Last Updated: March 6, 2024
This California Privacy Notice applies solely to California residents and their personal information, as covered under the California Consumer Privacy Act of 2018, and as amended (“CCPA”). The CCPA provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information” (“PI”), as well as rights to know/access, correct, delete, and limit sharing of Personal Information. The CCPA defines “Personal Information” as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
Fulgent Genetics' core business is generally not subject to the CCPA. However, certain information of California residents collected via the Picture Genetics website at www.picturegenetics.com (“Website”) may be subject to the CCPA. This California Privacy Notice does not apply to information we collect that is “medical information” governed by the California Confidentiality of Medical Information Act or “protected health information” (“PHI”) governed by the privacy, security, and breach notification rules of HIPAA because this information is not within scope of the CCPA. For example, this California Privacy Notice does not apply to the information we collect from you in connection with laboratory testing, your test results, or other information that may legally be deemed PHI. See our HIPAA Notice of Privacy Practices for information on our use and disclosure of medical information and other protected health information.
Certain other information we collect may also be exempt from the CCPA because it is considered public information (i.e., it is made available by a government entity) or covered by another specific federal privacy law. To the extent that we collect Personal Information that is subject to the CCPA, that information, our practices, and your rights are described below.
We may collect Personal Information from our employees and/or job applicants who are California residents in a variety of different situations and using a variety of different methods, including, but not limited to, in-person, on our website, on our networks, your personal mobile device, company-issued devices, through email, in physical locations, through written applications, through the mail, and/or over the telephone. Additionally, we may collect job applicants' Personal Information from other businesses that collect and provide or sell it to third parties in connection with job recruiting.
The categories of Personal Information we collect, the purposes for which we collect Personal Information, and the categories of sources from which the Personal Information is collected are further described in more detail in our Privacy Policy and in our Privacy Notice to California Job Applicants.
The list below describes: (1) the categories of Personal Information that we may collect about our consumers who are California residents or may have collected about them in the preceding 12 months; and (2) the categories of California residents' Personal Information that we may have disclosed for a business purpose.
Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers or registration information, web behavior information. We use these to provide our services.
For our employees: Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit or debit card number, other financial information, medical information, health insurance information (including, but not limited to, family members' and dependents' information collected for purposes of providing benefits), as more fully described in applicable employee privacy policy and notices.
For our website visitors and customers: address, telephone number, bank account number, credit or debit card number, other financial information, medical information, health insurance information.
Race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, pronouns, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, and genetic information (including familial genetic information). Generally, this information is collected (if at all) because you or your provider provides it directly to us. Certain elements, including genetic information, may be developed or analyzed by Fulgent in relation to our Services.
Information such as products or services ordered or purchased by your provider, obtained, or considered; survey responses; information about you or your provider.
Web-behavior information such as data generated from your use of our Websites and collected through log files, cookies, web beacons, tracking, and similar technologies. Such information may include your browser type, domains, page view, how long you spent on a page or feature of the Websites, what pages you looked at, or other data about your engagement with the Websites or the Services. If you have a GPC signal enabled on your browser, we recognize your GPC signal for all types of cookies, except for strictly necessary and functional cookies (for California residents).
Generally, this information would be collected directly from you, or passively collected from you on our Websites. For example, we may record calls for monitoring and customer-service purposes, and we may utilize video surveillance for safety purposes at our physical locations.
Education, occupation, and other professional information collected when you apply for a job with Fulgent. Please see our Privacy Notice to California Job Applicants.
For our employees: social security, driver's license, state identification card, or passport number; account log-in; precise geolocation (IP address and/or GPS location, latitude & longitude); racial or ethnic origin, religious or philosophical beliefs, and sexual orientation; contents of emails and text messages, including on personal devices used for work purposes; and personal health information, as more fully described in applicable employee privacy policy and notices.
For our employees' dependents, emergency contacts, beneficiaries, and family members: limited Personal Information and/or SPI that is necessary for the provision and utilization of health and other benefits requested by you.
For our website visitors and customers: account log-in; financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation (IP address and/or GPS location, latitude & longitude); genetic data (including genetic tests and excluding COVID-19 tests); and personal information collected and analyzed concerning a consumer's health.
We may use your Personal Information for one or more of the following business purposes:
To fulfill or meet the reason for which the Personal Information is provided.
To provide you with information about our products or services that you request from us.
To provide you with email alerts and other notices concerning our products or services, or events or news that may be of interest to you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
To improve our Website.
For product development.
As necessary or appropriate to protect the rights, property, or safety of us or others.
To respond to law enforcement requests, and as required by applicable law, court order, or governmental regulations.
As described in our Privacy Policy, or as otherwise permitted by the CCPA.
We will not use the Personal Information we have collected for materially different, unrelated, or incompatible purposes other than those listed above without providing you notice. We limit our use of Sensitive Personal Information to that use which is necessary to perform the Services or provide the goods reasonably expected by an average consumer who requests such goods or Services.
We may share any of the above-listed information with “Service Providers,” which are companies that we engage to process consumers' Personal Information on our behalf for business purposes pursuant to a written contract. Service Providers are restricted from retaining, using, or disclosing the Personal Information for any purpose other than for the business purposes specified in the written contract. The categories of Service Providers with whom we share information and the services they provide are described in our Privacy Policy in the section titled “How Information is Shared.”
We do not sell your Personal Information for monetary payments. We also have not shared (as that term is expressly defined in the CCPA) any Personal Information subject to the CCPA in the past twelve (12) months. However, we have made certain categories of information available to third party analytics providers (including for cross-context behavioral advertising) in the past twelve (12) months, which may constitute “sharing” of your personal information under current legal standards. These categories of information include: IP addresses and web-behavior information such as data generated from your use of our Websites and collected through log files, cookies, web beacons, and similar technologies. Such information may include your browser type, domains, page view, how long you spent on a page or feature of the Websites, what pages you looked at, or other data about your engagement with the Websites or the Services, including healthcare-related pages on our website.
Your PHI may be used and disclosed for treatment, payment, healthcare operations, and other purposes permitted or required by law, as outlined in more detail below.
You have the right to request access to Personal Information collected about you and information regarding the source of that information, the purposes for which we collect it, and the third parties and Service Providers with whom we share it. Specifically, you have the right to request that we disclose the following information to you, limited to the preceding twelve (12) months: (1) the categories of Personal Information that we collected about you; (2) the categories of sources from which the Personal Information is collected; (3) the business or commercial purpose for collecting, selling or sharing Personal Information; (4) the categories of third parties to whom we disclose Personal Information; (5) the specific pieces of Personal Information that we have collected about you; (6) the categories of Personal Information that we disclosed about you for a business purpose, sold or shared to third parties; and (7) for each category of Personal Information identified, the categories of third parties to whom the information was disclosed, sold or shared. You may submit such a request as described below.
To protect our customers' Personal Information, we are required to verify your identity before we can act on your request. We are only required to respond to such requests from you twice in a twelve-month period.
You have the right to request, in certain circumstances, that we delete Personal Information that we have collected directly from you, subject to certain exceptions. You may submit such a request as described below. To protect our customers' Personal Information, we are required to verify your identity before we can act on your request. We may have a reason under applicable law, rule, order, licensing standards, or regulations as to why we do not have to comply with your request, or why we may have to comply with your request in a more limited way than you had anticipated. If we do, we will explain that to you in our response.
You have the right to request that we correct inaccurate Personal Information that we maintain about you. However, in some cases, we may deny requests to correct inaccurate Personal Information, or may alternatively delete such personal information.
We do not sell your Personal Information for monetary payments. However, the definitions of “personal information” and “sale” under the CCPA are broad. Because of the breadth of these definitions under the CCPA, and the uncertainty surrounding the meaning of “sharing” and “sale,” we have provided opt-out links.
You have the right to direct us not to sell your Personal Information. You may exercise your opt-out rights by clicking the “Do Not Sell or Share My Personal Information” link and following the instructions on the opt-out page, by emailing your request to privacy@picturegenetics.com, completing the Privacy Web Form, or by calling us at (888) 354-8168.
We will not discriminate against any individual for exercise of any CCPA rights.
If you believe your privacy rights have been violated, you may file a complaint with the California Privacy Protection Agency or the Attorney General of California.
You may submit a request to exercise your rights to know/access, correct, or delete your Personal Information; limit the use and disclosure of Sensitive Personal Information; or opt-in to the sale or sharing of your Personal Information by emailing your request to privacy@picturegenetics.com, or by completing the Privacy Web Form. You may also submit a request to exercise your rights to know or delete your Personal Information by calling us at the following toll-free number: (888) 914-9661 (Pin: 747661).
In order to process your request to know/access, correct or delete Personal Information we collect, disclose, share or sell, we must verify your request. We do this by asking you to provide personal identifiers we can match against information we may have collected from you previously.
You may authorize another individual or a business registered with the California Secretary of State, called an authorized agent, to make requests on your behalf. We require that you and the individual complete notarized affidavits in order to verify the identity of the authorized agent and confirm that you have authorized them to act on your behalf.
Each request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or that you have duly authorized the person making the request on your behalf. We do not offer any rewards programs or incentives for the collection or sharing of data.
We generally use the following criteria to determine the relevant retention period: we retain Personal Information for periods of time, which range depending on the level of sensitivity of data; continued need for data (for example, to continue to provide services to you, or to continue maintaining HR files for our employees); our legal obligations; applicable statutes of limitations for potential legal claims; contractual obligations; and other similar criteria. Generally, we aim to retain data for a shorter period of time when such data is more sensitive, when its deletion will not result in significant business interruptions, and/or when there are no existing legal requirements for preserving data for a longer period of time. We extend the retention periods for information subject to a Legal Hold, for the duration of the Legal Hold.
Additionally, we strive to follow data minimization principles and to retain Personal Information for the period of time reasonably necessary to perform our services, unless retaining data for longer periods is necessary to improve or provide future services, or is done with consent, or as otherwise disclosed in our applicable privacy policies. We further aim to implement record retention periods at the system level, with the goal of minimizing data risks. Different retention periods apply to different categories of data.
Here are some examples of our current retention periods for personal information:
User names and passwords are retained for 2 years.
For employee data, we retain data for the duration of employment, plus up to 1 to 5 years thereafter, depending on the categories of data.
For Instant Messaging Applications, the applicable retention period is 30 days.
For voicemails, the applicable retention period is 6 months.
For visual, audio, and video recordings, the applicable retention period is 90 days.
For emails sent to us by you, the applicable retention period ranges between 1-2 years.
We may update this California Privacy Notice from time to time. When we do update it, for your convenience, we will make the updated Notice available on this page. Changes and additions to the Notice are effective from the date on which they are posted.
If you have any questions regarding this Notice, please contact us: