A. BaseHealth, Inc. ("BaseHealth," "we," "us," or “our”) (formerly Genophen, Inc.) knows that you care how Personal Information about you is collected, used, shared, stored, accessed and corrected. "Personal Information" means information or combination of information that can be used to identify, contact, or locate a discrete individual. A large portion of the Personal Information we collect, use, share, and store is sensitive in nature, including, any and all medical information for example Genetic Data & Other Personal Information. Information that has been aggregated, de-identified, or anonymized is no longer considered Personal Information. Pseudonymization (‘pseudonymized’) means replacing any directly identifying characteristics of personal information with a pseudonym or value which do not allow the data subject to be directly identified.
2. EU-U.S. and Swiss-U.S. Privacy Shield:
BaseHealth, Inc. participates in and has certified its compliance with the EU-U.S and the Swiss-U.S. Privacy Shield Framework. Privacy Shield Framework. BaseHealth, Inc. is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List. [https://www.privacyshield.gov/list]
BaseHealth, Inc. is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. BaseHealth, Inc. complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, BaseHealth, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, BaseHealth, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
3. Based in the United States
Although we operate internationally, BaseHealth is a corporation organized under the laws of the State of California. The servers that host this Website are located in the United States, and any Personal Information you provide to us will be processed by BaseHealth in the United States. By using this Service, you will transfer data to the United States.
If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and processing globally. By providing your information you consent to any transfer and processing in accordance with this Policy.
4. Personal Information We Collect or You May Provide:
- You can visit our Website without telling us who you are or revealing any Personal Information about yourself.
You provide us Personal Information when you register to use the
Service on the Website ("Enrollment Information):
To create an account and enroll to use the Genophen integrated health management platform ("Genophen"):
- Your name
- Your email address
- Your physical addresses
- Your telephone number(s)
- Your credit card information is collected by our third party payment processors. Your credit card numbers are not stored on our database or servers
- Date of Birth/Age
- Unique user name and password, answers to 3 security questions, and a PIN
- To use the Services in addition to Enrollment Information ("Genetic Data & Other Personal Information"):
- Genetic Data resulting from your genotyping or whole genome sequencing.
- Medical information which means, by way of example, your biometrics, medications, procedures, lab work, and health records.
- Family history that includes information about you, your parents, grandparents, other relatives, siblings, uncles, or children.
- Lifestyle information which means, by way of example, your nutrition, activities, sleep, stress, smoking/alcohol, relationship, confidential history, and environmental factors.
- Genophen integrates genomic and clinical data with behavioral analysis to engage patients with their physicians and help physicians create a detailed action plan uniquely suited to the patient. Genophen will prompt your physician to input your clinical data on your behalf. You decide if and how you want to disclose your Personal Information to third parties other than your physician or medical professional.
- We may also collect Personal Information from you as a result of your email communications with us, requests for information, products or services, your posts on our Website, completion of surveys, or to apply for employment. At any time, BaseHealth may require you submit additional Personal Information to verify your identity or to protect your security and privacy.
- You are required to enter your Personal Information as opposed to a third party on your behalf. You promise the Personal Information will be current, accurate, and complete to your best knowledge at the time provided and will use reasonable efforts to update all Personal Information as appropriate. BaseHealth disclaims any legal duty to verify the accuracy of any Personal Information you provide to us.
- We display personal testimonials on our Website in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
5. Use of Your Personal Information
A. We compile, save, use and analyze your Personal Information in both a personally-identifiable form and an aggregated, pseudonymized form, for our business purposes and as not prohibited by law including but not limited to:
- Register you as a user and to identify you when you sign in to your account
- Administer your account
- Provide recommendations
- Respond to your inquiries, customer service requests, complaints, or your job application
- Verify activity as we deem necessary
- Send you a newsletter or other promotional communications
- Conduct research and analyze data for our business purposes
- Operate, maintain, improve and provide our Service
- Customize our communications with you
- Conduct our business
- Communicate with you
6. How We Share Your Personal Information with Third Parties:
- We may share your Personal Information with third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your Personal Information only as necessary to provide these services to us.
- In certain situations, BaseHealth, Inc. may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- As required by law, such as to comply with reporting requirements, a subpoena, bankruptcy proceedings or similar legal process.
- In connection with an investigation of fraud, intellectual property infringement, piracy, or other unlawful activity or as we believe reasonably necessary to protect or enforce our rights, protect your safety or the safety of others.
- With any third party with your prior consent to do so.
- In connection with a merger, acquisition, or sale of all or a portion of our assets.
- For genotyping, you will be instructed to send your saliva sample to our third-party Clinical Laboratory Improvement Amendments (CLIA) certified laboratory ("Laboratory"). The sample will be labeled with the unique barcode and no other identifier. The unique barcode identifies you to us but not to the laboratory. We are also required to provide sex and date of birth or age to the laboratory pursuant to CLIA requirements. No other Personal Information is required for the analysis. To protect your privacy, receiving personnel at the laboratory will remove and discard any identifying information (e.g. name, address) included with saliva samples before testing personnel receives the samples for genotyping. Receiving personnel do not perform testing, and testing personnel only handle samples labeled with the unique barcode. DNA and saliva samples are destroyed after the laboratory completes its work, provided that laboratory legal and regulatory requirements no longer require the actual samples to be maintained. The laboratory securely sends the resulting Genetic Data to us along with your unique barcode. Genetic Data is encrypted and stored securely; the laboratory also stores your Genetic Data, but labeled only with a sample barcode. The laboratory conducting DNA extraction and analysis does not have access to your name, other Enrollment Information, or any other Personal Information except your sex and date of birth or age, as required by CLIA.
- For whole genome-sequencing through Illumina Clinical Services Laboratory of Illumina, Inc., your physician will write the required prescription for your blood draw and arrangements will be made with you to have a sample of your blood drawn and submitted to the Laboratory for analysis. Your name, date of birth, sex, and ethnicity will be submitted with your physician's prescription. The Laboratory requires an additional written Patient Informed Consent Form be completed and payment information be provided and submitted along with your sample before analysis. Your blood sample will be analyzed for multiple parameters, including genetic testing. Your blood sample will be disposed by the Laboratory following completion of such testing and the analysis will be sent to BaseHealth or your Physician to be uploaded to your Genophen account. Additional information may be found at Illumina’s Website.
(i) Your Personal Information:
On an aggregated, pseudonymized form for disclosure to our existing or potential business partners, affiliates, sponsors,
or other third parties.
7. How We Store and Protect Your Personal Information:
- We use Security Sockets Layer (SSL) encryption technology to encrypt sensitive Personal Information (such as your Genetic Data, Profile, and Genophen login credentials) before it travels over the internet. Credit card numbers are never stored on our database or servers.
- The security and protection of your Personal Information is important to us. We have implemented physical and technical security safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information we receive, maintain, and transmit. While BaseHealth is not subject to nor governed by HIPAA (the Health Insurance Portability and Accountability Act of 1996 as amended), it uses commercially reasonable efforts to implement best practices as to privacy and security to safeguard Personal Information. Further protection results from implementing two-factor authentication.
Ultimately, security is a shared responsibility with the users of Genophen. Protecting your Personal Information is also your responsibility. You are responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access Genophen. You should not disclose your authentication information to any third party and should immediately notify BaseHealth of any unauthorized use of your password. BaseHealth cannot secure Personal Information that you release on your own or that you request us to release.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Website or of your Personal Information, you can contact us email@example.com.
8. U.S. - Compromise of Personal Information
Personal Information, once released or shared, can be difficult to contain. We will notify promptly those affected by a security breach. Notwithstanding, BaseHealth: (a) is not responsible or liable for any consequences that may result because you have released or shared Personal Information with a third party; and (b) does not accept liability for any unintentional disclosure or a disclosure that occurs due to a security breach of our systems or facilities.
9. User Access and Choice:
- You may, of course, decline to submit Personal Information to us; in which case, you may not be able to use certain Services.
- Upon request BaseHealth (as data controller) will provide you with information about whether we hold any of your personal information including access, correction, or request deletion of your personal information by contacting our Customer Service department by email at firstname.lastname@example.org with the words “UPDATE MY INFORMATION” in the subject line. We will respond to your request within a reasonable timeframe. We acknowledge that you have the right to access your personal information. BaseHealth (as data processor) has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the BaseHealth’s Client (the data controller). If requested to remove data we will respond within a reasonable timeframe. For your information, please note that it is our practice to monitor and in some cases record calls for staff training and quality assurance purposes.
10. Notification, Electronic Communication and Opt-Out:
- You consent to our using your email address to send you Service-related notices, including any notices required by law, in lieu of communication by postal mail. You may not opt out of some Service-related communications.
- Upon registration, or on other areas of the site, you may opt-in to receive periodic messages from us, including changes to features of the Service, newsletters, promotions, and special offers. If you wish to subscribe to these emails, we will use your name and email address to send them to you. Out of respect for your privacy, you may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, accessing email preferences manager on your account settings page, or you can contact us at email@example.com. Opting out may prevent you from receiving email messages regarding updates, improvements, or offers.
11. Children's Privacy
Genophen is for use by adults only. If you are not over 18 years of age, do not use this Website. Genophen is committed to protecting the privacy of children. We do not intentionally collect Personal Information from any person we actually know is under the age of 18. If we learn that we have collected Personal Information from a child under age 18, we will delete that information as quickly as possible. If you believe that we might have any Personal Information from a child under 18, please contact us at firstname.lastname@example.org.
12. Cookies, Analytics/Log Files and Clear GIFs:
BaseHealth and our partners and other service providers may use tracking technologies such as cookies or similar technologies to analyze trends, administer the Website, track users' movements around the Website, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
A "cookie" is a small data file that we transfer to your computer's hard disk.
Our third party partners use Local Storage (HTML5) to provide certain features on our Website, to display advertising based on your web browsing activities, and/or to store content information and preferences. Various browsers may offer their own management tools for removing HTML5.
We may also employ software technology known as "web beacons" or "clear GIFs" which helps us keep track of what content on our Website is effective. Web beacons are small graphics with a unique identifier that are used to track the online movements of Internet users. Web beacons are embedded in the web pages you review, so they are not stored on your hard drive. The web beacons we use do not track or collect any personally information about you and they are in no way linked to your personally identifiable information except when you log-in to your Genophen account and then as to your last name, first name, and sex.
As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information we collect about you.
We partner with a third party to either display advertising on our Website or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this Website and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union click here) Please note this does not opt you out of being served ads. You will continue to receive generic ads.
13. California Do Not Track
California law requires us to say how we respond to Do Not Track (DNT) signals. We support the Do Not Track browser setting. Do Not Track (DNT) is a preference you can set in your browser to let the websites you visit know that you do not want them collecting certain information from you. For more details about Do Not Track, including how to enable or disable this preference, visit this website: https://termsfeed.com/do-not-track.
14. Links to Other Websites, Blogs/Forums, and Social Media Widgets:
- Our Website may offer a publicly accessible blog. You should be aware that any information you provide in these areas may be displayed publicly and read, collected, and used by others who access them. To request removal of your personal information from our blog, contact us at email@example.com. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so and why.
- Among the vendors whose services we employ may be companies that help us deliver online advertisements such as banner ads. These companies may collect and use Personal Information you provide to us to better understand the offers, promotions, and types of advertising that are most appealing to our customers. After these third parties collect the Personal Information, it is aggregated so that it is not personally identifiable or tied to you or any other user. If you would prefer that these companies not collect your Personal Information, please email firstname.lastname@example.org.
15. English Language
this Website, or your dealings with this Website, including any bugs
or actual or potential threats to the security of our Website and
protection of your Personal Information, please contact us at
email@example.com, or at 111 West Evelyn Avenue, Suite 209,
Sunnyvale, CA 94068, USA, and Telephone number: +1-650-453-3170.