This section applies to individuals using or accessing our Website while located in the European Economic Area (“EEA”), the United Kingdom, or Switzerland at the time of data collection.
If you are in the European Economic Area, the United Kingdom, or Switzerland you have certain data protection rights under the General Data Protection Regulation (GDPR); these include the following:
How We Obtain Personal Data
ArcherDX, as a healthcare provider, only obtains and uses Personal Data that we actually need in order to perform and improve our healthcare services. We obtain your Personal Data in a number of ways:
Patients
Physicians
Employees
Collection of Personal Data for EU, UK and Swiss employees is governed by ArcherDX’s EU Employee Privacy Notice which is provided to these employees at time of hire. If you are an EU, UK or Swiss employee and have any questions, please contact HR or privacy@archerdx.com
What Personal Data Is Collected
The Personal Data we collect includes contact information about you, such as your name, address, email address, telephone number and identification numbers used by your physicians.
If you are a patient, we also obtain information concerning your health, such as your current diagnosis, types of treatment for your cancer, what other tests have been performed and other pathology data needed to perform our testing services.
When we provide a test results report, it will include the patient’s Personal Data and will include genetic information regarding possible mutations in the patient’s cancer tumor.
If you visit our product website, limited cookies will be used to help us improve, promote and protect our services. These cookies track your IP address, your submissions to us and your interactions with our web content. The information is used by us to provide a better web experience for you and to keep information you have given to us as accurate as possible.
Personal Data is processed in order to:
We process Personal Data as mentioned above in order to perform our laboratory testing services for patients. We are using your Personal Data in ways that you would expect:
Patients for treatment purposes. In order to perform testing and bill for our services, we need accurate and current contact information and medical information. Test results depend on certain Personal Data related to health and genetic data provided through the patient’s blood draw. ArcherDX has no direct contact with a patient whenever a test is ordered by a physician. Therefore, the patient’s consent for testing is explained by and given to the patient by his/her physician.
If you have registered for an online account with us, we also need Personal Data from you to maintain your account up-to-date and to communicate with you.
We legitimately need all the Personal Data we obtain in order to perform our testing services, maintain accounts and records, and provide information to physicians for use in patient treatment.
Data for scientific research purposes. Pseudonymized and anonymized data is used for scientific research related solely to improving our testing services and to provide medical education to physicians. For most studies, we do not have personally identifiable data related to the study subjects. However, we may conduct data research on data where we have removed identifiable information. Therefore, we would not be able to identify the data to any specific patient. This type of research, even if in the hands of a wrong-doer, has a very low risk of patient re-identification.
Physicians for contact purposes. Physician contact information is maintained in order to communicate directly with treating physicians about their patients. We also use Personal Data to provide medical education information to physicians. We might also contact physicians regarding contractual services such as advisory boards and presentations.
Under some circumstances we are required to provide your Personal Data to others. We will disclose Personal Data if it’s necessary to comply with a legal obligation, prevent fraud, enforce an agreement, or for public safety. We may be required by law to preserve or disclose your Personal Data and service data to comply with any applicable laws, regulations, legal process or governmental request, including to meet national security requirements.
ArcherDX does not share your Personal Data except as needed to provide its healthcare services. Therefore, your data may be shared with your physicians, your authorized representatives, internally with ArcherDX’s medical team and with researchers after pseudonymization or anonymization.
We never sell your identifiable Personal Data or share it with marketers. However, some of our service providers may have incidental contact with your Personal Data when they perform contracted services for us, such as our billing vendor. These contractors will be obligated to maintain privacy and security of Personal Data they might view. All vendors who may handle Personal Data have had a security assessment to ensure that they have the capability of maintaining appropriate security measures.
We store your Personal Data using state-of-the-art technical tools, such as data encryption which encrypts data while at rest and in transit, access control to all systems, sharing only the minimum amount necessary with the minimum number of employees (and trained contractors) to perform our services, password protection, constant security monitoring and recovery mechanisms for data loss.
We store your Personal Data for as long as necessary to run your test, ensure that the results are complete and accurate and within clinical laboratory regulations which currently require medical record storage for seven years. Additionally, pseudonymized and anonymized data may be stored for additional years if necessary for research record keeping and regulatory submissions.
Physician contact information is kept until they are no longer customers. Physicians who stop ordering tests will have their Personal Data removed from our systems.
If you are in the EEA, you have the following rights with respect to information that ArcherDX holds about you.
ArcherDX has appointed a Data Protection Officer to oversee our management of your Personal Data in accordance with this Privacy Policy. If you have any questions or concerns about our privacy practices with respect to your Personal Data, you can reach out to our Data Protection Officer by sending an email to dpo@archerdx.com or by writing to Data Protection Officer, ArcherDX, 2477 55th Street, Suite 202, Boulder, CO, United States 80301.