SEMA4 PRIVACY POLICY

 

As a patient-centered health intelligence company, we respect your privacy and value your trust and partnership in our mission to improve the diagnosis, treatment, and prevention of disease. This privacy policy (this “Privacy Policy”) explains what information Sema4 (the “Company” “we” or “us”) collects from you when you use our website and applications (collectively, the “Website”), including without limitation www.sema4.com, our Patient/Provider Portal (available at https://my.sema4.com/), and the Sema4 Works application (“Sema4 Works”) and related apps, or interact with our third-party partners (“Partners”), as applicable. By using our Website, you agree to all the terms and conditions stated in this Privacy Policy. Please take a moment to review this information.  This Privacy Policy is in addition to and does not replace our Notice of Privacy Practices, which explains how we handle protected health information.

  1. HOW WE PROTECT YOUR INFORMATION

Sema4 is committed to protecting your privacy.  We employ a range of physical, technical and administrative safeguards to secure the personally identifiable information (“Personal Information”) you entrust to us and protect it from loss, misuse, unauthorized access, disclosure, alteration, corruption or destruction. We take reasonable measures to protect your Personal Information to prevent against unauthorized use, access, disclosure, and destruction. Your name and email address, along with other information that can be used to identify you, constitute your Personal Information. Please be aware that, despite our best efforts, security measures are not impenetrable, and we can’t guarantee against misuse.

  1. WHAT INFORMATION WE COLLECT

Contact Information

If you choose to contact us through the Website, we’ll collect your contact information, such as your name and email address, postal address, or phone number so we can communicate with you. If you write a message, we will store the message so we can reference it to tailor our responses to you.

Website Visitor Data

Directly or through the use of third-party data analytics services (including Google Analytics), we collect visitor information, including your IP address and server log data (the address of the web page you visited before using the Website, your browser type and settings, the date and time of your use of the Website, language preferences). We may gather your information about the device you are using to access our Website, including what type of device it is, what operating system you are using, device settings, application IDs, location, unique device identifiers, and crash data. Other data is collected, including data generated by your use of the Website and links you interact with. Further information on how Google uses data collected by Google Analytics can be found at https://support.google.com/analytics/answer/6004245?hl=en. Information about how to opt out of Google Analytics can be found at https://tools.google.com/dlpage/gaoptout/.

Account and Other Data

We may collect additional Personal Information that you voluntarily submit to us through the Website for other purposes, including information needed to open an account if you choose to do so. This information may include 1) user name and password; (2) name, email address, telephone number, home address, business address; (3) credit card and other payment information (4) personal interests or concerns; (4) registration information pertaining to an educational program or event; or (5) answers to an online form or survey.

When you register through our Patient Portal, we collect Personal Information such as your name, date of birth, billing and shipping address, and contact information. This information is combined with other Personal Information to give you access to your test results, and permit you to sign and view consent forms, view the progress status of your tests, schedule genetic counseling, and, if you join My Health, collect your health records from your healthcare providers.

If you are a health care provider registering for our Provider Portal, we collect your name, phone, address, and occupation as part of the registration process. Our Provider Portal is used for the storage and transmission of protected health information between us, health care providers and/or organizations using the Provider Portal to manage Sema4’s services, and their authorized representatives.

The collection, use and disclosure of protected health information through the Website, or that is accessed via the Website, in our capacity as a HIPAA covered entity is subject to our HIPAA Notice of Privacy Practices, which can be found here https://sema4.com/hipaa-notice-of-privacy-practices/. If any provision in this Privacy Policy conflicts with a provision in our HIPAA Notice of Privacy Practices, the provision in the HIPAA Notice of Privacy Practices will prevail with respect to the use and disclosure of protected health information in our capacity as a HIPAA covered entity.

If you access and use the Sema4 Works application at your employer’s request, we collect information you submit to us about symptoms you may be experiencing, audio recordings and data related to your cough, and background health information and demographics data.

  1. HOW WE USE YOUR INFORMATION
          • We use your Personal Information, including any information you share with us, to provide and improve our programs and services. We share this information with third-party service providers or Partners upon your request, or our service providers or Partners to the extent necessary to provide you with our Services.
          • If you are a healthcare provider or patient, we use your Personal Information to contact you about research opportunities, clinical trials, or clinical treatments for you or your patients, as permitted by law and by your consent.
          • If you choose to participate in research through Sema4 Works or another research project, we share your Personal Information for those research purposes as permitted and in compliance with applicable laws, and in accordance with your consent..
          • If you use Sema4 Works, we share the information we collect with your employer, in accordance with your authorization.
          • If you choose to join My Health through our Patient Portal, we use your Personal Information to provide you with health information in a readable format, to develop a health timeline and to provide the other services offered through My Health. We also create de-identified and aggregated data from your Personal Information and may use and disclose the de-identified data, as permitted by law and by your consent.
          • We use your information to operate, manage, and improve our Website, and for marketing and administrative purposes.
          • If you communicate with us, we may send you newsletters and marketing information, until you decide to opt out. We may also send you notifications, updates, and changes about our Website and contact you to provide customer service and support.
          • We may use your information to comply with legal or regulatory requirements, to respond to lawful requests, court orders and legal process, to enforce our rights, to prevent fraud, to protect the security of the Website and for safety.
          • We may use your IP address and location data to analyze usage, administer our Website, and gather demographic information for aggregate use.
          • With your consent, we may use your Personal Information in other ways.

  1. HOW WE SHARE YOUR INFORMATION

We do not knowingly sell, trade or otherwise share your Personal Information with any third parties without your consent, except as disclosed in this Privacy Policy, as required by law, and when we reasonably believe it is necessary to prevent or take action regarding illegal activities, suspected fraud, or to protect the safety of any person.

We may share Personal Information in collaboration with our Partners, including companies that assist with health records collection, business analytics, data processing, customer and user management, and other services. We instruct these parties to use your Personal Information only to the extent necessary to provide the services we have requested. Although we take reasonable steps to ensure that Partners receiving your information are bound by privacy restrictions as restrictive as those set forth in this Privacy Policy, we are not responsible for any issues that may arise regarding the privacy policies or practices of any of Partners. By using the Website, you agree that we are not responsible or liable for any claims and/or damages that may arise from the actions of any of our Partners.

  1. SOCIAL MEDIA

If you click on our social media links (such as Twitter, Facebook, Instagram, YouTube, and LinkedIn), you will be directed to a third-party platform, and any information you share on those websites will be covered by their privacy policies, not this Privacy Policy.

  1. COOKIES AND OTHER TECHNOLOGIES

What are cookies?

A cookie is a small file that can be placed on your computer’s hard disk or on a website server. Cookies do not retrieve information stored on your hard drive and do not corrupt or damage your computer or computer files. For those using our Website, we may link cookie information to your email address to maintain and recall your preferences within the Website.

Why we use cookies

We may use cookies and similar tracking technologies to improve or administer the Website, analyze trends, track users’ movements around the Website, support security features on the Website, and to gather demographic information about our user base.

How to manage cookie preferences

Depending on their purpose, some cookies will only operate for the length of a single browsing session, while others have a longer life span to ensure that they fulfill their longer-term purposes. Your web browser can be set to allow you to control whether you will accept cookies or reject cookies, to notify you each time a cookie is sent to your browser, or to delete cookies that have already been set. If your browser is set to reject cookies, certain aspects of the Website that are cookie-enabled will not recognize you when you return to the Website, and some Website functionality may be lost. The “Help” section of your browser may tell you how to prevent your browser from accepting cookies. To find out more about cookies you may visit http://www.aboutcookies.org.

  1. OPT-IN /OPT-OUT OF COMMUNICATIONS

By using our Website, you expressly allow us to contact you and use your information as set forth in this Privacy Policy. You may opt-out of receiving marketing emails anytime by clicking the “unsubscribe” link in the email that contains the marketing communication.

  1. LINKS

The Website may contain links to other third-party websites. Please be aware that we are not responsible for the privacy practices of third parties and their other websites. This Privacy Policy applies only to the information we collect on the Website. We encourage you to read the privacy policies of other websites you link to or otherwise visit them.

  1. YOUR CHOICE TO ACCESS, EDIT, OR DELETE INFORMATION

Whenever reasonably possible, we strive to provide you with choices and control regarding your Personal Information. . Upon receiving your request, we will make reasonable efforts to correct, delete, and/or block your Personal Information from further use to the extent it remains in our possession, except to the extent not permitted by law. If you have questions or requests in connection with your Personal Information or this Privacy Policy, please contact us as noted below.

  1. MINORS

Our Website is not directed at nor intended for use by individuals under 13. If you learn that a child under 13 has provided us with Personal Information without consent, please contact us. If we become aware that a child under 13 has provided us with his or her Personal Information, we will promptly delete such data.

  1. BUSINESS TRANSITIONS

In the event we go through a business transition, including without limitation any merger, acquisition, partnership, business reorganization, debt finance, or sale of association assets, or in the event of an insolvency, bankruptcy, or receivership (together a “Business Transition”), we may use information collected in accordance with this Privacy Policy and subject to its restrictions, as part of any such Business Transition. In such instances, your information can be part of the assets transferred.

  1. DO-NOT-TRACK

You may have implemented a “do-not-track” signal through your browser. As there currently is no fixed standard for do-not-track signals, we currently do not respond to do-not-track signals from your web browser.

  1. DATA RETENTION AND DESTRUCTION

We will retain Personal Information for as long as necessary to accomplish our purposes for such data as set forth in this Privacy Policy. You can request that your information be deleted by contacting us at the address provided at the bottom of this Privacy Policy. At the time your information is deleted, we will destroy your Personal Information using reasonable data destruction practices. We may, however, retain certain information to comply with legal or contract obligations or to facilitate law enforcement requests.

  1. CHANGES

We may revise this Privacy Policy from time to time. If we decide to change our Privacy Policy, we will post the revised policy here. If changes are significant and materially affect your rights under this Privacy Policy, we may provide a more prominent notice on the Website. In certain cases, we may also provide email notification of the revised Privacy Policy and either seek your consent or give you the right to opt out from our use of your Personal Information in accordance with the revised Privacy Policy. However, because we may make changes at any time without notifying you, we suggest that you periodically consult this Privacy Policy. Please note that our rights to use any information collected will be based on the privacy policy in effect at the time the information is used.

  1. CONTACT US

If you have any questions about the Privacy Policy, please contact us at privacy@sema4.com and/or (844) 969-7362, or at the mailing address below:

Sema4
333 Ludlow Street
North Tower, 8th floor
Stamford, CT  06902
Attn: Compliance Officer

 

This Privacy Policy was last updated: June 3rd, 2020.

 

SUPPLEMENT TO PRIVACY POLICY: RIGHTS OF CALIFORNIA RESIDENTS

This Supplement to our Privacy Policy (the “Supplement”) is part of our Privacy Policy and is directed to you if you are a California resident and therefore have certain rights under the California Consumer Protection Act of 2018 (“CCPA”).  The Supplement applies to personal information we collect when we operate as a “business” as defined under the CCPA.   This Supplement describes what those rights are and how you may exercise them when we act as a business.  If there is any term in this Supplement that conflicts with a term in our Privacy Policy, the term in this Supplement shall control. This Supplement does not apply to protected health information that we collect, use and disclose in our capacity as a HIPAA covered entity.  Our collection, use and disclosure of protected health information is subject to our HIPAA Notice of Privacy Practices, which can be found here https://sema4.com/hipaa-notice-of-privacy-practices/.

When we operate as a “service provider” (as defined under the CCPA) for our customers and they provide us with your personal information for business purposes under a service contract, the CCPA applies primarily to those customers, not to us.  In such cases, we will direct any requests you send us to exercise your rights under the CCPA to the applicable customer.

  1. INFORMATION WE COLLECT AS A BUSINESS

We collect the following categories of personal information as defined under the CCPA:

Type of informationExamplesCollected by Us
IdentifiersName, postal address, e-mail address, IP address, phone number and similar identifiers. See Section 2 of the Privacy Policy for details.Yes
Information specified in California Consumer Records statuteName, signature, postal address, telephone number, employment. See Section 2 of the Privacy Policy for details.Yes
Protected classifications under California or federal lawAge, race, national origin, citizenship, religion or creed, marital status, gender, sexual orientation, health statusYes
Commercial informationRecords of personal property, products, services purchased or purchasing historiesNo
Biometric informationGenetic, physical, behavioral or biological characteristics, such as fingerprints, iris scans, voiceprints, health/exercise or sleep dataYes
Internet and similar network activityBrowsing history, website analytics, app interactions. See Section 2 and Section 6 of this Policy for details.Yes
Geolocation dataPhysical locations and/or movementsYes
Sensory dataAudio, visual, or similar data related to physical characteristicsYes
Professional or employment-related informationCurrent employment or job historyNo
Non-public educational informationEducational records under federal lawNo
Inferences drawn from other personal informationProfiling of preferences, personal characteristics, behavior, attitudes or aptitudesNo

Personal information does not include: (i) information publicly available from government records, (ii) deidentified or aggregated information, or (iii) information addressed by certain state and federal data privacy laws (e.g., personal health information subject to federal health privacy law).

  1. CATEGORIES OF SOURCES OF INFORMATION WE COLLECT

We obtain the categories of information described in this Supplement from the same categories of sources as described in Section 2 of our Privacy Policy.

  1. OUR USE OF PERSONAL INFORMATION

We use the personal information we collect, as described in this Supplement, for the same purposes identified in Sections 2, 3, 6 and 11 of our Privacy Policy.

  1. OUR DISCLOSURE OF PERSONAL INFORMATION

We may disclose the personal information we collect, as described in this Supplement, for any of the same purposes and to the same categories of persons and entities as identified in Sections 2, 4, 6 and 11 of our Privacy Policy.

  1. YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION

The CCPA gives certain rights to California residents regarding their personal information.  We summarize below what those rights are and how you may exercise them.  You do not need to have an account with us to exercise these rights.

The CCPA also gives California residents the right to opt out of (or for minors under 16, the ability to opt in to) sales of their personal information.  However, we do not and will not sell your personal information.  If, in the future, we decide to sell personal information, we will provide you with notice and the right to opt-out of (or for minors, opt-in to) such sales.

Right to Know About the Collection, Use, Disclosure and Sale of Personal Information

Upon providing us with a verified consumer request, you may ask us to disclose certain types of your personal information we have collected and used over the 12-month period prior to the date of your request. You may make this request only twice within any 12-month period.  You may request:

                  • The categories of personal information we collected about you
                  • The categories of sources of the personal information we collected about you
                  • The business or commercial purpose for collecting that personal information
                  • The categories of third parties with whom we shared that information
                  • The specific pieces of personal information we collected about you (except to the extent prohibited under CCPA including, for example, disclosure of Social Security numbers or other government, health insurance or medical identification numbers, account passwords)
                  • If we disclosed your personal information for a business purpose, a list identifying the personal information we disclosed to each category of recipient.

 

Right to Request Deletion of Personal Information

You have the right to submit a verified consumer request at any time that we delete any of your personal information collected and retained by us, unless an exception under the CCPA applies.

If no exception applies, and if we have been able to verify your consumer request, we will delete, aggregate or de-identify your personal information from our records in accordance with the CCPA. We will also direct third parties to whom we have disclosed your personal information to delete it, although we cannot guarantee that such third parties will comply with our direction.

Please note that we may deny your deletion request based on certain provisions of the CCPA, including where it is necessary for us or our service providers to carry out certain business functions, comply with laws or to engage in other internal and lawful uses of the information within the context in which you provided it to us.

  1. MAKING A VERIFIED CONSUMER REQUEST TO US

To make a request to exercise your rights under CCPA described above, please submit a verifiable request to us by either:

A verifiable consumer request must be made by you or a person registered with the California Secretary of State whom you have authorized to make the request on your behalf.  (A representative must be authorized by you in writing or have a valid power of attorney under California probate law.)  You may also make a verifiable request to us on behalf of your minor child.

To be considered a proper verified request, your request must:

(1) provide us with sufficient information allowing us to reasonably verify that you are the same person about whom we collected the personal information or the authorized representative, and

(2) describe your request in reasonable detail so we can correctly understand, evaluate and respond to the request.

We may ask you for additional information if needed in order to verify your request, but if we do, we will use such additional information only to verify your identity (or the authority of the representative) and for security and fraud-prevention purposes.

We will also ask you to separately confirm any request to delete personal information.

  1. RESPONDING TO YOUR VERIFIABLE CONSUMER REQUEST

We will use reasonable efforts to respond to your verifiable consumer request within 45 days of receiving it.  If some cases, we may require more time (up to 90 days). If that is the case, we will communicate to you in writing (by postal mail or electronically, at your option) the reason and the length of anticipated delay.  We will not be able to fulfill your request if we cannot verify your identity (or the authority of your representative) and confirm that the personal information subject to the request relates to you.

Disclosures we provide in response to a verified consumer request will cover only the 12-month period before we received the request.  If your request involves the porting of your personal information, we will use a format that is reasonably designed to allow you to transmit the information to another entity.  If we deny part or all of a verified consumer request, we will provide a reasonable explanation for the denial.

We do not charge fees for responding to verifiable consumer request unless they are excessive, repetitive or manifestly unfounded.  If we determine that a fee is appropriate, we will provide you with an explanation and a cost estimate before we complete your request.

We will keep records of consumer requests and our responses as required under the CCPA.

  1. NON-DISCRIMINATION

We will not discriminate against you for exercising any of your rights under the CCPA.  This means that, except where permitted under the CCPA, if you make a request for disclosure or to delete your personal information, we will not (i) deny you goods or services, (ii) charge you different prices for goods or services (e.g., through penalties or withholding of otherwise available discounts), (iii) giving you a different level of goods or services,  or (iv) suggesting to you that we will take any of the actions in (i) through (iii).

  1. HOW TO CONTACT US TO EXERCISE YOUR CALIFORNIA RIGHTS

If you have questions about our Privacy Policy or this Supplement, please feel free to contact us at: privacy@sema4.com and/or 1-844-969-7362, or at the mailing address below:

Sema4
333 Ludlow Street
North Tower, 8th floor
Stamford, CT  06902
Attn: Compliance Officer

This Supplement was last updated on June 3rd, 2020.