OneOme Privacy Policy

OneOme, co-founded by Mayo Clinic, delivers outstanding information that helps inform individualized treatment decisions through our targeted, high-quality pharmacogenomic tests (the “Tests”). In addition, you may have access to a third party healthcare provider network arranged for and/or made accessible to you through OneOme (“Provider Network Program”). For the Tests: individuals provide a DNA sample in the form of a cheek swab or blood sample on which OneOme runs the Test and provides the healthcare provider with a test report accessible on our Provider and Patient Portals (collectively the “Services” or “Service”). This privacy policy (“Policy”) is designed to inform you how OneOme, LLC (“OneOme”) collects, uses, stores, processes and transfers your information when Services are provided and when you use www.oneome.com as well as our online healthcare provider and patient portals. If you do not agree with the terms of this Privacy Statement, please do not access or use the Services.

OneOme’s Notice of Privacy Practices is available here: Notice of Privacy Practices. This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

INFORMATION COLLECTED

PERSONAL AND CONTACT INFORMATION

OneOme collects, stores and uses personally identifiable information including, date of birth, payment information (e.g., credit card) and contact details such as email address, phone number, shipping/billing address, and contact preferences when it is voluntarily submitted to us for purposes of considering or ordering Tests, receiving Services and/or when you register for updates, or contact us.

OneOme may use this information to contact you for administrative communications, including contacting you by email or phone to notify you when a healthcare provider has ordered a Test on your behalf, as well as to collect payment for that Test, and/or in connection with rendering the Services, including when OneOme sends a test result or report. We may contact you to provide you with information about OneOme, the Provider Network Program or to provide you with information which OneOme believes may be of interest to you. We may also use the information you provide OneOme to respond to your inquiries, provide you with technical support, to remind you of our Terms of Service (www.oneome.com/terms), and other policies governing the use of our Services, and/or to comply with law enforcement requests and/or legal process. In addition, OneOme may send you promotional communications, including updates on products and services offered by OneOme. You have the ability to opt-out of receiving promotional communications by updating your account settings or by following the unsubscribe instructions within a promotional communication.

OneOme will not sell or rent your personal information to any other company or organization. Information about our users, including personal information, may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy or receivership in which information is transferred to one or more third parties as one of our business assets.

HEALTHCARE PROVIDER SERVICE INFORMATION

Healthcare providers, whether your own or one that has been arranged for you pursuant to the Provider Network Program, in each case using the Service, may provide us with information about their patients and their practices, including NPI numbers, address, phone number, email, and the name, job title, and contact information of other providers involved in an individual’s care.

AGGREGATE DATA COLLECTION

WEBSITE BEHAVIOR

OneOme and our third party partners track visits to our website as well as to the healthcare providers and patient portals to compile anonymous aggregate statistics. OneOme uses various technical measures to gather and anonymize statistics which masks them from being associated with any particular individual. Such access is necessary to help us customize and continually improve our users’ experience, to provide you with access to a healthcare provider from the Provider Network Program, should you choose that option, to gather demographic information about our user base, to offer our products and services, to monitor and track our marketing programs, and to serve targeting advertising on our site and on other sites around the Internet.

COOKIES

We may monitor the use of this Service by collecting and then de-identifying information. Data collection may occur through the use of cookies. We may alternatively collect information about the number of page views for this Website or to click-throughs to each web page as well as the originating domain name of a user’s Internet Service Provider. This information may be used to understand the visitor's use of the Website and Services. We will have no means reasonably available to us to ascertain the identity of individual users from the information we aggregate.

Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.

GOOGLE ANALYTICS

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. For more information about how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

DEMOGRAPHIC DATA COLLECTION BY GOOGLE ANALYTICS

This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Objecting to the collection of data".

CHILDREN

If you are under the age of 13, you must obtain the authorization of a responsible adult (parent, legal custodian, or teacher) before using or accessing the Site. We will not knowingly collect or use any personal information from any children under the age of 13. If we become aware that we have collected any personal information from children under 13 without their parent or guardian’s consent, we will promptly remove such information from our databases.

SECURITY MEASURES

You will be issued a secure user ID and have the opportunity to set up your password. Individuals with user IDs are solely responsible for the maintenance and security of your user ID and password. You also agree that you will be solely responsible for any activities conducted in connection with the Services. User IDs and passwords are personal and unique to each individual user and should not be shared.

CREDENTIALS

You must ensure that you keep your user ID and password for the Services strictly confidential and that you will not share such information with any other third party. User IDs are granted to individual-named persons and may not be shared. You are responsible for any and all actions taken using your accounts and passwords, and you agree to immediately notify OneOme of any unauthorized use of which you become aware.

Information that you provide to OneOme through our Services is encrypted using industry standard Secure Sockets Layer / Transport Layer Security (SSL/TLS) technology, with the exception of information you send to us via email. Your information is processed and stored on controlled servers with restricted access. Unfortunately, due to factors outside our control (patient-owned computers infected with malware, etc.), we cannot ensure or warrant the security of any information you transmit, and you do so at your own risk. As a consequence, OneOme disclaims any warranties, guarantees, representations or liability relating to maintenance or nondisclosure of private information.

LINKED WEBSITES

The Service may contain links to external websites. OneOme does not maintain these sites and is not responsible for the privacy practices of sites that it does not own or operate. Please refer to the specific privacy statements posted on other sites if you choose to access them from via OneOme.

PROVIDER AND PATIENT PORTALS

Tests and Services are ordered by healthcare providers and their authorized representatives as stated in the Terms of Service (www.oneome.com/terms). The Service is used for the storage and transmission of Protected Health Information between OneOme and healthcare providers and their authorized representatives. OneOme’s Notice of Privacy Practices is available here: NOTICE OF PRIVACY PRACTICES. This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. Protected Health Information is used in accordance with the Health Information Portability and Accountability Act (HIPAA) and applicable federal and state laws governing patient privacy. Protected Health Information may only be used by or disclosed to your healthcare provider for purposes of treatment and other authorized purposes as stated in the Terms of Service. Information accessed through use of the Service, including Protected Health Information, is secured using administrative, physical and technical safeguards. For example, the transfer of information is encrypted using industry standard Secure Sockets Layer / Transport Layer Security (SSL/TLS) technology and information is stored on controlled servers with restricted access. All access is password protected and each individual user has his/her own User ID and password. All access is tracked at OneOme for security purposes.

INDIVIDUAL CHOICES

You may choose to decline to share certain personal information with OneOme. In some cases, we may not be able to provide you with some of the features and functionality of the Service without that information. You may amend any personal information by contacting us at support@oneome.com. You may have an opportunity to elect to receive certain communications from us. If you choose to unsubscribe from our email services at any time by following the instructions contained within the email, you will no longer receive correspondence from us. Please be aware that if you opt-out of receiving email from us, it may take up to ten (10) business days for us to process your request, and you may receive promotional communications from us that you have opted-out from during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service.

REVOCATION OF YOUR CONSENT TO THE PROCESSING OF DATA

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An email making this request is sufficient. The data processed before we process your request may still be legally processed. Additionally, you may request that your data be removed from our systems, which we will comply with unless we are unable to do so for legal, compliance or other legitimate reasons.

RIGHT TO FILE COMPLAINTS WITH REGULATORY AUTHORITIES

If there has been a breach of data protection legislation, the person affected may file a complaint with the pertinent regulatory authorities.

RIGHT TO DATA PORTABILITY

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

GOVERNING LAW

Our Services are controlled and operated by OneOme. By choosing to visit our website or avail yourself of the Services or otherwise provide information to OneOme, you agree that any dispute over privacy or the terms contained in this Privacy Statement will be governed in accordance with the governing Dispute Resolution and Arbitration provisions of the Terms of Service (www.oneome.com/terms). If you are accessing our Services from any location with regulations or laws governing personal data collection, use or disclosure that differ from United States laws or regulations, please note that through your continued use of our Services, you are transferring personal information to the United States of America. Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service. By providing any information, including personal information, on or to the Service, you consent to such transfer, storage, and processing.

UPDATES

OneOme may revise this Policy from time to time. All updates will be posted on this web page (www.oneome.com/privacy). Please check the website for the most current version of our Policy. Your continued use of the website after we have posted a notice on the website constitutes your acceptance of such changes. If any term or condition in this Policy is or becomes illegal, invalid or unenforceable in any jurisdiction, that shall not affect the validity or enforceability in that jurisdiction of any other provision of these terms and conditions; or the validity or enforceability in other jurisdictions of that or any other provision of the terms in this Policy.

CONTACT INFORMATION

Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at support@oneome.com, by calling 1-844-ONEOME-5 or 1-844-663-6635 (toll free), or by sending us a message using the contact form on our Support page.

PAGE UPDATED AS OF: September 18, 2018.