Thank you for choosing Picture Genetics. Picture Genetics is a product of Fulgent Genetics, Inc., (“Fulgent,” “we” or “us”), and we are committed to protecting your privacy. This GIPA Privacy Policy (“Policy”) describes how we collect, use, store, maintain, secure, and disclose your genetic health information when you seek our genetic testing (“Services”). This Policy applies only if you (1) are a consumer, (2) who is a California resident, and (3) who initiated an order for our genetic testing kit Services (whether directly via our Website, www.picturegenetics.com; or via a third-party website or provider) (“Consumer”).
If you are a patient whose healthcare provider is ordering laboratory testing from Fulgent in order to help evaluate, screen for, diagnose, or treat a certain medical condition, the Health Insurance Portability and Accountability Act (“HIPAA”) applies to you instead. Please see our HIPAA Notice of Privacy Practices, which explains how we handle personally identifiable health information (“PHI”) under U.S. laws, including HIPAA. Where multiple policies or laws apply to your specific situation, we will follow the practices with the most restrictive privacy protections applicable to your information.
- 1. ACCEPTANCE OF THIS POLICY AND TERMS
Before you use our Services, please read our Website Terms of Use and the main Privacy Policy. By accepting the applicable terms and policies, you agree with our privacy practices. If you do not agree with these terms, please do not access the Website or use our Services. We may revise this Policy from time to time and will post all updates on our Website.
- 2. SUMMARY OF OUR PRIVACY PRACTICES REGARDING YOUR GENETIC DATA
To keep things simple, we want to help you understand how we collect, use, maintain, and disclose your genetic information.
In connection with providing Services to you, we may collect:
Genetic Data: For certain tests, information regarding your genetic material (including DNA, RNA, genes, chromosomes, alleles, genomes, genetic alterations or modifications, single nucleotide polymorphisms); phenotype; uninterpreted data that results from the analysis of your biological sample; information extrapolated, derived or inferred from the genetic material; and resulting reports (collectively, “Genetic Data”).
Health Testing Data: Information regarding your test results for various health testing services we perform.
De-identified Data: Note that Genetic Data does not include de-identified data or biological samples used for scientific research conducted in compliance with applicable federal and state laws and regulations.
Personal Information: We also collect various other personal information, as described in detail in our main
Privacy Policy.
Biological Sample: Your saliva or cheek swab sample, which you submit to us for analysis and related information.
Self-Reported Information: Information you provide to us, including your health and family history, date of birth, name, gender, ethnicity, etc.
Registration Information: Information you provide during registration or in connection with registering an account with us, such as your name, user ID, password, date of birth, address, payment information, phone number, etc.
Web-behavior: Information on how you use our Website and services, which devices you use when visiting our Website, your IP address, browser, location, page views, which links you click on, etc.
You: We collect information you voluntarily provide to us in connection with seeking our Services or information from us, including information provided when you place an order, register, or create an account. We also collect information you provide when engaging with our marketing campaigns, signing up for newsletters, responding to our advertisements, contacting us, etc.
Service Providers: We may collect your information through various service providers, such as third-party websites or healthcare providers through which you obtain our Services. We may also collect information through a variety of technologies that generate information when you interact with us or a third-party website. We do not control third-party websites and are not responsible for their content and privacy policies or for how they collect and use your information.
Third Parties: We may receive your information from others through indirect orders, referrals, marketing campaigns, promotions, or other types of engagements. For example, we collect your data when someone orders one of our testing kits as a gift for you or places an order on your behalf.
Fulgent: We may infer information from the data we collect about you, by using automated means and technologies. For example, various technologies may allow us to predict certain predispositions, infer your location, or anticipate future needs for our Services.
To provide Services to you.
To develop and improve our Services, to provide better security measures, to reduce the risk of fraud, and to ensure that you are the person authorizing requests to us.
To communicate with you, including providing your test results.
To analyze trends and needs related to our Services.
To comply with applicable policies, laws, and regulations and with our contractual obligations.
To conduct research, if you choose to participate.
To provide cross-context behavioral targeted advertising to you, to the extent allowed by law.
To personalize our communications and marketing messages to you, to the extent allowed by law.
We do not use your Genetic Data for personalized marketing or targeted advertising in the absence of your express consent.
We appreciate the trust you place in us when seeking our Services. We make careful decisions with respect to your Genetic Data. Internally, Genetic Data is accessed only by trained, qualified personnel that needs access in order to provide our Services or quality control and assurance.
Those Authorized by You: If you instruct us to share your information with your provider, friends, or family members, we will honor your instructions to the extent allowed by laws and regulations. Please be diligent when authorizing third-party access to your Genetic Data, as we cannot ensure that they will not use your data differently from what is described in this Policy.
Service Providers: It is necessary for us to share certain information with certain service providers and contractors that help us provide Services to you (such as cloud services, counseling, IT, billing, etc.). To protect your Genetic Data, we implement measures, procedures, and contractual obligations such providers must comply with. While this list is not exhaustive, here are some examples:
We may share your genetic data with Genetic Counselors to enable them to provide a consultation and answer your questions.
Genetic Data is also entrusted to shipping providers while it is in transit to us.
IT and Security Providers may also have to access certain data in order to help us ensure the provision of reasonable security measures for such data.
Our Affiliates: We may disclose or share your data with our affiliates to help with the operations of our business, to ensure quality service, or to engage in various transactions (such as mergers, acquisitions, restructuring, sale of assets, etc.). In the circumstances involving such transactions, the sharing of your data may constitute a “sale” under applicable laws, and by seeking our Services, you expressly consent to it.
Third Parties: We deeply care about your privacy and will not voluntarily provide your Genetic Data to third parties, unless required to do so by applicable laws, warrants, subpoenas, or court orders. In those circumstances, we will first carefully assess viable legal options, with the goal of protecting Genetic Data.
When We Do Not Voluntarily Share Genetic Data:
Insurance Decisions: Under the law, we will never not disclose your Genetic Data to entities responsible for administering or making decisions regarding health insurance, life insurance, long-term care insurance, or disability insurance.
Public Access: We will also never share your Genetic Information with public databases or employers.
Authorities: We will not share your Genetic Data with the law enforcement, unless required to do so by a valid court order, subpoena, or warrant.
- 3. YOUR RIGHTS
You have the following rights with respect to your Genetic Data:
Consent: You have the right to decide whether to provide consent for the use, collection, or disclosure of your Genetic Data. You also have the right to revoke consent.
Access: You have the right to access your Genetic Data in a readily accessible format.
Deletion: You have the right to request the deletion of your account and corresponding data to the extent allowed by law. Note that Genetic Data must be retained due to legal or regulatory requirements. For example, Clinical Laboratory Improvement Amendments of 1988 (“CLIA”) and College of American Pathologists (“CAP”) require laboratories to retain certain data, as discussed below.
Destruction: You have the right to request destruction of your biological sample; and we must comply within 30 days, to the extent we are still holding your sample.
Non-Discrimination: We may not discriminate against you for exercising your rights.
Information Access: We must make information available regarding our policies and procedures that may apply to you. You can find this information
here.
- 4. HOW WE USE AND DISCLOSE DE-IDENTIFIED GENETIC DATA FOR RESEARCH
“De-identified” information is data we have stripped of identifiers that can be reasonably used to identify you in accordance with applicable law. GIPA and our HIPAA Notice of Privacy Practices does not apply to this de-identified information. We retain the ability to re-identify such information. Once re-identified, your information (including your genetic information) will be subject to this Policy and other notices that apply to such identifiable data.
De-identified genetic data may be shared with third parties for research purposes under federal regulations. We may use de-identified genetic data for various purposes, including:
For testing quality control and validation:
In accordance with regulatory requirements, we may de-identify, store, and use patients' samples and information for internal testing quality control, validation, genetic testing, and research and development. This important purpose allows Fulgent to maintain our high-quality Services and to develop and improve new Services.
For genetic testing services, we may also share de-identified patients' samples and information for quality assurance and validation purposes. Such sharing is essential to maintaining the quality of genetic testing in testing laboratories in accordance with regulatory requirements.
For research purposes:
For infectious disease testing, we may contribute viral genetic variants that we have observed in the course of providing services to the Centers for Disease Control.
For genetic testing services, we may contribute de-identified human genetic variants that we have observed in the course of providing our Services to publicly available databases.
For genetic testing services, we may use or disclose de-identified patient information for general research purposes. This may include research collaboration with third parties, such as universities, hospitals, or other laboratories, in which we utilize de-identified clinical cases at the individual level or in the aggregate; and we may present or publish such information. This may also include commercial collaborations with private companies for research purposes.
For COVID Services, please see our
COVID-19 FAQs about how your health information may be used and shared. For COVID Services and other infectious disease testing, we do not extract your DNA and, therefore, we do not have and do not store genetic information with respect to these Services. Any samples related to COVID Services and other infectious disease testing are promptly destroyed after results are delivered.
For marketing research and related purposes:
With your express consent: Currently, we do not use your Genetic Data for personalized marketing or targeted advertising, and if we do so in the future, it will be with your express consent.
Without your express consent: We may reach out to you based upon you having ordered, purchased, received, or used a genetic testing product or our Services. In doing so, we will ensure that: (1) such advertisement does not depend upon any information specific to you, except for the product or service ordered for or used by you; (2) no discrimination will result in connection with our marketing or your use of our Services; and (3) content will be prominently labeled as advertising and will make our name clear.
- 5. CONSENT
By using our Services, you expressly consent to the following:
The primary use of your genetic data. See Section 2.
The storage of your biological sample. See Section 7.
Disclosures of your genetic data. See Section 4.
Sharing or sale with our affiliates. See Section 2.
Direct marketing. See Section 4.
Research purposes. See Section 4.
Please see our Consent Forms for additional information.
- 6. HOW TO REVOKE YOUR CONSENT
To the extent we have relied on your express consent in connection with your de-identified genetic data discussed above, you may withdraw your consent to participate at any time by contacting us at privacy@picturegenetics.com. Fulgent will not include any such de-identified genetic data in future research commencing within 30 days from the receipt of your valid request. Any research involving your data that has already been performed or published prior to the receipt of your request will not be reversed, undone, or withdrawn. Fulgent will take reasonable steps to verify your identity, including via verification and confirmation emails, before processing your request.
- 7. RETENTION AND DELETION PRACTICES
We store your Genetic Data for as long as we need it in connection with the Services; to serve the purpose(s) for which your personal information was processed; or as necessary to comply with our legal obligations, resolve disputes, or enforce our agreements to the extent permitted by law. Because different laws, regulations, and requirements apply to different types of data, actual retention periods vary significantly.
Consumers' Data: you have the right to request the deletion of your account and corresponding data to the extent allowed by law. Note that Genetic Data must be retained due to legal or regulatory requirements.
Genetic Data: With respect to your PHI, we must retain certain limited information such as your Genetic Data, gender, and date of birth, as required by HIPAA, CLIA, and CAP for 10 years.
Biological Sample: When you submit a saliva sample for processing, we may store your sample for a minimum of one year and a maximum of ten years, at our CAP-accredited and CLIA-certified laboratory. A shorter retention period may apply, and some samples are discarded after 30 days.
Deletion Requests: We must retain limited information in connection with your deletion request for regulatory compliance, contractual, and audit purposes. This includes your name, email address, and related communications.
Research: If you consent to research, your personal information and remaining sample may be stored and processed for up to 20 years for the further purposes specified in the applicable Informed Consent Form; and it may be retained in an anonymized form to support further research, development, and improvement of diagnostic methods and potential therapeutic developments for a longer duration.
If you have any questions about our retention periods, please feel free to contact us at privacy@picturegenetics.com.
- 8. SECURITY MEASURES
We have implemented reasonable technical, administrative, and physical measures to protect information contained in our system against misuse, loss, or alteration and to safeguard your personal information. We regularly reassess and improve our security practices. Information that you provide through our Website or transmitted via email by us is encrypted using industry-standard Secure Sockets Layer (SSL) technology. Your personal information is processed and stored on controlled servers with restricted access, and, if applicable, in compliance with GIPA, HIPAA, CLIA, CAP, and other applicable laws and regulations.
Unfortunately, no method of electronic transmission is 100% secure, so we cannot ensure or warrant the security of any information you transmit to our Website, and you do so at your own risk. Please do not submit any Genetic Data, personal health information, or credit card information to us via email.
Please recognize that protecting your personal information is also your responsibility. You should keep your username, password, ID numbers, or other access credentials secure, as Fulgent cannot secure personal information that you release on your own or that you request us to release. If we receive instructions using your log-in information, we will consider that you have authorized the instructions.
- 9. CONTACT US
If you have any questions regarding this Policy or our privacy practices, contact us at:
Fulgent Genetics
ATTN: Privacy Officer
4399 Santa Anita Ave
El Monte, CA 91731
privacy@picturegenetics.com
- 10. COMPLAINTS
If you believe Fulgent may have violated your rights under GIPA, you may file a complaint with our Privacy Officer at privacy@picturegenetics.com. You can also file a complaint with the California Attorney General's office here.