At OneOme, LLC (“OneOme”) the privacy of our patients and those using our services is very important to us. OneOme delivers information that helps healthcare providers and patients (collectively referred to herein as “you” and “your”) make more informed, individualized treatment decisions through the use of our pharmacogenomic tests (“Tests”). In addition, you may have access to a third-party healthcare provider network arranged for and/or made accessible to you through OneOme (“Provider Network Program”). Ultimately, the results of the Test (“Results”) are delivered to the provider or the patient through our Provider and Patient Portals (“Portal”) or by other secure channels as requested by the provider and or patient. Collectively, the Tests, Provider Network Program, Results and Portals comprise the OneOme Service(s) (“Service(s)”).
For healthcare providers and patients who use the Tests: individuals provide a DNA sample in the form of a cheek swab or blood sample which is delivered to OneOme. OneOme then runs the Test on the DNA sample and provides the healthcare provider and/or the patient with the Report containing the test results by making the Report accessible on the Portal.
OneOme’s Notice of Privacy Practices is available here: Notice of Privacy Practices. This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Information collected and how we use it
Information Collected Via the Website
When you visit our website, we automatically obtain certain information about you from your computer. This information may include:
- The name of the domain from which you access the Internet;
- The Internet Protocol address (“IP Address”) of the computer you are using;
- The type of browser and operating system you are using;
- The date and time you access our website;
- The internet address of the site from which you linked directly to our website;
- The pages on the website you have visited;
- The search terms you use; and
- The links on which you click.
OneOme may keep and use your personal information that we have collected through this website to personalize your experience with this website. We may also keep and use your personal information to:
- provide you with requested technical support;
- remind you of our terms of service;
- contact you with information that might be of interest to you about our Services;
- use for analytical purposes and to research, develop and improve programs, products, services and content;
- (if you are a U.S. healthcare provider), link your name, National Provider Identifier (NPI), state license number, and/or your IP address to web pages you visit, for compliance, marketing, and sales activities;
- protect our rights or property; and
- comply with a law or regulation, court order or other legal process.
Cookies and Web Beacons
Personal Information Collected through the Services
OneOme collects, stores and uses personally identifiable information including, date of birth, payment information (e.g., credit card) and contact details such as email address, phone number, shipping/billing address, and contact preferences when they are voluntarily submitted to us for purposes of considering or ordering Tests, receiving Services and/or when you register for updates, or contact us via the website or other channels.
OneOme may use this information to contact you for administrative communications, including contacting you by email or phone to:
- notify you when a healthcare provider has ordered Services on your behalf;
- collect payment for the Services;
- communicate with you in connection with rendering the Services (e.g., notify you that a Report is available in the Portal), and
- provide you with information about OneOme, the Provider Network Program; or
- provide you with information that OneOme believes may be of interest to you.
In addition, OneOme may send you promotional communications, including updates on products and services offered by OneOme. You have the ability to opt-out of receiving promotional communications by updating your account settings or by following the unsubscribe instructions within any promotional communication you receive from OneOme.
Sharing Personal Information with Third Parties
To facilitate the Services, OneOme may share some personal information with third parties that we engage to perform services or functions on our behalf. For example, we may use different vendors or suppliers to ship products that you order on our website. In these cases, we provide the vendor with the required personal information to process your order such as your name and mailing address. When we share your personal information with our third-party partners, we do not authorize them to use, share or disclose your personal information with others for purposes other than the provision of services they have been retained to provide.
OneOme will not sell or rent your personal information to any other company or organization. Information about you, including personal information, may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy or receivership in which information is transferred to one or more third parties as one of our business assets.
The website may contain links to third party external websites. OneOme does not maintain these third-party websites and is not responsible for the privacy practices of third party or external websites. Please refer to the specific privacy policies or statements posted on any third-party or external websites you choose to access.
Personal Information Provided by Healthcare Providers
Healthcare providers, whether directly engaged by you as patient, or through our Provider Network Program, may provide us with information about their patients and their practices, including NPI numbers, address, phone number, email, and the name, job title, and contact information of other providers involved in an individual’s care.
Aggregate Data Collection
OneOme, and our third-party partners, track visits to our website, contacts with the Provider Network Program, and use of the Services to compile anonymous aggregate statistics. OneOme uses various technical measures to gather and anonymize these statistics to mask them from being associated with any particular individual. This tracking is necessary to help us customize and continually improve our users’ experience, to provide you with access to a healthcare provider from the Provider Network Program should you choose that option, to gather demographic information about our user base and the visitors to our Website, to offer our products and services, to monitor and track our marketing programs, and to serve targeted advertising on our website and on other websites around the Internet.
California Residents and Your Rights Under the California Consumer Privacy Act Of 2018 (“CCPA”)
California Civil Code Section 1798.83 permits users who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. OneOme, through our website or through the provision of Services, may have collected information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household (“personal information”). To learn more about the personal information we may have collected and what your rights are under the CCPA please review our Notice to California Residents under the CCPA.
Residents from Outside the United States
If you are under the age of 13, you must obtain the authorization of a responsible adult (parent, legal custodian, or teacher) before using or accessing the Site. We will not knowingly collect or use any personal information from any children under the age of 13. If we become aware that we have collected any personal information from children under 13 without their parent or guardian’s consent, we will promptly remove such information from our databases.
Provider and Patient Portals
Tests and Services are ordered by healthcare providers and their authorized representatives pursuant to compliance with the OneOme Terms of Service (www.oneome.com/terms). The OneOme Portal is used for the storage and transmission of Protected Health Information between OneOme, healthcare providers, patients, and their authorized representatives. OneOme’s Notice of Privacy Practices is available here: Notice of Privacy Practices. This notice describes how medical information about you may be used and disclosed and how you can request access to this information. Protected Health Information is used in accordance with the Health Information Portability and Accountability Act (HIPAA) and applicable international, federal and state laws governing patient privacy and protected personal information. Protected Health Information may only be used by or disclosed to your healthcare provider for purposes of treatment and other authorized purposes as stated in the Terms of Service. Information accessed through use of the Service, including Protected Health Information, is secured using administrative, physical and technical safeguards.
User Credentials for Services
You will be issued a secure user ID and have the opportunity to set up your password for access to the secure OneOme Portal and OneOme Services. Individuals with user IDs are solely responsible for the maintenance and security of their individual user ID and password. You also agree that you will be solely responsible for any activities conducted in connection with the Portal and the Services. User IDs and passwords are personal, unique to each individual user, and should never be shared with or disclosed to anyone other than the designated user.
It is your obligation and responsibility to ensure that you keep your user ID and password for the Portal and Services strictly confidential and you are responsible for any and all actions taken using your accounts and passwords. You are also responsible for immediately notifying OneOme at firstname.lastname@example.org of any known or suspected unauthorized use of your user ID and/or password of which you become aware.
Information that you provide to OneOme through our Services is encrypted using industry standard Secure Sockets Layer / Transport Layer Security (SSL/TLS) technology, with the exception of information you send to us via email. Your information is processed and stored on controlled servers with restricted access. Unfortunately, due to factors outside our control (patient-owned computers infected with malware, etc.), we cannot ensure or warrant the security of any information you transmit, and you therefore understand and agree that you do so at your own risk.
You may choose to decline to share certain personal information with OneOme. In some cases, we may not be able to provide you with some of the features and functionality of the Service without that information. You may request to remove, amend, modify or transfer your personal information by contacting us at email@example.com.
In addition, at times you may have an opportunity to elect to receive certain communications, including emails, from us. If you choose to stop receiving such communications at any time, you may unsubscribe by following the instructions found within each communication sent by OneOme. Please be aware that, if you opt-out of receiving email from us, it may take up to ten (10) business days for us to process your request and during that time you may receive promotional communications from us that you have opted-out from during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Services.
Revocation of Your Consent to the Processing of Data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time by sending written revocation of your consent to the processing of your data to OneOme at firstname.lastname@example.org. All data processed before OneOme receives your revocation of consent will be considered legally processed with your consent. In addition, you may request that all of your data be removed from OneOme’s systems and processes by sending written request for removal and destruction of all your data to OneOme at email@example.com. Upon receipt of such a request OneOme will take all steps necessary to completely and permanently remove all of your data unless we are unable to do so for legal, compliance or other legitimate reasons.
Right to File Complaints with Regulatory Authorities
If you believe that OneOme has violated any applicable data protection legislation pertaining to your personal information, you may file a complaint with the pertinent regulatory authorities within your jurisdiction.
Right to Data Portability
You have the right to request that all your personal data which OneOme maintains within its processes or system based on your consent or in fulfillment of a contract, be automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible. To make such a request you must contact OneOme in writing, requesting that OneOme gather all of your personal information, by sending an email to firstname.lastname@example.org.
Our Services are controlled and operated by OneOme. By choosing to visit our website, use any of the Services, or provide your personal information to OneOme, you agree that any dispute over privacy or the terms contained in this Privacy Statement will be governed in accordance with the governing Dispute Resolution and Arbitration provisions of the OneOme Terms of Service found at WWW.ONEOME.COM/TERMS. If you are accessing our Website or Services from any location with regulations or laws governing personal data collection, use or disclosure that differ from United States (“U.S.”) laws or regulations, please note that through your continued use of the website or our Services, you are transferring personal information to the U.S. Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the website and our Services. By providing any information, including personal information, on or to the website and the Services, you consent to such transfer, storage, and processing.
Page updated as of: June 30, 2020