Metabolon, Inc. Privacy Policy

Privacy Policy

This Policy is effective as of 28 August 2017.

ABOUT METABOLON

Metabolon, Inc. (“Metabolon”) is the world’s leading health technology company advancing metabolomics for precision medicine and every area of life sciences research. Our Precision Metabolomics is a powerful technology for assessing health and is delivering biomarker discoveries, innovative diagnostic tests, and ground-breaking partnerships in genomics and population health initiatives.

PRIVACY SHIELD PRIVACY POLICY

PURPOSE

Metabolon’s Privacy Shield Privacy Policy describes how Metabolon Processes Personal Data received from the European Union (EU) and Switzerland in compliance with the Privacy Shield Principles, including the Supplemental Principles (collectively “Principles”), documented in the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework.  Personal Data may include data relating to customers, business partners as well as healthcare professionals and study participants as part of biochemical analysis, research, diagnostics, consulting, and clinical trial support services provided by Metabolon.

This Privacy Policy may be periodically updated, amended, or revised by Metabolon.  Please revisit this page to remain aware of updates and changes.  The last updated date will be posted at the top of this Policy.

DEFINITIONS

For the purposes of the Policy, the following definitions shall apply:

“Agent” means any third-party Processing Personal Data on behalf of, and under the instruction of Metabolon.

“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

“European Union” or “EU” means for the purposes of this Policy all countries within the European Economic Area (EEA).

“Personal Data” means data about an identified or identifiable individual that are within the scope of Directive 95/46/EC (“the Directive”), received by Metabolon in the United States from the European Union, and recorded in any form. It does not include personal information that has been anonymized or that is publicly available, that has not been combined with non-public personal information.

“Process,” “Processing,” “Processed” of Personal Data means any operation or set of operations which is performed upon Personal Data, whether by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

“Sensitive Personal Data” means Personal Data that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information that concerns health or sex life. In addition, Metabolon will treat as sensitive, any Personal Data received from a third party where that third party treats and identifies the information as sensitive via a Controller or Agent contract with Metabolon.

SCOPE

This Privacy Shield Privacy Policy describes how Metabolon Processes Personal Data received from the European Union in compliance with the Principles outlined in the EU-US Privacy Shield Framework (“Privacy Shield”) and the U.S.-Swiss Privacy Shield (“Swiss Privacy Shield”) as set forth by the Department of Commerce.  Metabolon is committed to treating the Personal Data it receives under the Privacy Shield and Swiss Privacy Shield consistent with the Principles.

LIMITATIONS ON SCOPE

Adherence to this Privacy Shield Privacy Policy and the Privacy Shield Principles by Metabolon may be limited: (a) to the extent necessary to meet national security, public interest, or law enforcement requirements; (b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations; or (c) if the effect of the Directive or Member State law is to allow exceptions or derogations, provided such exceptions or derogations are applied in comparable contexts.

In such cases when Metabolon is compelled to exercise any such authorization referred to above in (b), it shall limit its non-compliance with the Principles only to the extent necessary to meet the overriding legitimate interests furthered by such authorizations.

SELF CERTIFICATION

Metabolon complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States, respectively.  Metabolon has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/participant?id=a2zt0000000L1PGAA0&status=Active.

Metabolon acknowledges that it is subject to the jurisdiction of the Federal Trade Commission for compliance and enforcement of the Privacy Shield and Swiss Privacy Shield.

PRIVACY SHIELD PRIVACY PRINCIPLES

1. 1.   NOTICE

  1. Metabolon, operating as a laboratory, may receive very limited Personal Data related to biochemical analysis, research, diagnostics, consulting, and clinical trial support services from or on behalf of Controllers within the EU or Switzerland. Metabolon Processes that data in the performance of services for and under the direction of those Controllers. 
  2. When Metabolon acts as a Controller and is the recipient of Personal Data, it shall provide the appropriate notice in clear and conspicuous language when individuals are first asked to provide Personal Data to Metabolon, or as soon thereafter as is practicable. In addition, when Metabolon is a Controller it will seek consent prior to using Personal Data for a purpose other than that for which it was originally collected or Processed. 

1.2.    CHOICE

  1. When Metabolon acts as a Controller, Metabolon offers individuals the opportunity to choose (opt out) whether Personal Data is (i) to be disclosed to a non-agent third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals. Individuals will be provided with clear, conspicuous, and readily available mechanisms to exercise their choice.
  2. For Sensitive Personal Data, when Metabolon acts as a Controller, Metabolon will give individuals the opportunity to affirmatively express consent (opt in) if such information is to be (i) disclosed to a third party or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice. Metabolon will treat as sensitive any Personal Data received from a third party where the third party identifies and treats it as sensitive via a Controller or Agent contract with Metabolon.
  3. When Metabolon is not the Controller with respect to certain Personal Data, we will effectuate individual choices communicated to us by the Controller.

1.3.    ACCOUNTABILITY FOR TRANSFERS FROM CUSTOMERS AND ONWARD TRANSFERS TO AGENTS

  1. Metabolon may share Personal Data with contracted third-parties who act as a Controller or other processors at the direction of those Controllers.  Metabolon shall enter into a contract with third-party Controllers prior to sharing Personal Data.
  2. Metabolon may share Personal Data with contracted third-parties who act as an Agent and provide services to Metabolon in furtherance of data Processing.  Metabolon shall enter into a contract with third-party Agents prior to sharing Personal Data to obtain assurances that the Agent will safeguard Personal Data consistent with this Privacy Policy and Metabolon’s obligations under the Principles.

1.4.    SECURITY

  1. Metabolon takes reasonable and appropriate measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the Processing and the nature of the Personal Data.

1.5.    DATA INTEGRITY AND PURPOSE LIMITATION

  1. Metabolon will only collect and Process Personal Data in a way that is consistent with, and relevant for, the purpose of Processing for which it was collected or authorized by the individual.  Metabolon may use Personal Data for compatible Processing purposes such as those that reasonably serve customer relations, compliance and legal considerations, auditing, security and fraud prevention, preserving or defending Metabolon’s legal rights, or other purposes consistent with the expectations of a reasonable person given the context of the collection.
  2. Metabolon will not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual.  Metabolon will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current.  Metabolon will adhere to the Principles for as long as the Personal Data is retained.

1.6.    ACCESS

  1. Upon request, when Metabolon acts as a Controller, Metabolon will provide individuals with reasonable access to their Personal Data, and in doing so allowing individuals the opportunity to correct, amend or delete Personal Data where it is inaccurate, or has been Processed in violation of the Principles. A request may be denied under certain circumstances, such as where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question, or where the rights of persons other than the individual would be violated. When Metabolon is a processor and not a Controller, it will take reasonable steps to help the appropriate Controller respond, and will act on the reasonable direction of its Controller customers with respect to access.

1.7.    RECOURSE, ENFORCEMENT AND LIABILITY

  1. In compliance with the Principles, Metabolon commits to resolve complaints about our collection or use of your Personal Data. European Union or Swiss individuals with inquiries or complaints regarding Metabolon’s Privacy Shield Privacy Policy should first contact Metabolon directly. Metabolon will respond to issues and complaints within 45 days of receipt. Metabolon encourages interested persons to raise any concerns about the collection, use, or Processing of Personal Data using the contact information provided.  In the event of a privacy related issue or complaint, Metabolon will investigate and attempt to promptly resolve any complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles.

 

To contact Metabolon for Privacy Shield-related issues, please use one of the contact methods below:

Complete the contact form.

Call Metabolon at +1 919 572 1711

2.     For complaints that cannot be resolved, Metabolon commits to cooperate with the panel established by the EU data protection authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable, and comply with the advice given by the panel or Commissioner about Personal Data transferred from the EU or Switzerland. In order to facilitate the handling of complaints, individuals in the EU can choose to contact their national DPA or use the form located at this link: http://ec.europa.eu/newsroom/document.cfm?doc_id=42962.  Individuals in Switzerland can contact the Swiss Information Commissioner by visiting https://www.edoeb.admin.ch/kontakt/index.html?lang=en

3.    This independent dispute resolution process is provided at no cost to the individual. Under certain conditions an individual may choose to invoke binding arbitration to resolve any residual complaints not resolved by Metabolon or the DPAs or FDPIC, as appropriate.  If an individual formally invokes binding arbitration, Metabolon will follow the terms set forth in Annex 1 of the Privacy Shield Framework. For more information on binding arbitration visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

4.    In the context of an onward transfer, Metabolon has responsibility for the Processing of Personal Data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf.  Metabolon shall remain liable under the Principles if its Agent Processes such Personal Data in a manner inconsistent with the Principles, unless Metabolon proves that it is not responsible for the event giving rise to the damage.


WEBSITE PRIVACY POLICY

This portion of our privacy policy pertains to all users of Metabolon’s web site www.metabolon.com (the “Site”).

INFORMATION WE COLLECT

We receive personal information from Site visitors who submit information directly, such as when they inquire about our services, register to use Site features or receive information, or register for webinars and other events.  That information typically includes name, title, address, phone number, fax number, and e-mail address.  If you apply for a job in response to one of the career opportunities on our site, you will be submitting information to our service provider’s website subject to their privacy policy.

Metabolon may also record information about how individuals access the Site. This information is typically not personally identifiable and may include internet protocol (IP) addresses (or the DNS name associated with it) of the individual's device, the web sites the user visited immediately prior to and upon exiting this Site, and the browser software the individual is using to access the Site. This information is used in to administer our systems and the Site, and to make improvements to and protect the Site.

Metabolon may use cookies and other technologies on the Site to enhance or improve user experience, including customization of content. A cookie is usually text data that a website transfers to the individual's browser from a web server that is stored on the individual's device. Cookies can be utilized to help us provide you with information targeted to your interests, based upon your prior browsing on our Site. We do not, however, permit third parties to track you from our Site across other sites to deliver advertising or other content.


INFORMATION WE SHARE

Metabolon may share information it collects from Site users with service providers who help us perform services such as managing communications and administering the Site. We permit our service providers to use personal information as needed to deliver services or comply with law. In limited cases, we may share information with other parties if appropriate to respond to your request or inquiry. We will share personal information in the event we sell or transfer all or a portion of our business assets, such as during a merger, acquisition, liquidation, or bankruptcy. We also may share personal information if we have a good faith belief that doing so is necessary to comply with law, respond to a legitimate request from law enforcement or other government body, to protect our interests or the health and safety of others, or to enforce our terms of use for this Site.

YOUR CHOICES AND ACCESS

Metabolon complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework. Any information we collect or receive through this Site that is subject to the Principles of those Frameworks will be treated in accordance with our Privacy Shield Privacy Policy, including individual’s choices and right of access.

You may visit and browse our Site without providing any personal information, and you can always choose not to provide us with the personal information we request. However, choosing not to provide us with certain information that we request may prevent you from accessing or using certain portions of our Site.

If you would like to change any information you submitted to us, or if you want to opt-out of receiving future communications from us, please contact us.

If you would like to manage cookies used by this site, the "help" section of the toolbar on most browsers will inform you on how to prevent your browser from accepting new cookies, how to have the browser notify you upon the receipt of a new cookie, or how to disable the use of cookies completely. However, if you configure your browser to decline cookies, certain features of our Site may not function correctly and you may be required to renter any user IDs and passwords more frequently. Some browsers incorporate a "Do Not Track" feature that, when turned on, signals to websites and online services that you do not want to be tracked. Our site does not currently respond to Do Not Track signals.

SECURITY

Metabolon takes reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved and the nature of the personal information.

CHANGES TO THIS PRIVACY POLICY

We will indicate at the top of this privacy policy when it was last updated. We encourage you to periodically review this page for the latest information on our privacy practices. When warranted we will try to provide additional notice of specific changes to this policy, either by attempting direct communication with you and/or by posting on our Site.