, single nucleotide polymorphisms (SNPs), uninterpreted data that results from analysis of the biological sample or other source, and any information extrapolated, derived, or inferred therefrom. Cal. Civ. Code §§56.18(b)(7)(A), 1798.81.5(d)(5). “Genetic data” does not include deidentified data. For purposes of this subparagraph, “deidentified data” means data that cannot be used to infer information about, or otherwise be linked to, a particular individual, provided that the business that possesses the information does all of the following: (i) to take reasonable measures to ensure that the information cannot be associated with a consumer or household; and (ii) to publicly commit to maintain and use the information only in deidentified form and not to attempt to reidentify the information, except that the business may attempt to reidentify the information solely for the purpose of determining whether its deidentification processes satisfy the requirements of this subparagraph, provided that the business does not use or disclose any information reidentified in this process and destroys the reidentified information upon completion of that assessment. (iii) Contractually obligates any recipients of the information to take reasonable measures to ensure that the information cannot be associated with a consumer or household and to commit to maintaining and using the information only in deidentified form and not to reidentify the information. Cal. Civ. Code §§56.18(b)(7)(B).

“Personal Information” or "Personal Data" refers to any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. “Personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. For the purpose of privacy protection, it means either (1) a username or email address in combination with a password or security question and answer that would permit access to an online account, or (2) an individual’s first name or first initial and the individual’s last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted or redacted: (i) Social security number; (ii) driver’s license number, California identification card number, tax identification number, passport number, military identification number, or other unique identification number issued on a government document commonly used to verify the identity of a specific individual; (iii) account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account; (iv) medical information; (v) health insurance information; (vi) Unique biometric data generated from measurements or technical analysis of human body characteristics, such as a fingerprint, retina, or iris image, used to authenticate a specific individual. Unique biometric data does not include a physical or digital photograph, unless used or stored for facial recognition purposes; (vii) Genetic data. California Civil Code § 1798.81.5(d)(1). However, “Personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. Cal. Civ. Code §§1798.80(e), 1798.81.5(d)(1), 1798.81.5(d)(4). The natural person or individual is referred to in this Privacy Policy as "Personal Information Subject" or “Data Subject.” Please note that, for patients, as described below, we may receive information about you from your Healthcare Provider or others, when legally permitted. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location information, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Sensitive Personal Information" refers to any Personal Information that the leakage, disclosure, or abuse of which could easily endanger personal and property safety, and easily lead to the harm of one's personal reputation and mental and physical health, or lead to discriminatory treatment.

"Data Breach" is a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information transmitted, stored or otherwise processed.

2. What and How We Collect Your Personal Information

The Personal Information can be collected by Innomics directly from the Personal Information Subject or from a Third Party with the consent of the Personal Information Subject where said collection is not prohibited by the applicable laws.

Innomics is responsible for the processing and treating your Personal Information regarding the Services entrusted to Innomics in compliance with the applicable laws.

The Personal Information collected by Innomics can include but is not limited to.:

full name, address and contact details
job title and employer details
date of birth
gender
weight
height
nationality
identification
bank account and credit card account
transaction data includes details about payments to and from you and other details of products and services you have purchased from us
biological samples involving genetic data
any clinical information necessary for the purpose of the services or tests required, such as medical history (including any condition for which medical advice or treatment was sought, any form of consultation, investigation, prescription or treatment), allergies, lifestyle habits, current medication
family history
other medical test results or findings necessary for conducting genetic testing or sequencing services
genomic or other personally identifying information
computer or other device connected to Internet and browsing information
the content you choose to share
marketing and communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences

2.1 Information You Directly Provide to Us

Certain Personal Information concerning you including Genetic Data are collected directly from you by Innomics.

Innomics might collect the Personal Information in the following circumstances:

when you fill in a contract or place a purchase order for one of our Services;
when we or our contracted local service provider issue you with a test request form for the purposes of conducting a genetic test;
when you sign up on our website for an Innomics Customer Account;
when you sign up on our website for our newsletter;
when you sign up on our website to request a quotation and place an order for our Services;
when you submit a request for quote or send an enquiry via the contact forms on our website;
when you request us to claim insurance compensation on behalf of you
when you fill in a contact form or consent to have your details recorded by us at a conference/event/tradeshow;
when you reply to an email from Innomics that you have previously consented to be sent to you;
if you contact us or send us a message through social media channels

The information above may be necessary for the adequate performance of the contract or purchase order between you and Innomics and to allow us to comply with our legal obligations. Without it, we may not be able to provide you with relevant requested Services.

2.2. Information We Collect from Third Parties

When a third-party obtains an individual’s informed consent, the third-party’s own privacy policy and informed consent practices will govern its collection, use, processing, storage, disclosure, and transfer of genomic information. We are not responsible for the privacy practices of these third parties. Please be aware that this Privacy Policy does not apply to your activities on these third-party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.

Third-party service providers acting on our behalf must execute agreements including confidentiality requirements and will only process Personal Information as necessary to perform their functions in a manner consistent with this Notice, other applicable privacy notices, and as explicitly permitted or required by applicable laws, rules, and regulations. Our third-party service providers may be located in the United States and other jurisdictions.

We may combine information we collect, whether Personal Information or not, with Personal Information that we may obtain from third parties.

To enable us to provide better Services to you, where permitted by applicable laws, we may collect your Personal Information indirectly from a Third Party.

We will put efforts to ensure the legitimacy of the source of your Personal Information. However, please note that we do not control, supervise or respond to how the Third Party processes your Personal Information. Any request regarding the disclosure of your Personal Information to us should be directed to such Third Party.

If you are a U.S. patient, please note that this Notice is distinct from your Healthcare Provider’s HIPAA Notice of Privacy Practices, which describes how your Healthcare Provider uses and discloses individually identifiable information about your health that it collects, as well as any other privacy practices it applies. Innomics collects, uses, and discloses Personal Information it receives on behalf of your Healthcare Provider in accordance with its HIPAA-required agreements with your Healthcare Provider.

3. How We Collect Your PI Automatically with Cookies and Similar Technologies

A Cookie is a plain text file that is stored on computers or mobile devices by web servers. The contents of Cookies can only be retrieved or read by its creating server. Every Cookie is unique to your web browser or mobile application. A Cookie usually includes an identifier, site name and some numbers and characters. Using Cookies, a website can store data of user preferences or products in a shopping basket, etc.

To ensure that our website is working normally and to personalize and customize your experience, we will use Cookies or similar tracking technologies, such as web beacons, pixels, and mobile identifiers to analyze trends, operate our website, track users’ movements around the websites, and to gather demographic information about our user base as a whole. We will not use Cookies for any purpose other than those stated in this Privacy Policy.

As true of most websites, our website gathers certain information automatically. This information may include Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, the files viewed on our website (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.

You may manage or delete Cookies based on your preferences. You can clear all Cookies on your computer and most web browsers have Do Not Track function. If Do Not Track is enabled on your browser, all of our websites will respect your choice.

If you want to know more about how to change browser settings, please click the following links for popular browser software: Microsoft Internet Explorer, Microsoft Edge, Mozilla Firefox, Google Chrome, Safari for macOS and Safari for iOS.

Innomics uses Plausible Analytics that is completely open-source software and its source code is available and accessible on GitHub. This means that you can have a transparent insight into how your data is processed. Plausible Analytics only stores anonymized data that it collects from you. However, before anonymization, Plausible Analytics still processes your Personal Information. That is why we ask for your consent for this processing via a banner on the website. All visitor data is exclusively processed with servers owned and operated by European companies and it never leaves the EU. We only use Plausible Analytics based on the consent that you give us via a banner when you enter the website. Please consult the privacy statement of Plausible Analytics if you need more information about how they process your data. (https://plausible.io/privacy-focused-web-analytics).

Innomics’ Products or Services may contain links to other websites, applications, products, or services that are not owned or operated by Innomics, such as social media websites and applications like Facebook and Twitter. You should carefully review the privacy policies and practices of other websites, products, and services as we cannot control and are not responsible for privacy policies, notices, or practices of third-party websites, applications, products, and services.

4. How We Use Your Personal Information

We collect, receive and process your Personal Information so that we can:

perform our Services;
improve our Services;
keep you updated about our Services;
contact you with other relevant Services we think you might be interested in.

4.1 Use Upon Your Consent

We may process your Personal Information for the purposes as follows with your consent.

Provide and improve our Services: The Personal Information we collect will be used to provide you with our Services, process your orders or fulfill the contractual obligations under the contract between you and Innomics. In particular, we will not use your Genetic Data without your prior consent for any purpose other than to provide our Services.

Advertising and marketing: The Personal Information we collect will be used to personalize and improve our advertising, send you promotional messages, marketing, advertising, and other information that may be of interest to you based on your preferences. You can opt-out of receiving marketing messages from us easily by following the unsubscribe instructions included in our marketing messages. After you choose to opt-out, we will stop processing and delete your relevant Personal Information promptly.

We will acquire your consent in advance when the information is to be used for a purpose that is not specified in this Privacy Policy.

4.2 Use Without Your Consent

In accordance with applicable laws, Innomics may process your Personal Information for the following purposes without your consent:

To perform out contractual obligations based on contract(s) or agreement(s) concluded with you;
To protect the vital interests of the Personal Information Subject or another natural person if the Personal Information Subject is physically or legally incapable of giving consent;
To comply with applicable laws, regulations, guidance or court order;
For the purpose of Innomics’ legitimate interest (except for Genetic Data).

5. How Long We Keep Your Personal Information

We generally retain Personal Information for as long as needed for the specific business purpose or purposes for which it was collected. In some cases, we may be required to retain Personal Information for a longer period of time by law or for other necessary business purposes. Whenever possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the specified retention period in compliance with the applicable laws.

6. How We Share and Disclose Your Personal Information

Within Innomics, the Personal Information collected are only accessible to the staff of Innomics who, within the scope of their specific tasks, are responsible for it and whose access to these data is expressly required for the performance of their tasks.

After receiving your consent, Innomics may also share the Personal Information collected with its affiliated companies, trusted third parties, suppliers and sub-contractors through which you have ordered one of our services and consented to receive your Personal Information, as well as the Insurance Company if their intervention is required.

We will never share or disclose your Personal Information without obtaining your consent unless when:

It is required by the US laws or court order in connection with national security, public security, public health or significant public interest;
It is directly relevant to investigation, prosecution, trial and execution of the judgment of crimes;
It is for the purpose of protecting life, property or other significant legal rights and interests of Personal Information subjects or others, and it is unreasonably difficult or impractical to obtain consents from such persons;
The Personal Information collected has been disclosed by the Personal Information Subject to the public actively; or
It is otherwise provided by applicable laws and regulations.

7. How Your Personal Information is Transferred

Subject to applicable local legal requirements, your Personal Information may be transferred, stored and processed outside of the country where you live or have ordered our Services from, including to our subsidiaries, affiliated companies and service providers located in other jurisdictions, and may become subject to the laws of such jurisdictions. The primary location of where your Personal Information will be stored or processed for the Services you have ordered from Innomics will be stated in the governing contract and/or the test request form.

We only provide your Personal Information to our subsidiaries, affiliated companies and service providers where it is necessary to meet the purpose for which you have submitted your Personal Information and in particular if necessary for the provision of services and support. We take steps to ensure that Innomics’ affiliated companies follow our data protection policy, this privacy notice and applicable local law when handling Personal Information and that service providers put in place adequate safeguards to protect the Personal Information entrusted to them, as outlined below.

7.1 Transfer outside of EU

For Personal Information of Personal Information Subjects who are in the EU: Innomics will implement appropriate measures to ensure that Personal Information remain protected and secure when transferred outside the EU, in accordance with applicable data protection and privacy laws, such as:

The country to which the Personal Information are transferred has benefited from an adequacy decision by the European Commission under Article 45 of the GDPR; or
Standard data protection contractual clauses as approved by the European Commission pursuant to Article 47 of the GDPR have been established.

In the absence of the above appropriate safeguards, we will ask you for your explicit consent for cross-border transmission of your Personal Information. In the meantime, security measures such as encryption or de-identification will be adopted for the safety of your Personal Information.

7.2 Transfer of Personal Information across national borders

Please note that Personal Information we collect and process may be transferred and maintained outside your state, province, country, or other jurisdiction where the privacy laws may not be as protective as those in your location, including the United States. Innomics has put in place lawful transfer mechanisms and adequate safeguards, in accordance with applicable legal requirements, to protect your Personal Information.

8. How We Protect Your Personal Information

Consistent with applicable laws and requirements, Innomics has put in place physical, technical, and administrative safeguards to protect Personal Information from loss, misuse, alteration, theft, unauthorized access, and unauthorized disclosure consistent with legal obligations and industry practices. However, as is the case with all websites, applications, products, and services, we unfortunately are not able to guarantee security for data collected through our Products and Services. In addition, it is your responsibility to safeguard any passwords, ID numbers, or similar individual information associated with your use of the Products and Services.

Amongst others, when Innomics shares the Personal Information of a Personal Information Subject with external suppliers/subcontractors or services providers, Innomics may put in place a written agreement which commits the suppliers/sub-contractors or services providers to keep these Personal Information confidential and put in place appropriate security measures to keep this information secure.

Some of the safeguards we use to protect your information are firewalls, data encryption, and access controls. The administrative measures we use include establishment of a department and designation of a person responsible for protection of Personal Information, conducting self-evaluation on security of Personal Information, organization of training on relevant staff, etc.

In case of Personal Information breach, we will without undue delay inform you about the basic conditions and possible influence of the data breach, response measures that are already taken or to be taken by us, suggestions for you regarding precautions and risk control, corrective measures for you, and the like. To the extent permitted by law, we will inform you about relevant situations of the data breach in a timely manner via email, fax, telephone or push notification, or any other means of communication we deem appropriate. When it is difficult to notify every Personal Information Subject individually, we will properly and effectively issue a public announcement.

9. Your Rights

We respect your legal rights with regards to your Personal Information. Below are the rights you may exercise by sending an email to us at the email address as set forth in the end of this Policy (See “Contact Us”). Please note that for the sake of security, we may ask you to verify your identity before further processing your request.

To access the Personal Information Innomics holds about you: You are entitled to access and request copies of Personal Information that you provided to us, unless applicable laws provide otherwise.
To be informed about how Innomics uses your Personal Information: We strive to be transparent about how we use your data. We keep you informed as to what we do with your Personal Information through this Privacy Policy.
To have these data rectified promptly in case of inaccuracy/incompleteness: If you find that your Personal Information processed by us is inaccurate or incomplete, you are entitled to ask us to make rectifications.
To have your Personal Information erased in specific circumstances: You can request us to delete your Personal Information if we do not have a legal reason to continue to process and hold it.
To restrict the processing of your Personal Information: You have the right to ask us to restrict how we process your Personal Information. If you restrict our processing, we will not further process but are still permitted to store the data.
To object to the processing of your Personal Information: You have the right to object to our processing your data even if it is based on our legitimate interests, the exercise of official authority, direct marketing (including data aggregation), and processing for the purpose of statistics.
The right to data portability: To the extent permitted by laws and regulations, you have the right to request for the receipt of the transfer to another firm/organization in a structured, commonly used and machine-readable form of the Personal Information provided to Innomics.
To lodge a complaint to Data Protection Authority: You have the right to lodge a complaint to the local data protection authority if your privacy rights are violated or if you have suffered as a result of the unlawful processing of your Personal Information.
Possibility of withdrawal of the consent/ subsequent refusal to transmit Personal Information: If you wish to withdraw your previous consent or refuse the transfer of your Personal Information, you can send a written statement to Innomics. Innomics will respect that choice in accordance with its own legal obligations. This could mean that Innomics may not be able to perform the actions necessary to achieve the purposes as set out in this Privacy Policy and affect the way in which Innomics deals with you and/or for any related entities. Moreover, this withdrawal will not affect the lawfulness of processing based on consent before its withdrawal. In this case, Innomics will not be responsible for any direct or indirect damage of any kind that might occur as result of the withdrawal of the consent.

However, please note that Innomics is contractually obliged to retain certain information as necessary for our legitimate business interests, to comply with our legal interest, or in accordance with the current applicable laws and regulations.

10. How We Process Children's Personal Information

Innomics complies with the Children’s Online Privacy Protection Act of 1998 (“COPPA”), 15 U.S.C. 6501–6505. COPPA requires that website operators are not allowed to knowingly request personally identifiable information from anyone under the age of thirteen without requesting verifiable parental consent.

In accordance with COPPA, Innomics will not knowingly collect any personally identifiable information from individuals under the age of 13. If we determine that a user of our website is under the age of 13, we will not maintain or use his or her personally identifiable information. If you suspect that someone under the age of 13 has submitted his or her personal information through our websites, please contact us using the information as set forth in the end of this Policy (See Contact Us).

Although the definition of children varies according to laws and customs in different jurisdictions, Innomics treats anyone under 16 years old (or equivalent minimum age in relevant jurisdiction) as a child. We will only collect and process Children's Person Data after we have obtained explicit consent of their legal custodian. When we find that a child's Personal Information is collected without explicit consent of legal custodian, we will delete the relevant data as soon as possible. Legal custodian means each parent if the parents are in marriage and are not in divorce proceeding or a parent or a third party who is duly appointed as the child’s custodian by a court having competent jurisdiction over the child.

11. Privacy Protection for Data Subject in the EU

If you are in an EU member country, you may have certain data protection rights under the General Data Protection Regulation (EU) 2016/679 (GDPR), such as the right to be informed, the right to access, the right to correction, the right to erasure, the right to restriction of processing, the right to object to processing, the right to data portability, and the right to withdraw your consent. The rights available to you depend on our reasons for processing your personal information. To request access to, correct, restrict, or delete any personal information that you have provided to us, please contact us by email as set forth in the end of this Policy (See “Contact Us”)

12. Privacy Protection for Data Subject in Japan

If you are in Japan, you may have certain data protection rights under the Act on the Protection of Personal Information (“APPI”) which was amended in 2022. The amendment expanded an individual’s rights to require the deletion or disclosure of personal information where there is a possibility of violating the data subject’s rights or legitimate interests; in the event of a breach of the APPI via transfer to a 3rd party; and allowing the data subject to request the format of the disclosure of the personal data, including in a digital format. Personal information, other than sensitive data, could be transferred to 3rd parties without express consent as long as notice of the transfer was publicly disclosed and there was no objection by the data subject. However, personal information transferred to a 3rd party on an opt-out basis cannot be re-transferred by the 3rd party to another party on a similar opt-out basis. For further transfer, either direct consent or one of the other legal transfer grounds must be in place.

Under the APPI, the law does not distinguish between ‘Controller’ and ‘Processor’. Accordingly, if the entity collecting/using the data has another entity process the data on its behalf (with no other purpose) and under proper contract, it is not considered a transfer under the law. Third party transfers occur when the data is transferred to another entity to use the data for other purposes.

In compliance with the APPI, Innomics’ operation partner in Japan will notify the individual and the Personal Information Protection Commission (“PPC”) which is the data privacy authority in Japan, in the event an incident falls under certain designated criteria as potentially causing the violation of individual rights and interests. The report to the PPC will consist of providing a preliminary report ‘as soon as possible’ to state the situation, followed by a more detailed report as to the causes and remedial measures implemented.

The rights available to you under APPI depend on our reasons for processing your personal information. To request access to, correct, restrict, or delete any personal information that you have provided to us, please contact us by email as set forth in the end of this Policy (See “Contact Us”).

13. Privacy Protection for Data Subject in California

If you are a resident of State of California, you may have certain data protection rights under the California Genetic Information Privacy Act (CGIPA) and California Consumer Privacy Act (“CCPA”).

Data subject has certain rights and protections when using direct-to-consumer genetic testing companies. (Cal. Civ. Code § 56.18-56.186). Under CGIPA, a direct-to-consumer genetic testing company must obtain express consent from individuals for the use, collection or disclosure of a consumer’s genetic data. It may not be required to obtain express consent to (i) market to a consumer on the company’s own website or mobile application if the advertisement does not depend on information specific to the consumer outside the fact that they purchased or received the company's product; or (ii) transfer genetic data to certain postsecondary educational institutions for educational and scientific research. Data subject may revoke consent, and the company must honor the revocation within 30 days.

Data subject has the right to access his or her genetic data with a direct-to-consumer genetic testing company. Because the businesses covered under CGIPA must also comply with the California Consumer Privacy Act, the company must provide the genetic data in a readily accessible format. Data subject can request to delete his or her genetic data and corresponding account with a direct-to-consumer genetic testing company. However, the requests for deletion may be denied if the genetic data must be retained due to a legal or regulatory requirement. Data subject can request destruction of a biological sample that the company holds, and the company must comply within 30 days. Direct-to-consumer genetic testing companies may not discriminate against individuals for exercising these rights.

A direct-to-consumer genetic testing company must make information available regarding its policies and procedures. At minimum, a privacy notice must contain information about: data collection, use, access, disclosure, maintenance, transfer and security, retention and deletion practices, complaint filing procedures. It is also required to implement and maintain reasonable security measures to protect a person’s data. Innomics complies with CGIPA in applicable situations.

As a resident of State of California, you may also have certain data protection rights under CCPA, such as the access to specific information and data portability right, right to opt-out of sale and sharing, right to non-discrimination, right to correction, right to deletion. The rights available to you under CCPA depend on our reasons for processing your personal information. To exercise your right to opt out, or request access to, correct, restrict or delete any personal information that you have provided to us, please contact us by email as set forth in the end of this Policy (See “Contact Us”). Please note that we may continue to share your personal information with our affiliates, services providers, for such essential business purposes described above. Innomics will not discriminate against anyone for exercising any of his or her rights under CCPA and/or CGIPA whichever is applicable.

California Civil Code §1798.83 permits our visitors who are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact us by email as set forth in the end of this Policy (See “Contact Us”).

14. How This Privacy Policy is Updated

Innomics updates this Privacy Policy from time to time in response to the new legal, technical or business developments. For example, we may change our Privacy Policy including but not limited to: there is a major change of our service mode, e.g., purpose of processing Personal Information, type of processed Personal Information, usage mode of Personal Information; major change in terms of our ownership structure, organization structure, e.g., change of owners due to business adjustment, bankruptcy, merging, etc.; change of main object to which the Personal Information is publicly disclosed, shared, or transferred; change of your rights involved in Personal Information processing and their exercises; change of our responsible department, contacts and complaint channels for security of Personal Information; when there is high risk according to the Personal Information impact assessment report, etc.

We will alert you when changes have been made by indicating the date this Notice was last updated as the date the Notice became effective or as otherwise may be required by law. If we make major changes to this Privacy Policy, we will post the revised Privacy Policy on our website and update the "Last Updated" date at the top of this Privacy Policy. It is recommended that you periodically revisit this Policy to learn of any changes.

15. Contact Us

If you have any concerns about this privacy policy, please contact us at P_contact@innomics.com. We will respond to your inquiry as early as required by law.