PRIVACY POLICY

Last Updated: August 2022

Introduction

We at Nest Health Inc. (“Nest,” “we,” “our,” or “us”) respect your privacy.

This policy, therefore, describes how we collect, process and hold your personal information if and when you visit or use our website (located at www.nestegenomics.com) ("Website"), the "Nest Genomics" mobile application ("App"), or our services made available through our web-platform (at https://nestgenomics.com) (“Web-Platform”) (the Website, App and Web-Platform shall be referred collectively herein as the "Services"), or if you otherwise provide us with personal information.

We are located at 251 Little Falls Drive, Wilmington, Delaware 19808, USA.

Our Web-Platform and App serve as a decision support tool in connection with diagnosing your health condition and/or creating tailor made care plans for you, in both cases based on your genetic testing data. You can use our Web-Platform and App to manage your genetic testing data and all information you choose to associate with it.  Please note that while parts of the processes of our Services may be automated, our analysis alone is not used for automatic decision making, only to augment our customers’ human decision-making processes.

Our customers usually are health care providers, physicians, genetic counselors, healthcare research institutions and health insurance companies (collectively, "Providers") which made our Services available to you, and which use our Web-Platform or App to process your genetic testing data and related personal health information ("PHI").

This Privacy Policy, however, does not apply to PHI that we collect, use, and disclose in connection with our Services. The processing of PHI is covered by the Privacy Policies of the Providers in accordance with and under the Health Insurance Portability and Accountability Act (“HIPAA”) and any regulations promulgated thereunder, and we merely serve thereunder as business associates of such entities in connection with the processing of PHI that they require for the services they provide to you. If Providers have their own Business Associate Agreement ("BAA"), we process PHI in accordance with such BAAs. If they do not utilize their own BAA, processing of PHI in connection with their services is subject to our standard BAA. Once you become a patient of such Providers for medical or other health consulting services, and use our Services in connection therewith, all PHI you provide us through your account while using the Services will also be subject to the Notice of Privacy Practices.

This policy affects your legal rights and obligations so please read it carefully.

If you have any questions, please contact us at privacy@nestgenomics.com

Personal information that We Collect

When you browse through our website, subscribe to our newsletter, log-in to our Web-Platform or App (with or without a username and password), or otherwise use any of our Services, we may collect, process or store your personal information including, without limitation and where applicable, your name, phone number, mobile number, physical address, email address, company name, IP address, device info, and your browsing history.

While you may be requested to provide your demographic information too, please note that providing such information will always be voluntary and your refusal to provide such information, shall not negatively impact your Services in any way.

Personal information, however, does not include information that has been irreversibly anonymized or aggregated so that it can no longer enable anyone, whether in combination with other information or otherwise, to identify you.

All personal information that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this.

Please keep in mind that you do not need to provide us with any personal information to browse through our Service. However, we may still automatically collect certain information as described below.

When you contact us by email, we may keep a record of the correspondence and we may also record any telephone call we have with you.

Data that We Automatically Collect or Collect Through Service Providers

When you visit our Website, Web-Platform or App, we, or third parties on our behalf ("Service Providers"), automatically collect and store information about your device and your activities. This information could include (a) your computer or other device’s unique ID number; (b) technical information about your device such as type of device, web browser or operating system; (c) your preferences and settings such as time zone and language; and (d) statistical data about your browsing actions and patterns.

We collect this information by using cookies in accordance with our Cookie Policy described below and we use the information we collect to improve our website, the services we provide, and for analytical and research purposes.

Analytics

We may also use Service Providers to monitor and analyze the use of our Service, such as:

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en

We also encourage you to review the Google's policy for safeguarding your data: https://support.google.com/analytics/answer/6004245.

AWS CloudFront

CloudFront is a web service operated by Amazon Web Services, Inc. Read the Privacy Policy here: https://aws.amazon.com/privacy/

Mixpanel

Mixpanel is provided by Mixpanel Inc.

You can prevent Mixpanel from using your information for analytics purposes by opting-out. To opt-out of Mixpanel service, please visit this page: https://mixpanel.com/optout/

For more information on what type of information Mixpanel collects, please visit the Terms of Use page of Mixpanel: https://mixpanel.com/terms/

‍CI/CD tools

We may use Service Providers to automate the development process of our Service.

GitHub

GitHub is provided by GitHub, Inc.

GitHub is a development platform to host and review code, manage projects, and build software.

For more information on what data GitHub collects for what purpose and how the protection of the data is ensured, please visit GitHub Privacy Policy page: https://help.github.com/en/articles/github-privacy-statement.

Marketing Communications

It is necessary for our legitimate interests to use your personal information to send you marketing communications, which may include newsletters, blog posts, surveys and information about new products and services.

You can choose to no longer receive marketing communications by contacting us at privacy@nestgenomics.com or clicking unsubscribe or “opt-out” from a marketing email.

If you do unsubscribe to marketing communications, it may take up to five (5) business days for your new preferences to take effect. We shall therefore retain your personal information in our records for marketing purposes until you notify us that you no longer wish to receive marketing emails from us.

Why We Process Personal information

We will use your personal information in order to comply with our contractual obligations, to supply to you the services that you had purchased, where applicable, including to contact you with any information relating to the delivery of the services in accordance with any requests you make and that we agree to, and to deal with any requests, questions, comments or complaints you have with respect to the same, if any.

If you were directed to our Web-platform or App by our customers to open an account or receive a service, then we process your personal information to provide decision support information in connection with your genetic data and recommended care plan. Our computerized Service may use algorithms and other analytical tools to process your personal information and rate or predict the risk in connection with certain health situations and the best way to diagnose and prevent those.

We may also use your personal information for our legitimate interests, including dealing with any customer services you or our customers require, enforcing the terms of any other agreement between us, for regulatory and legal purposes, for audit purposes and to contact you about changes to this policy, if necessary.

Sharing Personal information

We will never sell, rent or trade your personal information. We will share your personal information with third parties only if and as permitted in this Privacy Policy.

We may share your personal information with our customers, the data controllers, if we collected such information on their behalf.

We may also share personal information with our employees, service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including marketing services providers (e.g., Google Analytics), email communication providers, IT service providers, accountants, auditors and lawyers.

Under certain circumstances we may have to disclose your personal information under applicable laws and/or regulations, for example, as part of anti-money laundering processes or to protect a third party’s rights, property or safety.

We may also share your personal information in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.

Cross-Border Transfer of Personal Information

We may share personal information with our employees, consultants and third party service providers outside your country but only for purposes of performing the services for which you provided your personal information, even to countries that might not offer a level of protection for your personal information that is equivalent to the one offered in your country of residence or in similar countries found to provide adequate safeguards to your personal information. We will obtain your consent, however, before using your personal information for any purposes other than performing the services for which you provided the personal information.

Notifications and Updates

Our Website and/or Web-Platform and/or App may send new registered users a welcoming email to verify password and username. After you register with our Website and/or Web-Platform and/or App and have provided consent to receiving marketing emails, we may send you on a regular basis via emails information on other services or products that we believe may be of interest to you. We give you the option at all times to unsubscribe or to opt-out from receiving these types of communications.

We may also send you notifications regarding updates to our Website and/or Web-Platform and/or App and our services only if you have provided consent to receiving updates about our opportunities, services and products. We may also communicate with you to provide requested services and with respect to issues relating to your account via email or phone.

Security

We shall process your personal information in a manner that ensures appropriate security of the personal information, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

All information you provide to us is stored on our secure servers. Where applicable, any payment transactions are encrypted using SSL technology. Where we have given, or you have chosen a password, you are responsible for keeping this password confidential.

You acknowledge, however, that no system can be completely secure. Therefore, although we take these steps to secure your personal information seriously, we do not and cannot promise that your personal information will always remain completely secure.

For additional security related information, please review our Security Policy.

Links

Our Website and/or Web-Platform and/or App may contain links to other sites. Once you have used these links to leave our Website and/or Web-Platform and/or App, you should note that we do not have any control over that other site. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this policy. You should exercise caution and look at the privacy policy applicable to the site in question.

Retention

If you register with us, we shall retain your personal information until you close your account or until we no longer need it for the purposes it was provided to us. If you receive marketing communications from us, we shall retain your personal information until you opt-out of receiving such communications.

If you have otherwise used our services or contacted us with a question or comment, we shall retain your personal information for at least six (6) months following completion of such service or contact in order to respond to any further queries you might have,  unless we are legally required to retain such information for a longer period in which case, we will retain such information as required by applicable law. Please keep in mind that you can always request that we suspend or remove your personal information at any time.

General

If any provision of this Privacy Policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.

The Services are intended to be used by individuals over the age of eighteen (18). If we become aware that we have collected the personal information of an individual under sixteen (16), we will take steps to delete the information as soon as possible, unless the parent or legal guardian requests otherwise. Please immediately contact us by sending an email to privacy@nestgenomics.com if you become aware that an individual under sixteen (16) has provided us with personal information.

Unless specifically stated otherwise herein, this Privacy Policy shall be governed by and construed in accordance with the laws of the State of Delaware, USA, and you agree to submit to the exclusive jurisdiction of the New Castle County, Delaware, courts.

We may change the terms of this Privacy Policy from time to time. You are responsible for regularly reviewing this policy so that you are aware of any changes to it. If you continue to use our Website and/or Web-Platform and/or App after the time we state the changes will take effect, you will have accepted the changes.

Cookies

A cookie is a small text file containing a unique identification number that is transferred (through your browser) from a website to the hard drive of your computer.

The cookie identifies your browser but will not let a website know any personal information about you, such as your name and/or address. These files are then used by websites to identify when users revisit that website.

Our Website and/or Web-Platform and/or App use cookies so that we can recognize you when you return and personalize your settings and preferences. Most browsers are initially set up to accept cookies. You can change your browser settings to either notify you when you have received a cookie, or to refuse to accept cookies. Please note that our Website and/or Web-Platfrom and/or App may not operate efficiently if you refuse to accept cookies.

We might use cookies from third-party partners such as Google Analytics for marketing purposes. These cookies allow us to display promotional materials to you on other sites you visit across the Internet. If and where applicable, we may also share information about your behavior on our website with third parties (including operators of third-party websites and/or social networking sites) in order to target advertisements and other content.

In some cases, we use cookies to associate user activity with the third-party websites that referred the user to our Website, or to associate user activity that we referred to a third party website. We do not share any personal information or information about individual user activities with these partner entities. We also use cookies to associate user activity with the email campaign that referred the user to our Website.

We use cookies to limit certain types of cyber-attacks. We also use cookies during fraud reviews and investigations. Some of our cookie/device tracking happens through third-party vendors, other times we use our own indexes to identify activity related to specific cookies.

Session Cookies are temporary cookies that remain in the cookie file of your browser until you leave our Website. Persistent Cookies, on the other hand, commonly remain in the cookie file of your browser for longer periods depending on the lifetime of the specific cookie. When we use session cookies to track the total number of visitors to our Website, for example, this is done on an anonymous aggregate basis.

We also use Google Analytics to monitor how the Website and/or Web-Platform and/or App is used. Google Analytics collects information anonymously and generates reports detailing information such as the number of visits, where visitors generally came from, how long they stayed, and which pages they visited. Google Analytics places several persistent cookies on your computer’s hard drive. These do not collect any personal information. If you do not agree to this use you can disable persistent cookies in your browser. This will prevent Google Analytics from logging your visits.

Legal Basis for Processing of Personal information of EEA Residents & GDPR

If you reside within the European Economic Area (EEA), our processing of your personal information is subject to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), notwithstanding anything to the contrary herein, and therefore will be legitimized as follows:

Whenever we require your consent for the processing of your personal information such processing will be justified pursuant to Article 6(1) lit. (a) of the GDPR.

If the processing of your personal information is necessary for the performance of a contract between you and us or for taking any pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b).

Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of GDPR Article 6(1) lit. (c), and where the processing is necessary for the purposes of our legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f).

Your rights Under GDPR

You have the right to obtain from us a copy of the personal information that we hold, and to require us to correct errors in the personal information if it is inaccurate or incomplete or to limit or object to its processing, partially or entirely. You also have the right at any time to require that we delete your personal information or transfer it to a third-party. To exercise these rights, or any other rights you may have under applicable laws, please contact us at privacy@nestgenomics.com.

Please note, however, that we reserve the right to charge an administrative fee if your request is manifestly unfounded or excessive.

Additionally, such rights of rectification, objection, restriction, access, portability and deletion are subject to certain limitations, as provided for by applicable laws. Individual requests will be completed as soon as possible following their receipt and in any event within thirty (30) days from our confirmation of such receipt.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

For more information on the GDPR, please refer to:

Cross-border Transfer of Personal information

We may share personal information with our employees, consultants and third party service providers outside your country but only for purposes of performing the services for which you provided your personal information, even to countries that might not offer a level of protection for your personal information that is equivalent to the one offered in your country of residence or in similar countries found to provide adequate safeguards to your personal information. We will obtain your express consent, however, before using your personal information for any purposes other than performing the services for which you provided the personal information.

For EU and Swiss users only – Transferring your information outside the European Economic Area.

As part of the services offered to you through this Website, Web-Platform or App, as applicable, the information which you provide to us may be collected from the EEA and transferred to countries outside the European Economic Area (“EEA”) and Switzerland. This may happen if any of our servers are from time to time located in a country outside of the EEA or Switzerland. These countries may not have similar data protection laws to the EEA or Switzerland

In such circumstances, we will enter into model contractual clauses as adopted by the European Commission, or rely on binding corporate rules where our affiliates, consultants or service providers have adopted such internal policies approved by European data protection authorities. If you use our services while you are outside the EEA or Switzerland, your information may be transferred outside the EEA or Switzerland in order to provide you with those services.

Your Data Protection Rights under the California Privacy Protection Act (CalOPPA) and the California Consumer Privacy Act (CCPA)

CalOPPA was the first state law in the nation to require commercial websites and online services to post a privacy policy. The CalOPPA's and the CCPA's reach stretches well beyond California to require a person or company in the United States (and conceivable the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3/

To the extent applicable to you, according to CalOPPA we agree to the following:

  • users can visit our site anonymously;
  • our Privacy Policy link includes the word “Privacy,” and can easily be found on the page specified above on the home page of our website;
  • users will be notified of any privacy policy changes on our Privacy Policy Page;
  • users are able to change their personal information by emailing us at support@nestgenomics.com.

Our Policy on “Do Not Track” Signals:

We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.