2. Purposes of Data Processing

“Personal data” means any information or set of information that identifies or could be used to identify you, either directly or indirectly. Personal data does not include information that is anonymized such that an individual cannot be identified. Personal data will be collected and handled by Precision for various purposes listed in the specific sections below.

2.1 Website Visitors
2.2 Potential Employees and Contractors
2.3 Data retention of past employees’ personal information
2.4. Investigators, clinical site study team members, and other healthcare professionals (HCPs)
2.5 Study Participants and Patients involved in Clinical Trials
2.6 Potential Clients and Client Personnel
2.7 Vendor/Suppliers and Contract Party Personnel

2.1 Website Visitors

This section applies when accessing the available pages on any of the following Precision websites (collectively, the “websites”):

precisionmedicinegrp.com
precisionxtract.com
precisioneffect.com
newsletter.precisionhealtheconomics.com
precisionallaccess.com
epiontis.com
quartz.bio
ethoshc.com
apocell.com
promeddx.com
glas.bio
sternir.com
precisioneffect.co.uk
across.health.com
makarahealth.com
baselinecontrols.com

Personal data collected by the websites will include name, address, contact numbers, and email address, but may also include other information you may choose to provide us with (for example, to provide a requested service, where an employment opportunity is being processed or where a health professional is interested in participating in a clinical trial).

You may voluntarily provide us with personal data

(1) to receive additional information about Precision (i.e., newsletters, press releases, marketing materials),

(2) if you are interested in pursuing an employment opportunity with Precision, or if you are interested in providing clinical trial investigator services to Precision, and

(3) to receive access to webcasts, or to receive customized information (usually through the “Contact Us” form).

Precision also collects personal data about your computer hardware and software including, but not limited to, your computer operating system, your Internet Protocol (IP) address, your Internet browser, and information regarding your interactions and navigation within the websites. Our web server automatically collects this category of Personal Data when you request to view pages within our websites.

All websites apply cookies. To find out more about cookies, how Precision use them, and how you can opt-out of non-essential cookies, please view the Precision Cookies Policy via https://www.precisionmedicinegrp.com.

2.1.1 Use of Personal data collected:

We will not use or disclose your personal data in a manner inconsistent with applicable law or this Privacy Notice. We may use your personal data to:

(i) respond to inquiries,

(ii) supply requested information on Precision’s services and products,

(iii) allow you to participate in registration-only features of the websites when you choose to do so,

(iv) ensure that content from the websites is presented in the most effective manner for you and your computer, and

(v) maintain and monitor the quality of the websites and provide general statistics regarding use of the websites.

Such processing of your Personal information is based:

• On your consent, when you voluntarily subscribe or provide us with Personal Data, e.g. to receive information from Precision; or
• On Precision’s legitimate interest to monitor the audience and quality of its websites.

On some website pages or apps, you may register to receive access to web casts, updates, or information on specific services. This data is collected to provide you with the service.

2.1.2 Opting out:

Any marketing communications sent by Precision will have an automatic opt-out link at the bottom of each communication. You may elect to remove yourself from further informational communications at any time by selecting and confirming that link.

2.1.3 Website and App security:

Whilst we do all that we can to safeguard the security of your personal data, the transmission of data over the internet is not completely secure and therefore you do this at your own risk. Once we receive your personal information, we will implement strict security procedures to prevent unauthorised access.

2.1.4 Retention period:

Precision has a legitimate interest to retain personal data, collected from all users of the websites, for up to 8 years.

2.2 Potential Employees and Contractors

This section describes how we handle and protect your personal data in connection with our recruiting and prospective employment or contractor engagement processes and programs. We will process your personal data in accordance with this Privacy Notice, unless such processing conflicts with the requirements of specific national law, in which case, that applicable law will prevail.

2.2.1 Personal data collected:

Personal data collected for recruitment and selection for an employment or contractor role will include name, address, email address, contact details, marital status, gender, passport details, driver’s licence, qualifications, employment history and professional registration as well as, where applicable, health conditions including reasonable adjustments and occupational health advice.

In special and legally justified circumstance we may also process further data about you and conduct background checks including criminal convictions, credit history, ethnicity and philosophical beliefs.

2.2.2 Use of Personal data collected:

We collect and use personal data for recruitment and selection purposes. This includes reviewing CVs and/or applications to make a decision to invite candidates for employment or contractor role to interview and conduct pre-engagement checks prior to offering a contract of employment.

Such processing is based on:

• Your consent, you voluntarily submit an application and/or CV to a job advert and would like to apply for the position
• To take steps on your request, to enter into an employment contract or contractor relationship with Precision or one of its affiliates.
• Legitimate interests to monitor equality and diversity in our workforce

2.2.3 Data retention:

If you accept an employment or contractor offer, any relevant personal data collected during your pre-engagement period will become part of your employment records and/or contractor documentation and will be retained in accordance with specific country requirements. However, in any other event, we will retain your Personal Data for up to 12 months following the submission of an application.

2.3 Data retention of past employees’ personal information

Once employment or contractor engagement has ended, Precision will retain records under a legal obligation and we will keep such information as pension records, basic staff records to allow for factual verification, name, email address, telephone number, address, date of birth, and national government identifiers. Employment and social security laws in countries of your engagement might require us to keep your data for longer periods and we will retain this information following the pension regulator retention schedule.

2.4. Investigators, clinical site study team members, and other healthcare professionals (HCPs)

This section describes how we use the personal data we may receive, either directly from you, or from third parties, in connection with the clinical trials we manage on behalf of our Sponsor clients. This applies to you if you are a Principal Investigator or trial study team professional at one of our Trial sites, a healthcare professional, or other experts with whom Precision wishes to collaborate with or who already work with us.

2.4.1 Personal information collected:

If you are a Principal Investigator or a trial study team professional, we process your name, address, email address, contact details, employment history, professional qualifications, professional registration and professional registration history.

If you are a healthcare professional or an expert, we process your name and contact details.

2.4.2 Use of personal information collected:

We collect and retain your information both for a the recruitment of professionals to conduct clinical trials to comply with clinical trial regulations

Such processing of the personal data is based on:

• Our legal obligation to ensure the safe operations of the trial by staff with the appropriate qualifications, including the substantial public interest in ensuring providing high standards of safe healthcare (provision of safe medications)

During the principal investigator recruitment or clinical trial site selection process (often referred to as feasibility study), you will be asked by Precision if you would like to register your interested in adding your personal data to our database to be contacted for future trials. You will be asked for consent to retain your personal data for these purposes.

2.4.3 Data retention:

Once the trial is completed, the personal information will be collected and sent in a ‘trial master file’ to the Sponsor of the trial where it will be kept for 25 years in order to comply with clinical trial regulations.

If we directly employ you, we will retain your personal data for 7 years after you have left our employment.

For our Principal Investigator database, we will retain your personal data for two years.

2.5 Study Participants and Patients involved in Clinical Trials

2.5.1 Personal information collected:

Name, date of birth, address, bank details for expenses, contact details, ethnicity, physical and mental health and trial participation number.

2.5.2 Use of personal information collected:

For trial recruitment purposes, we use our Patient Recruitment Databases to match patients to clinical trials and research projects based on the individuals’ areas of medical interest.

Once you become part of a trial, we use your personal data to carry out our clinical trial functions on behalf of our Sponsor clients, including monitoring your safety and the quality of the research data

Your personal data will only be sent to us for these purposes In a pseudonymised form, which means that any direct identifiers such as name and contact details are replaced with an identification number known only to your trial site.

We are also required to monitor and report to regulatory authorities when you may have become poorly or adversely affected by the medication you have been provided with as part of the trial.  This is a legal obligation on our part and we may need to provide all your personal data including your name and address for this purpose.  It is part of the trial regulations and the laws of all countries where trials take place that this information is shared.

The processing of personal data described in this section is based on:

• Our contract with our Sponsor to manage and monitor conducting the clinical trials
• (Where we are jointly responsible for a trial; Called ‘joint controller’), our legitimate interests in managing and running a clinical trial to investigate and bring a product to market safely and effectively, as well as for the purposes of medical research where we have an approved protocol from the regulators in the country where the trial takes place
• A legal obligation where we are required by law to report to regulatory authorities

2.5.3 Data retention:

Once the trial is completed, all your personal information will be collected and sent in a ‘trial master file’ to the Sponsor of the trial where it will be kept for 25 years in order to comply with clinical trial regulations.

Where we are controller and responsible for the trial master file, the same retention will apply.

2.6 Potential Clients and Client Personnel

2.6.1 Personal information collected:

Name, work email address, contact details such as telephone number and corporate address, interaction history between you and Precision as well as your professional interest and areas of interest where we might provide you with relevant information about Precision services and products.

2.6.2 Use of personal information collected:

To manage the relationship between ourselves and customers or potential customers and to ensure the efficient and proper collaboration between our organisations.

Our processing of personal data in this section is based on:

• Our legitimate interests in running and operating our business

2.6.3 Data retention:

For the purpose of project management and financial records, Precision will retain personal information relating to their clients and employees of suppliers and organisations associated with client projects. The information retained will be name, work email address, address and work telephone numbers. Under their contract, Precision will retain these records for up to 8 years, following the last payment.

Similarly, Precision will retain records of potential clients for sales, marketing of services, and invitation to events if given consent to do so. The data will be retained for up to two years from the last contact and includes the potential client’s name, email address, telephone number, organisation, and job title.

2.7 Vendor/Suppliers and Contract Party Personnel

2.7.1 Personal information collected:

Name, work email address, contact details such as telephone number and corporate address as well as further details required to identify you as contract signatory, e.g. date of birth, personal ID number or passport number

2.7.2 Use of personal information collected:

To manage the relationship between our suppliers and to ensure the efficient and proper collaboration between our organisations.

To prepare and execute a contract between you, your company or entity you represent as signatory.

Our processing of personal data in this section is based on:

• Our legitimate interests in running and operating our business

2.7.3 Data retention:

For the purpose of financial records account management, Precision will retain personal information such as name, work email address, and work telephone number for up to 8 years after the last supply under their contract.

We will retain contracts for as long as there are obligations arising under those for contract parties and for tax and accounting purposes (books and records).

3. Sharing Disclosure and Retention of Personal Data

3.1 How We Share and Disclose Information to Third Parties

Personal information will be shared within Precision, companies working as agents of Precision, and third parties only on a “need to know” basis to meet stated legitimate business purposes. Access to databases and folders containing personal information is restricted to appropriate staff. Precision does not trade or sell personal information. Under some circumstances, Precision may be required by law enforcement or judicial authorities to disclose certain personal information as part of investigations or for litigation purposes. Precision may disclose personal information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Precision’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.

Companies working as agents of Precision are required to sign “processor” and/or confidentiality agreements whereby they will commit to only processing personal information consistent with contracted purposes and apply appropriate organizational and technical security safeguards.

If disclosure of your personal information under the conditions above involves the transfer of your personal information to countries that were not recognized as providing an adequate level of protection of personal information pursuant to the rules applicable in your country, Precision will set up appropriate guarantees to secure your personal information in the context of such transfer, including but not limited to Standard Contractual Clauses.

Precision may disclose personal information, to the extent necessary, if required to do so to comply with legal obligations by law enforcement, regulatory and other governmental agencies or if required to do so by court order.

3.2 International Data Transfer Outside of the European Economic Area (EEA) and the United Kingdom

There will be times where your personal data will be transferred to Precision companies, service providers, or our clients (sponsors) located in countries outside the EEA and UK. This includes the USA, where there is a different data protection regime to the regime in the EU and UK and is not deemed to provide an adequate level of protection for the purposes of EU and UK data protection laws. Precision will ensure that appropriate safeguards are in place by using EU Standard Contractual Clauses or will rely upon another EU/UK-approved data transfer mechanism. This will also include measures to ensure personal data is transferred and resides securely, for example, using industry-standard encryption.

3.3 Data Retention Period

Your personal information is retained by Precision for no longer than is needed for the performance of the respective purpose of its processing as described under this Privacy Notice. It may, however, be retained for a longer duration, as an archive, for proof management in the prevention of any claim.

4. Cookies Linking and Security

4.1 Cookies and Other Anonymous Web-Tracking Methods

Various methods can be used to provide tailored information to you from a website, including one called “cookies.” A cookie is a small data file that a website you visit may save on your computer or handheld device that usually includes an anonymous unique identifier. Precision uses cookies and web server logs to assist in the collection of site usage statistics. This information may include personal information including the date/time of visits, specific pages viewed, time spent browsing our websites, and the websites visited immediately before and after visiting our websites. Our websites will ask for your permission through a “cookie banner” to store cookie files on your computer/handheld device. Note also that most Internet browsers allow you to erase cookies from your hard drive, block all cookies, or receive a warning before a cookie is stored. Refer to your browser’s help files to learn more about these functions.

In particular, Precision may use session ID cookies and persistent cookies. Session ID cookies may be used to personalize and improve your user experience while viewing our websites. Session ID cookies are deleted from your hard drive when you terminate your browser session. Persistent cookies may be utilized to collect non-personal information in the form of IP address, Internet Service Provider (ISP), your browser type, platform type, web page navigation, and date/time stamp.

Your IP address is utilized so that we can send you data such as the web pages you have requested, and we may use your browser and platform type to ensure that the data we send to you is properly formatted and displayed. We may aggregate this information with data on the pages visited by other users to track page navigation, site usage, and overall user behaviours associated with our websites. This data aids in our understanding of how users are using our websites in terms of page navigation and most frequently requested site pages. Understanding this information enables us to provide you with improved site use and functionality.

4.2 Linking

Our websites may contain hyperlinks allowing you to access other websites owned by us and our affiliated companies. Our websites may also contain hyperlinks to websites owned by our third-party vendors, distributors, and providers (“Linked websites”). We may provide hyperlinks to the Linked websites to enable you to conveniently access websites that may be of interest to you. However, once you click on a hyperlink that transfers you from our websites to a linked website, Precision is not responsible for the privacy practices or the content of such linked website.

4.3 Security

We are committed to protecting the privacy and security of all the personal data we process. Precision endeavours to protect against the loss, misuse, and alteration of your personal data. We have ensured that technical and procedural measures are in place to protect all information that we receive. Our technical infrastructure uses industry-recognized commercial security products, including vulnerability monitoring and encryption of data at rest and in transit.. It should be understood, however, that no method or procedures for securing transmission or storage of data can be claimed to be 100% secure. While we utilize commercially acceptable technology and take reasonable precautions to protect your information, we do not guarantee its absolute security.

5. Your Personal Data Rights

As per applicable data protection laws and regulations, including GDPR chapter 3, your rights regarding our processing of your personal information are outlined below.  You may exercise these rights by contacting Precision at the following contact address: privacy@precisionmedicinegrp.com. Please, attach a copy of a valid ID document, or evidence of authority to act signed by the data subject, to your request; we will only retain that copy for the time necessary to verify your identity or authority.

5.1 Right of access

You may request access to your personal information that is processed by Precision. In that case, we will provide you with a copy of all of your personal information we retain as of the date of your request, together with all mandatory information regarding the processing of this data, namely:

• The categories of collected and processed personal information;
• The purposes of its processing;
• The categories of data recipients;
• The data retention period;
• Information regarding your rights as a data subject.
• Right to data portability

5.2 Right of rectification

You have a right to request correction of your personal information if said personal information appears inaccurate, incomplete, or outdated.

5.3 Right to erase your personal data (right to be forgotten)

You may request the erasure of your personal information from Precision’s and its processors’ servers and files in the following cases:

• your personal information is no longer necessary for the purposes for which it has been collected and processed;
• you have withdrawn your consent pursuant to the “Right to withdraw consent” section and there is no other legal basis for the processing;
• you have objected to the processing of your personal information pursuant to the “Right to object to processing” section;
• the processing of your personal information is illicit;
• your personal information must be erased by Precision to comply with its legal obligations;
• you were a minor at the time of collection of your personal information on the websites.

If that personal information has been shared with third parties, Precision shall inform these third parties of your erasure request, to the extent that it is feasible.

5.4 Right to object

For processing activities described under this Privacy Notice which are based either on:

• Precision’s or a third party’s legitimate interest, or
• performance of a task carried out in the public interest or in the exercise of official authority vested in Precision,

you have a right to object to such processing on grounds relating to your particular situation.

5.5 Right to limitation of processing

You may request the limitation of the processing of your personal information in the following cases:

• you requested correction of your personal information pursuant to the “Right of Rectification” section above, for the duration necessary to check that personal information;
• processing is illicit and you prefer to limit it rather than erasing the concerning personal information;
• you want Precision to retain your personal information for you to use it in the context of a judicial claim; or
• you have objected to the processing of your personal information by Precision pursuant to the “right to object to processing” section above, for the period necessary for Precision to assess the grounds relating to your particular situation.

Precision will accordingly cease to process the concerning personal information and retain it for the appropriate duration.

5.6 Right to withdraw consent

For those processing activities described under this Privacy Notice that are based on your consent, you have a right to withdraw that consent at any time, without justification.

5.7 Right to data portability

For those of the processing activities described under this Privacy Notice that are based on your consent or on their necessity for our performance of a contract to which you are a party, you also have a right to data portability.

This right differs from the right of access in that:

(i) it only covers personal information Precision collected from you, and

(ii) it allows you to obtain a copy of your personal information in a structured, machine-readable format.

The right to data portability allows you to request transmission of such personal information to another data controller, at your own choice, to the extent that it is technically feasible.

5.8 Right to lodge a complaint with a supervisory authority

You also have a right to lodge a complaint relating to the processing of your personal information by Precision with the competent supervisory authority in your country.

5.9 Automated decision-making

You have a right not to be subject to automated decision-making and profiling, and will be notified where this occurs.

6. Contact and Complaints

6.1 Contact Information

Questions or comments regarding this Notice should be submitted to Precision’s Privacy Office by mail to:

Precision Medicine Group, LLC
Attn: Privacy Office
2 Bethesda Metro Center, Suite 850
Bethesda, MD 20814

Precision’s Data Protection Officer (DPO) for European Union, European Economic Area and United Kingdom is Amy Ford of Kaleidoscope Consultants Limited, East Side, Kings Cross, London, United Kingdom, N1C 4AX. Both Precision’s Privacy Office and the DPO can be contacted by e-mail here: privacy@precisionmedicinegrp.com

Precision has also appointed the European Union, European Economic Area and United Kingdom Privacy Representative who is available at:
krzysztof.mazurek@precisionmedicinegrp.com
+48798822463

6.2 Complaint Information

If you are unhappy with how we process your personal data, and after you have first made a complaint to us, you can complain to your local data protection regulator. Here is a list of countries and contact details of their relevant supervisory authorities:  European Data Protection Board for Europe and Information Commissioner’s Office (ICO) for United Kingdom

Precision will retain personal information of complainants as a legitimate interest for eight years, including their name, contact details, and any other relevant information given.

7. California Privacy Rights

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	NO
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	NO
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	NO
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	NO
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	NO
G. Geolocation data.	Physical location or movements.	NO
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	NO
I. Professional or employment-related information.	Current or past job history or performance evaluations.	NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	NO
K. Inferences drawn from other personal information.	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	NO

PRIVACY STATEMENT – CALIFORNIA

This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws.  Any terms defined in the CCPA have the same meaning when used in this notice.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

Personal information does not include:

• Publicly available information from government records:
• De-identified or aggregated consumer information.
• Information excluded from the CCPA’s scope, like:
  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from our clients or their agents. For example, from documents that our clients provide to us related to the services for which they engage us.
• Indirectly from our clients or their agents. For example, through information we collect from our clients in the course of providing services to them.
• Directly and indirectly from activity on our website. For example, from submissions through our website portal or website usage details collected automatically.
• From third-parties that interact with us in connection with the services we perform.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

• To fulfil or meet the reason for which the information is provided.
• To provide you with information, products, or services that you request from us.
• To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
• To improve our website and present its contents to you.
• For testing, research, analysis and product development.
• As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to you when collecting your personal information or as otherwise set forth in the CCPA.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collect for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We may disclose your personal information to a third party for a business purpose.  When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have not sold any personal information.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• The specific pieces of personal information we collected about you (also called a data portability request).
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
  • sales, identifying the personal information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, Deletion, and Opt-out Rights

To exercise the access, portability, deletion, or opt-out rights described above, please submit a verifiable consumer request to us by either:

• Calling us at: 866-994-0511
• Emailing: privacy@precisionmedicinegrp.com
• Mailing:

2 Bethesda Metro Center, Suite 850
Bethesda, MD 20814

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person or an authorized representative of the person we collected personal information on.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.  Making a verifiable consumer request does not require you to create an account with us.  We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  If you have an account with us, we will deliver our written response to that account.  If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.  Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt.  The response we provide will also explain the reasons we cannot comply with a request, if applicable.  For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.