PRIVACY POLICY

Last Updated: July 27, 2023

Thank you for choosing Picture Genetics. Picture Genetics is a product of Fulgent Genetics, Inc., (“Fulgent,” “we” or “us”), and we are committed to protecting your privacy. This Privacy Policy (“Policy”) describes how we collect, use, store, secure, and disclose your personal information when you access or use the following resources: (1) our websites, including www.picturegenetics.com and www.fulgentgenetics.com (“the “Website”); (2) our Provider Portal or our Patient Portal (the “Portal”); or (3) our Picture Genetics products in relation to our genetic testing, infectious disease testing, and testing services (“Services”).

This Privacy Policy applies to the Website and the Services described on the Website. It is in addition to and does not replace our other applicable privacy policies outlined below. Where multiple policies or laws apply to your specific situation, we will follow the practices with the most restrictive privacy protections applicable to your information.

1. ACCEPTANCE OF THIS POLICY AND TERMS

Before you use our Services (whether you are a provider or a patient), please read our Website Terms of Use. By accepting the applicable terms and policies, you agree with our privacy practices as described in this Policy. If you do not agree with these terms, please do not access the Website or use our Services. We may revise this Policy from time to time and will post all updates on this web page.

2. LAWS AND POLICIES THAT PROTECT YOU

To keep things simple, we want to help you understand which rules and policies apply to your specific situation. Depending on which type of activity, entity, or individual is involved (consumer, patient, website visitor, provider, or job applicant), we collect, process, and store different categories of personal information; and different laws apply to each.

2.1 CONSUMER-INITIATED GENETIC TESTING FOR EDUCATIONAL PURPOSES

If you are a consumer who is a California resident and initiated an order for our genetic testing kit Services (whether directly via www.picturegenetics.com, or via a third-party website or provider) (“Consumer”), you have certain rights under the Genetic Information Privacy Act (“GIPA”). Please see our GIPA Privacy Notice.

2.2 PROVIDER-INITIATED GENETIC TESTING FOR DIAGNOSIS AND TREATMENT PURPOSES

If you are a patient whose healthcare provider is ordering laboratory testing from Fulgent in order to help evaluate, screen for, diagnose, or treat a certain medical condition, the Health Insurance Portability and Accountability Act (“HIPAA”) applies to you. Please see our HIPAA Notice of Privacy Practices, which explains how we handle personally identifiable health information (“PHI”) under U.S. laws, including HIPAA.

2.3 GENETIC TESTING FOR INTERNATIONAL RESIDENTS

We are located in the United States and may collect, process, and store your information in the United States. If you are located outside the United States, in limited circumstances, your information will be transmitted to us in the United States. When we conduct such transfers, we rely on various legal bases to lawfully transfer your personal information from your country to the United States, including the European Commission-approved Standard Contractual Clauses. Our data protection laws may be less protective than the laws of the jurisdiction in which you reside. If you do not want your information collected, transferred to, processed or maintained in the United States, you should not use our Services.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, applicable data protection laws, including the General Data Protection Regulation (GDPR), give you certain rights. please see our EEA/UK/Switzerland Privacy Notice. Note that we currently do not market or sell consumer-initiated genetic tests in Europe and do not make our Website available to European residents.

2.4 CALIFORNIA RESIDENTS VISITING OUR WEBSITE

If you are a California resident, please see our California Privacy Notice. Under the law, rights afforded by the California Consumer Privacy Act of 2018 (“CCPA”) do not apply to PHI and are instead protected by HIPAA or by GIPA, as discussed above.

2.5 CALIFORNIA RESIDENTS WHO ARE JOB APPLICANTS

If you apply for a position with Fulgent through our Careers Page, please see our California Notice to Job Applicants and our service provider’s Privacy Policy.

3. TYPES OF PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT

3.1 PATIENT’S OR CONSUMER’S INFORMATION

We may collect, process, generate, and share PHI or personal identifiable information of patients or Consumers, including the following categories either directly or through third parties (for example, health care providers):

  • Personal details (including first and middle name, last name, birth date, and/or age)
  • Family relationships (if applicable)
  • Government-issued ID information (for example, Driver’s License or SSN)
  • Address, phone, and other contact information
  • Gender
  • Ethnicity
  • Nationality
  • Information relating to patient’s insurance (where applicable), including Health Insurance ID #, enrollment, payment, claims adjudication records, medical record number, or health plan beneficiary number
  • Payment information for services (where provided)
  • Username/ID or email address and password (where provided)
  • Identifiable genetic information (“Genetic Data”)
  • Medical and health information, including symptoms, diseases, and diagnoses
  • Medical records (where provided)
  • Accession and similar numbers
  • Genetic, COVID-19, or other test results and findings
Such information is most commonly used for operation of our laboratory, for example, to provide the Services and test results to the patient, Consumer, or the provider and to perform the billing. We may also process this information for the performance of the specific laboratory tests requested by the patient’s provider and for informing the patient’s provider of the test results. In order to protect your privacy, when using your PHI, we will remove and/or secure information that identifies you to the extent possible and, in some cases, we may de-identify your data in accordance with applicable law so it may be used for other purposes, as described in this Privacy Policy.

Fulgent engages in research and development, which helps us improve our Services, build new Services and customized features, or promote medical advancements. For the genetic tests that we perform, you may elect to consent to research at the time the test is requested. If you consent to research, your personal information and remaining sample may be stored and processed for up to 20 years for the further purposes specified in the applicable Informed Consent Form and/or Test Requisition Form; and it may be retained in an anonymized form to support further research, development, and improvement of diagnostic methods and potential therapeutic developments.

3.2 PERSONAL INFORMATION COLLECTED FROM PROVIDERS

In order to provide the Services requested (including testing, billing, etc.), we will collect and process the following personal information from providers:

  • Personal details (including name, address)
  • Phone and fax number
  • Business address and department
  • Email address
  • NPI
  • Accession and similar numbers
  • Payment information (where provided)
This collection and processing is done for the purpose of performing a contract between Fulgent and the provider and providing the Services. For example, the provider’s personal information will be processed to inform the provider of the patient’s test results, respond to other requests from the provider, and for invoicing. Fulgent stores the provider’s personal information for as long as we need it to provide Services, to serve the purpose(s) for which your personal information was processed, or as necessary to comply with our legal obligations, resolve disputes, or enforce our agreements to the extent permitted by law.

We may also use the provider’s personal information to share marketing information about our Services. To do so, we may process your contact information or information about your interaction with our Services so that we can send you marketing communications; provide you with information about events, webinars, or other materials; deliver targeted marketing to you; and keep you updated about our Services. You can opt-out of our marketing activities at any time by using the “unsubscribe” link in our email communications or by contacting privacy@picturegenetics.com.

3.3 INFORMATION COLLECTED FROM VISITORS TO OUR WEBSITE

Generally, individuals are able to visit our Website without disclosing personal information, except as may be necessary to provide a product or service at their request or for advertising purposes. In some cases, we may recognize personal data like the IP address as well as non-personal data like the name of the visitor’s Internet service provider, the website from which the visitor came to our Website, the pages that the visitor views on the Website, and what the visitor clicks on any given page. This data could possibly identify an individual, but Fulgent does not use it to do so.

Cookies: We use cookies and similar tracking technologies (such as web beacons, email tags, scripts, and device identifiers) to personalize your experience on our Website. Please see our Cookie Policy for more information on the types of cookies found on our Website and how to control cookies. If you reject cookies, you may still use our Website, but your ability to use some features or areas of the Website (including the Patient Portal or Provider Portal) may be limited. Our servers automatically record information created by your use of our Website and we use visitor logs to compile anonymous statistics. The aggregate information is collected sitewide and contains anonymous website statistics and is not considered personal information.

“Do Not Track”: Some browsers have a “do not track” or “global privacy control” or “GPC” features that allow you to tell websites that you do not want to have your online activities tracked. For California residents, you may exercise your GPC rights by utilizing the available features on our Website.

Bots and AI Technology: At times, we may use chatbot technology to help interact with our website visitors (“the Bot”). We offer the Bot as a convenience to you. The Bot is not a substitute for direct communication with Fulgent, and all of the information available to you through the Bot is also available to you directly through Fulgent. Because the Bot uses artificial intelligence to communicate with you, the Bot may provide inaccurate information in response to your requests. You agree that Fulgent shall not be liable to you or any third party for the Bot providing inaccurate information to you. Please do not share personal information or PHI via the Bot. We use a third-party provider in connection with the Bot. You may see our provider’s privacy policy here.

3.4 PERSONAL INFORMATION PROVIDED VOLUNTARILY

We also collect personal information that you voluntarily provide to us, such as inquiries through our Website, information you provide about your business, information provided through our portal, etc. We use this information for the purpose of addressing the request received, enforcing agreements, resolving disputes, and as otherwise described in this Policy. In instances where social media services may be used, we do not have any influence on the storage and processing of providing personal information via the respective social media service. You are encouraged to review those privacy policies before sending Fulgent personal information via a social media service.

4. INFORMATION WE SHARE

Subject to the limitations described in our HIPAA Notice of Privacy Practices, COVID-19 FAQs, California Privacy Notice, GIPA Privacy Notice, California Notice to Job Applicants, and the EEA/UK/Switzerland Privacy Notice (which are available on our Website), Fulgent may disclose your personal information as follows:

  • Our operations as a laboratory. Protected health information may be shared for treatment, billing and payment, laboratory operations, and other purposes described herein and in our HIPAA Notice of Privacy Practices, GIPA Privacy Notice, and EEA/UK/Switzerland Privacy Notice, as applicable.
  • Our service providers, vendors, and other processors. We may share your personal information with our service providers or other vendors and processors that help us provide our Services to you, which, in limited circumstances, may access information from a different location than where the information was collected. Such entities will be given access as is reasonably necessary to provide our Services, and only under contractual obligations that are at least as restrictive as this Policy and require compliance with applicable privacy laws. Agents, vendors, and service providers who may have access to protected health information and other special categories of personal data are contractually obligated to protect the privacy and security of such information pursuant to applicable laws and their contractual obligations. Your payment information is transmitted directly to our third-party payment processor. We do not store any credit card information on Fulgent servers.
  • Affiliated businesses. We may share your personal information with group companies and affiliates. Affiliated businesses may use your information to help provide, understand, and improve our Services and the affiliates’ own services.
  • International data transfers. Where prohibited by law, protected health information collected from users and patients based in a certain geographical region will not be shared outside the United States.
  • Change of control. We may share your personal information as part of a purchase, transfer, or sale of the Services or the company (for example, a corporate restructuring, merger or consolidation with, or sale of substantially all of our assets to a third party).
  • Targeted advertising. We may permit third-party advertising networks and providers to collect information regarding usage of our Website to help us deliver targeted online advertisements to you. They use cookies and similar technologies to gather information about your browser’s or device’s visits and usage patterns on our Website and on other websites over time, which helps us to better personalize such advertisements to match your interests, and to measure the effectiveness of our advertising campaigns. We may also share your contact information with our service providers to the extent necessary for marketing purposes.
  • Safety and legal compliance. We may share your personal information if we believe that such disclosure is necessary:
    • To comply with applicable laws, regulations, legal processes, or requests by public authorities (e.g., law enforcement, tax authorities, etc.).
    • To report certain required information regarding infectious diseases to various state health departments to the extent they require such reporting.
    • To protect you, us, or other users’ rights or property.
    • To protect safety and security in connection with our Services.
    • To comply with or enforce our terms, agreements, or policies.
  • Your consent or express actions. We will share personal information when we have your consent to do so. Also, any information or content that you voluntarily disclose for posting in public areas of our Website, such as public comments or social media posts, become available to the public.
  • Anonymous or aggregate data. We may share anonymized or aggregated information with third parties. Such information is de-identified in accordance with applicable law, no longer reasonably identifies you, and is not considered personal information.

5. HOW WE USE AND DISCLOSE DE-IDENTIFIED, ANONYMIZED, OR PSEUDONYMIZED INFORMATION

“De-identified” or “pseudonymized” (under GDPR) information is data we have stripped of identifiers that can be reasonably used to identify you in accordance with applicable law. Our HIPAA Notice of Privacy Practices does not apply to this de-identified information. We retain the ability to re-identify such information. Once re-identified, your information (including your genetic information) will be subject to this Privacy Policy and other notices that apply to such identifiable data. Note that if you are in the EEA, United Kingdom, or Switzerland, pseudonymized data is always considered “personal data” and is handled according to our EEA/UK/Switzerland Privacy Notice. In contrast, “anonymized” information is when personal information is stripped of all identifiers, cannot reasonably be linked back to you, and is therefore not considered personal data under applicable laws. We may use “de-identified” or “pseudonymized” information for various purposes, including:

  • For testing quality control and validation:
    • In accordance with regulatory requirements, we may de-identify, store, and use patients’ samples and information for internal testing quality control, validation, genetic testing, and research and development. This important purpose allows Fulgent to maintain our high-quality Services and to develop and improve new Services.
    • For genetic testing services, we may also share de-identified patients’ samples and information for quality assurance and validation purposes. Such sharing is essential to maintaining the quality of genetic testing in testing laboratories in accordance with regulatory requirements.
  • For research purposes:
    • For infectious disease testing, we may contribute viral genetic variants that we have observed in the course of providing services to the Centers for Disease Control.
    • For genetic testing services, we may contribute de-identified human genetic variants that we have observed in the course of providing our Services to publicly available databases.
    • For genetic testing services, we may use or disclose de-identified patient information for general research purposes. This may include research collaboration with third parties, such as universities, hospitals, or other laboratories, in which we utilize de-identified clinical cases at the individual level or in the aggregate; and we may present or publish such information. This may also include commercial collaborations with private companies for research purposes.
    • For COVID Services, please see our COVID-19 FAQs about how your health information may be used and shared. For COVID Services and other infectious disease testing, we do not extract your DNA and, therefore, we do not have and do not store genetic information with respect to these Services. Any samples related to COVID Services and other infectious disease testing are promptly destroyed after results are delivered.

To the extent we have relied on your express consent to process de-identified or pseudonymized personal information in relation to the above (for example, if you are in the EEA, United Kingdom, or Switzerland), you may withdraw your consent to participate at any time by contacting us at privacy@picturegenetics.com. Fulgent will not include any such de-identified or pseudonymized personal information in future research commencing within 30 days from the receipt of your valid request. Any research involving your data that has already been performed or published prior to the receipt of your request will not be reversed, undone, or withdrawn.

6. CHILDREN’S INFORMATION

Our Website is directed towards adults and is not designed for, intended to attract, or directed towards children under the age of 18. If you are under the age of 18, you must obtain the authorization of a responsible adult (parent or legal guardian) before accessing or using our Website. If we become aware that we have collected any personal information from children under 18 without appropriate authorization, we will promptly remove such information from our databases.

7. THIRD-PARTY INFORMATION

You agree that you have provided notice to, and obtained consent from, any third party individuals whose personal information you supply to us, including with regard to (a) the purposes for which such third party’s personal information has been collected; (b) the intended recipients or categories of recipients of the third party’s personal information; (c) which of the third party’s information is obligatory and which information, if any, is voluntary; and (d) how the third party can access and, if necessary, rectify the information held about them.

8. LINKED WEBSITES

Our Website may contain links to external websites. Unless clearly noted otherwise, Fulgent does not maintain these sites. Fulgent is not responsible for the privacy practices of sites that it does not operate. Please refer to the specific privacy policies posted on these sites.

9. INFORMATION ACCESS, UPDATES, AND CHOICE

You can update, amend, or delete your account information and preferences at any time by logging into your Provider Portal or Patient Portal Account or by contacting us at privacy@picturegenetics.com. When you make a valid request, we will provide you with instructions on how to update certain personal information and how to unsubscribe from our emails and communications. Please follow the instructions when necessary to notify Fulgent of changes to your name, email address, and preference information.

Fulgent will take reasonable steps to verify your identity, including via verification and confirmation emails, before granting access to your personal information.

10. RETENTION

We store your personal information for as long as we need it in connection with the Services; to serve the purpose(s) for which your personal information was processed; or as necessary to comply with our legal obligations, resolve disputes, or enforce our agreements to the extent permitted by law.

We store information used for marketing purposes indefinitely, until you unsubscribe. Once you unsubscribe from marketing communications, we add your contact information to our suppression list to ensure we honor your unsubscribe request. If you have any questions about our retention periods, please feel free to contact us at privacy@picturegenetics.com.

11. SECURITY MEASURES

We have implemented reasonable technical, administrative, and physical measures to protect information contained in our system against misuse, loss, or alteration and to safeguard your personal information. Information that you provide through our Website or transmitted via email by us is encrypted using industry-standard Secure Sockets Layer (SSL) technology. Your personal information is processed and stored on controlled servers with restricted access, and, if applicable, in compliance with HIPAA and other applicable laws. Unfortunately, no method of electronic transmission is 100% secure, so we cannot ensure or warrant the security of any information you transmit to our Website, and you do so at your own risk. Please do not submit any personal health information or credit card information to us via email.

Please recognize that protecting your personal information is also your responsibility. You should keep your username, password, ID numbers, or other access credentials secure, as Fulgent cannot secure personal information that you release on your own or that you request us to release. If we receive instructions using your log-in information, we will consider that you have authorized the instructions.

12. CONTACT US

If you have any questions regarding this Policy or our privacy practices, contact us at:

Fulgent Genetics
ATTN: Privacy Officer
4399 Santa Anita Ave
El Monte, CA 91731
privacy@picturegenetics.com